Intune Full Course | How Intune Come From in Market ? Intune Remote Jobs|Joyatres
yeah okay so good afternoon again so we we can start and uh so I think uh yeah so it's 45 so I think if someone joins I'll just check if I can admit them but since this is our first class so uh I think we had a kind of a demo session uh earlier last week so it was basically just an simple introduction but I will just recover and retake all those sessions that we have in more details uh during this class okay but uh I'll hope when uh if not today from going forward from tomorrow uh so we'll have only candidates who have uh completely enrolled and it'll be more of an interactive session okay so we I it'll be more of a lab and an interactive session on how we can actually see live everything working so before even start let me know uh okay so let's just get to fundamentals of InTune like you know what exactly we mean by InTune why do we have to learn InTune okay so can you can you all see my whiteboard yes sir yes so even uh before we understand uh in so let's just go to the little bit of History so the way the in architecture is designed how it's built upon Azure or on Azure so earlier back in 2010 and uh 2011 uh we had something called as uh the first thing Office 365 right so that's the first cloud-based SAS service okay uh from Microsoft as so I would request everyone to mute please and uh that is where uh everything actually started right so we had office uh 365 and then what exactly is Office 365 it is just nothing but the exchange online so we had exchange on on promise which is which people administrators used to install it on the servers they had to set up so many rules so much of administration was required uh from the administrators there was a huge jobs on Exchange Administration itself even now they are but maintenance of the exchanges server itself uh there is nothing to do that okay it's completely maintained by Microsoft so all you have to do is managing the front end part of the exchange services using a simple console the back end installing the exchange services setting up the servers updating the service itself updating the exchange on premise infrastructure okay the connecting to the active directories the databases all that is not there right now right so we just how do we actually go about it any organizations can just buy the number of licenses they want create the users in Azure ad okay so right away we had now it is called enter ID but I'll just keep using aure ID so ID is a identity and access management service from Microsoft so we usually create users here and this user is licensed okay so licensed with whatever the services that a company wants so when we talk about Microsoft and Microsoft products we have two kinds of products one is a subscription based products one is a pay as you go uh products consumption based okay so if you want to use a virtual machine if you want to use networking if you want to use any of the Azure Services those are based on the consumption yeah so for example if you have 16 GB you pay more if you need just 4GB of virtual machine you pay less so those are based on the consumption if you power it on for a long time based on the ram based on the resources based on the input output all this you actually pay for that but here you only pay per user per some time for one year 6 Months 8 months one usually it's one year in an Enterprise but normally it's per month licenses right so we use these software as a Services S Services so Office 365 is one of the service when we talk about Office 365 what does it includes it includes exchange online yeah so it was earlier Skype teams now SharePoint so almost all of the cloud services that belongs to office 65 is based on the license okay if you have different Li licenses had different products okay some of the licenses might give just exchange and Skype some of the licenses Advanced licenses more costlier licenses can give all of these Services there multiple services like you know now know Wei engage learning training streaming and if you want 1 GB data here if you want 251 TB data of exchange uh email boxes okay all that cloud services is simply based on the uh amount you pay per license per user per month okay so if you have 100 people in your organization you have 100 users in Azure ID you assign those licenses to them and they can start using the office 65 from anywhere okay so that is the fundamental part part okay so this any user user from a laptop or a mobile phone will talk to Azure will authenticate to Azure ad and then this Azure ad will authenticate based on whatever resources they want and you actually get the services there okay so what is more important in this whole explanation for here is the takeaway here is you need to have users here in Azure ad okay only then you can license it and you can start using the cloud services hosted by Microsoft but how can we create users in Aid so there are multiple ways so directly first of all simple thing is you can manually if you have okay by the way anyone any customer who has offic is 65 by default has aure ad okay basic Azure ad which means that if you buy 100 licenses of azure office re you'll have Azure ID with 100 licenses okay so you don't have to buy in additional thing additionally it comes by default so this a has list of users okay so there are multiple ways okay so how we add users is multiple ways typically for back in 2011 12 and all we had during okay but traditionally for last 2 20 years we had the directory Services internally cor right we had active directory where all users were there all computers all users here all computers printers all of the network resources belong to any organization one was in active directory the traditional on premise active directory this is on Prem okay so they had here okay they even had exchange servers SQL servers okay so all of the all of the servers they had this is purely on promise active directory you might have 10,000 users 50,000 users so traditionally all the organization will actually create users here okay just by having users in the local active directory the on from active directory you cannot use Office 365 Services right you cannot use Skype online you cannot use uh teams you cannot use SharePoint you cannot use any of these products uh here okay just by having the user just give me a minute I need to take a call one second s sorry okay so yeah so these were the users in active directory so how do we get the users here because we cannot we need to use office c65 and the cloud services in order to do that there is a Microsoft product earlier called as ding now it is called Azure ad connect so what it actually does is this you install it in a server here this is an Azure ad connects application where you install it this is a connect server so this will actually synchronize to this so all the users that you had traditionally for last 10 years and 20 years in your active directory like I know 20 30 40 any number of users you can actually synchronize the users here okay so I'll come back to Aid connect in detail later so when we talk about the types of