Learn Intune From Basic To Advance | Intune L1, l2, L3 Level training | Intune Interview questions |
that's there Microsoft announces is one2 all will get expired within few uh months I think it's already expired so this is a 20 hours course training of of you'll actually get an experience of four to five years of uh experience okay I'll prepare you guys uh with the realtime scenarios so that you will actually understand and actually prove to an prove in an interview uh for about four to five experience four to five years of experience of inun experience okay and people who already have in tune experience okay so it'll be like a refresher and as in when you actually discuss the questions in our uh or you bring the realtime scenarios in your work environment we can actually discuss and get into more details okay and uh when we talk about in tune the fundamentals is very important that's what I see lacking with most of the people who are already working with in tune okay so we have to get the fundamentals very strong when it comes to aure ad the users identity the licensing part okay so uh the traditional and versus the modern management okay so most of the companies are still using the traditional processes but moving into modern tools yeah so that'll really not work out that way so what needs to be changed we'll discuss what are the challenges in all the companies that we have right now so it's going on after like know what I was saying is basically we'll do a lab setup so it's very easy I'll show you all how to set up a lab all you need is a simple Windows machine either a virtual machine or a physical machine that is efficient okay and if we go into mobile devices I would also suggest you to even use personal devices or any other spare devices that you have you can have either iOS or Android it's not mandatory but windows I would suggest to have mandatory and any one of the mobile device is also good okay so because once you actually visualize the experience you'll feel more confident and uh labs are very important okay so when I say lab is no matter how many uh trainings you attend how much you read how much you actually uh go to multiple trainings watch YouTube videos watch training enroll to training okay until you do the lab at least once you will not feel confident you won't speak confidently in your uh interviews or even with your peers even with your you not at all get the subject unold okay so you'll feel like uh imagination you'll uh you'll have that uh only imagination but not the real time experience the reason why I I want to emphasize more on the labs is I would give you a classic example of uh the driving right so if you want to learn driving the car okay so you do you if you watch videos you won't understand if you just sit beside the trainer you won't understand right so you will not be able to drive unless you sit in the driver's seat and you start driving and experience it so this is how it works for all the Technologies all the tools okay so you should at least do 40 to 50% of the labs so that it's much easier no M once you do the lab once you have the lab it's very easy to understand any topic any subject you can just Google it and start learning anywhere okay so that is what is important in our first few days so once we go on we'll just need to get into more details about what is Windows auto pilot what is co management what is IOS okay so we'll talk about Apple business manager and VPP and once we get into the enrollments of all these the next comes the management and the compliance part so what else we can do apart from once we bring the devices under the management what else we can actually do we can configure manage and then push some policies Define some compliance policies do some reporting and how do we handle non-compliant devices okay so we we can actually push some applications we can push some drivers updates okay so we can monitor them okay we can do some basic reporting Advanced reporting and all so again uh when it comes to uh the management so this is a very common thing almost 95% of the companies use InTune M today whoever is using InTune they will use InTune even if you're using third party they will still use InTune ma'am policies for mobile devices so we'll just get into these details uh shortly so security so when we say in tune uh it's two aspects one is purely the traditional way of managing like patches policies and applications and it's more of security nowadays so in tune according to Microsoft is considered as a security tool okay so it is comes under the modern work M365 uh sales pitch for them yeah so so this comes under the M365 uh product m security product in tune if you actually go purchase go and start purchasing the license you have to either go for EMS which is Enterprise Mobility or security or M365 Enterprise or business premium so we'll talk about the licensing okay in our first class so after all this so there's no point because you you will actually get all of this information somewhere else if not from me okay so but what according to me is we'll do it real time and we'll talk about a good couple like know one couple detailed classes on about how you guys have to prepare for interviews how you can actually what are the uh interview questions that you can expect so how can you prove that you have realtime experience so what should be there in your resumes and what kind of jobs you can actually apply and thereafter okay so if you want to go beyond in tune and if you have a you need to have a proper career structured like you know for the next 20 years okay so that your jobs are safe so it is very good to get these Technologies also behind your uh added to your resume which is purely M365 technology security space that is Defender for endpoint Defender for cloud apps and this is Microsoft Defender for office Defender for identity and uh the perview part the DLP related settings so once you're expert so if you start INE as a basic thing and within uh once you have four or five months of experience you can slowly pick up within an year so you'll actually have some L1 L2 L3 level of experience within a year this usually once you get into this job you'll get a chance to work on all this even if you don't get a chance you'll have an opportunity to learn whenever during your free time so thereby you can actually move on uh step up your carrier from a simple in tune INE admin consultant architect to more of a uh complete Microsoft architect uh level uh the admin and the M365 security level okay so that is it so U today uh we'll just go into Fun Basics okay since we just have another uh yeah another 40 minutes so why do we have to learn in tune Okay so is it relevant do we have to invest time so this is a this is a Gartner report of last year it's June 22 even this year I think I'm not sure if they have announced even if they announced more