What would you like to accomplish with Intune?
|
Getting Started: People, Process and Technology Guidance
Discover the benefits of a modern desktop, major changes and considerations versus previous deployments and best practices to ensure a smooth transition to Windows 10 and Office 365 ProPlus. |
|
|
Step 1: Device and App Readiness
Begin your desktop deployment project with an inventory of your devices and apps, prioritize what you to move forward, test prioritized apps and devices, then remediate what’s needed to get ready for deployment. |
|
|
Step 2: Directory and Network Readiness
Cloud connected services in Office 365 ProPlus and new deployment options like Windows Autopilot require Azure Active Directory. Your network and connectivity are also important areas to plan when moving Windows images, apps, drivers and related files to your PCs. Learn how new tools and deployment options reduce and streamline network traffic. |
|
|
Step 3: Office and LOB App Delivery
Ensure your apps are packaged and ready for automated installation. Learn how Click-to-Run packaging with Office 365 ProPlus gives you new options to configure, deliver and keep your Office apps up-to-date. |
|
|
Step 4: User Files and Settings
When refreshing or replacing PCs, save time by automating user state backup and restore. New options for cloud file sync allow you to enforce per user sync of Desktop, Documents and Pictures folders to OneDrive for seamless file access from new Windows installs. |
|
|
Step 5: Security and Compliance Considerations
Windows 10 and Office 365 ProPlus provide new ways to protect your data, devices and users and quickly detect and respond to threats. Also, learn how to deal with common problems associated with disk encryption, anti-malware apps and policies when moving to Windows 10. |
|
|
Step 6: OS Deployment and Feature Updates
Task sequence-based deployment is used to automate large scale, phased deployment for bare metal installs, PC refresh and PC replacement. Upgrade task sequences will also help you stay current with major semi-annual updates. And Windows Autopilot is a recent addition that modernizes the new PC acquisition process. |
|
|
Step 7: Preparing for Windows and Office as a Service
Both Windows 10 and Office 365 ProPlus continually add new capabilities to keep bringing user experiences and security forward with the latest innovations. Learn how to stay current with semi-annual and monthly updates, how the new servicing model works and the tools and options you have. |
|
|
Step 8: User Communication and Training
Make sure your users are informed about new experiences and new ways of working as you shift your PCs to Windows 10 and Office 365 ProPlus. Learn how to take advantage of user adoption assistance with Microsoft FastTrack, training materials and communication templates, as well as new ways to monitor user acceptance and usage. |
|
|
Get your Leadership on Board: Value Discovery and Business Case
If you’ve done your deployment research, assessed app and device readiness, built your deployment plan and started piloting your deployment, but don’t have the support or resources needed from your management team to meet your deployment timelines, the Business Value Programs at Microsoft can help. Learn how to build a business case for a modern desktop and help get everyone on board. |
|
From <https://docs.microsoft.com/en-us/microsoft-365/enterprise/desktop-deployment-center-home>
- Mobile Device Management (MDM)
☐ Provide a self-service Company Portal for users to enroll their own devices and install corporate applications across the most popular mobile platforms (Requires System Center)
☐ Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to access corporate resources with the appropriate security configurations
- How to configure Wi-Fi settings in Microsoft Intune
From <https://docs.microsoft.com/en-us/intune/wi-fi-settings-configure>
☐ Deliver comprehensive settings management for mobile devices, enabling the execution of remote actions such as passcode reset, device lock, data encryption, and full wipe to protect corporate data on lost or stolen devices
- Remove devices by using wipe, retire, or manually unenrolling the device
From <https://docs.microsoft.com/en-us/intune/devices-wipe>
- How to wipe only corporate data from Intune-managed apps
From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>
☐ Protect corporate data by restricting access to Exchange email, Outlook email, and OneDrive for Business documents when a user tries to access resources on an unenrolled or non-compliant device based upon policies set by the administrator
- App-based conditional access with Intune
From <https://docs.microsoft.com/en-gb/intune/app-based-conditional-access-intune>
☐ Simplify enrollment of corporate devices with bulk enrollment using Apple Configurator or a single service account, enabling IT administrators to set policies and deploy applications on a large scale
- Enroll iOS devices with Apple Configurator
From <https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios>
☐ Streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
- Automatically enroll iOS devices with Apple’s Device Enrollment Program
From <https://docs.microsoft.com/en-us/intune/device-enrollment-program-enroll-ios>
☐ Enable the enforcement of more strict “lock down” policies for Supervised iOS devices, Android devices using Kiosk Mode, and Windows Phone devices using Assigned Access
Mobile Application Management (MAM)
☐ Enable your workforce to securely access corporate information using the Office mobile apps they know and love while preventing leakage of your company’s data by restricting actions such as copy/cut/paste/save in your managed app ecosystem
☐ Manage Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life
- How to Enable Intune MAM without Enrollment along with Conditional Access
From <https://www.anoopcnair.com/enable-intune-mam-without-enrollment-along-ca-android-devices/>
☐ Apply the same management policies to your existing line-of-business (LOB) applications using the Intune App Wrapping Tool, without requiring code changes in those LOB apps
