Intune Online Training Intune MDM Intune Device Management Intune Security and compliance

Show video

chance to you know go through the previous demo session where we discussed the basics of it go ahead and watch that one if you don't have the link handy reach out to the Amaze technology uh he will or I'll ask him to drop the link of the previous recording in the WhatsApp group that we have and probably you can watch that one as well today I wanted to start with a little uh background of what other Technologies would you need help with if you are working with InTune and if you are trying to you know uh work hold on I need to add some more folks here yeah so like the other Technologies being active directory Azure active directory and a little bit of security security in the sense if you are well versed with the certificate base authentication and how does certificate work that would be an added Advantage if you are already aware of how does an active directory work that would be an added Advantage if you are well aware of uh like uh analyzing Network traces and Fiddler it would give you an added Advantage because in some of the scenarios you'll have to troubleshoot the auto enrollment issues autopilot and all those different scenarios where it might need you to have different set of Technologies and skills uh to you know work freely within the InTune component now I have worked with many organizations for the deployment troubleshooting and best practices I have always seen that the people who have at least three skills do really well in this kind of InTune stuff that is azure active directory and little bit basics of active directory and uh you have uh like a basics of networking uh like you understand little bit of our TLS communication work how what does a handshake means and if given a networked race if you are able to figure out if there is a reset or a sync retransmit which happens those kind of things will actually give you a upper hand and and you know in your InTune Journey now obviously uh there's a lot to learn in the InTune thing and there's a lot uh that in tune actually uh collaborates with like if normally in in tune you would have uh different uh not normally incorporates you would have different teams who are taking care of different skill sets and different components like Azure active directory might have a separate team your networking might have a separate team then there might be a special security team which takes care of all those firewalls and all those security related decisions and risk implementations and also uh you would have an exchange team even have and maybe one drive team or something like that and similarly we'll have existence of in tune team which takes care of the endpoint management system now when we talk about in tune uh definitely this has been placed along towards the Microsoft uh Microsoft security products and I'll share my screen just a moment to Showcase what do I mean by that so if you are working in in tune it's already a step closer towards working in the security World which is very much needed because you know on-premise anyway going away and with the latest development in Ai and chat Jeopardy most of the other things are also so yeah so that's uh one thing all right let me share my screen and it will make more sense then all right uh hopefully you'll be able to see the screen the screen that you see currently is the Microsoft security portal which is available for the public consumption and where you I have selected Enterprise as the Microsoft security Suites so if you scroll down to this page where it talks about the different Microsoft security products and families you can see that it has Microsoft Defender Sentinel intra per view which are the no two new things in Microsoft priva and Microsoft InTune so Microsoft in tune is actually within the security products of Microsoft and sunset security already and if it's like endpoint management like devices you can already think that this is this has to do something with your device security that means for some time you might have to understand how the devices is working with respect to its OS that means you will have to study about the device OS if you are talking about Android you might have to understand little bit of Android how does that work and if you're talking about iOS you might have to understand how does iOS work at the same time you will work with different aspects of security like network security uh and all those kind of things now a quick uh glance of like what all these security products that you see your screen are used for Microsoft Defender is basically a cloud native uh a solution which can actually identify different vulnerabilities which are present across your Cloud environment as well as your endpoint uh environment like uh like you have devices like you have a VM running on cloud like you have an application which is trying to connect your M365 account it has a capability to detect all the vulnerabilities between Cloud applications uh devices and platform specific things so Defender is utilized for that sentineleness basically it gives you a single pin glass of what is happening across your whole organization and what kind of signals are you getting so Defender has a plugin which integrates to Sentinel and that's how it Sentinel gets the device level or the cloud level uh signals that okay it's able to alert you it's able to give you recommendation it's it's able to give you some kind of automation steps if something goes wrong for example let's say if you created a new virtual machine in Azure and you have opened the 3389 that's the RDP Port which is