or less this looks the same okay so this is how most of the Enterprise companies C iOS and cesos actually look at before buying a product before adopting to a product right so as you look at it when it comes to the unified endpoint management tool so there are only three companies which is in the leaders space one is Microsoft VMware andan so Microsoft is InTune there and VMware people who are aware it's workpace one or earlier it was called AirWatch so ianti is again uh uh combination of multiple products that they have acquired they have acquired land desk they have acquired mobile iron for mobile devices and they had their own uh ianti device management suite and management site and all so even that is the leader right now okay so all of the manag engine IBM and all they are finding it very tough to cope up with these two or three products okay So eventually you know Microsoft they have that money power they have that uh marketing thing and then licensing uh Made Easy for them So eventually they'll beat almost most of the competition and then they'll be the leaders within few years so so it'll be a monopoly unfortunately yes but it's very right time to study uh or learn or get into the in tune space so why if you uh okay so for people who are really uh don't know anything I mean not completely new to InTune so InTune is just a device management tool guys okay so say for example in an Enterprise you have around like you'll have 5,000 devices 10,000 or one lakh or two lakh devices you need to manage centrally right if you need to push some policies like you know security policies non-security policies like a screen saver locks device lock settings okay earlier and even applications earlier for last 20 years when it was XP Windows 7 or earlier they were using all this tradition tools so this traditional tools like you know you join the you join the device to is your ad or sorry active directory which is domain join and once you domain join you actually create some group policies and then system center which is secm will actually start managing the device okay so this is all the biggest problem with this is though this the job does amazing okay so it is very good it's a very strong product of like know uh 20 years but the only problem is now okay so most of the companies are getting rid of their on promise uh dependencies they don't want to uh uh have many servers okay it's not just these servers okay they have the overall strategy of moving all the service to Cloud all the applications to Cloud okay for example exchange on promise they want to move to exchange online so that they don't want to maintain exchange service similarly they don't want to have active directory as a dependency as a directory service they can use it for other even if they still need active directory they will move this active directory physical server from their Data Center to the cloud okay so which is all they can use active directory uh domain Services there in the cloud and uh that the main reason okay not that they don't want to use only these four or five servers the overall strategy is they will have thousand different servers like Linex servers application print servers the all the servers they wanted to move that's their goal so that's the reason why they're the push is to move to the cloud services as much as possible so that is one of the reason so when you actually look at these Technologies more of it will start moving to the cloud and they want dependency the bigger dependency is Network all of these are residing within their on on premise data center right so if you are at home it's very difficult to connect or you cannot connect so you may have to have a VPN okay so imagine in the Corona virus time almost th000 to I mean 10,000 20,000 30,000 of your employees are at home and you don't have connection of your laptop to these Services okay okay so that was really a hard time people who have been working with secm and uh who don't have public internet facing uh Cloud management Gateway or any other uh uh server that is facing internet you might have seen the challenges people don't connect to VPN even if they connect they they fail to connect because of the choking of many VPN connections at the same time right everyone log into office at 9 10:00 all of the 9 10:00 timing everyone uh connects to the VPN so everything chokes everything breaks okay so they want to get rid of network dependency on premise dependency they want to get rid of all this heavyweight uh servers patching these servers managing these servers okay all this mess it's huge administrative uh effort and also it budget moreover uh uh managing is very difficult so to award all that we would actually mean if I if anywhere was in it they would give all of this work to someone else right so that's why all the cloud services have come into picture so when you actually look at this so we have uh traditional one one side and the cloud on the other side so all of the right hand things that you see here are um are U the cloud equivalents but please remember active directory and Azure active directory is not the same okay so this is proper active directory services but this is just the identity and access management solution okay so this is domain join here but you will actually join the device to as you already join here so this is group policies and we H MDM policies MDM is nothing but in tune which is mobile device management so we used to manage the uh devis with systemm and now this is more of inter so this is what Microsoft is saying every company to have only these they want to get rid of these including SCM huge I mean though there are so many Enterprises that heavily reliant on group policy and SCM okay So eventually the investment the number of people working for deel development of these features in Microsoft are reducing all of the money people budget are all increasing here okay so though they'll say I'll support we we are here to do all this don't worry don't remove but there is nothing magical happening here only little bit of buck fixing and uh less new features are added all almost all the features will be here you might have already seen people who are already working okay so that is uh the overall traditional to it okay so when you actually look at the client operating system the Windows 10 and windows 11 is purely designed for modern it okay what it means is uh it has an inbuilt MDM capable agent you don't have to install any agents to manage from InTune okay everything is in built and uh there's so many security features also within the Windows 10 and windows 11 devices so there are some Modern Dev deployment options so when I say modern deployment options uh uh within the modern deployment options we have even it can create some and also user can create some so just a background okay so if you actually join a company you actually