Learn Intune From Beginners To Advance Level | Intune MDM L1, L2, L3, L4 Level Course RealTime Class
you know where exactly we are placed and what is this training all about okay okay so hope you guys can see my uh Firefox screen right so if you actually go to Microsoft cyber security reference architect okay and if you look at the first page okay so you can choose any of these okay so but if you actually click on this download and update uh okay or else if you if you don't want to open this that's fine but uh just like a second it's downloading okay I think that's not opening but what I'll do is I'll just click on this images okay so this is a very popular thing most of you all already know okay but if I actually look at this and click on this so I think I hope you guys can look at the screen I think I had a better image but that's fine okay so what do you actually look at it here the entire uh it and the zero trust part right so it involves multiple products okay so what I'll do is I'll rather than uh show this picture I'll do it on my own okay don't worry so I can see my white whiteboard here right so let me share my whiteboard okay I'll start off with ENT ID okay so what actually happens the thing if you buy an Office 365 license okay so let me just check the chat okay so hope you guys may seen my uh whiteboard right can you can can anyone confirm in the chat okay so if you actually buy any Office 365 license today okay so say for example Office 365 is a cloud-based service right so if you buy Office 365 okay so you actually get Azure ad free okay earlier it was called Azure ID now now it's renamed to enter ID so what is enter ID enter ID is basically I am okay so it is identity and access management solution from Microsoft so we basically in layman terms it stores usernames and passwords okay but that is something new okay so if it's if you started off with Cloud native that is usually you have with office 665 when you say office 665 you have email okay so of course you have SharePoint with that comes One Drive and with that comes teams okay so everything comes under Office 365 license of course if you want to add more features you will actually buy need to buy an additional license okay so with enter ID it is a basic service right and if you want to add more features again you have P1 and P2 license for enter ID okay we'll talk about those features later but traditionally if you actually look at it people always m from exchange on promise solution right exchange is an email solution which they had it on on promise so back in 2011 when office c65 announced if you have looked at it for next four to 5 years we always had exchange to Office 365 projects in most of the companies because exchange was being migrated to the cloud-based online services so they had to email inboxes share points and everything were maybe were actually being migrated but one thing was always there there was an active directory in the on premise right even today we have every company every organization every big Enterprise has an local active directory where users users passwords printers almost entire organized resources were residing in active directory right so we back in order for office 665 to be used right there needs an identity okay so if you had join the organization back in 2005 say for example your user one okay this particular user one hat doesn't really make a difference when it comes to Office 365 because Office 365 will never recognize a user that is in your own premise right so and hence there was always a synchronization of users from the local on premise active directory to Android ID so there is something called ad connect or entra ID connect earlier it was called as DNC which is a Dory sync but users were being synchronized from your local active directory to ENT ID Okay the reason why because unless you have a user here you'll not be able to use any of the cloud services that Microsoft hosts especially the M365 resources so one of the M365 resources your Office 365 okay so you know if you joined an organization even in 2005 you your user needs to be synchronized here and you need to be licensed the important part is the license you need to have an Office 365 license and as soon as you are licensed your email inboxes your space everything actually your entire ID gets created so this is your fundamental part okay so enter ID the meaning of enter ID is where your users and users are there and your users need to be licensed appropriately for respective services okay so whatever Services you use say for example if you need ammer right so if you need uh InTune or if you need some Defender for endpoint license or if you need one drive okay or any other resources Yama Vivo glint there nearly 25 Services right so for any of those Services your user ID should be present in enter ID and you should be licensed so that is a basic thing so entra is a central part for allowing access or denying access to any of the cloud resources so that's one example right so say for example if you have thousands of thousands of users you're still here okay so that is what is happening from 2014 okay so we always now coming back to the end points okay we now always had a machine a Windows machine that used to join to active directory okay so that is this is actually called ad join right your machines are ad join so that you can authenticate your windows machines your laptops to your active directory okay the way you actually do it is typical domain uh notation domain back slash and then username right so that is it as long as you have connect connectivity to your active directory you are able to authenticate the machine now this in addition to that we again had a on promised device management tools like SSM okay so SCM always was in on promise okay nowadays we have moved some of the components to the cloudbase but still if you really need SCM proper connection you might probably need a VPN solution today right or a VPN or if you are in a non promise uh environment if you are connected to your office Network you will connect to SSM and for getting any of the resources okay so now take the same machine okay say for example you did a join to enter ID which is your cloud-based how do you join uh can you join manually automatically silently without user knowing we'll all uh discuss in future classes but say for example you take this machine and join to cloudbased enter ID okay so now this is exactly called as a hybrid ID right hybrid entra ID machine so now the status of this machion is hybrid entra ID or you can say hybrid join machine so for these hybrid machines what are the advantages we that we have okay so of course uh doesn't really make a difference because as long as your hybrid hybrid ad join the only good thing is you'll actually get seamless access to Office 365 or any cloud-based Solutions Okay so so here in enter idid we this Office 365 is automatically integrated okay so the enter ID can have a single sign on to multiple of your multiple cloud-based application be say for example Salesforce okay it can have Salesforce it can have uh saps right so you can have slack okay