Endpoint Management Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

4 hours 24 minutes
Video Transcription
Hello, ladies and gentlemen, welcome back to this Microsoft 365 Fundamentals. Course, My name is Chris Tomiko and we are smack bang in the middle off module three. We are currently waiting to discuss Microsoft endpoint manager. So let's get cracking now.
Today's technology is changing the way we all work. Okay, especially with the current climate. While we're recording this, we're in the middle of this covert 19 crisis that's going on around the world. This pandemic on
digital transformation enables the flexibility toe work from pretty much anywhere on any device.
That flexibility doesn't mean, however, that you're not responsible for the security of your organization's data. All right, so a modern workplace demands a little bit of a new approach to managing and securing data as well as devices. So what we're looking at here
is normally movement to the cloud. However, it can be on premises as well. But we've discussed a little bit about these tools before eso the 1st 1 that we've discussed is into and this is what we call a cloud based e m M. On E m m is an enterprise.
Alright, he's out. So you got up on the screen mobility
That's E M M. All right. Just put a little mark right next to it.
So that's what we talk about with E. M. M Enterprise Mobility Management. Now this integrates really easily with your active directory. Of course, for I Am I Am is identity access management like, for example, your identity that used to log onto a computer
and then access files? Do you have permission for those files and that kind of thing? That's what we're talking about.
It also integrates with Is your information protection, which we've discussed in previous videos for data protection. Things like conditional access, that kind of thing. All right, so it merges with that. It can also enforce policies for you. It can wipe devices remotely on. It can push software to machines as well.
So in tune is a really cool little piece of software.
I say little. It's not little by any means, but I like to use that terminology on. You can also enroll devices to put profiles on it. Now this is a key word, and the reason I've put in role in speech marks saying quote marks is because that is the new domain join.
Okay, so when someone talks about enrolling,
they're actually talking about joining it to their network. You're right. But this is we're not We're not talking about domains in the traditional sense. If you ever be in the system, admin before or worked in a business environment, domains are very much
they're becoming more loose, more relaxed in terms of their official tired because you don't need a domain anymore, technically to control profiles and policies and lots of different think data protection and things like that. All right.
Okay, let's have a look at this then. So I'm gonna wipe this off the screen
so that we can have another look here,
it's There we go. That's not going. There we go. One and two. Perfect. All right, so this table, I basically put it up. We were just talking about putting in, like, enrolling profiles and things like that. So let's have a look at some of the profiles. The engine can she handle or endpoint? Manager, I should say so. We've got our email profile right here,
and this manages the exchange Active sync settings on devices, or it's a female
WiFi. Now, in tune will allow you to manage wireless network settings for users and devices. Eso It basically means that you can pre configure wireless networks onto a device without the user having to do any of the connection for the first time. So imagine that if you had remember we spoke about autopilot in the past,
you could actually set up
autopilot toe. Have WiFi connections automatically built in that when the user then comes into the office and turns on their laptop, Ping their back online there on the network, and they don't even need to ask for the password or anything else really handy feature. Same thing with VPN, so you can set up your devices for VP and usage
so that they can get access really quickly and easily as well.
So that supported education. So I was, you know, a big thing for many corporate environments, but certainly something to be aware. Or you never know when you might work for a university or college or who knows in your career. But yeah, you can configure different options, for they have actually have an application called the Taker Test Application right here,
which is built into Windows 10 devices in classroom environments, and you can control the profile for that as well. Certificates allows you to configure trust and certificates for use for things like WiFi VPN email. So if you ever need to put any kind of security on there that requires certificates
absolutely possible. Totally easy
addition. Upgrades so you can upgrade Windows 10 devices to enterprise level s mode. I don't think even backwards. Upgrade. Downgrade. Sorry to s Mode s mode was this kind of cut down version that Microsoft used to use.
I don't believe they roll it out anymore was it was originally intended for their surface environments,
But I believe they've just gone for Windows 10 now just because of the way it kind of is modular
endpoint protection. So an endpoint is basically just a device on the end of your network. That's what they mean by endpoint protection. So things like bit locker, windows, defender so bit locker is what you're looking at for encryption. Windows Defender is your anti virus. All right.
