| Foreword |
|
xix | |
| Introduction |
|
xxi | |
| Chapter 1 Enterprise Mobility and MDM Essentials |
|
1 | (14) |
|
Getting Ready to Use This Book |
|
|
2 | (1) |
|
|
|
3 | (3) |
|
Group Policy and MDM Compared |
|
|
6 | (3) |
|
MDM: Guts, Protocols, and Moving Parts |
|
|
9 | (4) |
|
|
|
9 | (1) |
|
CSPs: Configuration Service Providers |
|
|
9 | (2) |
|
|
|
11 | (1) |
|
Extending Your MDM Services with Third-Party Tools |
|
|
12 | (1) |
|
|
|
13 | (2) |
| Chapter 2 Set Up Azure AD and MDM |
|
15 | (60) |
|
Comparative Analysis of Different MDM Services |
|
|
15 | (10) |
|
Azure AD Premium, Enterprise Mobility + Security, and Microsoft 365 |
|
|
16 | (2) |
|
Office 365's Built-In MDM Management |
|
|
18 | (2) |
|
|
|
20 | (4) |
|
|
|
24 | (1) |
|
|
|
25 | (1) |
|
Setting Up Auto-Enrollment and Enrolling Your First Machines |
|
|
25 | (25) |
|
Turning On MDM Enrollment |
|
|
26 | (7) |
|
Add Your First User to Azure AD |
|
|
33 | (1) |
|
Enroll Your First Windows 10 Machine into MDM |
|
|
34 | (16) |
|
Optional Steps: Custom Domain Names and AD to AAD Synchronization |
|
|
50 | (23) |
|
Custom Domain Names: Goodbye to "onmicrosoft.com" Names |
|
|
50 | (8) |
|
Syncing Your On-Prem AD to Azure AD Automatically |
|
|
58 | (15) |
|
|
|
73 | (2) |
| Chapter 3 MDM Profiles, Policies, and Groups |
|
75 | (42) |
|
MDM Policies and the Policy CSP |
|
|
75 | (33) |
|
MDM: Getting Started with Policies |
|
|
76 | (1) |
|
|
|
77 | (5) |
|
What Makes an MDM Policy? |
|
|
82 | (5) |
|
|
|
87 | (9) |
|
Ingesting Third-Party ADMX Files |
|
|
96 | (12) |
|
Creating and Using Groups |
|
|
108 | (6) |
|
|
|
109 | (1) |
|
|
|
109 | (2) |
|
|
|
111 | (3) |
|
Utilizing Groups in Intune |
|
|
114 | (1) |
|
|
|
114 | (3) |
| Chapter 4 Co-Management and Co-Policy Management |
|
117 | (18) |
|
Co-Management of SCCM and Intune |
|
|
117 | (5) |
|
Co-Policy Management: Group Policy and Your MDM Service |
|
|
122 | (11) |
|
Auto-Enroll in Your MDM Service Using Group Policy |
|
|
122 | (5) |
|
Co-Policy Management...Who Wins: MDM or Group Policy? |
|
|
127 | (6) |
|
|
|
133 | (2) |
| Chapter 5 MDM Migration and MDM Troubleshooting |
|
135 | (18) |
|
MMAT: Microsoft MDM Migration and Analysis Tool |
|
|
135 | (4) |
|
|
|
139 | (13) |
|
MDM Service Reports, Diagnostic Logs, and Event Logs |
|
|
139 | (1) |
|
Delivery Reports from Your MDM Service |
|
|
140 | (1) |
|
Advanced Diagnostic Reports and Resolving Conflicts |
|
|
141 | (2) |
|
Final Thoughts about the Advanced MDM Settings Report |
|
|
143 | (1) |
|
|
|
144 | (4) |
|
|
|
148 | (1) |
|
Remotely Collecting Logs from Windows 10 |
|
|
149 | (1) |
|
Remember MdmWinsOverGP Setting and Gotchas |
|
|
149 | (1) |
|
Other Miscellaneous Notes, Traps, and Gotchas |
|
|
149 | (3) |
|
|
|
152 | (1) |
| Chapter 6 Deploying Software and Scripts |
|
153 | (80) |
|
Preparing for the Remainder of the
Chapter |
|
|
155 | (6) |
|
What to Download to Get Settled In for This
Chapter |
|
|
155 | (2) |
|
How to (Generally) Deploy Applications with Intune |
|
|
157 | (4) |
|
Deploying MSI Applications with MDM |
|
|
161 | (9) |
|
Deploying Your First MSI Application |
|
|
161 | (9) |
|
Deploying AppX Apps via the Microsoft Store for Business |
|
|
170 | (8) |
|
Getting Started with and Activating the Microsoft Store for Business |
|
|
170 | (2) |
|
Acquiring AppX Packages to Distribute Using Microsoft Store for Business |