synchronization we have something called as uh the password synchronization hash synchronization all that is fine but when the devices sync also sync so but what I really want to tell you is in order to use any Cloud Ser Cloud applications that Microsoft has the subscription based products we need to have a user ID in Aid we need to license that in a itself only then you can start using that or I mean and for all the Enterprise organizations which were using active directory on premise they need to have a synchronized ation to all of these users these users as well needs to be licensed only then they can start using all of these products So based on the same uh architecture we also have multiple products so one of the product is InTune okay so InTune was actually is a cloud product always was a cloud product there was never any on promise version of uh the InTune product so Microsoft acquired this product back in I think 2014 so after that they revamped earlier they had something called as a silver light console the later they reamped reengineered all the product and migrated the entire thing to Azure based uh system and in tune is at least residing yeah similarly something like office a65 okay for any user okay and for any device okay someone is using the device device here okay and that particular user who logged into the system needs to authenticate to aure ad and needs to have a InTune license in order for InTune to be managing his device okay the same mechanism here so what you actually do you you assign the license this particular user say for example a is a user this a user should either be created in a ID or can be created in on promise and then synchronize it back to Azure ad okay so Azure is not active directory okay so this is completely your directory services that is completely different and this is just your identity and access management solution this ad this user here whatever whatever he is licensed he can start using it there's no objections okay so if he's if he's okay with Office 365 Exchange Skype beams SharePoint all these basic fundamentals there so many other things okay project MS project online is also based on uh MS project online is also based on the same mechanism where exchange online okay teams everything is based on office 65 itself so similarly even InTune has to be licensed okay so every license every M365 subscriptions that you all purchase will actually be shown in the admin Center or in aure the products that your organization owns and you can actually start assigning the license to user groups or users directly okay so that is very uh important to understand so I'll just take a pause uh any questions here no for no sir okay thank you so so just a second so can you all see my screen I'm just sharing a simple uh thing yes yeah so this is again you'll see this everywhere okay so in Microsoft documentation so what this is exactly what I was just saying here we have uh all the products sitting in Azure one is Microsoft in all the apps inure and then office 665 and all the third apps as also okay and I say third party apps also any application that is integrated with asure directory for example Salesforce okay all other they are actually dependent on a authentication so say for example if someone is using any of your applications within your organization you log in and that will open up as your ad shell page right the login page you log in and then that redirects it back to the third party apps similarly an office is 65 in the in the back end it's actually doing a single sign on so you log in with your ad credential so you have something called as a primary refresh token okay that a ad gives and then using that you can log into multiple cloud services so that is sitting there and we have devices here okay and we have the active directory here so this is what I was just saying the synchronization between these two things okay active directory is users are here okay and this entire thing is your on premise uh services so sorry sorry to interrupt actually your C was stuck so I was not able to get your point can you please uh redo it again because I didn't get your point ah okay yes yes please okay sure no problem you can see my uh some kind of Red Dot yes now okay so what I was saying is um we have your on premise all of your servers there sitting in your data center so this is actually your active directory and as ad connect server so whatever the users that you have created in ad can be synchronized to as your active directory here so that is what this iin add some someone so uh okay sorry so and uh yeah okay so yeah I think he's added yes so all of your on promise applications also can be uh accessed okay so what the point here is we have devices here okay if you have a normal personal device you cannot log to your corporate account right how are your Lo uh organizational devices uh setup is they have joined to active directory what it means is it's not your work group they are joined to directory so that you can log in with your on premise active directory account like your domain back slash your username okay so that is how you log into to your uh traditionally your active directory log uh enabled devices okay so that is when your device is joined to active directory if the device is joined to Azure ad here okay so this is now devic is join to aure to the cloud which means you can actually log in with the identity that is is there in your Azure active directory so what is the identity that is there in your Azure active directory it's your UPN okay so it's like an an email address so ABC at company.com and then the password similarly how you log to your uh web mail or teams or any other Cloud application you use your email address and password so it's UPN okay uh that is not actually the difference I'm just saying what is the actually the difference between uh uh that a high level what is actually the difference okay so uh I think I I'm I admitting people but they're just saying joining okay let me just check okay anyways I think I've admitted all so let me just log into the console and whatever we just explain we'll just see okay so I'll just end of the class today okay I'll just you all I'll just let you all know how we actually uh go by setting up your tenant and for people who have not set up the first thing that you all do is go to Google and you can just type PMS trial okay we have Enterprise mobility and Security Options and there TR just click on that okay so you can just scroll down we can click try it now okay so this is for 90 days so you have all the all 90 days like know till at least December this year end to try and to learn everything about all these products so we for when I say Enterprise mobility and security you can see you have identity security which is cloud apps which is completely a different product you have different of identity which is again a different different products you have have ET also we have information protection that's again different products you have identity and access management which is nothing but your entra ad ID or Azure ad ID so Azure ad ID and endpoint management so these