Azure IAAS & Active Directory VM Best Practices

*under-construction

 

Advertisements
Posted in Active Directory, Azure, elearning, Microsoft, Windows Server | Tagged , , , | Leave a comment

Intune EMS Discovery Questionnaire for FastTrack

 

What would you like to accomplish with Intune?

  Workshops

  • Modern IT Enterprise Security PoC

From <https://planningservices.partners.extranet.microsoft.com/en/DDPS/Pages/Modern-IT-Enterprise-Security-Proof-of-Concept.aspx>

 

 

      • Modern Desktop Deployment Center

From <https://docs.microsoft.com/en-us/microsoft-365/enterprise/desktop-deployment-center-home>

      • What’s new in Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/whats-new>

 

 

Getting Started: People, Process and Technology Guidance

Discover the benefits of a modern desktop, major changes and considerations versus previous deployments and best practices to ensure a smooth transition to Windows 10 and Office 365 ProPlus.

Step 1: Device and App Readiness

Begin your desktop deployment project with an inventory of your devices and apps, prioritize what you to move forward, test prioritized apps and devices, then remediate what’s needed to get ready for deployment.

Step 2: Directory and Network Readiness

Cloud connected services in Office 365 ProPlus and new deployment options like Windows Autopilot require Azure Active Directory. Your network and connectivity are also important areas to plan when moving Windows images, apps, drivers and related files to your PCs. Learn how new tools and deployment options reduce and streamline network traffic.

Step 3: Office and LOB App Delivery

Ensure your apps are packaged and ready for automated installation. Learn how Click-to-Run packaging with Office 365 ProPlus gives you new options to configure, deliver and keep your Office apps up-to-date.

Step 4: User Files and Settings

When refreshing or replacing PCs, save time by automating user state backup and restore. New options for cloud file sync allow you to enforce per user sync of Desktop, Documents and Pictures folders to OneDrive for seamless file access from new Windows installs.

Step 5: Security and Compliance Considerations

Windows 10 and Office 365 ProPlus provide new ways to protect your data, devices and users and quickly detect and respond to threats. Also, learn how to deal with common problems associated with disk encryption, anti-malware apps and policies when moving to Windows 10.

Step 6: OS Deployment and Feature Updates

Task sequence-based deployment is used to automate large scale, phased deployment for bare metal installs, PC refresh and PC replacement. Upgrade task sequences will also help you stay current with major semi-annual updates. And Windows Autopilot is a recent addition that modernizes the new PC acquisition process.

Step 7: Preparing for Windows and Office as a Service

Both Windows 10 and Office 365 ProPlus continually add new capabilities to keep bringing user experiences and security forward with the latest innovations. Learn how to stay current with semi-annual and monthly updates, how the new servicing model works and the tools and options you have.

Step 8: User Communication and Training

Make sure your users are informed about new experiences and new ways of working as you shift your PCs to Windows 10 and Office 365 ProPlus. Learn how to take advantage of user adoption assistance with Microsoft FastTrack, training materials and communication templates, as well as new ways to monitor user acceptance and usage.

Get your Leadership on Board: Value Discovery and Business Case

If you’ve done your deployment research, assessed app and device readiness, built your deployment plan and started piloting your deployment, but don’t have the support or resources needed from your management team to meet your deployment timelines, the Business Value Programs at Microsoft can help. Learn how to build a business case for a modern desktop and help get everyone on board.

From <https://docs.microsoft.com/en-us/microsoft-365/enterprise/desktop-deployment-center-home>

 

 

  • Mobile Device Management (MDM)

Provide a self-service Company Portal for users to enroll their own devices and install corporate applications across the most popular mobile platforms (Requires System Center)

From <https://docs.microsoft.com/en-gb/intune-user-help/use-managed-devices-to-get-work-done>

From <https://docs.microsoft.com/en-gb/intune-user-help/use-managed-devices-to-get-work-done>

 

Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to access corporate resources with the appropriate security configurations

  • How to configure Wi-Fi settings in Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/wi-fi-settings-configure>

 

Deliver comprehensive settings management for mobile devices, enabling the execution of remote actions such as passcode reset, device lock, data encryption, and full wipe to protect corporate data on lost or stolen devices

  • Remove devices by using wipe, retire, or manually unenrolling the device

From <https://docs.microsoft.com/en-us/intune/devices-wipe>

  • How to wipe only corporate data from Intune-managed apps

From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>

 

 

Protect corporate data by restricting access to Exchange email, Outlook email, and OneDrive for Business documents when a user tries to access resources on an unenrolled or non-compliant device based upon policies set by the administrator

