Intune EMS Discovery Questionnaire for FastTrack

 

What would you like to accomplish with Intune?

  Workshops

  • Modern IT Enterprise Security PoC

From <https://planningservices.partners.extranet.microsoft.com/en/DDPS/Pages/Modern-IT-Enterprise-Security-Proof-of-Concept.aspx>

 

 

      • Modern Desktop Deployment Center

From <https://docs.microsoft.com/en-us/microsoft-365/enterprise/desktop-deployment-center-home>

      • What’s new in Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/whats-new>

 

 

Getting Started: People, Process and Technology Guidance

Discover the benefits of a modern desktop, major changes and considerations versus previous deployments and best practices to ensure a smooth transition to Windows 10 and Office 365 ProPlus.

Step 1: Device and App Readiness

Begin your desktop deployment project with an inventory of your devices and apps, prioritize what you to move forward, test prioritized apps and devices, then remediate what’s needed to get ready for deployment.

Step 2: Directory and Network Readiness

Cloud connected services in Office 365 ProPlus and new deployment options like Windows Autopilot require Azure Active Directory. Your network and connectivity are also important areas to plan when moving Windows images, apps, drivers and related files to your PCs. Learn how new tools and deployment options reduce and streamline network traffic.

Step 3: Office and LOB App Delivery

Ensure your apps are packaged and ready for automated installation. Learn how Click-to-Run packaging with Office 365 ProPlus gives you new options to configure, deliver and keep your Office apps up-to-date.

Step 4: User Files and Settings

When refreshing or replacing PCs, save time by automating user state backup and restore. New options for cloud file sync allow you to enforce per user sync of Desktop, Documents and Pictures folders to OneDrive for seamless file access from new Windows installs.

Step 5: Security and Compliance Considerations

Windows 10 and Office 365 ProPlus provide new ways to protect your data, devices and users and quickly detect and respond to threats. Also, learn how to deal with common problems associated with disk encryption, anti-malware apps and policies when moving to Windows 10.

Step 6: OS Deployment and Feature Updates

Task sequence-based deployment is used to automate large scale, phased deployment for bare metal installs, PC refresh and PC replacement. Upgrade task sequences will also help you stay current with major semi-annual updates. And Windows Autopilot is a recent addition that modernizes the new PC acquisition process.

Step 7: Preparing for Windows and Office as a Service

Both Windows 10 and Office 365 ProPlus continually add new capabilities to keep bringing user experiences and security forward with the latest innovations. Learn how to stay current with semi-annual and monthly updates, how the new servicing model works and the tools and options you have.

Step 8: User Communication and Training

Make sure your users are informed about new experiences and new ways of working as you shift your PCs to Windows 10 and Office 365 ProPlus. Learn how to take advantage of user adoption assistance with Microsoft FastTrack, training materials and communication templates, as well as new ways to monitor user acceptance and usage.

Get your Leadership on Board: Value Discovery and Business Case

If you’ve done your deployment research, assessed app and device readiness, built your deployment plan and started piloting your deployment, but don’t have the support or resources needed from your management team to meet your deployment timelines, the Business Value Programs at Microsoft can help. Learn how to build a business case for a modern desktop and help get everyone on board.

From <https://docs.microsoft.com/en-us/microsoft-365/enterprise/desktop-deployment-center-home>

 

 

  • Mobile Device Management (MDM)

Provide a self-service Company Portal for users to enroll their own devices and install corporate applications across the most popular mobile platforms (Requires System Center)

From <https://docs.microsoft.com/en-gb/intune-user-help/use-managed-devices-to-get-work-done>

From <https://docs.microsoft.com/en-gb/intune-user-help/use-managed-devices-to-get-work-done>

 

Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to access corporate resources with the appropriate security configurations

  • How to configure Wi-Fi settings in Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/wi-fi-settings-configure>

 

Deliver comprehensive settings management for mobile devices, enabling the execution of remote actions such as passcode reset, device lock, data encryption, and full wipe to protect corporate data on lost or stolen devices

  • Remove devices by using wipe, retire, or manually unenrolling the device

From <https://docs.microsoft.com/en-us/intune/devices-wipe>

  • How to wipe only corporate data from Intune-managed apps

From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>

 

 

Protect corporate data by restricting access to Exchange email, Outlook email, and OneDrive for Business documents when a user tries to access resources on an unenrolled or non-compliant device based upon policies set by the administrator

  • App-based conditional access with Intune

From <https://docs.microsoft.com/en-gb/intune/app-based-conditional-access-intune>

 

Simplify enrollment of corporate devices with bulk enrollment using Apple Configurator or a single service account, enabling IT administrators to set policies and deploy applications on a large scale

  • Enroll iOS devices with Apple Configurator

From <https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios>

 

Streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)

  • Automatically enroll iOS devices with Apple’s Device Enrollment Program

From <https://docs.microsoft.com/en-us/intune/device-enrollment-program-enroll-ios>

 

Enable the enforcement of more strict “lock down” policies for Supervised iOS devices, Android devices using Kiosk Mode, and Windows Phone devices using Assigned Access

Mobile Application Management (MAM)

Enable your workforce to securely access corporate information using the Office mobile apps they know and love while preventing leakage of your company’s data by restricting actions such as copy/cut/paste/save in your managed app ecosystem