go traditionally okay not for last two years I'm know I has changed a lot but if you're actually still working in a traditional way of it environment or any company when you join a company you actually go to the it and then uh get the laptop right so almost all the laptop is ready you just need to log in so basically they're managing they're Imaging your laptop they're creating all of the drivers domain join policies apps security settings everything is ready and you actually they give it to you okay and for you it's easy to just take it and come but the backend amount of work that it has gone from the it administrator is huge okay so because uh a lot of OSD deployments are uh resource intensive testing in intens you a lot of efforts are going in okay so a lot of updating of packages updating of drivers updating of the device models the number of gold images that they have for each different um uh models and then uh departments policies everything is complex okay so uh but here when we say user driven from the cloud right so the magic of InTune and uh for the last 3 four years with Windows autopilot you can actually uh your IT company can procure some devices brand new devices and directly ship to to your home address okay so you can just those are actually corporate devices you can just power on the machines login with your office c65 account I mean the Azure ID account your corporate ID account and start working on it okay so that is how it is that's how it is you have two methods again which is already pre-provisioned by your ID or uh if it's a brand new device which I just said it'll be user provision so you you log in and within 15 20 minutes your devic uh is ready to start working okay you don't have to go to office brand new devices unbox directly from Dell directly from Lenovo or anyone reseller it is directly shipped to the device no one opened the seal and no one really opened it anything okay nothing is configured so everything is configured your uh devices serial numbers that you procured from the it is actually registered in the back end to your company when you power it on okay so this is uh the hard it's hardcoded to check to the autopilot services and then everything happens okay so all of the apps come down from the remotely and uh the devices ready to use okay so we'll just uh this is just Basics not even Basics it's at a very high level what is uh what is in tune expected to do and uh before we go on what is important is to understand the three main uh terminologies that that's confusing to most of the beginners okay uh one is hybrid ad Join one is azure ad join and one is azure ad registered okay so traditionally you have a laptop okay so this is joined to The Domain here this is sitting in your on premise active directory so you join this laptop to the active directory so what it means is when you join you can log in with your active directory account for example you join xyz.com your domain back/ your name so that is how you log into your active directory domain yeah so if it is join to aure ad okay if it is registered to asure ad and join to active directory okay you can log in by both okay but the meaning here is the identity is this particular laptop device identity is also present in Azure ad and this laptop device ID is also present in active directory okay and before that let me just give you more details I mean more fundamental explanation active directory as you know is a very traditional on promise server where it is used for usernames if you join an organization you create a username if you join an organization um I mean if you uh take a laptop your laptop is here if you add a printer printer is here every resource of your organization is an active directory if there are thousand people all those thousand people will be email addresses date time Bond everything all details will be here so these user details and device details we can actually sync it to something called as Azure active directory which is in the cloud okay there is a tool called Azure ad connect we can actually sync it here so the usernames devices everything we can actually sync it okay so what when we actually sync this this is this device is joined here and the device is actually sync back here okay and this is now called as an hybrid ad joint so where do we use it typically in our corporate own devices we have we will use it this is joined to both on premise ad and a ad so it is applicable to Windows current client down level C servers okay so you can either automatically join the device to Azure ad0 by a group policy or manually okay so and once the device is joined to these two things what can you do if it is joined to ad traditionally you can actually push group policies to this device okay if it is joined to Azure active directory what does it do it does nothing okay there's no policies from Azure active directory okay it is just joined for one major purpose is to have some Cloud identity just uh which which then use for single sign on to your Cloud applications so that is the reason why we join as active directory uh uh hello yeah I have a doubt actually uh for this hybrid AER joint machines if I'm applying a GPO for the for example the wallpaper settings in GPO from the onr ad and the same settings configured as an InTune configuration profile which will be taking precedence and which will get applied to the hybrid do ready join missiones Okay so okay the question here is uh you have a laptop you have some group policies pushed to this laptop and you have an Azure active directory this won't push any policies but this is joined to InTune this is enroll to InTune what uh he's saying so InTune also has some policies that can push to the device so what takes the Precedence for example wallpaper and wallpaper right so by default Group Policy takes the presidents okay and in in tune there is a policy called as uh MDM wins over GP okay so you can actually configure that policy stating that MDM takes precedence over the GP in that case all of your InTune policies will take precedence over all of your uh GPO policies when I say all there is something called CSP okay so all of the in tune CSP policies will take precedence over your uh uh active directory domain uh group policies your meaning to say that if we configure the DDM wi GPU and if you are pushing any policies from the InTune it will roll back or CH make any changes which already GPO done in that machine right yes if a GPO is already did something on this and if you push an MD MDM policy here on this device that take residence clear thanks okay can we allow some people are waiting oh is it okay okay so that hope that's clear right uh yeah it's clear thank okay so you can just search MDM wins Ford if I have time I'll just show that it's a simple policy in in tune where you can use either one or zero if it is one it takes presidence if it's