are the products uh actually this is in tune and in tune actually Rel on relies on this you cannot have in tune without this okay so this is mobile application management data protection integrated PC management and on premise management so this is all in tune you have so you can try now you can see here right you can try now this is uh you get it for three months you can use any of your personal email personal address okay you don't need to enter credit card okay any of this nothing is needed so you can just create a tenant so what happens you create a tenant you get username and password so you need to set up a domain right so usually companies have their own domains but since we don't have a company or any other owned uh domain we can use Microsoft uh domain itself which is on microsoft.com so for example you want to create a domain like um okay so India rocking India something okay so you can create rocking india. onmicrosoft.com okay so you need to First enter your domain you can enter whatever domain that interests you so just the name is important and then you can use your email address OTP mobiles for all the other signing uh purposes so once you have that you'll have four products so what are you do it so while you're entering the domain you it also gives you to set up the initial admin username and password when you first uh set up it also gives you URL also once you sign up the first URL that you log in is admin.
microsoft.com can you see this here so admin. microsoft.com so after you enter it this is the first thing that you will see okay so initially here you will actually see something like this okay so finish setting up all that you'll actually see okay so whatever it is so so you can just ignore all of that and then on the left hand side you can come here and you can actually see billing and within the bilding if you go to your products okay you will see all the products that you own okay see I just have two products okay now I took the refreshing I have almost all the products right now which also shows me the end date and time and everything okay you can see this Enterprise mobility and security demo trial I have purchased 20 which is purchase in the meaning you don't have to pay money it's all free three are assigned so this is expires on this one okay so you have compliance and uh trial I was talking about this M365 right so just for a quick uh thing so the way M365 uh is organized right so what does M365 covers look at it this is on lock in so this is Prem this is a very good image but you'll not understand okay so this is basically you can see this right so the Microsoft 365 uh more or less has multiple products what is office resis they call it as a collaboration suit the collaboration suit includes uh most of the collaborating products right teams your exchange SharePoint Yammer okay so all of the collaborating products they'll use it social and network okay files and content office and then we have Power Platform and we also have some work managements like project okay dwell all this and the different part of that product is the operating system itself okay which is your Windows 10 or Windows 11 and we have Enterprise mobility and security so in order to manage all of this we have Windows 10 so we need to manage right it's a device it's an operating system we need to manage the device we need to manage the operating system so we need have iPads so it is a device which needs management and even the apps also needs management so we have office all the services are sitting in the cloud and we also all the services are consumed by the devices here okay so we need to protect we need to secure both this Services sitting in the cloud okay you may have some uh because in your email or in your one drive you may have some fishing emails right you may have some malware you may have some ransomware sitting on your one drive okay so we we need to protect even the data in the cloud that you are hosting that your company is hosting I mean that users are uploading the users are using someone can send an email right so you need to protect the Office 365 you need to protect your endpoint devices also your Windows 10 Windows 11 laptops and apple Max iOS devices okay Android all of them actually are consuming your office 665 resources that's why they need protection that's why they need all of the data your only corporate laptop so that they can have some controls and protect the data right so that's the whole purpose of device management so M365 in order to protect all that we need security products right so one of the security product is Microsoft InTune so we have Azure ad by default so information protection so Azure information protection we need security right this is Cloud app security broker right so just because you have a corporate Windows device and you are sitting in home doesn't mean that you can go to Dropbox and start uploading everything right you can download your important confidential information from your office one drive to your laptop and using your laptop you can go can you think you can go ahead and up upload into Google Drive Right someone should block it right if you have third party applications it's fine if you want a Microsoft solution that is this particular solution which is the c MC they say Microsoft uh Cloud apps was earlier name and now the defender for cloud claps is what they say we have Defender for identity so it needs it actually protects your identity okay there are so many policies like you know one of the way I can simply says impossible travel for example you say for example you log into your exchange online today from this laptop from uh Bangalore tomorrow uh within one hour you cannot log in from us right so that is impossible travel so that way the defend of identity will actually block that authentication and it ask for MFA It'll ask for some more additional authentication before you prove that you are the person that you are okay so all that things actually require multiple products okay so Defender identity is one thing okay so the advanced threat analytics now they have renamed it as Defender for endpoint which we will be covering so we will actually in this course we'll be covering uh almost 80 to 90 % of InTune and almost 60 to 70% of Defender for Endo okay so it's um these are the two products we'll just be covering the defender for identity yeah it's always a different course that so these the entire thing your operating system Windows 10 Windows 11 office c65 services and the security products all these actually constitutes a M365 product okay so if you go to M365 licensing options okay so if you go to M365 licensing guide you will actually get um okay so there is more detail so let me open something that so we have all this okay this is M365 you can see this is how usually Enterprise license their products okay so if you're in a big organization and if you're uh Enterprise so you'll have either E3 or E5 okay this is for I think front line okay this is a front line points you see what is actually included is this is for 4,000 rupees per user per month all of this okay so your word