  • App-based conditional access with Intune

From <https://docs.microsoft.com/en-gb/intune/app-based-conditional-access-intune>

 

Simplify enrollment of corporate devices with bulk enrollment using Apple Configurator or a single service account, enabling IT administrators to set policies and deploy applications on a large scale

  • Enroll iOS devices with Apple Configurator

From <https://docs.microsoft.com/en-us/intune/apple-configurator-enroll-ios>

 

Streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)

  • Automatically enroll iOS devices with Apple’s Device Enrollment Program

From <https://docs.microsoft.com/en-us/intune/device-enrollment-program-enroll-ios>

 

Enable the enforcement of more strict “lock down” policies for Supervised iOS devices, Android devices using Kiosk Mode, and Windows Phone devices using Assigned Access

Mobile Application Management (MAM)

Enable your workforce to securely access corporate information using the Office mobile apps they know and love while preventing leakage of your company’s data by restricting actions such as copy/cut/paste/save in your managed app ecosystem

Manage Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life

  • How to Enable Intune MAM without Enrollment along with Conditional Access

From <https://www.anoopcnair.com/enable-intune-mam-without-enrollment-along-ca-android-devices/>

Apply the same management policies to your existing line-of-business (LOB) applications using the Intune App Wrapping Tool, without requiring code changes in those LOB apps

Allow users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune

  • Manage Internet access using protected browser policies with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>

 

 

Allow administrators and device users to protect corporate information through selective wipe of managed apps and related data when a device is unenrolled, no longer compliant, lost, stolen, or retired from use

 

  • How to wipe only corporate data from Intune-managed apps

From <https://docs.microsoft.com/en-us/intune/apps-selective-wipe>

 

 

  • PC Management

 

Integrate your existing System Center 2012 Configuration Manager infrastructure with Intune, further enhancing your ability to manage PCs, Macs, and Unix/Linux servers, as well as mobile devices from a single management console, while building on existing investments and skills

 

 

 

 

Provide real-time protection against malware threats on managed computers, keep malware definitions up-to date, and automatically scan computers to help protect against malware infections and other potentially unwanted software

 

  • Enable Windows Defender ATP with conditional access in Intune

From <https://docs.microsoft.com/en-us/intune/advanced-threat-protection>

 

  • Endpoint protection settings for Windows 10 (and later) in Intune

From <https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10>

 

  • Help secure Windows PCs with Endpoint Protection for Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune>

 

  • Manage software updates in Intune, Windows Update for Business

From <https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure>

 

 

 

Collect information about hardware configurations and software installed on managed computers, allowing you to generate reports, organize groups of computers, and more effectively target software deployments

 

  • Use the Intune Data Warehouse

From <https://docs.microsoft.com/en-us/intune/reports-nav-create-intune-reports>

 

 

Simplify administration by deploying software and configuring Windows Firewall settings on computers based upon policies defined by the administrator

 

  • Help protect Windows PCs using Windows Firewall policies in Microsoft Intune

From <https://docs.microsoft.com/en-ca/intune/help-protect-windows-pcs-using-windows-firewall-policies-in-microsoft-intune>

 

Enable administrators to push required apps automatically during enrollment and allow users to easily install corporate apps from the self-service Company Portal

 

  • Assign apps to groups with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/apps-deploy>

 

  • How to configure the Microsoft Intune Company Portal app

From <https://docs.microsoft.com/en-us/intune/company-portal-app>

 

  • How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune

From <https://docs.microsoft.com/en-us/intune/windows-store-for-business>

 

 

Provide the ability to deny specific applications or URL addresses from being accessed on mobile devices

 

  • Manage Internet access using an Microsoft Intune policy-protected browser

From <https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser>

 

 

What would you like to accomplish with Azure Active Directory Premium?

User/group management (add/update/delete)/user-based provisioning, device registration

 

  • Set up enrollment for Windows devices

From <https://docs.microsoft.com/en-us/intune/windows-enroll>

 

  • Azure Active Directory integration with MDM

From <https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm>

 

 

 

Single Sign-On (SSO)

 

  • Azure Active Directory Seamless Single Sign-On

From <https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso>

 

Azure AD Pass-through Authentication and Seamless Single Sign-on

 

Self-service password reset/change/unlock with on-premises write-back

 

  • Tutorial: Enabling password writeback

From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-writeback>

 

 

 

Application proxy

 

  • How to provide secure remote access to on-premises applications

From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy>

 

Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups

 

  • Set up Azure Active Directory for self-service group management

From <https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-self-service-management>

 

  • How to configure self-service application assignment

From <https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access>

 

Multi-factor authentication (cloud and on-premises (MFA server))

 

  • Which version of Azure MFA is right for my organization?

