Mastering Microsoft Endpoint Manager: Deploy and manage Windows 10, Windows 11, and Windows 365 on both physical and cloud PCs
- Length: 605 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-11-09
- ISBN-10: 1801078998
- ISBN-13: 9781801078993
- Sales Rank: #90118 (See Top 100 Books)
Design and implement a secure end-to-end desktop management solution with Microsoft Endpoint Manager
Key Features
- Learn everything you need to know about deploying and managing Windows on physical and cloud PCs
- Simplify remote working for cloud-managed cloud PCs via new service Windows 365
- Benefit from the authors’ experience of managing physical endpoints and traditional virtual desktop infrastructures (VDI)
Book Description
One of the main reasons for the slow adoption of Modern Workplace solutions designed to simplify the management layer of your environment is the lack of understanding and knowledge of the product. With this book, you’ll learn everything you need to know to make the shift to the Modern Workplace, running Windows 10, Windows 11, or Windows 365.
Mastering Microsoft Endpoint Manager explains various concepts in detail to give you the clarity to plan how to use Microsoft Endpoint Manager (MEM) and eliminate potential migration challenges beforehand. You’ll get to grips with using new services such as Windows 365 Cloud PC, Windows Autopilot, profile management, monitoring and analytics, universal print, and much more. The book will take you through the latest features and new Microsoft cloud services to help you to get to grips with the fundamentals of Microsoft Endpoint Manager and understand which services you can manage. Whether you are talking about physical or cloud endpoints―it’s all covered.
By the end of the book, you’ll be able to set up MEM and use it to run Windows 10, Windows 11, and Windows 365 efficiently.
What you will learn
- Understand how Windows 365 Cloud PC makes the deployment of Windows in the cloud easy
- Configure advanced policy management within MEM
- Discover modern profile management and migration options for physical and cloud PCs
- Harden security with baseline settings and other security best practices
- Find troubleshooting tips and tricks for MEM, Windows 365 Cloud PC, and more
- Discover deployment best practices for physical and cloud-managed endpoints
- Keep up with the Microsoft community and discover a list of MVPs to follow
Who This Book Is For
If you are an IT professional, enterprise mobility administrator, architect, or consultant looking to learn about managing Windows on both physical and cloud endpoints using Microsoft Endpoint Manager, this book is for you.
Mastering Microsoft Endpoint Manager Foreword Contributors About the authors About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Understanding the Basics Chapter 1: Introduction to Microsoft 365 An introduction to Microsoft 365 What do the services achieve? Microsoft Endpoint Manager Azure Virtual Desktop AVD and Windows 365 Cloud PC – shared responsibility model 1 AVD and Windows 365 Cloud PC – shared responsibility model 2 Productivity Score OneDrive for Business (part of Microsoft 365 Apps) Microsoft Defender for Endpoint (formerly MDATP) Summary Questions Answers Further reading Chapter 2: What Is Unified Endpoint Management? Paths to modern management Microsoft Endpoint Manager and Intune Endpoint Manager admin center portal Microsoft 365 admin center portal Cloud PC/Windows 365 Azure Active Directory (Azure AD) Cloud management gateway (CMG) Desktop Analytics Microsoft Endpoint Manager – from on-premises to the cloud Exploring Windows 10 Enterprise in detail Using Windows via a Windows 365 cloud PC Azure KMS – cloud PC/Windows 365/AVD WUfB is the new way of manning Windows servicing Bring your own device What is zero trust? Verifying identity Verifying devices Summary Questions Answers Further reading Section 2: Windows 365 Chapter 3: Introducing Windows 365 What is Windows 365? Removing the complexity of traditional VDI deployments Why virtualize Windows in the cloud? Comparing Windows 365 Enterprise and Business Microsoft Endpoint Manager High-level architecture components and responsibilities Microsoft Endpoint Configuration Manager support Co-management and Windows 365 Sizes and performance of fixed-price licenses On-premises connections Provisioning policies Windows 365 – gallery images Custom images Roles and delegation The Watchdog service Optimized Teams on Windows 365 Microsoft Edge Sleeping tabs Startup boost Screen capture protection Summary Questions Answers Further reading Chapter 4: Deploying Windows 365 Technical requirements for deploying Windows 365 Azure subscription Azure VNet Azure VNet – required related