And then windows information protection things basically allows you to configure protection for data loss prevention things like that so that people are accessing data when they should be and how they should be, not just because they used to. And now they haven't got permission. Or
you could have things. Like, for example, you don't allow access to data
sensitive data when they're on an unsecured wireless network in Starbucks. Maybe as an example, eso that kind of thing. You can have certain conditions
in order for people to then get access to that data.
All right. Okay, Let's move on then. So we're gonna clear the screen. Come back to this on. We'll look at the other side of this. So we talked about in tune. Let's look at endpoint configuration manager. Now, this is the on premises e Mm mm. Being that enterprise mobility management, remember?
All right, So this one here deals with things like application management, theocracy, ating system deployment, the updating of software, making sure the devices air actually properly secured and complying compliant, that kind of thing. So that's what this looks for all or takes care of. I should say
Windows. Autopilot. We've discussed this a little bit already.
So windows autopilot is basically the way that a device is Get rid of the arrow now, but It's the way that this is what we're talking about.
It's the way that if you're the vendor here, you are basically, let's say you you sell a device. So you are the buyer. This is me. I'm a sys admin guy,
and I go in order a new laptop. The vendor then buys the lot. That purchase did,
the vendor then goes and prepares the laptop and sends it directly
to the customer.
All right, so
that's what happens. So you purchase from the customer, and then
once the customer has received the item on, they've fulfilled it and delivered it.
They sit down and they log in for the first time. So I log in with Chris at canto zo dot com as an example. Right now, this is where autopilot would kick in. So when it sees me log in, it would recognize that I have an autopilot environment,
and it would then get my computer ready. What it would do is Riedel, the profiles that policies configuration changes that I need, and it would actually overlay it on top of the device 30 a m. Device installation. So if I've if I've bought HP laptop HP A notorious for putting their
They're HP branded software on there. I could get rid of that with autopilot. I can put my own on their if I run my own business. You know, ABC
or Acme Inc. Or whatever it might be. I can put my own logos on there and things like that. And then what it will do is it will periodically
check to make sure that the device is not reset itself back. Let's say, Hey, trippy a particularly aggressive and they try and set things back to how they want them to be on. It would just basically make sure that it manages it in a steady state.
At this point, you've got two ways that you can break away now. The 1st 1 is probably more cut. More common. One is that the user might phone up the I T department. Andi, there's a problem with the laptop, in which case, what the I T department does is they push out the autopilot. Reload
on that allows the device to go back to as if the future is logged in for the first time
since they received the laptop, and it will basically put the machine back to where it waas. You could do this either with removing what's being customized on the machine. Or you can keep files and customize ations and just reset the device back so that there's no configuration changes effectively. It's up to you entirely how you want to roll that out.
The other option is in the bottom left here is the end of life. So at this point here, the user might say, Well, I've had the laptop for five years. I've got a brand new one now I don't need that one, so they would then tell you that they're not using it anymore. Now what you do with the hardware is entirely up to you.
However, what you can do with Water Pilot is that you can send a command from the autopilot environment
to the machine, and it tells it to basically wipe the device. OK, so it comes back to scratch. You can then recycle it, you know, sell it, do whatever you need to do with it. But autopilot takes care of the fact that you won't have to worry about people accessing that device directly.
All right, so let's move on then. So let me get rid of all that stuff on the screen.
Let me get my raise. Raise all income slide. Today we go. Perfect.
Alright. So back to Penn.
All right, so let's move on then. Let's talk about desktop analytics. So desktop analytics integrates with configuration Manager the one at the top. OK, and this includes things like the inventory of applications running in your organization. It includes the compatibility of Europe's making sure that they actually work.
Andi also identifies those compatibility issues, so if there is a problem, it will tell you and hopefully help you figure out how to fix it.
You can also create pilot groups with desktop analytics. Three idea being that you would have a group to test this almost like a bunch of guinea pigs. Although hopefully they won't feel that way on. Then you can actually deploy Windows 10 2 devices using this as well.
All right, so what we're gonna do, I'm going to stop here. We're about 2/3 of the way through this slide, but there is a bit more after to come, so I'm going to stop here. We're gonna come back for another video Because I know we're coming up on a long video already. Onda, we carry on with part two, so I will see you shortly.
Up Next
Microsoft 365 Fundamentals [MS-900]

Microsoft 365 Fundamentals is a course designed to help both those looking for more information at a foundational level on the Microsoft 365 platform and service, as well as those looking to take the exam itself.

Instructed By