zero you are just indirectly leaving it as not not configured which takes ad as preer all that we'll actually look into it one by one in our upcoming classes so here asid join yeah so this Azure Jo as you can see this laptop has no connection to your on prise actu directory okay so this has only connection to aure ID so by this what it does is you can actually login with your email kind of thing okay it's an UPN so your adid like you know my name okay Raj at abc.com and then password you can log in with your email addresses to this laptop that's one of the uh me Layman way of telling what is the meaning of azure ad join it do just join to Azure adid which has an identity in it and because it has an identity you can log in and you can use it for single sign on to most of the cloud resources and because there's something called Azure curro authentication with that as well though you don't have this Azure ad joined to uh if device not joined to active directory you can actually still join the device here but still access the on promise file shares or any other printer services like that okay but only thing is you need to have that network connection here is this clear a it a simple John I'll just show you on how we can actually do it in the next classes okay and here on this also I have one doubt uh shall I ask yes please yeah goad actually for a already join devices so if I'm having a print server in the on Prem Network so is it I can able to add the printer uh using my domain credentials because we will be giving permissions to The Domain credentials right to connect with the printer so even with the VPN connection or if I'm connecting directly the a join devices in onr network will I able to connect the on PR print server you can actually only thing is the user identity should be hybrid okay so you can do it the way it actually works is your printer Services right it if it depends on what authentication it's configured if it's a we adding a printer okay so but this laptop should be in the corporate Network okay when you add when when you add that in the corporate Network okay so when you add the printer okay so if that printer requires a user based authentication or if it requires a certificate with authentication you can deploy certificates if it's just asking the username uh credentials okay it will actually work but if we have the identity only in aure act directory will it take that authentication success yes so that is why recently they have announced something called as azure active Azure active directory curve Bros authentication even the device even if the device is just Azure ad join it can access all of your on premise resources what actually happens is traditionally how actually ad works you actually authenticate okay there is a TGT and then there's a ticket granting token and that is actually receives here okay so that is where with that TGT you start accessing which is the Kos ticket granting token you start accessing all of your on premise resources with this new Azure ad Cur authentication what happens is okay so uh even before Azure ad TGT when you log this device to Azure ad earlier we just need we just had this PRT the primary refresh token where we can actually log into Azure cloud services but here in this Azure curve BR authentication you along with PRT which is primary reflex token you also get back partial djt okay so the partial TGT uh we'll actually get the partial TGT and with that partial TGT when you when you're in on premise Network and has a direct line of site to your active directory even if you're not connected it will issue the active directory uh full DT okay I'm admitting some more yeah it's okay so I think I have no time so just move on so is already registered here so okay so this is like uh I think I admitted all like okay okay so this is for mobile devices so as you know mobile devices cannot be joined to Azure they can only be registered to Azure even if they are completely managed so most of the personal laptops they logged in with your personal account and later registered to Azure so that they can use a single sign on capabilities here's one difference I mean is again uh this is at the glance okay uh divice login and divice management authorities Dev login so so if it's a domain join okay so it's a purely uh on promise ad join you require the line of site for the first time when your device lock in after that policies group apply so you can traditionally manage with GP and then see config manager if it's an Azure ad you can use GPO plus config manager and then inter and if it's purely Azure ad join you can use InTune or code management okay remember for SSM management it's not mandatory for the device to be joined to ad okay all it all it needs is ANM agent okay so this is invisible uh work on when we actually going it's already yeah so management choices uh yeah traditional management and the modern management right so yeah earlier uh the management used to work with infrastructure works with the group policies you used to query the wmi and then get the inventory and this reporting and all okay so for modern management we use Advanced MDM support okay so either one okay so this is the available choices we have this is a decision making slide mostly okay if it's an identity you have to either uh decide active directory or Azure active directory or an hybrid identity okay and how do you manage it okay so either group policy or secm or a third party infrastructure management there are so many other tools right so or Microsoft intun or any other third party uh MDM updates and upgrades okay so earlier we had this WS the Windows server update Services okay and we had SSM also SSM had a component called as a software update Point Su and then where uh this actually connects to WCS and downloads the patches and from there you distribute the patches to the client machines so the InTune is another one way but InTune doesn't really does the patch management very important to uh understand this it just does the patch policies the Windows update for business policies it's up to the Windows 10 machine to actually pull the patches that's traditional uh Windows update for business understanding the challenges understanding how how much push back we actually received from uh the most of the corporate companies most of the Enterprise compan means Microsoft has introduced something called as Windows update for business deployment Services okay WDS DS Windows upd W wfb DS okay so that is again more like your uh uh WS update Services where you can actually select okay you can select what patch last three month patches you can actually select and deploy to the windows machines same thing goes to the major releases either 21 H2 or 22 H2 so when you're talking about updating the patches to those missiones we can actually update the patches yeah the same thing in more graphical