Additional Lab Steps
Do the Endpoint Analytics lab early. Hopefully it will give time for some of the clients to report in (the Microsoft docs say that "it may take weeks"!).
Slide Deck 1: Explore modern management
Endpoint Manager
https://docs.microsoft.com/en-us/mem/configmgr/core/understand/microsoft-endpoint-manager-faq
SSO
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Practice Lab: Managing Identities in Azure AD
For instructions using the Microsoft.Graph PowerShell module, see
https://github.com/MicrosoftLearning/MD-102T00-Microsoft-365-Endpoint-Administrator/issues/18.
Module 3: Configure user and device profiles
How to sync from a command line?
https://oofhours.com/2019/09/28/forcing-an-mdm-sync-from-a-windows-10-client/
https://msendpointmgr.com/2019/09/22/force-intune-policy-sync-from-a-powershell-script/
Microsoft Edge
Like other web browsers, Microsoft Edge has a sync option. This only requires you to enter your credentials (a Microsoft Account or an Azure AD account) in the web browser - it is not related to any roaming profile features in this module.
Also see FSLogix
https://docs.microsoft.com/en-us/fslogix/overview
Lab 0303: Configuring Enterprise State Roaming
Before the lab, remove the Backinfo application so that you can see the wallpaper changing.
• Run Explorer.
• Navigate to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.
• Delete the Backinfo shortcut.
Module: Implement mobile application management
https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
Module: Deploy and update applications
Store for Business
The entire Store for Business feature is retiring 15 September 2023, in favour of deploying apps straight from Intune.
From the above article, "We recommend adding your apps through the new Microsoft Store app experience in Intune. If an app isn't available in the Microsoft Store, you need to retrieve an app package from the vendor and install it as a line-of-business (LOB) app or Win32 app."
What if the app isn't in the Store and you can't get the package? I guess you have to find a replacement for the app.
Update to Intune integration with the Microsoft Store on Windows
Evolving the Microsoft Store for Business and Education
Store Apps URL
When adding Store apps to Intune, you can no longer just copy and paste the URL from the web browser (thanks, Microsoft, we appreciate that). You need to click on the Endpoint Configuration link in the store page.
https://www.reddit.com/r/Intune/comments/u8726m/windows_store_apps/
Practice Lab: Deploying cloud apps using Intune
If you deploy Remote Desktop using the Microsoft Store app (new) type, the app will be automatically installed on SEA-WS1. The lab instructions use the Microsoft Store app (legacy) type.
Module 5: Manage authentication and compliance
Practice Lab: Configuring Self-service password reset for user accounts in Azure AD
Task 3's title does not match its contents. Even though it is titled "Task 3: Validate self-service password reset", it doesn't actually test self-service password reset - it tests pasword writeback.
TODO: Instructions here.
The direct URL for the password reset page is:
https://passwordreset.microsoftonline.com/
Practice Lab: Creating device inventory reports
Update Power BI Desktop to the latest version before doing the exercise.
Module 6: Manage Windows client security
CIA Triad
3 (or 5?) pillars of information security. Sometimes called the ICA Triad to avoid confusion with the American intelligence agency.
WIP Retirement
Note that Windows Information Protection is going to be retired in favour of Purview DLP.
Practice Lab: Deploying Windows 11 using Microsoft Deployment Toolkit
I suggest giving SEA-WS4 two vCPUs.
Module 8: Deploy using cloud tools
Listing devices from PowerShell
After uploading the Autopilot csv file.
# Using the Microsoft.Graph PowerShell module:
Connect-Graph -Scopes "Device.Read.All"
Get-MgDevice | fl DisplayName, PhysicalIds
Existing devices.
https://docs.microsoft.com/en-us/mem/autopilot/existing-devices
Co-Management
The following article has clearer version of the diagram than the courseware. Update as of Sep 2022, the diagram that the courseware no longer includes. :-)
https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview
Practice Lab: Deploying Windows 11 with Autopilot
Task 3, Step 6
You must wait for the machine to appear in the list (click Refresh every minute or so).
Task 3, Step 18
You must wait for the profile to show "Yes" in the Assigned column.
Hurry up and wait. :-)
Practice Lab: Managing Windows quality and feature updates
Task 1, Step 9
In the Skillable.com lab environment, you will see three policies: Disable automatic updates, Set Automatic Update options, and Get updates for other Microsoft products.
TOCHECK: To disable the Insider Builds
Endpoint portal, create a configuration profile.
Platform: Windows 10 and later
Profile type: Settings catalog (preview)
Basics tab.
Name: Disable Insider Program
Configurations settings tab.
Select + Add settings.
Search for a setting "preview build".
Browse by category: Windows Update for Business.
In the "1 results in the category" list, select the checkbox for Manage Preview Builds.
Click the X at the top right.
Back in the Configurations settings tab.
Manage Preview Builds: Disable Preview Builds.
Assignments tab.
Add groups, Contoso developer devices.
Next, Next, Create.