Details

MDM: Fundamentals, Security, and the Modern Desktop


MDM: Fundamentals, Security, and the Modern Desktop

Using Intune, Autopilot, and Azure to Manage, Deploy, and Secure Windows 10
1. Aufl.

von: Jeremy Moskowitz

32,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 02.07.2019
ISBN/EAN: 9781119564348
Sprache: englisch
Anzahl Seiten: 528

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>The first major book on MDM written by Group Policy and Enterprise Mobility MVP and renowned expert, Jeremy Moskowitz!</b></p> <p>With Windows 10, organizations can create a consistent set of configurations across the modern enterprise desktop—for PCs, tablets, and phones—through the common Mobile Device Management (MDM) layer. MDM gives organizations a way to configure settings that achieve their administrative intent without exposing every possible setting. One benefit of MDM is that it enables organizations to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows organizations to target Internet-connected devices to manage policies without using Group Policy (GP) that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.</p> <p>With Microsoft making this shift to using Mobile Device Management (MDM), a cloud-based policy-management system, IT professionals need to know how to do similar tasks they do with Group Policy, but now using MDM, with its differences and pitfalls.</p> <p>•    What is MDM (and how is it different than GP)</p> <p>•    Setup Azure AD and MDM Auto-Enrollment</p> <p>•    New PC Rollouts and Remote Refreshes: Autopilot and Configuration Designer</p> <p>•    Enterprise State Roaming and OneDrive Documents Roaming</p> <p>Renowned expert and Microsoft Group Policy and Enterprise Mobility MVP Jeremy Moskowitz teaches you MDM fundamentals, essential troubleshooting techniques, and how to manage your enterprise desktops.</p>
<p>Foreword xix</p> <p>Introduction xxi</p> <p><b>Chapter 1 Enterprise Mobility and MDM Essentials 1</b></p> <p>Getting Ready to Use This Book 2</p> <p>Why the Need for MDM 3</p> <p>Group Policy and MDM Compared 6</p> <p>MDM: Guts, Protocols, and Moving Parts 9</p> <p>OMA-DM: The Protocol 9</p> <p>CSPs: Configuration Service Providers 9</p> <p>MDM Service 11</p> <p>Extending Your MDM Services with Third-Party Tools 12</p> <p>Final Thoughts 13</p> <p><b>Chapter 2 Set Up Azure AD and MDM 15</b></p> <p>Comparative Analysis of Different MDM Services 15</p> <p>Azure AD Premium, Enterprise Mobility + Security, and Microsoft 365 16</p> <p>Office 365’s Built-In MDM Management 18</p> <p>Microsoft Intune 20</p> <p>VMware Workspace ONE 24</p> <p>MobileIron 25</p> <p>Setting Up Auto-Enrollment and Enrolling Your First Machines 25</p> <p>Turning On MDM Enrollment 26</p> <p>Add Your First User to Azure AD 33</p> <p>Enroll Your First Windows 10 Machine into MDM 34</p> <p>Optional Steps: Custom Domain Names and AD to AAD Synchronization 50</p> <p>Custom Domain Names: Goodbye to “onmicrosoft.com” Names 50</p> <p>Syncing Your On-Prem AD to Azure AD Automatically 58</p> <p>Final Thoughts 73</p> <p><b>Chapter 3 MDM Profiles, Policies, and Groups 75</b></p> <p>MDM Policies and the Policy CSP 75</p> <p>MDM: Getting Started with Policies 76</p> <p>Profiles and Policies 77</p> <p>What Makes an MDM Policy? 82</p> <p>ADMX-Backed Policies 87</p> <p>Ingesting Third-Party ADMX Files 96</p> <p>Creating and Using Groups 108</p> <p>Creating Assigned Groups 109</p> <p>Creating Dynamic Groups 109</p> <p>Advanced Dynamic Rules 111</p> <p>Utilizing Groups in Intune 114</p> <p>Final Thoughts 114</p> <p><b>Chapter 4 Co-Management and Co-Policy Management 117</b></p> <p>Co-Management of SCCM and Intune 117</p> <p>Co-Policy Management: Group Policy and Your MDM Service 122</p> <p>Auto-Enroll in Your MDM Service Using Group Policy 122</p> <p>Co-Policy Management…Who Wins: MDM or Group Policy? 