open now if you don't have Sentinel and if you don't have Defender maybe you will not be aware that how many times uh like within one hour your PC or your virtual machine is getting attacked by a Brute Force attack methods but if you have Sentinel you'll be able to see because quickly within just two minutes of that virtual machine up and running you'll get a notification it'll get an alert that this machine is getting bombarded with Brute Force attacks and that's how you will minimize the risk okay so this all things you know club together and gives you a very good security posture within the Microsoft ecosystem Microsoft Enterprise Advanced version of azure active directory uh it it involves different things like it have Azure active directory it's it's it also works with different identity governance and it has workload identities like it manage and secures your workloads within the Azure radiant it there is also uh identity credentials which is a decentralized version which is made which is constructed on blockchain network ion is the blockchain which Microsoft uses for this uh verified ID which is present in Microsoft enter okay obviously this is the InTune things will not work in those things but in coming days obviously the things which are evolving you'll have to uh cross paths between verified credentials very soon uh Microsoft purview is like a DLP solution for Microsoft they have renamed it to Microsoft purview Microsoft priva is basically for privacy uh risk multiplication like you have gdpr in European countries yeah there you have very strict Norms about how a data is being stored how the data is being accessed and where exactly the data decides so it's all about your data privacy if you want security with respect to wherever the data goes like with some device if it's on network it's if it's in storage somewhere how the data should behave that's under Microsoft purview Microsoft Defender is Defending Your corporate parameter your endpoint your identities your users everything so it's covered in Microsoft Defender and everything sends signals to Microsoft Sentinel which brings in the Automation alerting and all those kind of things Max of enter is just the advanced version Azure active directory and decentralized identity next comes the Microsoft InTune so Microsoft InTune also plays a very important role in terms of securing the data um not just with the data but also on the platform through which the data is accessed like we're talking about devices so you have a user who is accessing let's say a word file via an Android device and let's run Outlook application so there are different entities which are involved here okay so with respect to user risk management Azure active directory is there they are securing the user with respect to application Outlook you have Microsoft Defender application which is securing that Microsoft Outlook application and checking all those things if something goes wrong and there is a new vulnerability in Outlook or if there is a attack which is happening via the network Microsoft Sentinel will be able to detect it and if you have to figure out what's happening with the device perspective what the device is doing what the device is capable of and what is the control you have the device there you have the Microsoft InTune so InTune plays a very important role in uh in in in Microsoft security ecosystem where the whole responsibility of InTune is to make sure that the device through which the user is going to access the data remains secure is compliant and is available for Inventory management and is available for high high quality data access okay so all in all uh the data security is the pivot point for all those things InTune just takes care of the endpoint site like the devices okay it's not about the user it's not about the network it's not about the application it's just about the devices now when we come to devices the few capabilities that it includes is like okay I can deploy a number of policies similar to like you have if you are if you are very well aware in uh like active directory uh you have like uh Group Policy which is a different number of policies which are sent via uh uh server which is your domain controller to control how the device should behave like whether the device should have a USB access or not like you have a USB drive in it but if you insert a USB drive should the USB drive be allowed to read copy data or not that is something you can control by NTM that's just a basic example and you can do a number of things you can do device management like you can update Windows machines you can um you can even try to control what kind of application can run you can try to control what the browser would run and not run on similar similarly you can block cameras you can allow data transfer between certain apps you cannot allow data transfer between certain apps so it's basically if you have a device and if you are the owner of the device and currently if you are if you can do like 1000 things in that device when in tune comes into picture maybe it will restrict you to perform only 10 things which is approved by your it team so that is the role of InTune to control the device via management policies and how it does that and what it will do what all capability it has and what all scenarios can do is something that we will learn in this course of uh in tune in coming days that okay this is the capability this is how the policies are getting deployed this is how I am troubleshooting this is how it interacts with different other services and what is the scope boundary of InTune and where I do need help with other teams and