representation way so what can InTune do at a high level so these are all the things uh it can do very basic level so one is configuration policies so if you have a Windows 10 Windows l or any other machine uh or meain any other mobile devices or anything what we can actually do is push some configuration policies right there's so many other configuration policies can it'll be an encryption policies uh device restrictions device configuration your Wi-Fi VPN all kinds of policies we can actually use it okay so uh configuration policies and resource access policies are more or less the same when it comes to Resource access policies it's more of uh anything any policies that requires to access some of the resources like you need a Vmail profile or a Wi-Fi VPN or all of the certificates that needed okay device compliance policies is just evaluating the configurations what we have done in the configuration policies if you have pushed a encryption policy the device compliance policy is just to evaluate to check whether the encryption is successful or successfully uh encrypted on that device so that we can use that value uh state to define whether the device is compliant or not okay so device compliance is reading the actual configuration but the configuration policy is actually changing the system configuration so conditional access policy uh okay so this is really not an in tune future technically because conditional access policy is uh the inra ad I mean the Azure ad feature this actually sits in Azure ad but you can still see this in InTune uh node as well in the InTune console this is uh based on the compliance status of InTune okay InTune compliance status of that device we can actually either allow or block the access to some of the cloud resources Cloud applications okay like Office 365 teams one drive all or any other registered Azure ID applications you can actually block the policies so corporate device enrollment profiles yeah so these are nothing but Corp IDs which we talk about in the next later okay so very standard fundamental question is uh what is uh the InTune device management when it comes to mobile devices mainly okay so when we talk about mobile device management okay so it is managing the complete devices so most of the organization also have some corporate mobiles devices deployed okay as their work force devices like most of the flight attendance have most of the medical hospitals most of the nurses have doctors have it okay so education uh industry has teachers and most of the colleges universities in most of the countries have deployed iPads to almost every student okay so because these are all corporate owned devices we just cannot allow unmanaged okay so we can do a lot of completely controlled management of all these mobile devices if even if you go to some of the Indian Banks like scrs most of them I have um sales people have them iPads where you actually enter your details so these are all kind of a protected devices okay these are all sensitive information okay so it has so much of personal information photos other card so many identity cards all these information they capture and they keep it but they have to be uploaded to a certain uh application in the back end so hence they need to be protected most of the corporate devices needs to be protected at the device level when I say device level uh you can control a hardware features of the device like you can block camera you can enforce biometric you can ask uh to strictly enter some 10 digigit passport 7 digit passport okay so you can block them modifying some changes uh Within in your Hardware I mean on the mobile device if it's a jailbroken device or a rooted device it won't really work okay so we can actually unmanage the device right away so these are all about uh managing the device so but if it's a personal device okay so do you think personal device people would be agreeing to enroll the device no right so they really don't want them to uh manage uh the device and we have something called as um uh ma'am okay the InTune mobile application management okay so this is only managing the applications okay so if it if you have a personal mobile phone okay so you can still log into Outlook and access your corporate account and log into teams and join some meetings okay and if someone sends some data within their Outlook or teams attachment confidential email or anything okay you cannot leak the data so basically what I mean is if there is an attachment into your outlook you cannot download Lo into your personal Google drive or to your phone or share it in WhatsApp or anything okay the data won't come out from that application okay so that is protecting the application okay so we are not protecting the device we're not securing the device we're only protecting the application because it's your personal device all I'm concerned as a corporate IT company is I'm worried about my corporate data okay so if you're in team someone send an attachment meeting invite I mean meeting attachment or something text or anything you just the dat just doesn't come out from the teams however the Outlook attachment can be sent to teams okay all of the corporate applications can exchange data within each other but not to your personal one drive or Google or iCloud account iCloud drive or all anything so it's more of protecting the data Le okay so this is just an example of how it does so if you have some kind of a mobile phones so these are managed applications all these are business applications all these are personal applications okay so what I mean if there is an attachment in the Outlook okay I can open if there's an Excel attachment I can open the Excel because there's an Excel application it'll open and they cannot copy all of their data and download this application and put it into Facebook or Twitter or any other Drive okay this data doesn't come here okay so this is say this is what I this like a graphic attachment copy it doesn't come to your personal application but it can actually copy and paste into your word okay but once I open that word if I try to save it to your one drive personal storage or box or any other Cloud drives it won't allow you to say okay those buttons will be grade out so this is mobile application protection this is done by InTune this is done on a user basis to any uh device that the user is trying to use those uh InTune uh I mean the InTune aware mobile applications not just these there are around somewhere around 70 applications that you can use and if you don't have that application within the Microsoft Gallery you can actually use in tune SDK and wrap those applications so that uh those applications can understand in uh mobile data protection policies so people keep on asking what's architecture architecture there's nothing like architecture when it comes to In Tune okay so it's like a black box