URLs and ports Microsoft Endpoint Manager and AVD – service URLs Remote Desktop Protocol requirements Hybrid Azure AD joined Purchasing and assigning cloud PC licenses via the Microsoft 365 admin center portal On-premises network connections Provisioning a cloud PC User settings – self-service Self-service capabilities – IT admin Reprovisioning the cloud PC Local administrator VM SKU upgrades (preview feature) Image management – creating a custom image (optional) Supported endpoints Information Worker Portal (IWP) Azure AD – MyApps unified (workspace) portal Multi-factor authentication and conditional access Security baselines for a cloud PC Distributing the Remote Desktop client via Microsoft Endpoint Manager – Intune to your physical endpoints Auto-subscribing users in the Remote Desktop client Autopilot and cloud PCs – lightweight thin client (Kiosk) Monitoring and analytics Shadow users with Quick Assist Windows 11 Microsoft Managed Desktop Summary Questions Answers Further reading Section 3: Mastering Microsoft Endpoint Manager Chapter 5: Requirements for Microsoft Endpoint Manager Endpoint scenarios Identity roles and privileges for Microsoft Intune Compliance Administrator Compliance Data Administrator Intune Administrator Message Center Reader Security Administrator Security Operator Security Reader Identity roles and privileges for a Windows 365 cloud PC Azure Subscription Owner Intune Administrator Domain Administrator Identity roles and privileges for Universal Print Printer Administrator Printer Technician Licensing requirements Supported OSes Required web browser versions Windows 11 requirements How do you get Windows 11? Administrator licensing Azure AD group-based licensing Setting the mobile device management authority Enabling Windows automatic enrollment Using Azure Virtual Desktop with Intune Microsoft Intune enrollment restriction for Windows Microsoft Intune device restrictions for Windows Blocking personal Windows devices Microsoft Intune device limit restrictions for Windows Customizing Intune company portal apps, the company portal website, and the Intune app Associating your Microsoft Store for Business account with Intune MEM – network URL firewall requirements Access for managed devices Windows 365 endpoint URLs Network URL requirements for PowerShell scripts and Win32 apps Windows Push Notification Services – required URLs Windows 365 and Azure Virtual Desktop – required URLs Universal Print – required URLs Delivery Optimization Summary Questions Answers Further reading Chapter 6: Windows Deployment and Management Deploying existing Windows devices into Microsoft Endpoint Manager Enrolling devices – Windows enrollment When to use what solution Windows Update for Business Types of updates managed by Windows Update for Business Enforcing compliance deadlines for updates How to handle conflicting or legacy policies How to set up and configure Windows Update for Business Safeguard holds Expediting a Windows patch The Windows Insider Program for Business Summary Questions Answers Further reading Chapter 7: Manager Windows Autopilot Technical requirements Windows Autopilot overview Uploading the hardware ID to Windows Autopilot Windows Autopilot for existing devices Windows updates during the Out-of-Box Experience (OOBE) Auto-assigning Windows Autopilot profiles in Intune Signing in to Graph Explorer Enrollment Status Page (ESP) ESP implementation Windows CSP Autopilot reporting and diagnostics Company Portal Configuring automatic BitLocker encryption for Autopilot devices Cloud configuration scenario Deploying essentials that users might need to access work or school resources Edge kiosk self-deployment scenario Creating a specific ESP for the Edge kiosk Creating a Windows Autopilot profile Self-Deploying (preview) Autopilot Reset Wiping and resetting your devices Fresh start Windows Recovery Environment Summary Questions Answers Further reading Chapter 8: Application Management and Delivery Application delivery via Microsoft Endpoint Manager Different application types you can deploy LOB applications Supersedence mode Community tool – Win32App Migration Tool Deploying Microsoft 365 apps Update channels Office Customization Tool Microsoft 365 Apps admin center Microsoft 365 apps – customization Deploying Microsoft Teams OneDrive Deploying Microsoft Edge What is MSIX? AppxManifest.xml AppxBlockMap.xml AppxSignature.p7x How to create MSIX packages Pushing the MSIX package application to your endpoints Summary Questions Answers Further reading Chapter 9: Understanding Policy Management Policy management What is a CSP policy? Windows Push Notification Services (WNS) Policy management within Microsoft Endpoint Manager