all those things is something that we'll discuss in this uh uh in future yes that's the idea that's why they brought intra and if you have not seen no it's not a replacement of azure active directory it's basically Azure active directory will be part of intra okay if that makes sense so enter is like a uh it's it's if you can consider it as a SAS solution which will have Azure active directory and you know decentralized identity and identity governance and all those kind of things so if you log into intra portal enter.microsoft.com let me actually log in and show you there uh it was a question in the chat so I'm just replying to that uh intra.microsoft.com okay so on your screen you can see the Microsoft enter admin Center this hosts Azure active directory it has some kind of permission management for uh this is again similar to what you have today like if you are working with risky users and all and you used to give permissions for uh uh a normal user to become a different uh user who has some kind of permissions uh admin role probably those kind of things are embedded here verified identity is again uh these are the uh like these are based on blockchain and it gives you a verified idea like you if you today if you get a certificate from let's say Microsoft for completing some certification then uh you are able to verify that via secure verified channel right similar to that there's a different platform that's the blockchain platform that this one is using and the back end is i1 so there's an ion Exchange in blockchain and that is being utilized by Microsoft to perform these blockchain activities okay not part of this course but good to have this knowledge because after some time definitely will have some authentication piece which will interact with verified ID and InTune devices and user ID so not now but in future very near future like in months definitely uh if you guys have any questions do let me know in the chat comments uh chat so I'll be like covering them side by side because this is just a demo so I'll not start the InTune thing it's very basic so if you want to know if this course will be for you or not or if you are already working somewhere or if you have some questions you can just post it in chat window so I can uh you know answer that uh so second question is how Group Policy are different from group policies and your group policy was an on-prem stuff only applied for Windows nothing else but uh the policies the management policies from InTune applies to all sort of different platforms and uh yeah you can treat it as a group policy but the name is different obviously it's more of an InTune management solution it is applicable for Android iOS Windows Mac and Linux as well uh so how group policies are different uh group policies were also set off different uh features capabilities uh which you could have restricted or enabled it's same but the method is different like uh in group policy used to have an active directory environment all those member servers member workstations were connected to a domain controller and the domain controller had power to reach out to all those devices and apply or enforce policies that was only for Windows in this world you have Cloud Solutions right InTune is a cloud SAS solution so everything works over internet so this is a different path that it takes that how admin who is currently in Europe creates a policy of BitLocker or let's say I'll just take a BitLocker specifies only for Windows I'll just take a normal like a block camera thing and you can have that targeted to different platforms and that policy will get converted into a Walmart DM protocol and get in a different format to reach over the Internet under the TLs uh to your devices okay via the device management agents so the flow would be totally different but the concept Remains the Same that yeah it's a bunch of policies who are trying to restrict or enable something for it has to reach from the MDM server which is in tune to the devices and okay so the troubleshooting and the flow is amazing and the flow is very uh if you understand the flow if you if you love troubleshooting you will love this part uh in tune if you know love Network 50 of your problems will be solved because Intuit is a solution so there is nothing much that you can do anyway it's nothing that you have a CIS wall troubleshooting of Group Policy that'll get good policies not replicating group policies not getting applied okay it's not that that hard okay active directory on-prem thing used to be hard because if you do something wrong something else will happen Okay Cloud world is not like that even if you do something all the things right something else would fail because something in the back end they would have done something that it would fail okay but uh the all in all the idea is that if you have understanding of how the cloud Technologies work if you understand how oauth works and those networks it would be good is authenticate a part of InTune no authenticator is not a part of it too that's part of azure active directory InTune has nothing to do with Authentication authentication is a part of azure active directory and only after the user has been authenticated then the request goes on to InTune for any number of things like be it user enrollment be it uh like sorry beat device enrollment or be it device policies deployment okay uh with respect to authenticate again if your question is more towards also conditional access that is also part of azure actor directory I think you should be able to speak are you not able to unmute yourself let me know I'm able to unmute but I was just waiting for