so you can have slack sap workday okay so any of these okay can be single sign on LinkedIn you can have any of the cloud-based application as a sign-in mechanism okay so you can establish an SSO with enter ID and then redirect the authentication to enter ID and that will enable to do a seamless single sign on to all of these uh cloudbased resources that is exactly what happens if your device is hybrid ad join okay so you might have observed if a device is in hybrid ad join you will not be asked for a password if you log to your email but if your device is only exchange uh sorry uh on promise domain join but your email is an exchange online you will be prompted for username password and also the MFA if it's required okay so where are we now okay so we are now having a machine which is hybrid entra ID join SCM managed and AD join okay so if you are right now working in most of the SMB business and SMB projects people really want to now to cut off these two things okay so we it's not mandatory or it's not required or it's not uh um requirement from Microsoft where they're asking you to remove SSM or active directory okay but their recommendation is to have a 100% cloud-based solution where your identity provider is enter ID and your device management solution is in tune okay so basically what in tune with respect to a Windows machine is simply a device management tool which allows you to do two things a seamless device provisioning and a policy deployment tool so added to that it'll do an application deployment tool so if you have a mission when we say device management it does three important things the device provisioning the app deployment and the policy deployment which is nothing but your settings deployment remotely over the cloud so we don't require what is a good thing about this is we really don't require the device to be connected to a corporate Network or VPN or any of those things the devices can always no matter where they are whether they are at home or in India or any other country they seamlessly able to connect to uh in Tunes uh in the cloud so what uh that's fine okay so what do we require in InTune okay again it's still the same thing in tune again is all inter related and Inter with thing with androy for in tune to work today if you don't have anything in your office uh environment okay say for example you are using Google workspace or Amazon web services and Amazon workspaces something okay different identity Oracle identity manager you don't have any Microsoft products but you suddenly decide to go and start choosing okay I'll go ahead and do in tune the main thing that you actually get again you'll get an enter ID free okay you'll get an enter ID tenant because even for InTune a person who is enrolling the device needs to be licensed with in tune and in order for that this particular user one should be InTune licensed so whichever service that is that you are consuming that user should be licensed okay so again there is again something okay so if you're talking about autopilot service okay so it's again uh if it's completely new that's fine I don't want to touch upon that but again if you want to expand this this is fine when it comes to device provisioning and this is great when it comes to app deployment now the app deployment has completely Chained and in tune you can there are hardly any limitations now uh they even bigger companies back thanks everyone using in tune for app deployment okay so we have Windows update for business patch management is again taken care with that kind of policies where we have uh Windows update for business deployment Services okay a new thing finally uh of course the policies uh almost the entire GPO policies that you have today almost 90% of your GPO policies can be actually done with in at least the gpus that are required for Windows 10 and windows 11 based on the nest and the any and all those all the any uh the ISC standards okay so you don't have to worry because we have bigger Banks almost every company everyone actually uh Now deploys settings both security settings and non-security set settings to almost all of your Windows 10 clients uh remotely from InTune okay so GPO is really not needed if someone is really uh there because of GPO it means that they really did not do a proper research and uh they don't want they don't have a budget or they don't want to move away for uh other reasons so what are where are we okay so now again in Office 365 and tri ID and inun so in order for this to be secure okay in additionally we have to again have a remote monitoring security tool Okay the reason why every company is now looking at for uh Defender for endpoint so what is Defender for endpoint we we usually call it as mde okay again in order for Defender to be used the this particular user has to be licensed with mde and where do you license the mde again here in entri ID you select the user and you license whatever he wants so now you understand understand so every user needs to be licensed in ENT ID for everything to be consumed that's the first checkpoint not just that okay any other license if you want to use Microsoft Loop Microsoft uh Viva like the previously ymer simple teams okay so you may have teams license and the teams premium license right you can have exchange with uh 25gb space and you can have exchange with one TB space so those again licenses can actually be decided at as designed there in the enter ID so again you may have InTune P1 license and InTune P2 license okay so it's everything decides on what kinds of license and what kind of service uh and features within that particular uh product you assign so this is your md okay so what is basically MD traditionally you can simply call it as an antivirus or antimalware that is your traditional antivirus yeah now in today's world we really don't depend on definition based scanning devices so previously if you already used Windows machine if you're are a home user like you know you have laptops right so you have laptops and you have machines and you have you download some macafe or any antivirus and you update the definitions right the definitions are downloaded from macafe or any other semantic and then they are scanned against your flash drives USB drives or your hard drives so that really doesn't work in today's well right it's now 2024 people really don't the hackers don't focus on the devices based on definition say for example you catch a malware so first of all companies like meaf and semantic should understand that malware it has to be viral and then they calculate the hash and they upd the definition so you when you download a definition it means that you calculate the hash of the file you download the hash of the file and you scan the machine against the file file based scanning so that file base scanning is now gone okay nowadays no one really are worried about the file base scanning because that is a part of the feature anyways you already giving it okay so if you look at the competition the competitors for MD right so if you look at it the recent crowd strike a very popular one right so Sentinel one everyone might be knowing