From <https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion>

 

Cloud app discovery – Allows you to run a discovery on applications that use your corporate email addresses

 

  • Set up Cloud Discovery

From <https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery>

 

 

Connect Health – Includes ADFS, ADDS, and Directory Synchronization Health Monitoring from the cloud

 

  • Azure Active Directory Connect Health: Monitoring the sync engine

From <https://azure.microsoft.com/en-ca/resources/videos/azure-active-directory-connect-health-monitoring-the-sync-engine/>

 

 

Azure Conditional Access based on group and location

 

Best practices for conditional access in Azure Active Directory

From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices>

 

Conditional Access in Enterprise Mobility + Security

 

Azure Conditional Access based on device state (Allow access from managed devices)

 

  • How To: Require managed devices for cloud app access with conditional access

From <https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices>

 

 

Join a Windows 10 device to Azure AD, Desktop SSO, Microsoft Passport for Azure AD, Administrator Bitlocker recovery

 

BitLocker Management for Enterprises

From <https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises>

 

 

MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming

 

Please describe in some detail what your requirements are for securing your environment.

(Does not need to be elaborate and does not need to pertain to EMS)

 

 

 

 

  • All the links / resources shared through the chat window”

 

https://aka.ms/whfbdocs

  • 2. Planning guide

https://aka.ms/whfbplan

  • 3. Deployment guide

https://aka.ms/whfbdeploy

For the GPO to Intune CSP migration. MMAT-MDM Migration Analysis Tool

https://github.com/WindowsDeviceManagement/MMAT

 

From <https://docs.microsoft.com/en-us/windows/client-management/mdm/>

Posted in Documents, elearning, Enterprise Mobility Security, Microsoft, Microsoft 365 | Leave a comment

Work Folders vs Offline Files vs OneDrive (comparisons chart)

workfolders-offlinefiles-onedrive

 

Posted in Uncategorized | Leave a comment

Windows 10 Updates & Management Options (Quick Showcase)

You are here: Study Notes > MICROSOFT > Windows 10 > Deployment > Updates > Quick Showcase – Windows 10 Updates & Management Options (Web view)

Windows 10 Updates & Management Options

•       Overview – Win10  (Web view)

•       Modern Desktop Deployment Center

•       Quick guide to Windows as a Service

•       Tech Community Windows Insider

•       Windows Insiders Meetup (WIM)

Modern Desktop Deployment Process

•        Getting Started: People, Process and Technology Guidance

Step 1: Device and App Readiness

Step 2: Directory and Network Readiness

Step 3: Office and LOB App Delivery

Step 4: User Files and Settings Migration

Step 5: Security and Compliance Considerations

Step 6: OS Deployment and Feature Updates

Step 7: Windows and Office as a Service

Step 8: User Communications and Training

•        Get your Leadership on Board: Value Discovery and Business Case

The Windows 10 operating system introduces a new way to build, deploy, and service Windows.

Planning & Process Documents

Steps to manage updates for Windows 10

From <https://docs.microsoft.com/en-us/windows/deployment/windows-10-architecture-posters>

Microsoft 365 Powered Device Lab Kit v3 1803

+

Windows Insider Program for Business getting started

You can install on individual or multiple devices. Click here to learn how.

Windows Insider Program

Windows Insider Program for Business

What’s new for Windows Insider Program for Business Preview Builds

Get started with the Windows Insider Program for Business

Register with the Windows 10 Insider Program for Business

Install Windows Insider Program for Business preview builds

Manage Windows Insider Program for Business Preview builds

Share Feedback Via the Feedback Hub

Windows readiness levels and flight rings

Windows Insider Program troubleshooting

From https://docs.microsoft.com/en-us/windows-insider/at-work-pro/wip-4-biz-get-started

  • WS00151: Deploy and manage Windows as a service
  • Heard about Windows as a service but don’t completely get it, yet? We recommend this lab. It teaches you how Microsoft will update Windows 10 with new functionality and how you can manage that process. Concepts in this lab include everything from deferral policies in Windows Update for Business to managing updates in Windows Server Update Services.
  • > LAUNCH LAB <

Online Training Workshops & Events

Desktop & Device Manager
myignite.techcommunity.microsoft.com/learning-paths/66821

Role: Microsoft 365 Enterprise Administrator
Learning Path: Mobility and Security
Microsoft 365 Device Management – MS-101.3

