Working with MS Endpoint Manager
4 likes1,059 views
The document provides an overview of Microsoft Endpoint Manager, detailing its capabilities in managing corporate and personal devices, including mobile phones, through services like Azure Active Directory and Microsoft Intune. It covers enrollment methods, device configuration, management policies, and important tips for maintaining security and efficiency in device management. Additionally, it outlines features like Windows Autopilot for automatic device setup and provides links for further resources and licensing options.
Working with MS Endpoint Manager
- 1. Coming next… Working with MS Endpoint Manager
- 2. George Chrysovalantis Grammatikos MCSA : Cloud Platform, MS Dynamics 365 | Azure Solutions Architect Expert | Microsoft Azure MVP E-mail : george@cloudopszone.com Blog: https://cloudopszone.com Microsoft Wiki Profile: George Chrysovaladis Grammatikos Tech Community Profile: George Chrysovalantis Grammatikos Working with MS Endpoint Manager
- 3. Enterprise Mobility + Security Azure Active Directory MS Endpoint Configuration Manager MS Intune Azure Information Protection MS Cloud App Security MS Advanced Threat Analytics MS Defender for Identity A T P
- 4. What is the Endpoint Manager? Endpoint Manager is a MS cloud service which allows us to manage centrally corporate and personal devices, and mobile phones.
- 6. Enrollment Methods Add work or school account Enroll in MDM only(User driven) Azure AD Join (Out Of the Box Experience - OOBE) Azure AD Join (Autopilot – User driven deployment mode) Azure AD Join (Autopilot – Self-deploying mode) Enroll in MDM only (Device Enrollment Manager) System Center Configuration Manager co-management Azure AD Join (Bulk Enrollment)
- 7. MS Intune – MDM and MAM Source: https://docs.microsoft.com/el-gr/mem/intune/fundamentals/high-level-architecture (MDM) Mobile Device Management (MAM) Mobile Application Management
- 8. Microsoft Endpoint Manager MS Intune System Center Configuration Manager MS Endpoint Manager
- 9. Configuration Profiles • Minimum password length (12) • Password expiration days (180 days) • Block simple passwords • Number of sign-in before wiping device (Full Wipe) • Microsoft Defender Antivirus • …….. Device Restrictions • Microsoft Defender SmartScreen • Microsoft Defender Firewall • Windows encryption (BitLocker disk encryption) • Microsoft Defender Application Control • Local device security options • …….. Endpoint Protection
- 10. Windows Apps Policies • Install MS365 Apps (Word, Excel, OneDrive, etc.) • Install Line-of-business app • Install Windows app (Win32) • Install Microsoft Edge, version 77 and later • …. App Configuration Policies
- 11. Options for corporate data removal Restore device to factory defaults • All data on the device is removed • Device is reset to factory defaults • Typically used for lost/stolen devices or resetting corporate- owned devices Full wipe • Remove company assets from device • Company resources (apps, data, profiles, certificates, settings, and email) are removed • MAM support adds ability to remove only corporate data from multi-account applications • Typically used for personal-owned devices Selective wipe • Retire device from MDM • Company resources ( apps, data, settings, email profiles) • Leaves user’s personal data • Typically use for contractors' devices Retire device
- 12. Important Tips to follow • Always store corporate files to MS365 (SharePoint, OneDrive On-Line) • Use apps like LastPass to keep corporate passwords • Keep fully updated Windows OS and Antivirus/Antimalware • Frequently scan devices for malwares/viruses • Reboot the device after Windows Update installation Tips
- 13. Source: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot Windows Autopilot – Process Overview Windows Autopilot enables you to: •Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). For more information about the differences between these two join options, see Introduction to device management in Azure Active Directory. •Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription for configuration). •Restrict the Administrator account creation. •Create and auto-assign devices to configuration groups based on a device's profile. •Customize OOBE content specific to the organization.
- 15. •Microsoft 365 E5 •Microsoft 365 E3 •Enterprise Mobility + Security E5 •Enterprise Mobility + Security E3 •Microsoft 365 Business Premium •Microsoft 365 F1 •Microsoft 365 F3 •Microsoft 365 Government G5 •Microsoft 365 Government G3 •Intune for Education MS Intune licensing
- 16. Enterprise Mobility + Security E3 Enterprise Mobility + Security E5 Identity and access management Simplified access management and security, MFA, Conditional access, Advanced security reporting, Privileged identity management, Windows Server CAL* Simplified access management and security, MFA, Conditional access, Risk-based conditional access, Advanced security reporting, Privileged identity management, Windows Server CAL* Endpoint management Mobile application management, Advanced MS O365 data protection, Integrated PC management, Integrated on-premises management Mobile application management, Advanced MS O365 data protection, Integrated PC management, Integrated on-premises management Information Protection Persistent data protection, Document tracking and revocation, Encryption key management per regulatory needs Persistent data protection, Intelligent data classification and labeling, Document tracking and revocation, Encryption key management per regulatory needs Identity –driven security Microsoft Advanced Threat Analytics Microsoft Advanced Threat Analytics, Microsoft Cloud App Security, Microsoft Defender for Identity 1. Microsoft Advanced Threat Analytics (ATA) will end Mainstream Support on January 12, 2021. Extended Support will continue until January 2026. Find additional information here. * Customers purchasing Windows Server CAL agreements, Microsoft Endpoint Configuration Manager, System Center Endpoint Protection, Microsoft Active Directory Rights Management Services CALs via the Microsoft Enterprise Volume Licensing agreements may purchase the Enterprise Mobility + Security Add-on offer. ** Open estimated retail per-month pricing. Pricing is in US dollars and can vary by country. Volume discounts are also available. To receive a quote, contact your partner or Microsoft representative. Enterprise Mobility + Security pricing options
- 17. Useful Links • Azure AD joined • Set up enrollment for Windows devices • Bulk enrollment for Windows devices • Azure AD joined with Autopilot (User driven mode) • Device Enrollment Manager (DEM) • Demonstrate Autopilot deployment MS Intune Useful Links
- 18. Thank You!