Sentinel one maaf uh maybe semantic sofos okay so many other bid Defender with crowd strike and Sentinel one being the very tough competition against the uh the defender find point so if you look at the Gartner report okay so both InTune and MD are the market read leaders right so there's no one okay so let now like it uh I'll stop uh sharing my screen I'll again uh put this so we talking about why should we even learn in tune okay and uh as uh many people have doubts right so uh just a second this is okay so if you look at uh InTune Gartner magic quadrant right so this is where if you look at it there's any comp there's no competition at all that's all I can say okay so if you look at this picture here this was back in when this was in 2013 10 years back if you look at the endpoint device management or the mobile device management products comparison if you look at this we always had hairat VMware AirWatch and then Citrix and mobile and this is mobile iron and we had fiberlink which is which was acquired by IBM and then we had good technology again acquired by blackberry and there were so many small players if you look at it right so there was an absolute software landesk okay so this was back very old okay so now coming back say for example this was in 2017 so if you look at the 2017 within 4 years right Microsoft was still not that that great okay so the in tune was still in the Visionary phase okay so here I'm only speaking about the mobile device management okay so mainly focusing on Android iOS and Mac okay so vmw was still the leader followed by IBM Master 60 Blackberry good and then mobile iron the reason why I'm showing this Gartner report right because the decision May makers in any organization like you know be it a CIO or the C ciso they actually they have good budget if they have good bud budget right so they usually come and have a big sneak view on what is happening here in GNA report right so half of the decision makers compare their products evaluate and check based on their business requirements okay so this was back in 2017 okay so if you look at now in 2024 so what is this this is 2000 okay so I'll come back to this this is okay so this is Unified endpoint management okay so we now don't have any competition okay so there's only one market leader which is Microsoft and we do have VMware and that maybe they claim that they're very strong in iOS and mac and uh people who write this Gartner report one of the person is from X VMware employees so he has some bias and Affinity but that is fine but uh people who have already used VMware workspace one or uh they can clearly State the difference between the InTune and the VMware workspace one so ianti again ianti was a separate uh product right so they have acquired mobile eron recently okay so clearly this one product is clearly washing away the market for all the Le rest of the customers you see the Citrix is not even in PCT IBM is not even in picture okay it's here okay so manage engine is still here okay so we really don't have any much competition and that is exactly if you are already in the company you're all working you already know that half of your projects are migrating from VMware workspace one to InTune Citrix to InTune IBM to InTune okay so that is one of the major projects that you will get and people who are already with SCM again they're either do co-management withm when it comes to Windows machine or they are migrating from SCM to InTune okay so these are the things now second I'm talking about the different of endpoint the second product in our training so if you look at this again there are so many security products in the industry but crowd strike as of today yes it stands uh much higher than uh the other products so if you look at one again it's Microsoft of Sentinel one crowd strike these are the still the top leaders okay po Alto networks is there and then so forth all of these things the rest of the products okay if you look at it okay So eventually by looking at this at least by looking at the history if Microsoft enters into some of the products or any uh product speed or any technology any domain I think they are clear they'll have good support and they'll have their different license scheme uh their budget their uh discounts that they offer to the end customers clearly takes precedence for most of the existing organizations and it's easy for them okay because again why do why are they now being enforced to start using Defender for endpoint okay so what is happening another project if you go to any of the companies like enforces V proo TCS all of the projects the bigger projects that you'll see is migrating from crowd strike to Defender Endo because every year every couple of years every 3 years they'll get into renewal stage right they're about to renew renew Sentinel one every year okay so they'll definitely have projects and when we're about to renew crowd strike Sentinel one or any other products they'll actually compare the budget so every it has a budget every team has a budget and ceso would always look at saving the money okay so when you actually look at uh allocating a budget they would now because Microsoft pitch the way Microsoft pitches is with one single M365 license which they already have okay I'll tell you most of the companies already have M365 license the defender for endpoint is already covered the basic version all they need is another $6 or $10 if they just buy buy with $10 per user they would actually get the complete Defender for endpoint license and if I want to buy have a crowd strike license I have to pay $30 or $28 so which one would obviously because uh it is a $15 difference for one user imagine if there are 10,000 users in your organization besides all that we have amazing integration capabilities here with if you have Defender for end point with without in again how do you sell okay so how do you sell Defender point point is easy to sell okay because you don't have an agent you don't have to install an agent you don't have to maintain an agent the entire crowd strike issue that you see in the downtime the biggest uh things that happened uh five to 6 months back was simply because there was an agent issue okay so Microsoft claims that we don't have any agents our Defender for endpoint is buil in within your operating system we don't have to do anything else how do we onboard a simple onboarding with InTune every device that is inboard uh enrolled with InTune is automatically onboarded with different of endpoint so management is easy reports are easy console is very singles uh with single endpoint console you actually get multiple products okay so that is again because if you not heard of the solutions like Defender for endpoint because we are only talking about defend of endpoint we also need to defend the other cloud-based products okay so if you look at this I'm not sure if you can uh see this this is exactly the cyber security reference architecture I was actually talking about right so this is what usually the decision makers and the people actually look at it Okay the reason is your entire if you're looking at a higher