☐ Allow users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune
- Manage Internet access using protected browser policies with Microsoft Intune
From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>
☐ Allow administrators and device users to protect corporate information through selective wipe of managed apps and related data when a device is unenrolled, no longer compliant, lost, stolen, or retired from use
- How to wipe only corporate data from Intune-managed apps
From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>
☐ Integrate your existing System Center 2012 Configuration Manager infrastructure with Intune, further enhancing your ability to manage PCs, Macs, and Unix/Linux servers, as well as mobile devices from a single management console, while building on existing investments and skills
☐ Provide real-time protection against malware threats on managed computers, keep malware definitions up-to date, and automatically scan computers to help protect against malware infections and other potentially unwanted software
- Enable Windows Defender ATP with conditional access in Intune
From <https://docs.microsoft.com/en-us/intune/advanced-threat-protection>
- Endpoint protection settings for Windows 10 (and later) in Intune
From <https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10>
- Help secure Windows PCs with Endpoint Protection for Microsoft Intune
From <https://docs.microsoft.com/en-us/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune>
- Manage software updates in Intune, Windows Update for Business
From <https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure>
☐ Collect information about hardware configurations and software installed on managed computers, allowing you to generate reports, organize groups of computers, and more effectively target software deployments
- Use the Intune Data Warehouse
From <https://docs.microsoft.com/en-us/intune/reports-nav-create-intune-reports>
☐ Simplify administration by deploying software and configuring Windows Firewall settings on computers based upon policies defined by the administrator
- Help protect Windows PCs using Windows Firewall policies in Microsoft Intune
From <https://docs.microsoft.com/en-ca/intune/help-protect-windows-pcs-using-windows-firewall-policies-in-microsoft-intune>
☐ Enable administrators to push required apps automatically during enrollment and allow users to easily install corporate apps from the self-service Company Portal
- Assign apps to groups with Microsoft Intune
From <https://docs.microsoft.com/en-us/intune/apps-deploy>
- How to configure the Microsoft Intune Company Portal app
From <https://docs.microsoft.com/en-us/intune/company-portal-app>
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune
From <https://docs.microsoft.com/en-us/intune/windows-store-for-business>
☐ Provide the ability to deny specific applications or URL addresses from being accessed on mobile devices
- Manage Internet access using an Microsoft Intune policy-protected browser
From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>
What would you like to accomplish with Azure Active Directory Premium?
☐ User/group management (add/update/delete)/user-based provisioning, device registration
- Set up enrollment for Windows devices
From <https://docs.microsoft.com/en-us/intune/windows-enroll>
- Azure Active Directory integration with MDM
From <https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm>
☐ Single Sign-On (SSO)
- Azure Active Directory Seamless Single Sign-On
From <https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso>
Azure AD Pass-through Authentication and Seamless Single Sign-on
☐ Self-service password reset/change/unlock with on-premises write-back
- Tutorial: Enabling password writeback
From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-writeback>
☐ Application proxy
- How to provide secure remote access to on-premises applications
From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy>
☐ Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups
- Set up Azure Active Directory for self-service group management
From <https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-management>
- How to configure self-service application assignment
From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access>
☐ Multi-factor authentication (cloud and on-premises (MFA server))
- Which version of Azure MFA is right for my organization?
From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion>
☐ Cloud app discovery – Allows you to run a discovery on applications that use your corporate email addresses
From <https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery>
☐ Connect Health – Includes ADFS, ADDS, and Directory Synchronization Health Monitoring from the cloud
- Azure Active Directory Connect Health: Monitoring the sync engine
From <https://azure.microsoft.com/en-ca/resources/videos/azure-active-directory-connect-health-monitoring-the-sync-engine/>
☐ Azure Conditional Access based on group and location
Best practices for conditional access in Azure Active Directory
From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices>
Conditional Access in Enterprise Mobility + Security
☐ Azure Conditional Access based on device state (Allow access from managed devices)
- How To: Require managed devices for cloud app access with conditional access
From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices>
☐ Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery
BitLocker Management for Enterprises
From <https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises>
☐ MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming
Please describe in some detail what your requirements are for securing your environment.
(Does not need to be elaborate and does not need to pertain to EMS)
- All the links / resources shared through the chat window”
https://aka.ms/whfbdocs
https://aka.ms/whfbplan
https://aka.ms/whfbdeploy
For the GPO to Intune CSP migration. MMAT-MDM Migration Analysis Tool
https://github.com/WindowsDeviceManagement/MMAT
From <https://docs.microsoft.com/en-us/windows/client-management/mdm/>
IT BLOGS 
You must be logged in to post a comment.