Book Image

Mastering Microsoft Endpoint Manager

By : Christiaan Brinkhoff, Per Larsen
5 (1)
Book Image

Mastering Microsoft Endpoint Manager

5 (1)
By: Christiaan Brinkhoff, Per Larsen

Overview of this book

Microsoft Modern Workplace solutions can simplify the management layer of your environment remarkably if you take the time to understand and implement them. With this book, you’ll learn everything you need to know to make the shift to Modern Workplace, running Windows 10, Windows 11, or Windows 365. Mastering Microsoft Endpoint Manager explains various concepts in detail to give you the clarity to plan how to use Microsoft Endpoint Manager (MEM) and eliminate potential migration challenges beforehand. You'll get to grips with using new services such as Windows 365 Cloud PC, Windows Autopilot, profile management, monitoring and analytics, and Universal Print. The book will take you through the latest features and new Microsoft cloud services to help you to get to grips with the fundamentals of MEM and understand which services you can manage. Whether you are talking about physical or cloud endpoints—it’s all covered. By the end of the book, you'll be able to set up MEM and use it to run Windows 10, Windows 11, and Windows 365 efficiently.

Related Content you might be interested in

Current Title:

Small book image
Mastering Microsoft Endpoint Manager
Christiaan Brinkhoff | Per Larsen
Oct, 2021 | 666 pages
Small book image
Mastering Windows 365
Sandeep Patnaik | Morten Pedholt | Christiaan Brinkhoff
Sep, 2023 | 458 pages
Small book image
Mastering Windows Security and Hardening
Mark Dunkerley | Matt Tumbarello
Aug, 2022 | 816 pages
Small book image
Mastering Windows Security and Hardening
Mark Dunkerley | Matt Tumbarello
Jul, 2020 | 572 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Understanding the Basics
Section 1: Understanding the Basics
Free Chapter
2
Chapter 1: Introduction to Microsoft 365
Chapter 1: Introduction to Microsoft 365
An introduction to Microsoft 365
Summary
Questions
Answers
Further reading
3
Chapter 2: What Is Unified Endpoint Management?
Chapter 2: What Is Unified Endpoint Management?
Paths to modern management
Microsoft Endpoint Manager and Intune
Exploring Windows 10 Enterprise in detail
Bring your own device
What is zero trust?
Summary
Questions
Answers
Further reading
4
Section 2: Windows 365
Section 2: Windows 365
5
Chapter 3: Introducing Windows 365
Chapter 3: Introducing Windows 365
What is Windows 365?
Microsoft Endpoint Configuration Manager support
On-premises connections
Summary
Questions
Answers
Further reading
6
Chapter 4: Deploying Windows 365
Chapter 4: Deploying Windows 365
Technical requirements for deploying Windows 365
Self-service capabilities – IT admin
Azure AD – MyApps unified (workspace) portal
Auto-subscribing users in the Remote Desktop client
Autopilot and cloud PCs – lightweight thin client (Kiosk)
Monitoring and analytics
Shadow users with Quick Assist
Windows 11
Microsoft Managed Desktop
Summary
Questions
Answers
Further reading
7
Section 3: Mastering Microsoft Endpoint Manager
Section 3: Mastering Microsoft Endpoint Manager
8
Chapter 5: Requirements for Microsoft Endpoint Manager
Chapter 5: Requirements for Microsoft Endpoint Manager
Endpoint scenarios
Identity roles and privileges for Microsoft Intune
Identity roles and privileges for a Windows 365 cloud PC
Identity roles and privileges for Universal Print
Licensing requirements
Supported OSes
Windows 11 requirements
Administrator licensing
MEM – network URL firewall requirements
Universal Print – required URLs
Summary
Questions
Answers
Further reading
9
Chapter 6: Windows Deployment and Management
Chapter 6: Windows Deployment and Management
Deploying existing Windows devices into Microsoft Endpoint Manager
Windows Update for Business
Summary
Questions
Answers
Further reading
10
Chapter 7: Manager Windows Autopilot
Chapter 7: Manager Windows Autopilot
Technical requirements
Windows Autopilot overview
Uploading the hardware ID to Windows Autopilot
Windows Autopilot for existing devices
Windows updates during the Out-of-Box Experience (OOBE)
Enrollment Status Page (ESP)
Autopilot reporting and diagnostics
Cloud configuration scenario
Edge kiosk self-deployment scenario
Wiping and resetting your devices
Fresh start
Summary
Questions
Answers
Further reading
11
Chapter 8: Application Management and Delivery
Chapter 8: Application Management and Delivery
Application delivery via Microsoft Endpoint Manager
Different application types you can deploy
Community tool – Win32App Migration Tool
Deploying Microsoft 365 apps