for uh people whatever is in tune for us it's just a black box we don't know what's happening in the background right it's not uh if if you talk about the way SSM is architected we can talk about multiple components SSM has a a cast I mean Central administrative unit you have primary uh servers you have distribution servers you have different kind of uh hierarchy servers and then you have an SQL database that connects to uh for all the data it needs an connection to active directory if it's a CMG it needs another servers see all that architecture you because you're managing it's a non- premise solution you understand something okay but for InTune uh the way it admins look at it is just a console there is nothing else you can actually see in the console uh whatever you whatever the data you see in the InTune you can only access that data can either access the data from the console or access it from uh access it from the graph API okay so that is it so when I say uh the Microsoft 365 if you look at how Microsoft 365 have uh come up it includes all of the Microsoft cloud services okay so it includes what is basically M365 so Microsoft 365 has multiple products starting off with Office 365 SharePoint one drive teams Skype for business earlier aure active directory okay and then to protect all of these resources we need some security products and these products are in tune so Microsoft in tune Defender for identity Defender for cloud apps Defender for office 65 Defender for uh Cloud apps and there's something called perview which is complete data protection and uh uh sensitive information protection and there's Windows store for business the new store for business to deploy applications from InTune manage devices and there is Windows update for business services okay so which is deployed uh for uh updates to your Cloud end points so it's a sweet plus Office c65 Pro applications okay and more more importantly Windows 10 and windows 11 subscription right if a person buys M365 license he gets all this if a person if a company buys M365 Enterprise E3 or E5 license mostly he'll get E5 he gets all everything E3 he gets some of most of it okay so it is one single license if they really have it so that is why you see the benefit of companies moving into M365 you get everything for a single license okay so that without thinking twice most of entire it okay if you actually again look at it look at the number of third party products we use in Windows today people are using qualus right people are using Remote Management tools like log main team weer right macafe all these are actually Microsoft have their own product which is coming with this license right so Z Skiller does something called as uh cloud cloud app proxy and then internet ret trafficking that is actually done by the proxy server like you know defend of for cloud apps plus defend of identity does also does the vulnerability managements that uh qualis does people have installed bomgar team weer log me in so so many products for monitoring sorry uh for remote for help test so that is it can be replaced by a simp simple $2 additional license which is called remote help now it is more advanced now in Windows s in InTune itself it's in built okay so that's the value of if you buy something called as M365 license so people have uh next think as a monitoring tool so there's something called desktop analytics that Microsoft is coming up with the same license you don't have to purchase additional license so almost all of your third party products and the amount that you spend an it can spend can be replaced with a single M365 E3 license or E license so this is in more uh if you have Co management okay so many people have confusion what exactly Co management it's nothing but for the same device you can have two management tools managing it okay you can either have uh in tune managing some of the components and configuration manager also managing some of the components on the same device okay people who still have Windows 7 and Windows 8 can manage configuration manager and companies we have Windows servers can still manage with Windows configuration manager okay and uh companies who have Windows 10 and windows 11 they can still manage with configuration manager and also add in tune for some other policies that you think inun does a better job than configuration manager so what go the what are the workloads that we can talk about so when I say workloads yeah so these are all the things that we can actually share okay whatever InTune does configuration manm also does the same thing or better okay so but or at a lighter management with A continuous access for the device which is in tune is much better this has dependency of corporate Network this has dependency of heavy weight agents data movement all that is uh heavy it's a intensive tool and uh this is a very lighter tool which can manage all of the policies is around 4 or 3 MB or I mean 300 KB or 400 KB you can push all of the config policies update policies divide compliance policies and production policy all at once it'll be around 400 KB okay so all this client applications from inone uh office traditionally if you actually look at the way office was deployed from secm they actually download the 30 or4 5 6gb package and they just to customize it add it and then deploy it through SSM now it is a single click to run app which can be deployed from InTune directly without any within 4 seconds you can finish the configur sorry uh within a minute you can actually finish the configuration and deploy it and uh it's all entire in tune configuration if you're an expert end to end can be configured within exactly two days not more than that the more the majority of the things that goes on for a long time is the decision making on what needs to be configured what is their strategy okay once you understood the uh the realtime problems of an IT of a endpoint management of the Ender Computing uh challenges the processes the business things once you're ready with it it just takes maximum three or four days or within a week you can actually configure the entire end to endend setup from the brand new setup to the production roll out and max testing can go on for another three or four um weeks based on what we actually does same thing goes with uh mobile devices it's again fairly simple compared to any other MDMA agent so I mean sorry MDM tool I worked at least for four or five MDM tools but compared to all of those MDM Tools in tune is very very easy tool to deploy and manage okay so that's all I have I uh yeah so this is completely a overview nothing in detail at all so I think uh I just need to cover that in an hour so I try to do as much as I can okay so this the plan for this session uh I think is yeah so I think we are only planning uh I'm yeah we are planning this mostly in the weekend for around the same time 5 to 7 