127</p> <p>Final Thoughts 133</p> <p><b>Chapter 5 MDM Migration and MDM Troubleshooting 135</b></p> <p>MMAT: Microsoft MDM Migration and Analysis Tool 135</p> <p>Troubleshooting MDM 139</p> <p>MDM Service Reports, Diagnostic Logs, and Event Logs 139</p> <p>Delivery Reports from Your MDM Service 140</p> <p>Advanced Diagnostic Reports and Resolving Conflicts 141</p> <p>Final Thoughts about the Advanced MDM Settings Report 143</p> <p>Resolving Conflicts 144</p> <p>Investigating Event Logs 148</p> <p>Remotely Collecting Logs from Windows 10 149</p> <p>Remember MdmWinsOverGP Setting and Gotchas 149</p> <p>Other Miscellaneous Notes, Traps, and Gotchas 149</p> <p>Final Thoughts 152</p> <p><b>Chapter 6 Deploying Software and Scripts 153</b></p> <p>Preparing for the Remainder of the Chapter 155</p> <p>What to Download to Get Settled in for This Chapter 155</p> <p>How to (Generally) Deploy Applications with Intune 157</p> <p>Deploying MSI Applications with MDM 161</p> <p>Deploying Your First MSI Application 161</p> <p>Deploying AppX Apps via the Microsoft Store for Business 170</p> <p>Getting Started with and Activating the Microsoft Store for Business 170</p> <p>Acquiring AppX Packages to Distribute Using Microsoft Store for Business 172</p> <p>Deploying MSIX with MDM 178</p> <p>Repackaging an App with the MSIX Packaging Tool 181</p> <p>Deploying Office 365 ProPlus with MDM 196</p> <p>Deploying Win32 Apps with MDM 206</p> <p>Microsoft Intune Win32 Content Prep Tool 207</p> <p>Gathering All the Needed Items in One Place 208</p> <p>Preparing the Win32 Application Contents 210</p> <p>Add the .intunewin File to Intune 211</p> <p>Assign the App and See Results 216</p> <p>Other Win32 Deployment Examples, Troubleshooting, and Final Thoughts 217</p> <p>Deploying Scripts with Your MDM Service 219</p> <p>Deploying Scripts (That Deploy Software) with Intune 220</p> <p>Delivering Other Software and Files with MDM (Using PolicyPak File Delivery Manager) 226</p> <p>Downloading Unusual File Types 227</p> <p>Downloading .EXEs, .MSIs, or Unusual Software, Then Running a Script (and Cleaning Up When You’re Done) 228</p> <p>Downloading a ZIP and Automatically Unpacking Its Contents 229</p> <p>Final Thoughts 231</p> <p><b>Chapter 7 Enterprise State Roaming and OneDrive for Business 233</b></p> <p>Pregame Setup for This Chapter 235</p> <p>Get Your Azure Tennant ID 235</p> <p>Enterprise State Roaming 239</p> <p>Setting Up Enterprise State Roaming 241</p> <p>OneDrive for Business 244</p> <p>Managing the OneDrive Tenant 246</p> <p>SharePoint and SharePoint Migration Tool 248</p> <p>OneDrive Sync Client 257</p> <p>OneDrive’s Magic Trick: Known Folder Move 268</p> <p>Files Restore (from Malware or User Error) 276</p> <p>Final Thoughts 279</p> <p><b>Chapter 8 Rollouts and Refreshes with Configuration </b><b>Designer and Autopilot 281</b></p> <p>Windows Configuration Designer 282</p> <p>Get WCD from the Windows Store 283</p> <p>What Can You Do with WCD? (And What Shouldn’t You Do with WCD?) 284</p> <p>WCD Example 284</p> <p>Implementing the .PPKG File 290</p> <p>Results from Using a .PPKG File 292</p> <p>Final Thoughts about WCD 292</p> <p>Autopilot 293</p> <p>Getting Devices Registered into Autopilot 296</p> <p>Creating Groups for Your Autopilot Machines 303</p> <p>Setting Up Your Autopilot Deployment Profile 306</p> <p>Automatically Harvesting Hardware IDs into Autopilot 317</p> <p>Autopilot: Resets, Retire, Wipes, and Fresh Starts 324</p> <p>Linking a Specific User to a Specific Hardware ID 329</p> <p>Autopilot Self-Deploying Mode 330</p> <p>Autopilot Hybrid Azure AD Join 339</p> <p>Autopilot White Glove 356</p> <p>Final Autopilot Resources 358</p> <p><b>Chapter 9 Windows 10 Health and Happiness: Servicing, Readiness, Analytics, and Compliance 359</b></p> <p>Windows, Office, and OneDrive as a Service 359</p> <p>Servicing Windows 360</p> <p>Servicing Office 365</p> <p>Servicing OneDrive (Revisited) 367</p> <p>Making Your Own Rings for Windows, Office, and OneDrive 367</p> <p>Office and Application Readiness 375</p> <p>Office 365 Readiness Toolkit 376</p> <p>App Health Analyzer 380</p> <p>Desktop Analytics 381</p> <p>Introduction to Desktop Analytics 382</p> <p>Prepare, Pilot, and Deploy Phases 383</p> <p>Final Thoughts on Desktop Analytics 383</p> <p>Device Compliance and Health Attestation 384</p> <p>Getting Started with Compliance Policy 385</p> <p>Final Thoughts on Windows Health and Happiness 393</p> <p><b>Chapter 10 Security with Baselines, BitLocker, AppLocker, and Conditional Access 