Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back. Security minded Starbury ins to the M s. 3 60 File Security Administration course.
00:06
I'm your starter, Jim Daniels.
00:08
We're still a Model three Industry 65 Threat Protection.
00:12
Let's inform ability,
00:14
but we are going to look at mobile device management
00:19
upon completion of this video. Westen
00:21
I have the extreme confidence that you will know how to compare Indian Office 3 65 and, in turn,
00:29
configured policy settings for mobile devices
00:31
and describe conditional access and how it's used in indium
00:37
mobile device management. Indium is an industry standard for managing mobile devices such as smartphones, tableaus, laptops, even that stops.
00:46
Indiana is implemented by using a MDM authority and Indian clients
00:53
Microsoft offers to MGM Authorities Solutions in Tune
00:57
an Indian for office 3 65.
01:00
I will go ahead and say
01:02
in soon is currently in a phase to be renamed into
01:07
in point manager.
01:10
So where you see in tune here by the time you look at this video may actually say in point manager. So in tune in point manager,
01:18
they are blurring together, and it's gonna be the same thing.
01:22
All right,
01:23
so let's look at the comparison between office 3 65 Indian and into an Indian
01:30
office. 3 65 MDM That comes when you have a 3 65 10
01:34
that allows for basic
01:38
configuration and basic 03 cc file related actions. You can detective something's jail broken.
01:45
You can remove of 3 65 application data from mobile devices to selective wife. Wonder corporate data. Prevent access to email and documents based on enrollment compliance policies. You do have some tools,
02:00
but for the enterprise level Indiana, you definitely want to move up to something like Microsoft Intern,
02:07
Indian policies and profiles or groups of settings that control features on mobile devices.
02:13
When you create policies of profiles, you deploy them by signing them to groups
02:17
in the Indian for 03 65 you could manage the following mobile device settings
02:23
organization wide device access settings and device security policies
02:28
and into you manage these additional settings. So those plus he's
02:35
vice enrollment restrictions,
02:37
device compliance policies, device configuration policies, conditional access and software updates,
02:45
conditional access with intern
02:46
conditional access. We talked about it previously.
02:50
It provides grain your access
02:52
to keep your corporate data secure on giving users and experience that allows them to do their best work from any device
02:59
and from any location.
03:00
Conditions can be defined that gate access to your data
03:05
based on location,
03:07
advice, state or applications sensitivity
03:10
when we refer to those asked signals previously
03:14
within Azar 80.
03:15
Conditional access for any application with a set of conditions
03:20
in tune adds device compliance and mobile application management into that.
03:25
The Microsoft Cloud at Proxy
03:29
extends
03:30
as a writer director. Conditional access to legacy sso
03:35
oh through 65 conditional access is application level implementation to enforce service that access
03:39
and location restrictions.
03:43
Microsoft Cloud Application Access Session Proxy
03:46
is in line implementation to enforce the vice data access and location restrictions.
03:53
Conditional access and Azure Active directory
03:57
is included with your azar at the director of premium license. People want more pizza,
04:02
so because it is as rugged directory premium that's our court. He won't be too. But you also get it within any of the enterprise Mobility Security suites
04:13
as well as the M s 3 65 suites.
04:16
Here we look at kind of the flow when how conditional access works on the left. Inside these are signals, so we have memberships of groups is device compliance.
04:28
There's application. Have a policy types of it.
04:30
What kind of client is is that mobile is a risk client
04:34
location. G offense is a trusted range. Is that untrusted?
04:39
Risk
04:41
All these signals go into your policy and you can
04:44
Well, I'll access based on the signals. Block access based on the signals
04:48
or enforce multi factor authentication.
04:51
And then I for that they have access to want is protected
04:56
and triggered from
04:59
office 3 65 and azure.
05:01
All right, let's take a look at some of the common conditional access usage with Intern
05:09
network Access Control
05:11
into integrates in with partners to provide access controls. Basically enrollment device compliance. State
05:17
device Risk in tune Partners with mobile threat defense vendors that provided security solution to detect threats So the device risk
05:27
is a continuously calculated score based on various components. It could be your account.