experienced jobs and projects right you should understand this okay in the entire picture that I shared the only thing that we discussed there was this one identity and access management okay if you look at this this part and here we talked about the left hand side if you can see my mouse here in the clients section okay this part which is your Defender ATP SEC code and threat analytics this is one product management of Windows clients beat Android iOS and things thing we talking about the InTune NDM and am okay so this entire thing is what we are going to study in this course along with that little bit of identity and access management solution here of course yeah we'll talk about Windows hello for business the privileged access identity okay all of these things okay so this uh and again coming back to if you really want to shape up your career into M365 right so I'll talk about again further okay so if you can see my screen again so we are here talking about uh the I'm sharing my whiteboard uh hope you guys can see okay so here we are talking about the end points here right so we have in any infrastructure in any company what do we have we have of course a directory like active directory we have enter ID so enter ID and the users needs to be protected and for this we have a separate product called as Defender for endpoint Defender for identity we say MDI it's again a different product and of course Office 365 also needs to be protected because we have spam we have emails we have uh data and SharePoint data in one drive okay we also have to look at the DLP part of it right so DLP when I say DLP actually again DLP works with your Defender for endpoint here so the DLP functionality of office 665 which is in perview People heard of perview so Microsoft perview is one the biggest of the security product that we have so the MS Microsoft p is again takes care of the DLP part of it okay so one and the sensitive labeling okay so we have thre protection basically data and the threat protection see every data is either stored in Office 365 or in your laptop you can get an attachment in an email right what is what is the point of managing and protecting everything if you are able to copy that security at email or or high confidential attachment to a USB flash drive so there is no security right so we have to block that so what is the point of uploading the same attachment to your Google drive if you do that if you allow that in your organization there's no point of investing so much in in a tool in security right so every data in your laptop should be monitored every action in your laptop should be monitored and the only tool that can be mon monitored is mde so back to what I was saying MD is not just a anti- mware anti scanner or anything okay so it is a live monitoring tool that monitors every action on your laptop so basically it's always connected there is something called live protection okay and they have given various names across to it but a very common name what is MD MD is nothing but your EDR tool so you go back to your company or anyone you are asking what is your EDR tool they'll tell you Sentinel one or anything okay MD or crowd strike but EDR is nothing but endpoint detection and response okay so we have to detect and we also have to respond automatically there should not be any person or any human in being to see and monitor everything thing of course you will have your security operations team your seops team is always sitting in your monitoring all of these actions in your Enterprise but if you have spent some money on a tool it is expected that at least the most common threats and actions that the end users perform should be mitigated and for that reason we are all uh every company is spending money to crowd strike and all right so these are all automatically blocked take a file and upload to Google Drive will get a message different Ender for end point has blocked this action take a uh important confidential file and put it in a USB drive or anything you'll get a message your action this action is not permitted by your administrator okay so all these actions can be protected because nowadays if you look at it the endpoint device management the companies are looking for is not focused on deploying applications and deploying patches that is just one part okay so if you look at any of the interviews today because I talked to many people they look at people who have good skilled in real security okay when I'm in security they talk to the security people they understand what is pki infrastructure they understand what is certificates they understand threats and vulnerability managements so here talking about Defender for endpoint it is not just a um the malware scanner it also has a vulnerability management capability okay so your bace okay so what the way Microsoft sells right you can just have one Defender for endpoint license which you already have you will get rid of quales you will get rid of crowd strike and if you have in tune you can get rid of your VMware workspace one you you will get get rid of jamf you'll get rid of any of the MDM providers you can manage Windows iOS Android Mac Google Chrome Linux all with one tool in tune and you can manage all of the security of this MD MD manages all of these platforms iOS Android right so Linux Mac OS and also windows okay and with entra you don't have to buy another product and since you already have M365 you don't have to buy much of the money okay so now we'll talk about what is exactly this M365 if you look at M365 why because we talking about M365 M365 is one big license it covers the entire Office 365 it has in tune it has mde okay we'll talk about M mde MDI Defender for identity Defender for cloud apps okay I'll talk about this later so Defender for mdo Defender for Office 365 the main important thing you also have Windows 10 and 11 licenses along with that so everything is subscription based everything you'll get it in one single license which people already have they already have E3 or E5 the only problem is not every company is leveraging the entire feature set our entire product set of M365 license okay so either have business premium small people small companies with less than 300 they have business premium but anything above 500 end points people already have E3 or E5 okay so they're not really using it okay they're not really at all using it so that is what we are talking okay so mainly in our course we are talking about InTune and MD okay again why why do we need inun and MD is again the popular um thing in the market is people already know InTune okay the only thing is they wanted people who already know InTune and already worked on mdo because it's a long-term projects these migrations and these uh things right they are existent for a long term and you'll continue to have it because it's not like you know uh one day it's not a one one time project and you'll forget it because service based companies will always get projects migrating to InTune and Defender for a long time for next 10 years right it's a unique skill that people uh require at this moment and the mindset should be a 