India time because uh we came to know that there are few people who are joining from Europe and uh four or five people sorry two three people joining from early hours us time so I'm not sure uh we'll just see okay uh hello yes okay just like can show Lab like practical which you told in initial call about the lab okay so you mean uh the InTune lab H yes which you told about the lab what exactly it is see basically lab is um so if you actually go to any Cloud management tool right so it's just buying licenses buying subscription buying trial licenses so what I have uh here is uh one second so this you can actually get something called EMS okay so if you go to EMS trial this EMS Enterprise mobility and security pricing options you can just click on the first thing so since I've already chosen the trial I'll not get this option but you can actually go for try it now here so once you get it try it now what you will actually get it you'll get it you'll get EMS E5 so what does this cover is this has complete identity access management which is complete your Azure ad premium P2 and see everything is covered here you'll get endpoint management which is in tune application management integrated PC Management on premise management just Co management and we'll get DLP also information protection which is your AIP this is not in tune but you'll get this also identity D and security you'll get what I was just defining Defender for identity Defender for cloud apps and advanced threat analytics so you'll get four products by just using this trial account which comes you for 90 yeah I don't know earlier it was 90 days so you can extend till 90 days and once you're expert you can actually use something called as developer M365 develop Developer Edition so that you'll actually get it for one year and this is how actually lab looks like so I'll have what I have if you're talking about lab so this is what how the lab looks and we also have this client device I have a virtual machine hyperview virtual machine has a client device right so this is joined so this is my client and this is my uh service so I use this mostly for testing purposes and for all the demos 80% % of the things I'll only be showing in the labs I don't have any presentation though I have uh there's no point of uh showing the presentations so most of my uh demo me most of my classes will be only in this console everything and in this client machine so because I really don't want to get into this console thing because I just want to you all to have this console setup first I have a Mac machine iOS iPad Windows enrolled here so we can use all this uh demos while working on it so we can actually manage all this platform so far but in my uh in this training there's no point of covering Chrome and Linux okay so I can just give you an overview because there is nothing uh not much there we can bring the device into management and start using configuration Scripts in Linux and for Chrome OS we actually need to uh integrate your Chrome Samsung uh sorry Google Enterprise account to the Chrome o part so mostly will uh it's 70% windows and then 30% of all these three platforms the timing is distribution so any questions there hi Raj mahes this side yes mahes one question like U you mentioned about the GPO policy we can same Implement in in tune so like you know like in GPO suppose our infra has many policies so the windows all GPO policies are available in in tune or for some we have to do the scripting work or you know like a customization of our custom policy is available like if our GPO policy is exit is not match or available in in okay so there's something called Group Policy analytics you can see here yeah so okayy analytics analytics okay so what it actually does is you can bring your import of your group policy so from any of the machine okay and import that here and once you import that here within few minutes it'll actually show you this report here okay so we show you the group policy name once you click it your active directory Target whether MDM supports or not okay whether InTune supports that particular policy or not and which it's targeted and when what is last imported so this is a single line you'll get once you click it it'll get into detail so what you actually have is once you import it once you're ready to do migration you can just click migrate here the one that you see here you can actually click migrate here so this is how it actually works so before you begin you export an XML file from your GPO import the GPO and run that analytics so this will actually show you this presentation okay sorry screenshots you save the report you import the gpos okay in the InTune console and once you actually do it okay so it'll show you all this options and you can later Group Policy analytics come down and then migrate it okay that's uh three four steps uh but um the caution is there while it this supports you have to be very careful in migrating because see most of the organizations have group policies defined for uh so many years right so it starts from Windows XP Windows 7 Windows 10 you just cannot change bring all that old mess and uh to the new tool there has to be some kind of rationalization which you need to filter out remove all of your old group policies okay because half of your group policies are applicable to only Windows XP if you are a very old Enterprise organization I'm saying okay so if if you starting something new okay you can use this group policy analytics to only analyze what is very important so that you can use it today almost all banking customers are actually going to uh InTune because InTune completely uh it has almost 80 to 90% of the support already and in addition to that whatever Enterprises required whatever banking organizations require whatever Financial or bsfi all these insurances companies all this uh critical companies are actually have no problem moving into in okay the only thing is their budget their team their process their downtime that is their drawback okay so uh mooving here is very easy okay so what is more thing is there is something called import admx okay you can import whatever admx FES that are given either by Microsoft or a third party and start using it okay so all these adms are managing my managing Google Chrome okay so you can actually manage multiple settings there is if you go to create configuration profile and Windows 10 profile type is settings catalog right so if you go to the settings catalog and create if you look at it right now there are somewhere around 8,300 settings here in this catalog okay so this is the uh everything that you find in group policy is here almost almost what is required anything whatever you want to manage okay whatever you bit Locker so you just type bit Locker you'll get the entire administrative templates bit Locker Drive encryption fix data everything you