excel PowerPoint which means it licensed on the device you can install all of these products licensed per device per user for five devices so it cause Windows okay this is the most important license right so you can just have this license assign that license to the user and you can expect all of these services to be used by that particular user okay so if you go ahead and click this if you want more details you can come down okay you can see this this is how the licensing I mean this is very basics of Licensing okay you have E3 E5 that's how you can you can compare here now that you all understood what is exactly M365 within M365 there's only one thing that we are looking at is endpoint and App Management here this one so this is what exactly is in tune so they actually describe in a different way for Morely uh it's more of non technical people which says productive and protected mobile devices on InTune both security policies business apps on personal devices deploy software protect data monitor health and enforce device compli all of this can be done from in tune so what is so if you have any of these licenses in continuous cover so you don't have to worry about things okay does Windows cover yes it'll gives you windows in all the Enterprise Services okay so what what does this cover plan one and plan two okay this is AD plan one and AD plan two so all of almost all the other products okay this threat protection this Defender find point this project okay it depends what you have what you bought if you come to this page and download this full comparison table okay so if you this is a almost explains everything okay so this is a guide that everyone should have uh because you cannot memorize things right if someone ask can I do this that is a common question if you're working in a company right so they keep on asking uh I want this feature I want this feature okay go to any company your managers your customers will keep on emailing you and asking you can you please enable this can you please enable that this and all they'll keep on asking multiple uh requests okay all you have to do is you need to check what licenses your customer has what licenses your user has and see whether you can enable you can work on that or anything like that okay for example can you enable privileged identity management for some of the users okay some of the global admins I want to control more of the okay so the Gap part okay the granular level uh controls okay rback levels and also they want some privileged identity man management so you cannot really do it if you have E3 licensed you see only this is covered in uh E5 okay similarly whether you have E3 or whether you have E5 when it comes to endpoint and App Management which is our in tune it almost covers everything MDM mobile device management app management even Windows auto pilot Group Policy support Cloud policy service for app 365 okay Shar computer activation endo analytics Kona management okay all that is actually covered when regards to in so you don't have to buy additional anything in you have in premium services that is again different okay so this is the reason why I'm explaining this is uh usually companies buy licenses with either M365 or the parent product they don't buy individual in tune licenses they buy either the E3 E5 okay or EMS E5 or some some kind of products you have to come and check whether that product covers these or not okay even if you don't have a chat you can come back go here where I showed you subscriptions okay say for example this is what we checked today right Enterprise mobility and security if you actually click that here okay this gives you complete information of this product how you are using this licenses so it gives you how much licenses you have how many assigned how many available okay whether the subscription status is active so you'll have billing details as well if you want to extend the date you can extend so this is a free trial so you don't have per pricing here okay so uh okay so here VI apps and services included with this subscriptions if you click there this will actually show [Music] you okay okay yeah so this will actually show you what is license what is covered what is not covered and everything okay so there Enterprise IFI you own this okay this is what you own so what is covered nothing is covered here you can come down come down okay yeah plan two is covered so everything is sck so this green half it indicates this means that some of the things are covered not all if you look at this M365 everything is covered see okay so when it comes to In Tune you can just sck that so everything is actually covered so this gives you in detail of what exactly is covered so either here or you can use this chart for more uh information okay so coming back so once you have logged in this is what it appears okay once you come down there is something called admin centers right this is your homepage of your Microsoft 365 right so if you have Microsoft 365 this is says you can see this line Microsoft 365 admin Center it means that entire M365 subscription you can manage from here you can start from here so if you go click show Hall here you have almost all admin centers here okay so every product has an admin Center okay so you can manage from there so this is one of the admin centers so if I want to manage your emails your exchange I click on Exchange here so admin. exchange.com here correct so this is where we actually control all of you if I want to manage teams I have teams. admin.com sorry teams. M sorry admin teams. admin
okay I think it's admin. teams. microsoft.com okay and now which is which one is in Tunes it is endpoint manager so if I click endpoint manager InTune console will open from here okay if I click security and compliance security and compliance portals will actually be open from here okay so this is your home portal so if you come here this is InTune admin Center so this is how your InTune ad Administration console looks like and this is how your team's Administration looks like if you're interested you can actually go through this is are wonderful things okay so if you are an organization and if you have access to teams you can actually look at this okay so you'll have complete controls on how to enable meetings how to enable uh what is your life time when to keep busy when to keep yellow color Okay away all this administration of your teams applications team teams devices teams phones teams meeting rooms entire things can be controlled here in this teams admin Center okay so you have Team devices team rooms on Windows team rooms on Android conference room surface hubs everything related to meetings and collaboration you can use the T admin. teams.com okay so you just close this and this is your exchange mailboxes right people who come from exchange backgrounds they know how to actually use this right so they okay you have settings you can do your hybrid inflow all organization so I don't have licenses I not go there so yeah I'll close this as well okay so any questions so far no okay so now since now we have consoles ready right we don't need any we don't