100% cloud-based they can't sit and work with traditional mindset uh and a traditional uh old organization we have huge on promise presence okay so that is not going to work uh if you're totally based on uh things so by actually looking at this just give you a second I'm just going to show you how actually uh the today's jobs are there right so just a second so if you actually this is my uh this is the just LinkedIn page okay so if you look at any company okay go to just search for in tune okay so if you look at any in tune most of the jobs okay so you may not already uh be present so I'll talk about different kinds of uh um this one right so we'll talk about uh different scenarios that we have okay so we'll talk about uh for example UC architect I know so there's a Max specialist who is asking I know okay this is I don't know why Tak as okay so if you actually look at it say for example most of the companies are actually looking for things like you know uh one drive uh online applications okay and ENT ID okay this this is a these are the people who might probably using jamf for this moment and they are probably continuing Jam for Macos and also in tune okay so they are actually looking for uh conditional access group policy management it can be a multiple mix of uh these things okay so if you look at any IND architect right so they are into hlds and llds ofm uem in tune okay and then coming to InTune uh specialist okay so they'll probably asking for um device compans endpoint protection so endpoint protection is nothing again uh it's the same thing okay so basically what you search if you can search uh whenever you have time but in addition to the traditional things that we are uh we will actually be discussing it is not just MDM and M we'll also be discussing about uh the in tune is again as I said the course is 80% of will be in tune but whatever you need to know for an interview to be comfortable when it comes to the defender for endpoint so basically you will be able to manage the complete Defender for endpoint and in tune in this course okay so that is all uh I wanted to say so the uh again one second so how are we organizing okay so uh looking at this I'll if you have any questions you can just put the put that in the chat I'll just answer all those questions so basically when it comes to environment how are we actually studying uh everyone should have their own Labs at least test machine so I prefer to have uh at least one Windows Virtual Machine okay so as you all know we can all have in tune free subscription cloudbased subscription you can have even uh e35 uh M365 trial versions and uh if you already have companies working you can use them if you already have customers with them you can use them people who are new to InTune I would highly suggest to have a trial version because there's no uh you don't have to attend a training or a class if you don't have a goal unless you are able to sit for all the 25 24 classes 20 classes to 24 classes that I plan and follow up practice read and learn with some commitment I would suggest them to join okay simply because uh you are free in the weekend you have some money to join you are some motivated only for now not for a long term I would not uh suggest you to join and waste your time okay unless it fits your career plan okay to whom it is applicable people keep asking the same question right so to whom it is applicable is it is applicable for anyone with basic to advance okay people who already have L2 L3 level of InTune experience no it is not for them I'll definitely not be covering the advanc topics or graph apis all of those things report fetching okay data warehousing partial we will not be covering anything related to Advanced uh in tune and um even the defender in for Endo okay AQL queries and all we not going to discuss all of those things it is purely for those people who have uh like you know uh two two 1 2 3 years experience to 8 years okay if not I'm not talking about the overall only in tune okay so they can join if they need L2 people who don't know anything can join I will cover very strong basics of L1 in tune and Azure ad and MD and we'll also talk about how to create Labs so what is is really basically needed is one simple Windows Virtual Machine if you have test mobile devices like Android iOS it's great but everyone should be able to have a in tune trial tenant they should be able to have something like this in the console the one that you see and you should be able to enroll the devices without enrolling the devices you will never learn okay like no I have a Mac I can show you okay Windows Android I'll show the screen Windows will have a virtual machine everything will be mostly the training will be 80% right now right the way you see in the screen okay whatever you see will be on the screen labs and everything I'm definitely not have much of the ppts I there's no point in having ppts almost all the trainings will be through whiteboard and uh the actually uh console okay and your virtual machines so whether we are create policies uh navigating okay so I want you all to do that over the weekend time or the weekday time because um you can actually get hundreds of videos in Internet okay you'll get it there is no point again coming okay if you if you are already knowledgeable you can sit and learn by yourself you don't have to uh Focus here but if you need a structured focused program where you are committed you are understanding you are talking back you are asking questions you are practicing then join okay so don't waste your money and weekend uh if you're not committed so that's all I have I don't have anything else to say people who wants to join I think I'll uh message the number please take down the number whoever is interested can talk to Amit okay let me all know amit's number so if you don't know the number is 9546 62806 okay I'll put that in the chat I'll repeat it's a India number it's + 91 9546 62806 okay that's a number they can talk to him for uh the duration probably tomorrow or even next week we are starting the classes so that is uh the thing okay I will stop sharing the screen so someone asked do we have the capability to manage window server no windows servers managing is not possible but with InTune console you can actually see Windows server and the polic is being pushed from the InTune policy to the defender for endpoint policy and that through a Azure ad device group the policies are pushed so the defender for endpoint has the cap capability to manage Windows servers not in tune can we have a hybrid lab setup you can have it but there's no point again how does it adds value for a hybrid hybrid lab setup any complexity that you are adding uh there is no difference okay your device doesn't really uh adds value if you have an hybrid lab setup because if you want to have a group policy you can do very well with your local gpos and plus in tune managed the problem with hybrid Group Policy you can easily do it okay you need to have a complex environment where three to four virtual machines I always had SCM lab when I was doing SCM training with hybrid ad join all of