you like oh okay yeah sorry it took time first of all I I missed your name can I have your name please because yeah my name is this is a kind of demo class or we are going to start no with just that demo class I think we are supposed to start but I think I was asked to give one more demo so it's a demo class okay even the last demo class I attended so now now I have a question like you have uh like I'm working in sscm from last you know first five to six years so I have a knowledge of sscm now in uh in this in in this session you have took uh the name of multiple Technologies like Azure especially you're focusing on Azure and those things as I I never get a chance to work on Azure and I don't have knowledge on Azure like how Azure already works and those things like I have a knowledge of on-premity a basically my question is like as I I have no knowledge about Azure ads so is it is this intium core sports is good for me or first I have to learn Azure ad and then networking and many terms you have used so in this course I'll be covering the basics of azure ready which is required for InTune okay so I'll be already covering that okay Azure rate is a very vast topic it's much bigger than InTune because it's the whole centralized system which manages everything right like similar to active directory if you're learning active directory if you're learning domain controller authentication all those things and uh it introduce like one member server which is hosting one particular feature kind of thing okay but everything else is a centralized active directory that means you have to first understand how that part works then you will be better able to understand how that in tune integrates with Azure ready okay but uh what I'm trying to say is uh you need not know all the things from Azure ready to be able to work on InTune and mostly the companies have aligned their InTune resources in such a way that uh they don't need to actually cross paths that much but I'm just saying if you choose to do that if you understand Azure ID you'll be able to understand and tune in a better way because it involves your authentication it involves how the user flows it involves how the device authentication works and conditional access so those are the important part so I'll be covering those anyway but it's not a prerequisite but it's good to have okay so again uh my my question is again same like uh so we are going to cover Azure ready and the rest of the things which are involved with InTune so that at least we have a basic understanding of other Technologies as well at least basic yes yes that was that was my point because uh I I worked in sscm once I learned about the system there was a session for one week at least there we learned you know on-prem ad networking in uh you know winter part so you can understand the base a few things about these these Technologies and then we learned the sscm you know this is the way how we learned the things yeah so okay and any uh okay so okay I should make this also clear that I'll not be covering any sscm part or co-management or tenant attached just in case no not just for you like if anybody else is hoping that I'll be covering so no I'm not actually working on sscm or co-management and I have very less idea about how those works and also uh I have clearly seen a draft from those Technologies to directly to InTune so uh I'm more aligned towards interior just in case so this course is not about yeah do you have any list of topics uh yeah I do have and I think I share it already with Amit so if it's not shared with you guys already okay I'll ask him to share in the uh the group chat that you guys might have and he'll share you with the what are the contents that we are going to discuss so basically I'll I'll just look like cover what all major topics that we are covering and uh seeing the trends that what the companies are into like what they are into in tune for okay the device management is the foremost thing the basic thing definitely will be covering device management like how the enrollment actually works on all major platforms iOS Android windows uh with full demo and troubleshooting how a policy actually provided that list I think that will be more you know yeah yeah I'll provide that I'll just cover like someone asked what topics will be covered so I'll just give you the basic thing uh mostly if you if your company is into the windows uh deployment like if they are heavy on into uh Windows I'll be covering autopilot I'll be covering BitLocker management I'll be covering Windows updates and if you are into if your company is more towards kiosk modes and all those kind of things I'll be also covering touching those topics I have a kios mode work and how can device can be deployed into chaos mods for a specific things and all all right hello yeah yeah hi uh so I just wanted to confirm uh do you also going to cover the the pki part uh the PK enrollment uh using the end as uh potential devices okay uh for that I'll see how many uh people are interested in that because the lab and everything is a huge setup so if more people are interested definitely I can cover that part so that is ideally not included in this one but if there is a sufficient audience for that I can include that will increase the uh trading timeline as well but yeah we can cover that how about digital certificate management uh no that's not covered you mean to say you uh have third parties Cas to distribute certificates right no that's like Enders and this pkc is so step certificates yeah and this is something that we'll be covering I'm just talking about the third party CS will not be covering