Posted in elearning, LABS, Microsoft, windows 10 | Leave a comment

Windows 10 Modern Desktop PoC

windows-10-logo.png

onenote-icon-logo1 Overview  (Web view)

You are here: Study Notes > MICROSOFT > Windows 10 > Modern Desktop POC > MDPoC > Overview – Windows 10 Modern Desktop 365 Powered Devices PoC

Modern Desktop 365 PoC

From <https://www.microsoft.com/microsoft-365/partners/moderndesktop-ECIF-PoC>

 Modern Desktop Partner Resources

From <https://www.yammer.com/office365partners/#/threads/inGroup?type=in_group&feedId=14347875>

 

Moodle LMS course format – Modern Desktop Windows 10

moodle-cloud-logo

Microsoft 365 Modern Desktop PoC WorkshopPLUS

From <https://theitppl.moodlecloud.com/>

 

Microsoft-365-Win10-MD-PoC-Learning-Paths-ITPRO.png

mec-sign-up

 

  • Table Of Contents

Overview – Windows 10 Modern Desktop 365 Powered Devices PoC

Ready your team for the modern workplace

Get your team certified on cloud-critical identity and access management skills

Considering Microsoft 365? Get your team certified on Office 365

Moving to Microsoft 365? Get your team certified on Windows 10

Helping customers shift to a modern desktop

Making IT simpler with a modern workplace

Windows lifecycle fact sheet

Modern Desktop technical webinars & consultations – June, July & August

Modern Desktop technical webinars & consultations – August, September & October

# M365 Powered Device PoC – Customer Presentation 1803

Windows-10-Enterprise-Proof-of-Concept-from-Microsoft-Services

Windows IT Pro Center – What’s new for IT Pros in Windows 10, version 1803

TechCommunity – What’s new for IT pros in Windows 10, version 1803

FY18 Partner Microsoft 365 Powered Device Presentation (June 14)

Modern Desktop Training Library

Microsoft 365 – The Benefits and Features of Windows 10 LEARNING PATH

Microsoft 365 Partner Webinar Series

Microsoft 365 Powered Device Proof of Concept and Pilot (OFF507PAL)

The Windows 10 Link List

Microsoft Ready – All July 2017 Sessions

Modern Desktop Assessment

01 Overview & Delivery Timelines guide

02 Assessment Goals

03 Shift to a modern desktop

04 How do you deploy Modern Desktop

05 Introduction to Windows Analytics

06 Partner Delivery Guide

07 Findings & Recommendations

08 Customer Report Guidelines

* LAB – Microsoft DEMOS – Microsoft 365 Enterprise Hero Demo

5-Day Workshop PoC

# 00 Project Kickoff

* LAB – Microsoft DEMOS – Microsoft 365 Powered Device

# MODULE 01 Overview

# MODULE 02 Servicing

Overview of Windows as a service

Preparing Your Enterprise for Windows 10 as a Service

02 Deploying Windows as a Service

03 Staying Current with Windows as a Service

# MODULE 03 Deployment and Management

Modern deployment options in Windows 10

Modern Windows 10 management strategies, using Configuration Manager and Microsoft Intune

Deploying Windows 10: User-driven cloud deployment with Windows AutoPilot – BRK3031

Deploying Windows 10: An overview of what’s new and future direction – BRK3030

Windows AutoPilot: What it is and how it works

Desktop deployment for Microsoft 365 – Windows 10 & Office 365 ProPlus

Deploying Windows 10 Using System Center Configuration Manager

01 Preparing Configuration Manager for Windows 10

02 Operating System Deployment (OSD) Basics

03 Deploying and Managing Windows 10 with System Center Configuration Manager

Windows as a service

Modern User Environment Management

# MODULE 04 Security

Windows 10 Security in Real Life

Windows 10 – 3min features – Windows Defender

Windows Defender Application Guard overview

How Windows Defender Credential Guard works

Deep Dive into Credential Guard

01 Credential Guard

Security Expert Roundtable: Advanced Threat Protection at Microsoft (October 2017)

# MODULE 05 Compatibility

* LAB – Microsoft DEMOS – Modern Desktop TCO

Inspire Modern Desktop – Windows Analytics Click Through

Windows 10 Analytics (MPN17584)