these okay those were difficult to manage resource uh consumption was high and hence I had to decommission almost all of those on premise my training would be simple complete cloud-based if someone is interested in a SSM environment hybrid ad join I will not be showing sorry I uh don't want to invest time on uh anything on premise so when we are starting training either tomorrow uh might be the first class okay md10 to ification is covered yes it is covered okay so why uh okay so if you look at the MD md102 earlier there was md101 right so the md102 is typically 80% of 70% is in tune another 10% is entro ID the other 10% is Windows 365 the reason why Windows 365 you can see my screen okay the entire Windows 365 is part of the InTune console now right you will not have uh if you go to tenant where is it okay so if you go to devices and device on boarding Windows 365 is here okay so every cloud PC or Windows 365 PC can be managed only from inun okay so if you look at this okay I don't know how fast I'm switching down okay if you click on Windows 365 you will okay so you will see windows 65 policies Windows 665 PCS provisioning you can change your RAM you can change your login you can change as a licenses everything right now here if I have the license here okay and I'm sure okay people who already know Windows 665 it's very popular again right it's not priced high again it's very lowly I mean uh the administrative effort it is very plain and simple people all these contractors third party uh people who join they just assigned a license you go to enter ID if you join and license you can assign an Windows 365 license and within half an hour your PC is ready so you can sit in your home computer log in with Windows 365. microsoft.com and you'll be able to log into your PS okay so that is how onboarding is easy 100% secure okay it is a browser based and RDP based you have an agent Windows 365 sorry so that is the reason why md102 was added okay you another 10% of the questions you'll have with Windows 365 they want Windows 365 to be advertised they're doing a huge marketing along with that they're even adding that into a certification so that people know about Windows 365 can you show me the syllabus okay I will show you the syllabus just a second uh okay so before that share the number I already shared I'll put that in the chat one second I know on PR ad and manage engine and I can learn in tune and get a job of course yes if you already see these are uh this is properly suitable for people like who already have good identity and on promise active directory knowledge they have third party tools like ianti SCM manage engine some knowledge on workspace one okay it's very good okay they can go to advanced level okay they can clearly upskill their career and uh get a good salaries right so any payment for class uh I don't know what is that mean so yeah I can talk to Amit uh so will we have recording videos yeah the recording videos we are recording each and every class and every recording will be available to you for uh your lifetime okay so it's it's we only recording you not be able to download So Co management yes we are covering Co management with Co management without really a SCM lab okay now you can understand how much of the concepts and I have some demos where we can showcase what ANM admin should do in his Co management environment see Co management so we have to talk about the concepts and the initial and the challenges of co-management so typically if you pick up any organization when they so when they you say Co management so what are the workloads are shared between SSM and what are the things that are going to InTune so it all depends on organization so how you make a decision is depends on your entire it admins skill set what are the what have you been using the SSM for so me for all all these days where are your locations how much of your bandwidth is required for all the data transfers right so all these are decision making things when it comes to co management Administration is easy you just put the sliders and you add the collection of the devices right and everything is taken automatically you'll not have any there are no bugs in the product as of now as of today it's if there is any problem with something not working it'll be 80% your configuration and network issues right so we have to just figure out that so apart from that you just drag the slider and add the machines in the co management your co- manage as long as it sys the policy within okay so it will onboard the device to In Tune okay and you'll have registry changes in the C management and agent will Now understand will have a different number and now your Co management will understand going forward I have to not deploy patches in tune is a person who will now start deploying the patches right so these are the things that we'll see okay how agent understands what is the code that it calculates for each workload okay so all those things we will discuss okay so fees you can talk to uh things so what are the recommended ways to replicate mobile device scenarios testing you need to have a physical mobile device nowadays uh the simulators don't work okay so take your own device nothing will happen it's your lab you're not wiping your device okay so you can if unless people are scared to enoll and unenroll devices you'll not learn in tune so Windows 365 is it similar to avd no avd is a completely uh like you know a vdi environment where you will be managing uh gold images you will be managing some kind of additional different policies right so Windows 365 you're not managing anything you're only managing policies on the machine you're not managing the virtual infrastructure you're not managing the storage are not managing the uh the OS itself okay so no images no networking everything Windows 365 is seemless you'll have two options one is uh hosted Network by Microsoft where you'll have unlimited internet and you'll have your own inet if you havec which is your Azure network uh this one uh connector so connection so your V Nick Nick card right so your virtual Nicks can be connected to your windows 360 machine so even if you're a cloud-based machine okay you if you're a vendor or a contractor your Windows 365 be can be connected to your Azure Network okay your your managed Network so that you'll be able to connect to your company's intranet resources so all that is possible with IND 365 and that's why it's very popular so can we get demo videos if you want to look at my previous trainings you can ask Amit he will probably share a couple of things okay so now uh I'm sharing my screen for the syllabus people were asking syllabus okay so if you look at my screen so uh that is what we have okay so so if this is 20 hour approximately 20 20 hours I know it will cross 20 hours easily because many people keep asking questions they bring in their own office uh and the company scenarios testing labs and all so but if it was a seamless one to one to Y all communication it'll finish off in 20 hours okay so for the first few days we'll talk about uh licensing okay so what is all about uh the mobile