Manage Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life

  • How to Enable Intune MAM without Enrollment along with Conditional Access

From <https://www.anoopcnair.com/enable-intune-mam-without-enrollment-along-ca-android-devices/>

Apply the same management policies to your existing line-of-business (LOB) applications using the Intune App Wrapping Tool, without requiring code changes in those LOB apps

Allow users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune

  • Manage Internet access using protected browser policies with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>

 

 

Allow administrators and device users to protect corporate information through selective wipe of managed apps and related data when a device is unenrolled, no longer compliant, lost, stolen, or retired from use

 

  • How to wipe only corporate data from Intune-managed apps

From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>

 

 

  • PC Management

 

Integrate your existing System Center 2012 Configuration Manager infrastructure with Intune, further enhancing your ability to manage PCs, Macs, and Unix/Linux servers, as well as mobile devices from a single management console, while building on existing investments and skills

 

 

 

 

Provide real-time protection against malware threats on managed computers, keep malware definitions up-to date, and automatically scan computers to help protect against malware infections and other potentially unwanted software

 

  • Enable Windows Defender ATP with conditional access in Intune

From <https://docs.microsoft.com/en-us/intune/advanced-threat-protection>

 

  • Endpoint protection settings for Windows 10 (and later) in Intune

From <https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10>

 

  • Help secure Windows PCs with Endpoint Protection for Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune>

 

  • Manage software updates in Intune, Windows Update for Business

From <https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure>

 

 

 

Collect information about hardware configurations and software installed on managed computers, allowing you to generate reports, organize groups of computers, and more effectively target software deployments

 

  • Use the Intune Data Warehouse

From <https://docs.microsoft.com/en-us/intune/reports-nav-create-intune-reports>

 

 

Simplify administration by deploying software and configuring Windows Firewall settings on computers based upon policies defined by the administrator

 

  • Help protect Windows PCs using Windows Firewall policies in Microsoft Intune

From <https://docs.microsoft.com/en-ca/intune/help-protect-windows-pcs-using-windows-firewall-policies-in-microsoft-intune>

 

Enable administrators to push required apps automatically during enrollment and allow users to easily install corporate apps from the self-service Company Portal

 

  • Assign apps to groups with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/apps-deploy>

 

  • How to configure the Microsoft Intune Company Portal app

From <https://docs.microsoft.com/en-us/intune/company-portal-app>

 

  • How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/windows-store-for-business>

 

 

Provide the ability to deny specific applications or URL addresses from being accessed on mobile devices

 

  • Manage Internet access using an Microsoft Intune policy-protected browser

From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>

 

 

What would you like to accomplish with Azure Active Directory Premium?

User/group management (add/update/delete)/user-based provisioning, device registration

 

  • Set up enrollment for Windows devices

From <https://docs.microsoft.com/en-us/intune/windows-enroll>

 

  • Azure Active Directory integration with MDM

From <https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm>

 

 

 

Single Sign-On (SSO)

 

  • Azure Active Directory Seamless Single Sign-On

From <https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso>

 

Azure AD Pass-through Authentication and Seamless Single Sign-on

 

Self-service password reset/change/unlock with on-premises write-back

 

  • Tutorial: Enabling password writeback

From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-writeback>

 

 

 

Application proxy

 

  • How to provide secure remote access to on-premises applications

From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy>

 

Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups

 

  • Set up Azure Active Directory for self-service group management

From <https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-management>

 

  • How to configure self-service application assignment

From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access>

 

Multi-factor authentication (cloud and on-premises (MFA server))

 

  • Which version of Azure MFA is right for my organization?

From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion>

 

Cloud app discovery – Allows you to run a discovery on applications that use your corporate email addresses

 

  • Set up Cloud Discovery

From <https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery>

 

 

Connect Health – Includes ADFS, ADDS, and Directory Synchronization Health Monitoring from the cloud

 

  • Azure Active Directory Connect Health: Monitoring the sync engine

From <https://azure.microsoft.com/en-ca/resources/videos/azure-active-directory-connect-health-monitoring-the-sync-engine/>

 

 

Azure Conditional Access based on group and location

 

Best practices for conditional access in Azure Active Directory

From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices>

 

Conditional Access in Enterprise Mobility + Security

 

Azure Conditional Access based on device state (Allow access from managed devices)

 

  • How To: Require managed devices for cloud app access with conditional access

From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices>

 

 

Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery

 

BitLocker Management for Enterprises

From <https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises>

 

 

MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming

 

Please describe in some detail what your requirements are for securing your environment.

(Does not need to be elaborate and does not need to pertain to EMS)

 

 

 

 

  • All the links / resources shared through the chat window”

 

https://aka.ms/whfbdocs

  • 2. Planning guide

https://aka.ms/whfbplan

  • 3. Deployment guide

https://aka.ms/whfbdeploy

For the GPO to Intune CSP migration. MMAT-MDM Migration Analysis Tool

https://github.com/WindowsDeviceManagement/MMAT

 

From <https://docs.microsoft.com/en-us/windows/client-management/mdm/>

Advertisements

About Robert.Gabos

https://www.linkedin.com/in/RobertGabos
This entry was posted in Documents, elearning, Enterprise Mobility Security, Microsoft, Microsoft 365. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s