have anything else to configure right people who come from on promise we know it's very difficult you need to have a server you need to disable firewalls you need to inquire you need to verify your network connectivity need to install very good application I mean the software if you have used AirWatch or if you used mobile a and even SCM you know how complex SCM is to set up right you need to have uh so many other things that you need to do okay so now this is your console right so we need to create users so if you come down to users okay so you can either create users so this is your M6 admin center right so you can either create users I have created some of the users okay or you can create users here in the InTune console itself okay or you can actually create create in your uh Azure ad portal itself okay so wherever you create the database is still asure ID okay if you look at me I'll right away create one user this is test 10 okay what I'll do is I'll put test and 10 display name is test 10 username is test 10 okay so this is my username so I think I'll create three so I won't automatically create a password so I'll create a password that I will always remember so I don't want the user to change the password okay so this is simple like your administrator setup to change okay I not do anything else so I'll just create a user so that I can use this username and password for next time so I'll just click next okay now that I have so many licenses in my console I can assign any of the licenses that I need right what I need I'll assign this license okay I want def Define point I have additional in speed license I'll just assign this okay so license assignment here I want them to use even Windows Enterprise okay I'll use this I want office I want everything okay let me use everything for that particular user I don't want Power automate I won't use it okay so there whatever products that a user needs will be assigned this is simple user management but in organizations it won't work that way right so all of your HR department you are belonging some team yeah you belong to some group so all of you users will have some group and that group will be a mean that group will have a common license uh licensing policies okay so I don't want to assign the roles as well because this guy is a simple normal employee of the company okay so I can add all of this information okay so I can is a new trainy for example okay uh or you can say recently join okay something he recently joined the IT team okay all of this is fine so what is important here is location okay location is why location is important is according to Azure uh based on the location services are uh activated okay for example some of the services are not there in China right so just because you create users and you assign start activating the services it doesn't mean it is a intens I mean resource intensive for Microsoft in the back end so if you are in China and say for example China blocks teams there there's no point of assigning even if you have assigned the license as soon as you assign license and create something right there are some services that Microsoft actually does okay just because you assign for example you assign exchange exchange online for this particular user right now within immediately it might create I mean it will create some email boxes keep it ready so that you log in everything is ready after you log in yeah so it doesn't really really need to set up your workspace set up your backend uh mailboxes all that okay so this is just for reviewing your username your password everything and then I'll just close it okay I just now created this user test three I come here right now test one test two test three is not there I'll just refresh it here test three will be here can you see that okay even here okay I did not log no problem so here as well if you go we have measure aure active directory you can just click on Wave here so this is the common page that most of you all will actually use it okay so right now this is your test three so it will be portal. azure.com
after that you can VI your active directory and use it so this is uh very important thing to learn please explore every options that is there in this console okay it is more like like your active directory now come back to InTune you in tune you have an option for users and groups you can actually do this so whatever you see here okay sign in logs audit logs this and this is actually the same there's nothing special okay only thing is the window and the node and the blades are different this is an inun console and blade this is an aure console blade only those are different so whatever you see sign and logs everything will be common okay so usually we don't log into this page most of us okay so it's either in tune. microsoft.com and portal. h.com so these are the two things we just loog in so groups here there's so many groups okay I can create some group okay and add users it's a very simple mechanism there nothing magic the reason why I'm showing it's the first day so group one we can say sorry group three user three group three right so I'll put assign there is something called asign and dynamic user and dynamic device if I say Dynamic user I can add a dynamic quy so what is dynamic query is I don't have to add them manually if I create a user say for example I've created a user with India right so what I'll do is I'll use the property okay I use the property as uh usage location right is that the one uh yeah us AG location and then equal to and then India right so this is the query Dynamic query so what it means is every user that I create in India will have this us user automatically in the group so I can go back and say India users okay all users from India location so I just create account the previously the user that I created here uh test three I choose India as a location and I choose since that this will take some time in the background they should the dynamic where doesn't run live so it may take few minutes time so once it takes uh that time the India users if I click on India users group I'll have something called members here okay so in this member so far I don't have any other member so after uh a back in the back end resolves that query it'll the user will come here so this is a group right I don't have to right what I have done is I have created iend license to a single uh user but I can do it for the entire group right I can come to licensing here almost all the users in your organization will keep joining going okay so there's some JB jml process the jml process is linked to this H so if they join HR adds your details your uh location information your department okay so all based on that all your user information is automatically populated in these groups say for example you belong to it and you require all the licenses yeah and this is what India licenses it team so licenses you can start assigning here okay for everyone in that group I'll assign all of these licenses okay I don't have anything else E5 E3 create this click on save it shows you what products they are enabled you see so many products