device management and uh how are we talking about the cloud and the hybrid scenarios so after covid you might have understood the importance of in okay people at least the it companies okay so earlier autopilot was a fun thing now autopilot is is a serious part of every organization I'll give you an example Accenture right so Accenture have nearly five and a half lak devices almost 4 and a half lakh devices now are in tune autopilot managed all almost all are provisioned with autopilot people who are working in Accenture if you have recently joined in last 3 years you can confirm that okay so that is how uh seamless cognizant is also the same thing they're not joined to active directory cogniz and laptops are not joined to local active directory almost all the new laptops are joined to Azure ad and in tune managed P 100 imagine like companies such big companies are managing Bank of America okay another example Goldman Sachs all these are now 100% cloud-based okay they're not really dependent uh I'm not talking about everyone okay there are few critical within the same Banks and the same same Financial organizations who are not 100% managed because they're still evaluating but they started so we'll talk about uh yeah the all these user groups device groups automated Dynamic device groups that we create and finally we'll have a lab setup for uh whoever is interested whoever wants to really do it I'll tell you how to do all this lab setup once you have the lab that is when we can really start off enrolling the devices okay we can talk about the nor noral ad and hybrid ad join machines so the real topics actually starts from Windows autopilot okay Windows autopilot is one big topic that we are covering in detail so we'll talk about Co management and uh coming back for iOS okay enrollment of iOS is fine everyone knows people who already are using company resources they know but uh Apple business manager and wepp okay the volume purchasing program is what we'll be discussing so Android and Android enrollments again if you know okay uh people who are in Android projects they know it is a big Market why again simple the reason uh every shipping industry every cargo every shopping Ikea all these people nurses Airlines everyone uses Android devices colleges Schools they're all using Androids and iOS right so they need to be managed you cannot allow a school kid on an iPad to use YouTube right we need to have some policies you need to block you need to remotely monitor so they cannot really go to Apple website and start purchasing their student applications doctors cannot nurses cannot go and purchase the Hippa applications right so these all need to be uh properly distributed managed monitored okay so again the defender for endpoint plays an important role here okay half of the Safari or the Google Chrome policies if you are really a safari so Safari has a web filtering web content filtering so we need to manage those policies using the ABM devices so Android is a big topic where we'll discuss 5 to 6 hours same thing goes with Apple 5 to 6 hours the rest is all the other 6 to8 hours 82 hours purely Windows the rest is the miscellaneous topics about Defender find point Enter ID conditional access compliance policies okay all that we'll actually discuss so in tune ma'am a popular popular one okay none of your interview goes without properly questioning into map people according to me people who understand InTune ma'am who understand conditional access are the people who really understand InTune okay so that is where if you want to judge and if you want to uh question people because see all these are self-explanation if I give you a console people will start doing it okay but the enrollment is still the basic fundamental concepts are missing people really uh if I have 10,000 devices in my organization which is managed bym and ad if your project manager comes and says suddenly can you move to InTune okay so of course people who have experience it's fine because what is your first thought on how you actually bring those devices okay so all these scenarios is what uh we will uh be discussing uh one by one okay so it's not just uh oh traditional how to do okay how to do is very simple if you sit in a if you just read a document you'll understand if you have a console you'll understand but the challenge is really how you uh tackle a real world problem so that is as I said like you know we'll start with sec and defend of endpoint in detail we'll talk about defend of endpoint alerts incident tamper protection credential guard all of these security policies so this entire EDR right so we'll talk about you the Baseline settings the EDR is again the endpoint detection and response this EDR tool InTune Ma and then finally uh yeah see again the pro the good thing about learning InTune and MD is it show you a career path to the entire M365 okay as I said if you know MD in tune and then Defender for cloud apps MDI and then perview right the defender for purview tell me for next 25 years your jobs are safe that's all I can I can ensure that one when I say jobs are safe it means that you will get some because one or the other company is using M365 35 license everyone are using it all you need to know is to some great detail okay you'll be you should be able to uh communicate this product product into the real time scenarios and projects should be able to design and architect and solve okay it's a solution you need to be able to give a solution because see products is product teaches you how to use a product I mean you learn a product you know how to use a product but you have to use the product and give a solution to your business use case in any organization right they have a challenge of data leak okay you need to ensure that how you can actually leverage these Concepts if not this product some other product okay Microsoft might not have solutions for everything so you should be able to understand that real world challenge and come up with something new right so they're not even most of the my companies have so many third product products right tanium tanium is another product that does more things that no other Microsoft product does okay so nowadays they are looking at tanium features and then they're seeing how can I add Source features in Microsoft so that is what Microsoft is doing so Z scaler how many heard of zscaler so zscaler with one single product that Microsoft released last year which is uh the global secure access Global secure interet access and internet access right these two products Microsoft has released and with that complete zscaler Market has come down so imagine the zscaler market was there for a long time there are so many companies that they are using okay so they were advertising very much everything okay now companies are just because you just need to pay $4 in addition to already the entra premium license that you already have so zcar sorry this uh the global secure solution the internet and internet access is completely getting rid of your VPN your VPN Market it's a huge blow for the VPN Market okay so after this class you can just go and check