I. Overview:

In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Microsoft Entra, Windows Autopilot, Microsoft Intune Suite and Microsoft Defender for Endpoint are explored to protect devices and data.

II. Duration: 40 hours (5 days)

III. Intended Audience:

The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.

IV. Prerequisites

• Strong technical skills installing, maintaining, and troubleshooting the Windows 10 OS or later.
• Strong understanding of computer networking, client security, and application concepts.
• Experience using Active Directory Domain Services.

V. Course outlines:

1. MD-102 Explore endpoint management

This learning path is designed to provide a comprehensive understanding of enterprise desktops, Windows editions, and Microsoft Entra ID. It includes exploring various Windows editions, including their features and installation methods. It delves into Microsoft Entra ID, highlighting its similarities and differences with AD DS and how to synchronize the two. Furthermore, learners will better understand managing Microsoft Entra identities. Overall, this learning path equips learners with the necessary knowledge and skills to effectively support enterprise desktops and manage Microsoft Entra identities.

• Explore the Enterprise Desktop

This module covers modern endpoint management and enterprise desktop lifecycle concepts. It teaches the stages of the lifecycle (planning, deployment, maintenance) and provides a foundation for future learning.

• Explore Windows Editions

This module covers Windows OS editions, features, and installation methods. Learners gain a deeper understanding of the available editions and corresponding installation processes.

• Understand Microsoft Entra ID

This module explains Microsoft Entra ID. You'll compare Microsoft Entra ID to Active Directory DS, learn about Microsoft Entra ID P1 and P2, and explore Microsoft Entra Domain Services for managing domain-joined devices and apps in the cloud.

• Manage Microsoft Entra identities

This module teaches how to use Microsoft Entra ID effectively. You'll learn about RBAC, user roles, creating and managing users and groups, using PowerShell cmdlets, and synchronizing objects from AD DS to Microsoft Entra ID.

2. MD-102 Execute device enrollment

This learning path will cover Microsoft Entra join and will introduce Microsoft Endpoint Manager. We'll also discuss how to configure policies for enrolling devices to Configuration Manager and Microsoft Intune.

• Manage device authentication

In this module, you learn about device authentication and management in Microsoft Entra ID.

• Enroll devices using Microsoft Configuration Manager

This module introduces students to client deployment options and some of the high-level management and monitoring options that are available using Configuration Manager.

• Enroll devices using Microsoft Intune

Students will learn how to configure and setup Intune to more easily manage Windows, Android, and iOS devices.

3. MD-102 Configure profiles for user and devices

This learning path explores Intune device profiles, the benefits of user profiles and how to synchronize profile data across multiple devices.

• Execute device profiles

Students learn about the various types of device profiles, and how to create and manage them.

• Oversee device profiles

This module introduces students to monitoring profiles to ensure correct assignments and resolving conflicts when multiple profiles are applied.

• Maintain user profiles

Students learn about the benefits of various Windows user profiles, how to manage them, and how to facilitate profile data synchronization across multiple devices.

4. MD-102 Examine application management

Learners will examine application management methods using on-premises and cloud-based solutions.

• Execute mobile application management

This module introduces Mobile Application Management (MAM). Students will learn about considerations for implementing MAM and will be introduced to the management of MAM using Intune and Configuration Manager.

• Deploy and update applications

In this module, you'll master deploying applications using Intune, Configuration Manager, Group Policy, and Microsoft Store Apps. These powerful tools and techniques will equip you to manage and maintain diverse applications across your organization effectively.

• Administer endpoint applications

In this module, you're introduced to managing apps on Intune managed devices. The module will then conclude with an overview of how to use IE Mode with Microsoft Edge.

5. MD-102 Manage authentication and compliance

This learning path covers the various solutions for managing authentication. Students will also learn about the different types of VPNs, as well as compliance and conditional access policies.

• Protect identities in Microsoft Entra ID

This module introduces students to the various authentication methods used to protect identities.

• Enable organizational access

This module describes how clients can be configured to access organizational resources using a virtual private network (VPN).

• Implement device compliance

This module describes how to use compliance and conditional access policies to help protect access to organizational resources.

• Generate inventory and compliance reports

This module describes how to use Microsoft Endpoint Manager and Power BI to create compliance and custom reports.

6. MD-102 Manage endpoint security

In this learning path, students will learn about data protection and protecting endpoints against threats. This path will also cover the key capabilities of Microsoft Defender solutions.

• Deploy device data protection

This module describes how you can use Intune to create and manage WIP policies that manage this protection. The module also covers implementing BitLocker and Encrypting File System.

• Manage Microsoft Defender for Endpoint

This module explores using Microsoft Defender for Endpoint to provide additional protection and monitor devices against threats.

• Manage Microsoft Defender in Windows client

This module explains the built-in security features of Windows clients and how to implement them using policies.

• Manage Microsoft Defender for Cloud Apps

This module covers Microsoft Defender for Cloud Apps, focusing on securing sensitive data, its relevance in dynamic work settings, and effective utilization for improved security posture.

7. MD-102 Deploy using on-premises based tools

Students are introduced to deployment using the Microsoft Deployment Toolkit and Configuration Manager.

• Assess deployment readiness

Discusses some of the tools that you can use to perform detailed assessments of existing deployments, and describes some of the challenges that you may face.

• Deploy using the Microsoft Deployment Toolkit

Discusses the shifts from traditional to modern management and where on-premises solutions best fit in today's enterprise.

• Deploy using Microsoft Configuration Manager

This module explains the common day to day tasks that Administrators would use Configuration Manager to perform.

8. MD-102 Deploy using cloud based tools

Students will learn about using Windows Autopilot and deployment using Microsoft Intune. Students will also learn how co-management can be used to transition to modern management.

• Deploy Devices using Windows Autopilot

Use Autopilot to deploy new hardware or refreshing an existing hardware with the organization's desired configuration, without using the traditional imaging process.

• Implement dynamic deployment methods

Use dynamic provisioning methods such as Subscription Activation, Provisioning packages, and Microsoft Entra join to reconfigure an existing operating system.

• Plan a transition to modern endpoint management

Explore considerations and review the planning of transitioning to modern management, focusing on migration and newly provisioned devices.

• Manage Windows 365

This module teaches managing Microsoft's cloud-based PC management solution, Windows 365, offering personalized, secure Windows 11 experience from any device. Learn features, setup, management, security, deployment options, and licensing to optimize your environment.

• Manage Azure Virtual Desktop

Learn to manage Azure Virtual Desktop, a cloud-based VDI solution providing personalized, secure Windows 11 experiences. Understand key features, management, security, and deployment options for optimizing your environment.

• Explore Microsoft Intune Suite

This module explores the Microsoft Intune Suite, highlighting its advanced device management and security capabilities, components, usage, and integration with the broader Microsoft security ecosystem.