can actually select as soon as selected and select all the settings okay everything starts appears so you can completely use the entire group policy set settings right away here in the cloud you don't really have to do all this thing okay see hundreds of settings are here right away whatever is there in the group policy okay will be here it's simple admx so yeah I think we have completely exceeded time so I think we'll uh continue next time okay so whoever is interested can join so and if you I think already 12 or 13 people confirmed but not so we have another people other batch running uh early morning so any question Rajan yes hello yeah so what and all pred required for this thing like I'm working as a l one level like desktop support engineer I know the things everything but I don't have handon experience for this SCCM WDS servers like uh L1 level I for example from ad I even a also I'm using I'm giving the permission to users blocking looking so what and all are prerequisite required for this inun see whatever uh whatever you're doing is more than sufficient for this so I'll will be starting from very fundamentals okay so fundamentals to L1 to L2 four five years level of experience whatever topics that I showed will be handled in detail any questions will be taken tested on everything there's no hurry there is no thing okay so um so what background information I mean what background you require is uh there's nothing background okay so you're saying uh Azure ad so what do you really understand Azure ad is the question okay do you really understand uh the in tune is a question do you really understand what is uh device management what is in tune or any other third party management what is patching what is Windows update Services how does Enterprises do it what are the processes they follow okay it's more of product plus what happens in the industry the realtime Industries okay there is nothing like uh a casual talk casual training okay there's nothing strict YouTube videos kind of thing uh I'm I don't plan to cover that one like sorry for dist like for example definitely this course I will go through properly even I certified in ag 900 and 104 with good properly I did so tomorrow I'm going in any organization so I will be handle the like live production environment yes so you can 100% do it but what is you can only do it if you have a uh this lab definitely lab yeah so with this lab I'm I'm telling you anyone after this session can actually go and appear for a four five 6 7 years six still six years experience of includ I can assure you that one and many from my previous patches also did it so see the main important is we have only 20 hours for me to teach so this is becoming the the mean the scope of this InTune is becoming wider and wider and wider every day they adding something okay so so I can uh guide you I can show you the most important things here the rest of the things right outside of those 20 hours I would expect you all to work every 1 hour or two hours a day not just this go to any training anywhere in the world anywhere it is up to you having a lab practicing testing it a person who only does that will be successful all others I can challenge you they may get a job and do whatever the seniors have done it but they'll not be able to uh fast forward their careers it's all up to it's all up to you all to sit every one hour and consistency is important one tip is consistency if everyone say for example if you start working on InTune or any other technology for one week continuously and stop it for 3 4 months you it's it's no point it's a waste of time ra rather than every day if you spend on a in a week 5 hours for another three or four months you will be more powerful than anyone else because not everyone will do it consistency is important yeah that's all is that's all is the tip uh not a tip I [Music] mean even once as aess time we doesn't know after six year of experence because that time we studied everything and we implemented few of the things ah yeah question Raj the one which you show us about the license Enterprise mobility and security right that that is still 90 days right I think it is 90 days and there's so many people who use that as and that's why I think they reduced to 60 days I don't recall I don't remember it must be either 90 or 60 or 30 whatever it is we can start from there and once you once that is expired uh I think U we can uh go for M365 Developer Edition the developer see once you know the product right you can play with it you don't have to talk to anyone you don't have to ask anyone it's a completely free products all you need is a trial version of one year two years different email accounts different phone numbers different you can do everything every day you can you don't have to spend I for 6 years I have not spent a single uh penny for uh any license okay all you need is some virtual machine or a physical machine to test it correct okay got it so we can at least do a practical thing in it yeah yeah yeah so yeah exactly practical is very important without practical I would said I would suggest don't attend this training and waste your money because you you're already having YouTube videos so so many YouTube videos so many people have already uploaded it if you want a structure if you really have a plan to do something add into as into your resume uh attend this training or else just uh if you don't have any plans no motivation then don't please uh join it's waste of your time and money especially in the weekend right so I don't suggest you all to join okay so that's all okay so it's still be around one and half two months so with that within two months I think within two months you'll all already feel confident okay so yeah that's all I have already extended guys thanks for your time uh you all have a wonderful day okay r one more question the timing will be shame for this batch that will see how what is convenient for everyone okay okay this chat someone were asking Fe okay that will be communicated by ath so the timings okay we'll see just go through that chat okay so we don't know what's the timing mainly uh we'll confirm 99% it is the same timing 5 to 7 Saturday and Sunday okay okay so we'll see what is what works for everyone so people say can we manage Windows 365 through in tune yes that's the only way to manage the cloud PC Windows 365 and also the Azure virtual desktop both can be managed by Windows uh sorry uh InTune centrally so that is where I'm seeing the scope of InTune is getting expanding like anything because they have added uh though there is a cloud PC AV both can be managed from InTune as a single device fee details uh I think Amit will message you it's uh someone says salary for InTune admin uh see again it depends okay so it depends okay what's your previous experience uh and what is your uh overall experience
2023-10-08 17:19
