Professional Documents
Culture Documents
Mirko Colemberg
Principal Consultant - baseVISION
com@basevision.ch
mirkocolemberg@
Alfred Ojukwu
Senior Consultant - Microsoft
alojukwu@microsoft.com
alojukwu@
Session Objectives And Takeaways
• Manage Identity (13%)
• Plan desktop and device deployment (13%)
• Plan and implement a Microsoft Intune device management solution
(11%)
• Configure networking (11%)
• Configure storage (10%)
• Manage data access and protection (11%)
• Manage remote access (10%)
• Manage apps (11%)
• Manage updates and recovery (10%)
https://www.youtube.com/watch?v=8Cw9l9
8ci1w
• AD supports two categories of
known devices: Evaluate & enforce compliance with
device management policies
• Company-owned device
• Domain joined Configure device Users on their devices
mgmt. policies
• Cloud Domain joined * Report device
compliance
• Personal device MDM
Conditional
• Work accounts (Windows 10) access control
Browser-session SSO
Seamless 2F Auth
Desktop SSO
tpmvscmgr.exe create /name tpmvsc /pin default /adminkey random /generate
A.
B.
C.
D.
The USMT Process
\\migserver\usmt\store
Loadstate Syntax
\\migserver\usmt\store
Private Virtual
Windows 10 machine
App App Virtual
machine
App
Internal Virtual
Virtual
Windows 10 Windows 10 machine
machine
App
Virtual
App Virtual App App
machine
machine ICS
App
App
External
Virtual
Windows 10 machine
- Physical network adapter App App Virtual
- Virtual network adapter IP IP machine
App
- Virtual switch No IP
IP
https://technet.microsoft.com/library/dn985838.aspx
Alfred Ojukwu
•
•
•
•
•
•
Users > Policies > Administrative Templates > Windows Components > Work Folders
1. Client resolves a standard URL:
joe@contoso.com 1
https://workfolders.contoso.com
Software Installer External Link Managed iOS App from App Store
Use for: Use for: Use to:
Installation via the Company Portal URL’s that let users Manage and deploy iOS applications
Installation Types Installation on mobile devices that download applications that are free of charge from the iOS app
bypass the app store (sideloading) from an online store store.
Applications deployed to devices Link to a web based
that run the Intune computer application that runs from
client the web browser
Managed App Does not apply to Windows Does not exist for Windows Phone Doesn’t exist for Doesn’t exist for
Store App Phone apps. Apps Windows apps. Windows apps.
HTTPS (443)
SNMP (161)
POP3 (110)
SMTP (25)
HTTP (80)
DNS (53)
FTP (21)
TCP UDP
IPv4 IPv6
Ethernet
More Commands
Ping
Ipconfig /all
Tracert
Netstat
Netsh
Nslookup
Using Windows PowerShell to Manage Network Settings
Steps to Managing a Preferred network 4. At the bottom of the page, beneath Manage
1. Open the Settings App. Known Networks, click the network you
2. Click Network & Internet, and then click Wi-Fi. want to manage.
3. On the Wi-Fi page, click Manage Wi-Fi Settings. 5. Click Share or Forget The Network
Key Points to Remember:
• Inbound\Outbound Rules
• Connection Security Rules
• Monitoring Rules
• Connection Security rules
are only rules.
Exam Tips
• Different Types of Wi-Fi
authentication.
advfirewall
firewall netshadvfirewall
__________firewall add rule name="My Application"
allow allow program="C:\MyApp\MyApp.exe" enable
dir=in action=_____ ______
=yes
configure
enable
• DFR-Namespaces (DFS-N)
• DFR-Replication (DFS-R)
• Remote Differential Compression
• Link
• Target
• Link Referral
• Root Referral
• Referral Caches
B.
C.
D.
E.
VPN Protocols
• Point to Point (PTP)
• Layer 2 Tunneling Protocol (L2TP)
• Secure Socket Tunneling Protocol (SSTP)
• Internet Key Exchange (IKEv2)
Common Authentication Protocols
• EAP-MS-CHAPv2
• PAP
• CHAP
• MS-CHAP v2
Note: Know how to create a VPN Connection
Available Power Settings
Require a password on wakeup.
Choose what the power button does.
Choose what closing the lid does.
Create a power plan.
Change when the computer sleeps.
Cmdlets:
• Get-Disk selects a disk
• Initialize-Disk prepares a disk for use
• Set-Disk sets disk parameters, such as partition style
A.
B.
C.
D.
E.
Session-based Virtual Desktop RDS Azure
computing Infrastructure on IaaS RemoteApp
User
On-premises In cloud
https://www.remoteapp.windowsazure.com/en/clients.aspx
• Publish Cloud Apps to Users
• Use group policy to control
access to signed packages.
• Supports iOS and Android
• Configure Remote Desktop Web
Access for Azure Distribution
Identify settings
• Settings Location Templates
• Windows Settings Apply settings
• Desktop Applications • Windows Settings
Windows Store App List • Desktop Applications
Template Catalog Location • Settings Storage Location
• Windows Store Apps • Windows Store Apps
UE-V agent
Registry
Local files
C.
D.
• Introduced in Windows 8
• Builds History of changes
• Control frequency of backups
• Great solution for remote users.
• A better backup and restore
solution.
•
Update Settings and Windows Update Policies
• Current Branch
• New features available immediately after being published
• Minimum length of servicing lifetime is 4 months
• Supported on Windows 10 Home, Pro, Education, and Enterprise
SKUs
Current Branch for Business
New feature upgrades available approximately 4 months after
being published
Minimum length of servicing lifetime is 8 months
Supported on Windows 10 Pro, Education, and Enterprise SKU’s
Microsoft Edge, Internet Explorer 11 included Microsoft Edge, Internet Explorer 11 included Internet Explorer 11 included
Browser
B.
C.
D.
GPO1
Site
GPO3
Domain
GPO4
OU
GPO5
OU OU
Free suite of tools that includes:
• Application Compatibility Toolkit (ACT)
• Deployment Image Servicing and Management
(DISM)
• Flashing tools
• User State Migration Tool (USMT)
• Volume Activation Management Tool (VAMT)
• Windows Assessment Toolkit
• Windows Imaging and Configuration Designer
(Windows ICD)
• Windows Preinstallation Environment (PE)
• Windows performance tools
• Windows System Image Manager (SIM)
New Windows 10 security features include:
• Device Guard, which blocks execution of
unauthorized applications
• Credential Guard, which stores credentials, such as
NTLM hashes and Kerberos tickets
https://aka.ms/ignite.mobileapp