anything with Microsoft uh PK we we can cover I can always already see two candidates who are interested so if there is if there are more we can definitely cover it okay no hello yeah I know and also I just want to uh know one thing how long the score is going to be you know going for so I planned this course for uh 16 to 18 hours not more than that so you can say two months okay yeah uh all right so we'll move to next questions sorry I've been I've been raising my hands good day yeah sure hey yeah my name is Sharon so I want to ask are we going to talk about um licensing because I am opportunity to work with um uh ad and um on-prem and um and at the same time presently we are deploying an engine from um and you know most of the new computers you are deploying now we don't need to install in tune before we can run and tune on there we're going to deploy SSA manually before we can push into them so my question is are we going to talk about the licensing because from my understanding I know we have E1 and E3 so presently we're able to deploy into users with E3 license so is there anything can we use E1 or is there any add-on that can be added to E1 license to be able to use intern in order to save costs thank you so okay so uh what I was saying is uh the licensing part is something uh I can give you the uh the the table that talks about what are the features is included in what license this course more would be more towards how the technology work licensing is how the account team would have clubbed it together you know to serve specific purpose I can give you a plan like a tariff a table card for a tune and which all services need switch all parts of things you can just go through it and Implement whatever your company needs but will not be focusing more on the licensing part okay thank you yeah sorry for MacBook users so now I'm talking about computer now the previous one was for Android devices like mobile phone for for laptops now can we add MacBook to that maybe just to download the app and install it instead of yeah Mac is supported yeah you can enroll uh Mac devices to InTune just okay thank you okay yeah okay sure I'll share that let me just like let me actually find that one okay I just pasted it okay that's the InTune pricing model of this different plans you can go through it thank you uh yeah sure okay do you need uh experience on sscm to work as an internal specialist in tune for future no definitely not I don't have sscm background and I'm working perfectly fine and in tune you don't need sscm at all uh are you going to cover these topics for Pro Management hybrid and autopilot not the co-management but definitely I'll be covering hybrid Azure rejoin and autopilot how long to filling this course two months weekend classes we will cover Windows deployment traditional methods yes I'll be covering Windows methods uh yeah I think that's all okay those were the questions okay all right any more questions guys you can feel free to drop in there or unmute yourself and ask the questions yeah hi myself yeah yeah can I expect something like end-to-end manage um deploying and maintaining the uh in the tenant in this course something like uh yeah so we'll start with uh sending setting up your InTune tenant uh having users created in Azure active directory licensing them then enrolling a device and then deploying policies troubleshooting and Reporting so that would complete the cycle and uh then depending on specific things we need we'll cover those part yeah and if we have any uh queries related to our presently whatever we are facing issues or anything so if it's a basic one he definitely we can cover that in our sessions or I can also put a witness take class just for those doubts but if it's something like a corporate level query or something I'll drop an email uh you can contact me on that and probably we can discuss there if it's similar to what I'm already teaching uh you can have this normal but if it's something corporate and need some troubleshooting or or uh best practices guidance or something you can reach out to me on uh that email and we can discuss how best I can help you and if if there's any additional thing involved will you also cover on from basic infrastructure Concepts like ad GPU DC adfs Etc yes uh because in order to understand in tune you need to understand Azure active directory and in order to understand Azure active directory you need to understand ad uh so definitely I'll be doing a comparison between uh how the authentication Works in on-prem like domain controller those kind of things and then in Cloud world oauth and adfscr Federation and definitely what a managed look like so definitely for folks who are new to this Federation concept just as an example I'll show you what adfs activated Federation service means so if you if you are still seeing my screen uh I hope you should be able to so let me go to let's say portal.office.com and normally if you are already working uh you would have something called as Microsoft like ad account which your company would have given for example if I'm just typing let's say ABC nike.com uh they would have so you see the message taking you to your organizational signing page this is Federation okay this means that Nike as a company has Federation enabled Federation is facilitated by different Services one is OCTA it's a third party another is Ping and another is adfs which is in the question in the chat window okay so adfs is from Microsoft OCTA is a third party which is uh helping in giving the sign in for uh Nike now similarly if you go back again this was a example for Federation like your request goes to some other service for Authentication uh for managed I'm not sure if this I've seen most of the Indian companies go for manage nowadays let's see yeah see this is manage so I type hcl.com and it didn't redirected me to anywhere else and it actually login.live.com is actually a Microsoft