are there okay the M365 itself is a huge product each one um is a different uh skill so right now I just clicked on Save it'll keep uh I think so after some time even this will be licensed okay see what it means is this group has all the users whose location is India and have assigned the licenses itself to this entire group of all the products that I wanted to do it okay so all this comes actually under the design and the planning phase of your any of your projects okay in order to avoid any kind of uh the overhead of an administrator there because poorly designed uh projects whoever is a consultant or architect group I mean uh who have not really given a good thought on how licensing should be uh managed they'll have a hard time in uh assigning licenses itself okay so we have me I have seen in my experience where there are some projects which is poorly designed group structure Dynamic queries users okay so there's a PO uh linkage between your jml tool that you all use and your Azure adid so the entire group structure the synchronization everything is a complex process you use it unnecessarily make it complex and uh not properly designed you'll have a hard time users complaining I don't have this I don't have this this is not working that is not working so make uh one tip is uh if you are uh starting a new project organize this right away from the beginning okay have a it's better to have a week long meeting get an agreement and create these users groups and Licensing okay so planning is always should take time because uh setting up something in the cloud not just this product any other product is easy right all you have is a user console you have to understand what you're are doing once you know what you're doing uh it is just 1 minute or maximum half an hour job there's nothing uh thing that you there's nothing magic that you are doing you just need to understand what's happening if I do something okay so there are few things that tips like you know something if is not refreshing okay so you just need to you just need to keep exploring it's just like a product like if someone using Facebook within few minute few days he'll want everything someone is using Instagram he'll within few days he'll understand every feature of Instagram it is just the interest to know if you're interested to know what is exactly what are all of these options you can start exploring by yourself the good thing about any Microsoft product here at least for last four years they have put learn more here in every console okay if there is there is something that you want to understand okay what is this Dynamic if you say for example you logged in you came here you want understand what is dynamic group membership you want to be more creative in creating the dynamic group memberships you can just click here and learn okay so this is what is happening in the dynamic thing okay so it gives you multiple options okay it gives you examples managing memberships of your groups managing D dnamic rule based on the users if you look at here there are so many tips that they give okay this a simple regular expression where uh us a department is sales okay you can use multiple complex uh thing also see they have given the properties of it some usually say I want a uh group where um someone is in it and sitting in Kochi someone is in it but sitting in Kolkata so someone in it uh who was sitting who is sitting and working in Dubai so we can can have all this organized if you really require okay but you can use multiple properties is what I'm saying you don't have to add manually and create uh dynamically so if you're an InTune person most of these will actually already be done by your ad team or Azure ad team or Office 365 team okay so you don't have to take the complete ownership of this but it is just good to know the information it is very important to know even you know how all these are actually created okay so you don't usually use it but you can just check anyways because in InTune console you have access to this and you can always check uh which group they are particular user is in you and other thing is if you select a user okay and you can also uh check with which group this guy is in right so if I say use test one I can come here okay that half of that user user troubleshooting can be done here in the the user click user select that user you can see everything here okay this is most of the intern admins don't do it okay what it actually shows is that user if he has done any auditing in this okay he'll not do auditing because he's not an admin okay so who has done the a auditing okay initiated by admin okay Target is this guy so if I if what I have done for this is this guy change I have some changed I added a member rule okay someone anything I changed for that particular user entire result is here okay I changed the usern name user license who changed it this guy changed it initiated by and who did it to whom did it it's did on this sign in logs did did that test one sign in anytime let's see if he has sign in in last 24 hours no last one month and I click another apply here and uh let's see might have signed in but let's it'll take time okay so here custom attributes we can add custom attributes to that particular okay so coming back to this this entire thing as you can see this is a complete history of that particular user who has sign sign in whether he has signed successfully or failed from which IP address from which part from which location which country whether the certain conditional access has been applied what kind of authentication is it a single Factor authentication dual Factor authentication an application he has signed in this is Windows sign in someone he logged in to Windows on 30th September 4:27 p.m. from this IP address
from this location okay this is Office 365 login this is again Windows say this is a teams web client yeah so it also tells you which product which application which computer and which user what time everything okay and failure and success also again if you click here you'll get great amount of information very detailed okay so it'll come the request ID sign in appication failure why failure access has been blocked by conditional access policy right so that is the reason for failure trouble shooting event is here user is here test one at this is my domain TS uh this is the web client he's trying to log in and which resource he's trying to access it's a Microsoft team service which is in Microsoft asure cloud how is he logging in he's logging in from the browser okay so uh so many how what token is a PRT okay so location click on location the location also okay device info okay this is a device Windows 10 edge browser this is already an aure ad device you can see the device ID here and joint type is authentication details conditional access report only okay so all that is visible each if I click here I can get detailed information complete information okay just by clicking the users here selecting a particular user and sign in okay so authentication methods for that user okay I can add him I can require I can add phone number email I can require