the impact of global secure access intranet and the internet access two different products okay two different uh mechanisms in one single product you look at how it is impacted okay likewise learning Microsoft products is never a loss okay so you will always win in the industry so that is what we are covering I'll come back to the questions uh patch management and Os deployment can be managed by in tune okay so if you are looking at patch management the way you are patching the devices for all these years where you download the patches from Microsoft and some tool deploys the patches to the end points here that will not work that way okay so so here or in the future or Microsoft suggestion the vision is your patches your endpoint should directly connect to the internet and download that is already happening even if you have ANM environment see what happened during covid SCM already has a functionality where if your primary server is not reachable go to internet as a fallback option that is how what is happened during covid the same thing is happening in InTune okay only pushes a policies on when you can actually download updates so Microsoft releases say for example second Tuesday uh 13th or 12th of this month and say for example you certainly want to deploy patches you can actually push it back for 7 days or 10 days or 30 days so that is the only policy that you can control when it comes to Windows update for business so we learn a concept called as Windows update for business where we are sending different policies to the endpoint and endpoint understands and downloads the patches based on that policy okay but what has Microsoft released is whatever the problem that people are saying is I'm not able to control patches with a granular level I'm not able to select a patch I'm not able to deploy or put a lock down or put a control on some major version upgrade like 21 H2 or 22 H2 I don't want to stop so that is when Microsoft came up with another feature called as you can Google it if you want so it's Windows update for business deployment Services okay so that is what that is again what we are going to cover as well okay so in the updates part we are actually covering that as well so because that is enables you to do drivers also okay so you can do driver patching also so okay am I network engineer is it good for my it career okay so it depends shabir so it's up to you uh it depends what your how good are you in a network engineer okay so what level of network engineer so are you finding any issues any challenges any problems uh in your career where you can't Define your right path on how to go then you can explore this okay it's not bad okay so what I'm saying is if you have a network engineer and if you are into n network space of firewalls okay it uh not just the help desk or any other um like you know if you're into proxies web application fireal proxies all those things if you are into that kind of network infra then uh it might help it is helping you okay so Defender for endpoint is a part of the uh security team okay might not be a network team if you're into total Network wiring Wi-Fi and all then uh you need to rethink okay so how to enroll so please uh talk to the person okay I'll put the number okay one second so any other questions since I working on the project that is going to use SCM and Hyper uh or hybrid ad join Co manager and my role will be managing the devices like in I do have experience withm but when it comes to in I'm trying to learn but production in order to understand my day-to-day responsibility for by training helpful of course it will be helpful 100% who is this uh laan so yes La so it will be helpful okay so all you need to is focus understand follow the concepts because you anyways you already have a production environment you'll not do see the way it actually works is say for example if you are testing some policies inun has around 10,000 policies you really cannot test all those 10,000 policies but all you need to understand is the policy flow the policy creation and where does it land on the system okay all if you do it for 20 policies you done you don't have to do it for all the 10,000 policies right because you are already in the production environment you 80% of the flow you already know what you need to know is what how is InTune handling your Co management part and how is InTune completely SCM has no way connection to your iOS Android or Mac so inun is 100% responsible for managing your iPhone Androids and uh conditional access and Mac OS or even in the personal phones okay B plays a important role right every company can't issue phones so you need to allow users to access emails phones teams meetings everything on their personal phones at the same time you also need to protect you'll also need to protect not taking them the screenshots no uploading attachments all these things you need to protect and everything will be done by InTune policy if people who already are using Androids and iOS at least Androids and if they have enrolled the devices to In Tune if you are able to take a screenshot it means that uh okay if you already have company portal it means that they are M but if you're able to take a screenshots are attached they have not implemented M policies and almost every company should Implement M policies so so I I don't know what is called L3 topics okay so it depends okay so L3 the r back and Scopes are really not L3 okay so that's the basic L1 L2 everyone should understand what is lback uh or anything so if you look at my screen back okay I have multiple courses that I take but this is still L1 and L2 if you look at my security uh separate M365 security I cover all these products different different Point including the server on boarding the next gen protection alert decencies a a is automatic uh incident response how do you onboard Defender for Mac iOS Android and then we talk about Cloud apps and then uh all the SAS applications right all the SAS applications needs to be protected you just cannot allow end users to start using any Cloud applications they want in an organization so compliance management okay so same thing goes with the compliance management product okay the eisc discovery the records management so everything is somewhat related to uh this one the data that resides data add rest that is in your thing okay so when you're talking about enter ID okay so we'll talk about okay this I'm not talking about the this is a different course okay so this is what I was talking about the global security access external identities okay so the in L3 L4 course usually I cover some in De okay so if you look at this this is what I cover people who really don't understand security and security terminologies I start off with more with uh deep integration of uh Defenders and then uh in tune so okay there's a question again someone apps okay so see people who join uh InTune course here in our uh Team right we are giving SSM free training videos for them okay so you can ask ath people who have already enrolled we have SSM recordings people who are interested in SCM they can uh check the recor
2024-11-12 13:41