Microsoft 365 Apps admin center
Deploying Microsoft Teams
OneDrive
What is MSIX?
Summary
Questions
Answers
Further reading
12
Chapter 9: Understanding Policy Management
Chapter 9: Understanding Policy Management
Policy management
What is a CSP policy?
Windows Push Notification Services (WNS)
Policy management within Microsoft Endpoint Manager
Migrating existing policies from AD – Group Policy management (preview)
Summary
Questions
Answers
Further reading
13
Chapter 10: Advanced Policy Management
Chapter 10: Advanced Policy Management
Policy management
Configuring administrative templates
OneDrive – block syncing specific file extensions
Configure device configuration (template)
Pushing PowerShell scripts – scripted actions to endpoints
Compliance policies
Summary
Questions
Answers
Further reading
14
Chapter 11: Office Policy Management
Chapter 11: Office Policy Management
The Office cloud policy service
Creating a policy configuration with the OCP service
Security Policy Advisor
Summary
Questions
Answers
Further reading
15
Chapter 12: User Profile Management
Chapter 12: User Profile Management
Windows profiles
Microsoft Office's roaming settings
OneDrive for Business Known Folder Move
Microsoft Edge
ESR + OneDrive + Edge + Office
Summary
Questions
Answers
Further reading
16
Chapter 13: Identity and Security Management
Chapter 13: Identity and Security Management
Microsoft Identity
AAD
Conditional Access
Cloud apps
Grant
Preventing users from carrying out AAD device registration
Self-service password reset
AAD password protection
Password-less authentication
Enabling password-less authentication
BitLocker disk encryption
BitLocker recovery keys
Microsoft Defender for Endpoint
Security baselines
Compliance policies
Windows 365 security baselines
Connecting to Intune – MEM integration
Alerts and security assessments
Summary
Questions
Answers
Further reading
17
Chapter 14: Monitoring and Endpoint Analytics
Chapter 14: Monitoring and Endpoint Analytics
Monitoring and analytics
Monitoring your physical and virtual cloud endpoints
Endpoint analytics – advanced monitoring
Top 10 impacting start up processes
OS restart history
Resource performance
Insights and recommendations – score trends
Application reliability
Windows 365-specific metrics
Insights and recommendations
Customizing your baselines
Productivity Score
Service health
Summary
Questions
Answers
Further reading
18
Chapter 15: Universal Print
Chapter 15: Universal Print
What is Universal Print?
Configuring Universal Print
Assigning and deploying cloud printers with Microsoft Endpoint Manager
Summary
Questions
Answers
Further reading
19
Section 4: Tips and Tricks from the Field
Section 4: Tips and Tricks from the Field
20
Chapter 16: Troubleshooting Microsoft Endpoint Manager
Chapter 16: Troubleshooting Microsoft Endpoint Manager
Troubleshooting MEM
Service health and message center
Troubleshoot blade in MEM
Troubleshooting Windows 10 MEM enrollment
Windows 10 device diagnostics
Troubleshooting application delivery
Troubleshooting Autopilot
Windows 11 Autopilot diagnostics page
Troubleshooting locating a Windows device
Troubleshooting Microsoft Edge
Summary
Questions
Answers
Further reading
21
Chapter 17: Troubleshooting Windows 365
Chapter 17: Troubleshooting Windows 365
Troubleshooting yourself and Microsoft Support
Summary
Questions
Further reading
22
Chapter 18: Community Help
Join the new W365 Community!
Microsoft Tech Community and MS Learn
Other community blogs, Microsoft MVPs,and more…
Summary
Why subscribe?
23
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Enabling password-less authentication

To enable password-less authentication, you have to go to the Azure portal and open AAD. Then, follow these steps:

  1. Go to Security.
  2. Open Authentication methods.
  3. Under the Manage menu, select Authentication methods.

    Figure 13.34 – Authentication methods

  4. Click on FIDO2 Security Key.

    Figure 13.35 – Authentication methods – Policies

  5. Enable the settings for (at least) sign-in and strong authentication.

Figure 13.36 – FIDO2 security key configuration

You can also use a key restriction policy to specify what FIDO2 keys your end users can leverage in your tenant, by entering an allow or block list of devices with an Authenticator Attestation GUID (AAGUID).

The FIDO2 specification requires each security key provider to provide an AAGUID during attestation. An AAGUID is a 128-bit identifier indicating the key type, such as the make and model.

You're now done with the...

Previous Section
End of Section 11
Next Section