01 Windows Telemetry

02 WINDOWS SERVER 2016 AND SYSTEM CENTER 2016 TELEMETRY – Technical Overview Whitepaper 2016

Developer’s Guide to the Desktop Bridge

01 Intro

02 Desktop App Converter

03 Debugging and Testing Your Converted Apps

04 Distributing Your Converted Apps

05 Enhancing Desktop Applications with UWP Features

06 Extending and Modernizing Applications with UWP Components

07 What’s next for Desktop Bridged

05 Compatibility Breakouts

# MODULE 06 Assessment Roadmap

# MODULE 07 Project Close

Modern Desktop Pilot

M365PDP_D00_DeliveryGuide_1803

M365PDP_D01_SolutionArchitecture_1803

M365PDP_D02_CapabilityArchitecture_1803

M365PDP_D03_ProjectKickoff_1803

M365PDP_D04_ProjectCloseout_1803

M365PDP_D05_TrainingPlan_1803

M365PDP_D06_DocumentGraphics_1803

M365PDP_S00_Datasheet_1803

M365PDP_S01_SalesDeck_1803

Microsoft 365 Powered Device Pilot sow editable copy

Configure & Enable Co-Management

CM_CoManagement_TechnicalGuide_1803

CM_Comanagement_Workshop_1803

Configure & Enable Modern Deployment

Modern Deployment_TechnicalGuide_1803

Modern Deployment_Workshop_1803

Design & Implement Application Delivery

ApplicationDelivery_TechnicalGuide_1803

CM_ApplicationDelivery_Workshop_1803

Design & Implement Windows Servicing

Servicing_TechnicalGuide_1803

Servicing_Workshop_1803

Design & Pilot In-Place Upgrade Deployment

InPlaceUpgrade_TechnicalGuide_1803

InPlaceUpgrade_Workshop_1803

Infrastructure Foundations

Infrastructure Foundations_TechnicalGuide_1803

Infrastructure Foundations_Workshop_1803

Security Foundations

SecurityFoundations_TechnicalGuide_1803

M365 Powered Device Pilot_SecurityFoundations_Workshop_1803

Upgrade CM Core Infrastructure

M365PDP_CM_UpgradeInfra_TechnicalGuide_1803

M365 Powered Device Pilot_UpgradeInfra_Workshop_1803

Desktop Deployment Planning Services

Microsoft 365 Powered Devices Lab Guides

00_Lab Setup – On-Premises Environment Setup

01_Lab Setup – Cloud Environment

02_Lab Setup – On-Premises Environment Post Setup Manual Steps

03_Servicing – Windows Analytics Update Compliance

04_Servicing – Servicing Windows 10 with Configuration Manager

05_Servicing – Servicing Office 365 ProPlus with Configuration Manager

06_Deployment & Management – Modern Device Deployment

07_Deployment & Management – Modern Device Management

08_Deployment & Management – Office 365 ProPlus Deployment

09_Deployment & Management – BIOS to UEFI Conversion

10_Deployment & Management – Modern Application Management

11_Deployment & Management – Enterprise State Roaming

12_Security – Windows Defender Application Guard

13_Security – Windows Defender Exploit Guard

14_Security – Windows Defender Advanced Threat Protection

15_Security – Device Guard – User Mode Code Integrity

16_Security – Windows Hello

17_Security – Credential Guard

18_Security – Device Encryption

19_Security – Windows Information Protection

20_Security – Remote Access (VPN)

21_Compatibility – Windows Analytics Upgrade Readiness

22_Compatibility – Desktop Bridges

23_Compatibility – Browser Compatibility

24_Compatibility – Windows App Certification Kit

25_Compatibility – Application Virtualization

Additional Technical Resources

Windows 10 Resources – General Information & News (Sway Presentation)

Modern Workplace Learning Maps

Microsoft Education Resource Center

Microsoft Academic & Partner Programs for Education & Learning Partners

Microsoft

Microsoft Digital Literacy

Professional Development through the Microsoft Educator Community

Microsoft Tech Academy

Microsoft Azure Essentials

Visual Studio Dev Essentials

Office 365 Dev Program

Microsoft Cloud Society

Practice Acceleration Framework

Microsoft Azure Master

MCSE Mobility & Windows 10 Modern Desktop Admin – Exam Prep

# vNext Steps & Windows Modern SysAdmin

What’s New? Windows Client Workshops

Posted in elearning, Microsoft, windows 10 | Leave a comment

Microsoft Certified Trainer 2018-2019

http://mct.robertgabos.com

mct-badge-2018-2019
Microsoft Certified Trainer 2018-2019
Go to this Sway

 

Posted in IT-CERTS, Microsoft | Leave a comment

Active Directory Replication Troubleshooting Tools

Posted in Active Directory, elearning, Microsoft, Windows Server | Leave a comment