05:33
If it is a anomaly request for something you never request. It could be location.
05:40
Impossible travel things of that nature.
05:43
B Y o D. PC's
05:45
workplace. Join the into management
05:47
users conjoined their personal devices to access corporate resources and services
05:54
application based in tune and as your a D. Work together to make sure only manage zaps can access corporate email or other 03 65 services.
06:04
So for corporate owned PCs,
06:06
you can have two different options. Hybrid as your 80 join.
06:10
This is for organizations that comfortable with how the already managing their PC's on friends.
06:16
You can also do as you're 80 the main join and into management this scenarios for organizations who will be cloud first or cloud only
06:25
to set up Microsoft in tune for device management, you have to configure the Indian Authority bus light and one of three options
06:31
in tune. Indian Authority
06:33
Config manager, Indian Authority or None.
06:38
After you set your Indian authority to intern,
06:41
where you activate your mobile device management service and in tune for 3 65
06:45
you perform some additional task before you can start to enroll. Manage devices.
06:50
Some of the tasks required to deploy NDM
06:54
You configure your domains, friend Ian.
06:56
You can figure all of your AP inserts for IOS devices
07:00
you set up in F A,
07:02
and you need to manage
07:03
device security policies
07:06
if you want to enable users to roll their Windows 10 devices and into Indian
07:12
but he's our discovery. You have to add a DNS record to that domain DNS zone.
07:17
If you're companies, use an azure 80 premium. You can integrate as your A D Within tune
07:23
you configure automatic Indian enrollment.
07:26
See named Ellis Records.
07:29
Here's the or you have enterprise enrollment dot manners at Microsoft dot com
07:32
in a fraud registration dot windows dot net.
07:35
We have this set up in or environment
07:39
toe where, as soon as a user gets a new machine,
07:43
they will again
07:44
it automatically season
07:46
in that automatically enrolls them into the intern.
07:49
Configure in a peon certificate for IOS devices.
07:54
If you are a man's iPad, iPhone and Mac devices by using Indian, you need Apple push notification certain you mean UK securely with these devices
08:03
after you add to serve two into north 3 65 your users can enroll their devices by using either
08:09
the company portal at
08:11
or apples bulk enrollment methods such as Device and Roman program depth
08:16
or Apple School manager or Apple
08:20
Configure writer.
08:22
By default, Apple push notifications start is valid for one year. You have to renew it
08:28
if it does expire before you renew it,
08:31
your enrollment of future IOS devices will fell until that sort is valid.
08:39
Security policies can be implemented by configuring device config profiles device compliance policies in conditional access policies
08:46
into enables you to create an appoint different times of device configuration,
08:50
recording device restrictions and point protection and defender 80 p policies.
08:56
A device Compliance policies specifies the device configuration. It must be met for the device to be considered compliant.
09:05
Conditional access policies enable you to control access to these applications, and resource is
09:11
only if pre rex arm. That's
09:15
but Defoe Users are allowed to enroll all supported device types in the intern
09:20
enrollment. Restrictionists can be configured using these bombing criteria.
09:24
Maximum number of devices a user can a role
09:28
device, platforms
09:30
required of s version and restriction of personally owned devices.
09:35
So you guys will go in and set up your
09:37
corporate device and role in policy.
09:41
If you don't want your device is enrolled,
09:45
you don't have to allow you just not allowing block him right from here.
09:50
Quiz
09:52
by default The A P M Apple push notification certain is valid for one year,
09:56
huh?
09:56
Well, that's
09:58
we just talked about it.
10:01
The answer is true.
10:01
Donald for one year
10:03
if it expires and you don't update it
10:07
on
10:07
registration attempts for in June. From that point, Ford will not be successful
10:13
To recap. Adolescent Indian is an industry standard for managing mobile devices such as smartphones, tablets, laptops and even that's times
10:22
Indian policies and profiles or groups of settings that control features on mobile devices.
10:28
Conditional access provides granular access control
10:31
to help keep your corporate data secure
10:35
while getting users and experience that allows them to do their best work
10:39
from a device
10:39
and for many locations.
10:43
Thank you for joining me. I hope to see you for the next lesson. Take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor