• Classroom
  • Online, Instructor-Led
Course Description

Employees of federal, state and local governments; and businesses working with the government.  The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.

Learning Objectives

1. Explore the Enterprise Desktop Examine benefits of modern management Examine the enterprise desktop life-cycle model Examine planning and purchasing Examine desktop deployment Plan an application deployment Plan for upgrades and retirement 2. Explore Windows Editions Examine Windows client editions and capabilities Select client edition Examine hardware requirements 3. Manage Azure Active Directory identities Examine RBAC and user roles in Azure AD Create and manage users in Azure AD Create and manage groups in Azure AD Manage Azure AD objects with PowerShell Synchronize objects from AD DS to Azure AD 4. Manage device authentication Describe Azure AD join Examine Azure AD join prerequisites limitations and benefits Join devices to Azure AD Manage devices joined to Azure AD 5. Enroll devices using Microsoft Configuration Manager Deploy the Microsoft Configuration Manager client Monitor the Microsoft Configuration Manager client Manage the Microsoft Configuration Manager client 6. Enroll devices using Microsoft Intune Manage mobile devices with Intune Enable mobile device management Explain considerations for device enrollment Manage corporate enrollment policy Enroll Windows devices in Intune Enroll Android devices in Intune Enroll iOS devices in Intune Explore device enrollment manager Monitor device enrollment Manage devices remotely 7. Execute device profiles Explore Intune device profiles Create device profiles Create a custom device profile 8. Oversee device profiles Monitor device profiles in Intune Manage device sync in Intune Manage devices in Intune using scripts 9. Maintain user profiles Examine user profile Explore user profile types Examine options for minimizing user profile size Deploy and configure folder redirection Sync user state with Enterprise State Roaming Configure Enterprise State Roaming in Azure 10. Execute mobile application management Examine mobile application management Examine considerations for mobile application management Prepare line-of-business apps for app protection policies Implement mobile application management policies in Intune Manage mobile application management policies in Intune 11. Deploy and update applications Deploy applications with Intune Add apps to Intune Manage Win32 apps with Intune Deploy applications with Configuration Manager Deploying applications with Group Policy Assign and publish software Explore Microsoft Store for Business Implement Microsoft Store Apps Update Microsoft Store Apps with Intune Assign apps to company employees 12. Administer endpoint applications Manage apps with Intune Manage Apps on non-enrolled devices Deploy Microsoft 365 Apps with Intune Additional Microsoft 365 Apps Deployment Tools Configure Microsoft Edge Internet Explorer mode App Inventory Review 13. Protect identities in Azure Active Directory Explore Windows Hello for Business Deploy Windows Hello Manage Windows Hello for Business Explore Azure AD identity protection Manage self-service password reset in Azure AD Implement multi-factor authentication 14. Enable organizational access Enable access to organization resources Explore VPN types and configuration Explore Always On VPN Deploy Always On VPN 15. Implement device compliance Protect access to resources using Intune Explore device compliance policy Deploy a device compliance policy Explore conditional access Create conditional access policies 16. Generate inventory and compliance reports Report enrolled devices inventory in Intune Monitor and report device compliance Build custom Intune inventory reports Access Intune using Microsoft Graph API 17. Deploy device data protection Explore Windows Information Protection Plan Windows Information Protection Implement and use Windows Information Protection Explore Encrypting File System in Windows client Explore BitLocker 18. Manage Microsoft Defender for Endpoint Explore Microsoft Defender for Endpoint Examine key capabilities of Microsoft Defender for Endpoint Explore Windows Defender Application Control and Device Guard Explore Microsoft Defender Application Guard Examine Windows Defender Exploit Guard Explore Windows Defender System Guard 19. Manage Microsoft Defender in Windows client Explore Windows Security Center Explore Windows Defender Credential Guard Manage Microsoft Defender Antivirus Manage Windows Defender Firewall Explore Windows Defender Firewall with Advanced Security 20. Manage Microsoft Defender for Cloud Apps Explore Microsoft Defender for Cloud Apps Planning Microsoft Defender for Cloud Apps Implement Microsoft Defender for Cloud Apps 21. Assess deployment readiness Examine deployment guidelines Explore readiness tools Assess application compatibility Explore tools for application compatibility mitigation Prepare network and directory for deployment Plan a pilot 22. Deploy using the Microsoft Deployment Toolkit Evaluate traditional deployment methods Set up the Microsoft Deployment Toolkit for client deployment Manage and deploy images using the Microsoft Deployment Toolkit 23. Deploy using Microsoft Configuration Manager Explore client deployment using Configuration Manager Examine deployment components of Configuration Manager Manage client deployment using Configuration Manager Plan in-place upgrades using Configuration Manager 24. Deploy Devices using Windows Autopilot Use Autopilot for modern deployment Examine requirements for Windows Autopilot Prepare device IDs for Autopilot Implement device registration and out-of-the-box customization Examine Autopilot scenarios Troubleshoot Windows Autopilot 25. Implement dynamic deployment methods Examine subscription activation Deploy using provisioning packages Use Windows Configuration Designer Use Azure AD join with automatic MDM enrollment 26. Plan a transition to modern endpoint management Explore using co-management to transition to modern endpoint management Examine prerequisites for co-management Evaluate modern management considerations Evaluate upgrades and migrations in modern transitioning Migrate data when modern transitioning Migrate workloads when modern transitioning 27. Manage Windows 365 Explore Windows 365 Configure Windows 365 Administer Windows 365 28. Manage Azure Virtual Desktop Examine Azure Virtual Desktop Explore Azure Virtual Desktop Configure Azure Virtual Desktop Administer Azure Virtual Desktop

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Cyber Investigation
  • Digital Forensics
  • Exploitation Analysis
  • Network Services
  • Risk Management
  • Software Development
  • Test and Evaluation
  • Threat Analysis
  • Training, Education, and Awareness
  • Vulnerability Assessment and Management