account not a Microsoft ad account but it's basically says that Microsoft has the capability to uh oh it's not readable sorry so it basically says that if you the user which is there in Azure ready Microsoft has the ability to authenticate them if Microsoft is able to authenticate them that tenant is called as managed if Microsoft if let's say if the user needs authentication from a third party or an on-premises thing like adfs or OCTA or something that is called Federation so I'll just show the uh that demo again just for the sake of like I think it was not visible that clearly uh ABC direct nike.com how it's doing it I'll I'll uh I'll discuss more on this when we are discussing Azure active directory like when I click on next uh what it does so as soon as I click on next it will do a home realm Discovery and we'll try to find nike.com And then you'll see this page that taking you to our organization page and if you see the URL it changed to nike.doctor.com or as a third party provider for doing uh authentication and that's a federation okay so these are the small things but if you understand this it will make your InTune thing easy although it's not required if something fails at this point of time maybe your company would already have a separate team who will work on this so I'll probably just route this request to them but it's very good to understand so in future if you want to become like if you want to add different skills it would help you well this course help us for a new Microsoft endpoint certificate no MD no no it's if this course is not uh aligned to any certification this course is peer purely to help you understand what InTune capability is how InTune came into existence what are the different uh other components that in tune work on and how in tune the levels policy how to troubleshoot and all those things I'm pretty sure most of them would have been included in certification but I'm not following that certification path so if you're just in this course for the certification then probably uh then the answer is no then I'll not be able to help you that with that but I can say that after having this one you can probably then study for that certification then it will make more sense to you I can say you that um okay any other question uh [Music] okay just one more thing if in chat you if you guys can mention uh are you guys looking this from uh like a very basic in tune training or is there some audience who is already working on InTune basic professional okay you are already professional okay uh prakash anything that you are willing to get from this course because I'll try to go very basic and deep on this one uh so I'm not sure if uh if you're already working in Dune so maybe it might be a reputation for you all right all right all right so anyway I will start with the basics I've worked with mobile iron and AirWatch okay got it all right guys any more questions anything that you want to ask uh yes uh so I just wanted to know uh so the companies are using uh different device management uh uh SAS applications right uh are you also going to cover the migration and how we can basically plan and migrate it to the InTune platform uh from those uh different uh tests that's not part of this course no okay do we have a mobile device uh you know the profile which created right the profiles and all your voice was breaking up so I couldn't get that one probably you can type in the question your voice was breaking up actually am I audible now yeah you're Audible yeah so what I was just asking is MDM uh you know the work profile which gets created uh you know on your phone is that also been covered or yes we'll cover that for Android yeah will you provide a certificate that we have done no not the certificate like if you start with this like just share that the the content you know so yeah I think I already questions are going to yeah same same thing was happening in the last demo classes yeah I actually already shared it so with the like the person who was supposed to share it yeah yeah you're investing your energy because last time no it is I'm happy to clarify if you guys want because I am not in the group which you guys are so that I can share so yeah so I'm not so I already shared it okay but the salary of Indian specialist totally depends on your experience if you're starting it's less if you have experience it's more the only thing that I can say here is and due to the cloud thing it is uh very new it's not even like 10 years old so you can just uh you can believe it to be existing for another 20 years at least and now this way they are integrating it with everything else uh and the companies uh and I have seen many of the big companies that had a huge presence in sscm and all those things they have also started the migration towards InTune Standalone so that is a positive side uh what I've seen so yeah if you choose InTune as a skill I think it can serve you for long yeah thanks Aman for joining yeah thanks yeah sure all right guys if you don't have any questions probably we can drop and I'll ask the yeah Alaska me to share the course of what we are going to be covering on this one and uh then you can have further discussion with Amitabh but the course fee and all those stuff okay thanks guys uh for your time enjoy your rest of the Sunday bye thank you foreign

2023-06-03

Show video