I mean I'm require to I can require to re-register MFA from here and if there is an MF here I can revoke here so that he again registers here does he have any Azure role assignments no he's a normal user so he will not have about aure roles so aure roles are nothing but roles okay so if you are a user if you're an exchange admin you'll get exchange uh admin role if you're a power uh user you'll get if you're an Azure Ada uh sorry if you're an Azure virtual I mean infra administrator you will get a different role if you're uh head of your it you might get a global administrator role so this guy let's check what devices he has enrolled or logged in if he has any devices okay it looks like we have devices based on the signin locks yes he has a device which is a laptop which is a Windows which is entra join which is join managed by InTune security settings is also from InTune it is compliant registered on this date and activity last activity is on this date I'll click this later and login but the those are the devices if he has additional devices it will show up if he has mobile devices also it will show up so these are licenses okay well let's see whatever license I assigned that guy you can also see it once you come back to the user let's check if this user is a part of some group okay so he is's a part of that group sorry yeah he's a part of it staff so that's the group okay so that is all about users and groups okay there's nothing here so users is just you create users manually for all of your testing purposes but in Enterprise you either create here in the manually okay if you just have asual you don't have on premise active directory at all if it's a small and medium business organization right less than th less than 500 almost nowadays everyone in us and most of the Europe every small business medium business clients don't have any of the on premise data centers at all they don't have any on promise servers they don't have Windows 2012 2019 everything they're only buying cloud-based products using cloud-based products and everything they're relying on they don't want to maintain any of the infrastructure at all okay because if you have less than 500 400 300 users why do you need so much of it team to manage all that right so they create users here directly okay because they don't all all of your organization don't join at once right so once in a month one or two guys join they'll add it here manually or if you have an integrated uh HR System the joiners mowers and levers tool then you will start adding that here automatically okay and but you still you want to do bulk we have bulk operations here say for example you want to uh upload a lot of users at once you can actually use this here so those are buk actually operation results but our bulk operations as here bulk create bulk invite and bulk delete okay so this is per user MF all this as you go through the console you will understand okay so in your Labs today once you get into this admin. Microsoft you log into this console create one or two users and start assigning the licenses there's nothing M wa for today so that's your assignment today okay oh any so for MFA can we change the phone number for user yes yes yeah yeah you can change because you're an admin and I have Office 365 developer version can I use that for this practice not sir you can just check your licenses I'm not sure what licenses that is covered from Office developer version I think it is more of collaborative tools I don't recall I don't have I used M Microsoft 365 Developer Edition that gives you one year subscription I I will tell you after you finish this EMS 3 Ems for 90 days once you become familiar with the product you can actually use the M365 Developer Edition so if you go to M365 what is I think program program yeah sign up so this is where you can actually sign up for developer program you'll get get a lot of these products you'll get all of all all developer options you get Enterprise mobility and security for compliance you get Azure you get all of these products for one year what has Chang I'm not sure what has Chang because last time one I was speaking to someone they said they had around 1.3 million people who have Trail versions in within the Microsoft okay they're not using they're not customers they're just practicing with different email addresses different uh login mechanisms so that's actually they have their different data center for trials okay as as soon as you change from trial to paid Services I think the computing power is more higher that so any questions so far before I even uh move on other topics so right now we need to create the tri version from admin portal.com no you I mean see yeah you all have to create it uh up to you either uh because you have any questions you can ask me because uh not everyone will keep will be have a laptops at time they don't want to work during weekend they just want to listen okay there are different kinds of and that's right we have so it's very easy you all can work in the back end any questions the next classes you all can ask again uh I would request to do more of research and homework [Music] okay so one sec now we'll only talk about InTune licensing because uh once we go start working on the more of advanced St right we shouldn't even come back to uh licensing uh questions okay so I want to clarify everything with right away in INE so if you look at the inun licenses so this Microsoft in licensing uh by the way every documentation is clear okay the only different the only thing is we we don't have patience to read if you look at Microsoft inter licensing documentation so this ISS the following plans are available for InTune for more information see this which I which we use this it has InTune plan one okay it has InTune plan two and it has INE plan speit and and it has in tune for Education okay and if we come down it has some additional information device only licenses device only license limitations custom license confirm your licenses okay so this is all started just four six months back okay earlier we had only one license it was in tune that's all everything was covered whatever products were added to InTune okay okay sorry I'm sharing my screen can you all see this the inter licensing page yes okay so earlier we had just in now we have all this okay so if you have any of these products you have in tune plan one okay that's all and if you want InTune plan two you have to buy it okay and if you want inun plan speed you need to buy these two and this okay so I mean uh as you can see add on Microsoft in that office then by the way everything keeps changing okay so if you can see the recent updated is just recently they might have changed something we not know okay so 255 they might have edited something they might have changed some conditions they might have changed some terms some additional A5 to A3 something they might have done so the recent update is always uh any any licensing option any feat Fe any solution anything there is nothing like documentation with uh the SAS products okay people keep on asking me give me a document there's nothing