Migrating existing policies from AD – Group Policy management (preview) Summary Questions Answers Further reading Chapter 10: Advanced Policy Management Policy management Configuring a policy from the Endpoint Manager Security blade Configuring your Endpoint security profile Windows 10 unhealthy endpoints Attack surface reduction Configuring a policy from the Settings catalog Configuring administrative templates URL reputation OneDrive Known Folder Move configuration OneDrive – block syncing specific file extensions Configure device configuration (template) Leveraging a custom policy as a last resort Pushing PowerShell scripts – scripted actions to endpoints Compliance policies Windows Organizational compliance report Summary Questions Answers Further reading Chapter 11: Office Policy Management The Office cloud policy service Creating a policy configuration with the OCP service Configuring policies Tips and tricks in the OCP service How are Office cloud policies applied? Security Policy Advisor Summary Questions Answers Further reading Chapter 12: User Profile Management Windows profiles Modern profile management Enterprise State Roaming Microsoft Office's roaming settings Outlook's signature cloud settings OneDrive for Business Known Folder Move Windows 10 Storage Sense OneDrive and Storage Sense Microsoft Edge ESR + OneDrive + Edge + Office Migrating from legacy to modern profile management Summary Questions Answers Further reading Chapter 13: Identity and Security Management Microsoft Identity AAD AAD users AAD guest users AAD group types AAD membership types Hybrid AAD Conditional Access Users and groups Cloud apps Conditions Grant Preventing users from carrying out AAD device registration Self-service password reset AAD password protection Password-less authentication Enabling password-less authentication What is and isn't supported in each password-less scenario BitLocker disk encryption BitLocker recovery keys Microsoft Defender for Endpoint Integration with MEM Security baselines Compliance policies Windows 365 security baselines Requirements for Defender for Endpoint Connecting to Intune – MEM integration Alerts and security assessments Security recommendations Summary Questions Answers Further reading Chapter 14: Monitoring and Endpoint Analytics Monitoring and analytics Monitoring your physical and virtual cloud endpoints Endpoint analytics – advanced monitoring Start up performance – logon duration Performance score breakdown Top 10 impacting start up processes OS restart history Resource performance Insights and recommendations – score trends Application reliability Windows 365-specific metrics Insights and recommendations Configuration Manager data collection Customizing your baselines Proactive remediations Azure Monitor integration Productivity Score Service health Summary Questions Answers Further reading Chapter 15: Universal Print What is Universal Print? Universal Print – architecture explained The print connector Where does my printed data go? Printer defaults Universal Print – service requirements Network requirements Learning how to deploy Universal Print Delegating printer access – custom roles Connecting your existing printer to Universal Print Configuring Universal Print Enabling Hhybrid AD configuration – via the Universal Print connector Registering your own custom printers with Universal Print Sharing your printers with your users Assigning permissions to use a printer(s) Testing your Universal Print connected printer Assigning and deploying cloud printers with Microsoft Endpoint Manager Summary Questions Answers Further reading Section 4: Tips and Tricks from the Field Chapter 16: Troubleshooting Microsoft Endpoint Manager Troubleshooting MEM Service health and message center Troubleshoot blade in MEM Troubleshooting Windows 10 MEM enrollment BitLocker failures Windows 10 device diagnostics Client requirements Troubleshooting application delivery Win32 LOB Microsoft Store apps Troubleshooting Autopilot Windows 11 Autopilot diagnostics page Troubleshooting locating a Windows device Troubleshooting Microsoft Edge Summary Questions Answers Further reading Chapter 17: Troubleshooting Windows 365 Troubleshooting yourself and Microsoft Support Windows 365 provisioning errors Cloud PC – device-based filtering Summary Questions Further reading Chapter 18: Community Help Join the new W365 Community! Microsoft Tech Community and MS Learn Other community blogs, Microsoft MVPs,and more… Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Mastering Microsoft Endpoint Manager: Deploy and manage Windows 10, Windows 11, and Windows 365 on both physical and cloud PCs
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.