395</b></p> <p>Security Baselines 396</p> <p>Creating Your Security Baselines in Intune 397</p> <p>Assigning Your Security Baseline to a Group 399</p> <p>Syncing Your Client to Get the Baseline 400</p> <p>Testing Your Baseline 401</p> <p>Reporting and Monitoring Baselines 402</p> <p>BitLocker: Full Disk Encryption 404</p> <p>Enabling BitLocker Using Intune 404</p> <p>BitLocker Key Recovery and Management 412</p> <p>BitLocker Final Thoughts and Additional Resources 416</p> <p>Application Whitelisting with AppLocker or PolicyPak Least Privilege Manager 417</p> <p>Using AppLocker for Whitelisting 417</p> <p>Using Your AppLocker Rule with Intune 420</p> <p>PolicyPak Least Privilege Manager for Whitelisting 423</p> <p>Conditional Access 426</p> <p>Setting Up Azure Conditional Access 427</p> <p>Final Thoughts on Security 434</p> <p><b>Chapter 11 MDM Add-On Tools: Free and Pay 439</b></p> <p>Company Portal App 439</p> <p>Setting Up Company Portal Branding 440</p> <p>Users Interacting with the Company Portal App 441</p> <p>Microsoft Graph and the Graph Explorer 448</p> <p>PolicyPak On-Prem & MDM Edition 455</p> <p>Getting Started with PolicyPak 456</p> <p>Using PolicyPak to Export Existing Group Policy to MDM 458</p> <p>Using PolicyPak to Overcome UAC Prompts 461</p> <p>Using PolicyPak to Block and Allow UWP Applications 463</p> <p>Using PolicyPak to Manage Application, Browser, and Java Settings 463</p> <p>Using PolicyPak to Manage Windows Features (and Optional Features) 466</p> <p>PolicyPak Deployment with Intune (or Any MDM) 466</p> <p>Interesting Things I Found on the Internet 467</p> <p>Untested, but Seemingly Useful Scripts 467</p> <p>Yodamiitti Intune Management GUI 468</p> <p>Final Thoughts (on This Chapter, and about the Book!) 470</p> <p>Index 473</p>
<p><b>JEREMY MOSKOWITZ, is a 15-year</b> Microsoft MVP awardee and is founder of MDMandGPanswers.com and CTO of PolicyPak Software. Since becoming one of the world's first MCSEs, he has performed Active Directory, Group Policy and MDM planning and implementations for some of the nation's largest organizations. His best-selling book <i>Group Policy Fundamentals, Security, and Troubleshooting, Third Edition</i> is on desks of administrators everywhere.
<p><b>An essential guide for IT Admins leveraging Modern Management with MDM</b> <p>Modern Management enables organizations to create a consistent set of policy configurations across the modern enterprise—for PCs, tablets, and phones—through the common Mobile Device Management (MDM) layer. In this book, MDM and Windows 10 management expert Jeremy Moskowitz explains the MDM fundamentals and essential troubleshooting techniques, and shows you how to manage enterprise Windows 10 desktop deployments and rollouts. <p>An organization doesn't have to go "all in" on the cloud to take advantage of MDM and Modern Management. Using this book, an IT admin can decide which opportunities to augment or replace from their traditional on-premises management. By leveraging the techniques in this book, an IT Pro will learn how to master MDM in order to increase their IT efficiency. <p>Leverage Intune, Autopilot, and Azure to dictate the look-and-feel settings of Windows 10, remotely deploy software, roll out new Windows 10 machines, secure access to resources, and remote wipe a lost device. <p>This must-have guide: <ul> <li>Explains Modern Management concepts using an MDM service like Microsoft Intune<sup>®</sup></li> <li>Describes the setup for Azure AD and MDM auto-enrollment</li> <li>Includes extensive examples on MDM policy configuration, Group Policy co-policy management, and troubleshooting</li> <li>Explains how to use Windows Autopilot to perform new PC rollouts and perform remote refreshes</li> <li>Demonstrates how to deploy software using Windows Intune</li> <li>Explains how to use Microsoft OneDrive<sup>®</sup> to replace Folder Redirection and mapped drives</li> <li>Reveals how to keep Windows 10, Office, and OneDrive up-to-date with Channels and Rings</li> <li>Explains Windows 10 security using MDM</li> <li>Demonstrates useful third party MDM tools to bridge the gaps in MDM</li> </ul>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
109,99 €