The first major book on MDM written by Group Policy and Enterprise Mobility MVP and renowned expert, Jeremy Moskowitz!
With Windows 10, organizations can create a consistent set of configurations across the modern enterprise desktop--for PCs, tablets, and phones--through the common Mobile Device Management (MDM) layer. MDM gives organizations a way to configure settings that achieve their administrative intent without exposing every possible setting. One benefit of MDM is that it enables organizations to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows organizations to target Internet-connected devices to manage policies without using Group Policy (GP) that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
With Microsoft making this shift to using Mobile Device Management (MDM), a cloud-based policy-management system, IT professionals need to know how to do similar tasks they do with Group Policy, but now using MDM, with its differences and pitfalls.
* What is MDM (and how is it different than GP)
* Setup Azure AD and MDM Auto-Enrollment
* New PC Rollouts and Remote Refreshes: Autopilot and Configuration Designer
* Enterprise State Roaming and OneDrive Documents Roaming
Renowned expert and Microsoft Group Policy and Enterprise Mobility MVP Jeremy Moskowitz teaches you MDM fundamentals, essential troubleshooting techniques, and how to manage your enterprise desktops.
Autorentext
JEREMY MOSKOWITZ, is a 15-year Microsoft MVP awardee and is founder of MDMandGPanswers.com and CTO of PolicyPak Software. Since becoming one of the world's first MCSEs, he has performed Active Directory, Group Policy and MDM planning and implementations for some of the nation's largest organizations. His best-selling book Group Policy Fundamentals, Security, and Troubleshooting, Third Edition is on desks of administrators everywhere.
Klappentext
An essential guide for IT Admins leveraging Modern Management with MDM
Modern Management enables organizations to create a consistent set of policy configurations across the modern enterprisefor PCs, tablets, and phonesthrough the common Mobile Device Management (MDM) layer. In this book, MDM and Windows 10 management expert Jeremy Moskowitz explains the MDM fundamentals and essential troubleshooting techniques, and shows you how to manage enterprise Windows 10 desktop deployments and rollouts.
An organization doesn't have to go "all in" on the cloud to take advantage of MDM and Modern Management. Using this book, an IT admin can decide which opportunities to augment or replace from their traditional on-premises management. By leveraging the techniques in this book, an IT Pro will learn how to master MDM in order to increase their IT efficiency.
Leverage Intune, Autopilot, and Azure to dictate the look-and-feel settings of Windows 10, remotely deploy software, roll out new Windows 10 machines, secure access to resources, and remote wipe a lost device.
This must-have guide:
- Explains Modern Management concepts using an MDM service like Microsoft Intune®
- Describes the setup for Azure AD and MDM auto-enrollment
- Includes extensive examples on MDM policy configuration, Group Policy co-policy management, and troubleshooting
- Explains how to use Windows Autopilot to perform new PC rollouts and perform remote refreshes
- Demonstrates how to deploy software using Windows Intune
- Explains how to use Microsoft OneDrive® to replace Folder Redirection and mapped drives
- Reveals how to keep Windows 10, Office, and OneDrive up-to-date with Channels and Rings
- Explains Windows 10 security using MDM
- Demonstrates useful third party MDM tools to bridge the gaps in MDM
Inhalt
Foreword xix
Introduction xxi
Chapter 1 Enterprise Mobility and MDM Essentials 1
Getting Ready to Use This Book 2
Why the Need for MDM 3
Group Policy and MDM Compared 6
MDM: Guts, Protocols, and Moving Parts 9
OMA-DM: The Protocol 9
CSPs: Configuration Service Providers 9
MDM Service 11
Extending Your MDM Services with Third-Party Tools 12
Final Thoughts 13
Chapter 2 Set Up Azure AD and MDM 15
Comparative Analysis of Different MDM Services 15
Azure AD Premium, Enterprise Mobility + Security, and Microsoft 365 16
Office 365's Built-In MDM Management 18
Microsoft Intune 20
VMware Workspace ONE 24
MobileIron 25
Setting Up Auto-Enrollment and Enrolling Your First Machines 25
Turning On MDM Enrollment 26
Add Your First User to Azure AD 33
Enroll Your First Windows 10 Machine into MDM 34
Optional Steps: Custom Domain Names and AD to AAD Synchronization 50
Custom Domain Names: Goodbye to onmicrosoft.com Names 50
Syncing Your On-Prem AD to Azure AD Automatically 58
Final Thoughts 73
Chapter 3 MDM Profiles, Policies, and Groups 75
MDM Policies and the Policy CSP 75
MDM: Getting Started with Policies 76
Profiles and Policies 77
What Makes an MDM Policy? 82
ADMX-Backed Policies 87
Ingesting Third-Party ADMX Files 96
Creating and Using Groups 108
Creating Assigned Groups 109
Creating Dynamic Groups 109
Advanced Dynamic Rules 111
Utilizing Groups in Intune 114
Final Thoughts 114
Chapter 4 Co-Management and Co-Policy Management 117
Co-Management of SCCM and Intune 117
Co-Policy Management: Group Policy and Your MDM Service 122
Auto-Enroll in Your MDM Service Using Group Policy 122
Co-Policy ManagementWho Wins: MDM or Group Policy? 127
Final Thoughts 133
Chapter 5 MDM Migration and MDM Troubleshooting 135
MMAT: Microsoft MDM Migration and Analysis Tool 135
Troubleshooting MDM 139
MDM Service Reports, Diagnostic Logs, and Event Logs 139
Delivery Reports from Your MDM Service 140
Advanced Diagnostic Reports and Resolving Conflicts 141
Final Thoughts about the Advanced MDM Settings Report 143
Resolving Conflicts 144
Investigating Event Logs 148
Remotely Collecting Logs from Windows 10 149
Remember MdmWinsOverGP Setting and Gotchas 149
Other Miscellaneous Notes, Traps, and Gotchas 149
Final Thoughts 152
Chapter 6 Deploying Software and Scripts 153
Preparing for the Remainder of the Chapter 155
What to Download to Get Settled in for This Chapter 155
How to (Generally) Deploy Applications with Intune 157
Deploying MSI Applications with MDM 161
Deploying Your First MSI Application 161
Deploying AppX Apps via the Microsoft Store for Business 170
Getting Started with and Activating the Microsoft Store for Business 170
Acquiring AppX Packages to Distribute Using Microsoft Store for Business 172
Deploying MSIX with MDM 178
Repackaging an App with the MSIX Packaging Tool 181
Deploying Office 365 ProPlus with MDM 196
Deploying Win32 Apps with MDM 206
Microsoft Intune Win32 Content Prep Tool 207
Gathering All the Needed Items in One Place 208
Preparing the Win32 Application Contents 210
Add the .intunewin File to Intune 211
Assign the App and See Results 216
Other Win32 Deployment Examples, Troubleshooting, and Final Thoughts 217
Deploying Scripts with Your MDM Service 219
Deploying Scripts (That Deploy Software) with Intune 220
Delivering Other Software and Files with MDM (Using PolicyPak File Delivery Manager) 226…