document document is their document because that is their fresh document okay you don't have uh you cannot prepare a document on any of your uh Handover activities right typically in your it organization they say uh help desk need some document there is nothing like document okay don't get into that habit of documentation Creations getting sign offs and all there is only one document that you all can create which is your high level design and some lowlevel designs once finished okay so don't get into a creating habits of how to add apps how to create policies okay there is it's a waste of time why I say okay because uh it's it requires change okay it requir change most of your managers most of your teams they are in the traditional mindset okay so if you do some operation during a weekend they'll ask you tell me what is where is your documentation where is your standard operating procedure where is your s where is your they keep on asking all this documents that's why everywhere everything is delayed okay so there are for some things there might be an exception which are required if it's a production down issues but for normal operations you really don't need to create a documentation and keep on passing it getting sign offs all that okay and in this era of B chat GPT and then AI everything is ready made you don't have to do anything else all you have to have patience to read some intuition skills to understand anything okay and importantly testing as if you are thorough in Reading testing and understanding something no one can beat it and tell and I'll just tell you only 10% of the people in the world do it and they'll Stand Out rest all are okay dependent on these 10% so what I was just saying is uh yeah coming back to licenses the reason why I'm saying why we don't need documents is say for example how to add apps someone comes and says okay give me a document and how to add Windows apps okay so you you cannot come and say click click uh because in the last batch someone asked me give me a document on how to add Windows MSI applications so apps come here Windows add Okay click here and then okay L business application say for example this requires Windows application select do you think all this requires a document to do it select an application MSI you don't require right how to add an app in inun if you go on how to add an MSI application in in tune you see do you do you think require if they require you can copy paste right okay everything is documented here okay they told you what is selected code what is assignments okay if you add here what happens next is assignments okay all that is already there in Microsoft document they have taken time they have a separate documentation team who have created amazing documentation all you have to do is just refer it okay everything is here you don't need to create any of the document your 99% of the time should be spent on reading learning testing okay that's why why uh no documentation okay so everything is here and uh yeah what I was saying yeah plans so the plan one is here let's click on use in tune so add on capabilities let's just look at this this is what you all want if you have a standalone you have privilege management you have remote help if this is add-on you can actually buy a separate add-on only for EPM Enterprise Rel management this one plan to this and this and if you go to in bit which is the more complete license it has everything in tune plus all these are Advanced products okay if you have a basic in tune license you will not have this product Advan endpoint analytics EPM tunnel and App Management remote help devices specialized devices management is your mobile devices Advanced we devices okay all these we right so all this classes all the Holo devices all these are Advanced man devices separate devices like industry specific devices if you want you can buy it stand alone or everything covers okay it explains right so speciality devices your AR and VR headsets okay and if you want more information managing special devices on uh you can just open and just read about it what is tunnel for applic all those are additional products more than the Microsoft basic in spe doesn't cover okay so I'll just uh stop here okay so we'll have more productive sessions starting tomorrow because uh will directly go into device management joining the devices to aure and uh talk about the device management uh strategies both between B ID and corporate what is a ID what is Windows autopilot initial okay tomorrow will be very important so what we have right now covered is how to set up a okay by the way every organization does its same way okay whether you set up a trial today right even the organization any organization will start with the trial okay they will do a PO if they are an Enterprise customer they'll extend the POC from 90 days to one year okay so and they'll negotiate the price they'll get some discounts okay and they'll say we have a competition we have all this we have approval there so they'll working with their partner working with their Microsoft sales team and all they'll get discount what is p proof of concept so they just try Okay so every product in every IT company they do a POC okay they actually test all the They Implement test they check the features they The Business Leaders and the executives decides whether this product needs to be within our it or not okay they usually compete with other products before they set up they buy and purchase and in tune they will do a PC of InTune PC of air wash PC ofan or PC of all the competition products they'll check the price they'll check the features they'll check the business requirements and then they'll go to the product okay every product has some competition for example Defender for endpoint is are Microsoft's anti- malware solution your antiviral solution or your endpoint detection and response EDR then there are so many competition products like Sentinel one your macafe your crowd strike yeah and there are some products right nowadays Z scaler which is your uh gateways uh web gateways so all of these will compete they have to check the budet check the features if it requires so they that's how they purchase it cios and cesos purchase the allocate the budgets and the B products they'll actually check how easy a product is how many people they require for administration okay how many years the license is suff free oral cost okay do that does this product covers everything so that is the reason why Microsoft 365 is a clear winner it is a gter uh leader as I was saying in the last class why uh uh InTune is the leader and no one is there for competition apart from AirWatch bware and then ianti so if you look at SSM there's no competition for SSM right and even for InTune within four through four years there will be no competition why because the licensing model is that way if you you buy M365 for 4,000 rupees per user per month you almost get every product and the beauty of it is all are integrated all of your data while we go on and if you see entire data is integrated your Defender for endpoint your Cloud app security
2023-10-14 12:37