|
|
172 | (6) |
|
|
|
178 | (18) |
|
Repackaging an App with the MSIX Packaging Tool |
|
|
181 | (15) |
|
Deploying Office 365 ProPlus with MDM |
|
|
196 | (10) |
|
Deploying Win32 Apps with MDM |
|
|
206 | (13) |
|
Microsoft Intune Win32 Content Prep Tool |
|
|
207 | (1) |
|
Gathering All the Needed Items in One Place |
|
|
208 | (2) |
|
Preparing the Win32 Application Contents |
|
|
210 | (1) |
|
Add the .intunewin File to Intune |
|
|
211 | (5) |
|
Assign the App and See Results |
|
|
216 | (1) |
|
Other Win32 Deployment Examples, Troubleshooting, and Final Thoughts |
|
|
217 | (2) |
|
Deploying Scripts with Your MDM Service |
|
|
219 | (7) |
|
Deploying Scripts (That Deploy Software) with Intune |
|
|
220 | (6) |
|
Delivering Other Software and Files with MDM (Using PolicyPak File Delivery Manager) |
|
|
226 | (5) |
|
Downloading Unusual File Types |
|
|
227 | (1) |
|
Downloading .EXEs, .MSIs, or Unusual Software, Then Running a Script (and Cleaning Up When You're Done) |
|
|
228 | (1) |
|
Downloading a ZIP and Automatically Unpacking Its Contents |
|
|
229 | (2) |
|
|
|
231 | (2) |
| Chapter 7 Enterprise State Roaming and OneDrive for Business |
|
233 | (48) |
|
Pregame Setup for This
Chapter |
|
|
235 | (4) |
|
Get Your Azure Tennant ID |
|
|
235 | (4) |
|
|
|
239 | (5) |
|
Setting Up Enterprise State Roaming |
|
|
241 | (3) |
|
|
|
244 | (35) |
|
Managing the OneDrive Tenant |
|
|
246 | (2) |
|
SharePoint and SharePoint Migration Tool |
|
|
248 | (9) |
|
|
|
257 | (11) |
|
OneDrive's Magic Trick: Known Folder Move |
|
|
268 | (8) |
|
Files Restore (from Malware or User Error) |
|
|
276 | (3) |
|
|
|
279 | (2) |
| Chapter 8 Rollouts and Refreshes with Configuration Designer and Autopilot |
|
281 | (78) |
|
Windows Configuration Designer |
|
|
282 | (11) |
|
Get WCD from the Windows Store |
|
|
283 | (1) |
|
What Can You Do with WCD? (And What Shouldn't You Do with WCD?) |
|
|
284 | (1) |
|
|
|
284 | (6) |
|
Implementing the .PPKG File |
|
|
290 | (2) |
|
Results from Using a .PPKG File |
|
|
292 | (1) |
|
|
|
292 | (1) |
|
|
|
293 | (66) |
|
Getting Devices Registered into Autopilot |
|
|
296 | (7) |
|
Creating Groups for Your Autopilot Machines |
|
|
303 | (3) |
|
Setting Up Your Autopilot Deployment Profile |
|
|
306 | (11) |
|
Automatically Harvesting Hardware IDs into Autopilot |
|
|
317 | (7) |
|
Autopilot: Resets, Retire, Wipes, and Fresh Starts |
|
|
324 | (5) |
|
Linking a Specific User to a Specific Hardware ID |
|
|
329 | (1) |
|
Autopilot Self-Deploying Mode |
|
|
330 | (9) |
|
Autopilot Hybrid Azure AD Join |
|
|
339 | (17) |
|
|
|
356 | (2) |
|
Final Autopilot Resources |
|
|
358 | (1) |
| Chapter 9 Windows 10 Health and Happiness: Servicing, Readiness, Analytics, and Compliance |
|
359 | (36) |
|
Windows, Office, and OneDrive as a Service |
|
|
359 | (16) |
|
|
|
360 | (5) |
|
|
|
365 | (2) |
|
Servicing OneDrive (Revisited) |
|
|
367 | (1) |
|
Making Your Own Rings for Windows, Office, and OneDrive |
|
|
367 | (8) |
|
Office and Application Readiness |
|
|
375 | (6) |
|
Office 365 Readiness Toolkit |
|
|
376 | (4) |
|
|
|
380 | (1) |
|
|
|
381 | (3) |
|
Introduction to Desktop Analytics |
|
|
382 | (1) |
|
Prepare, Pilot, and Deploy Phases |
|
|
383 | (1) |
|
Final Thoughts on Desktop Analytics |
|
|
383 | (1) |
|
Device Compliance and Health Attestation |
|
|
384 | (9) |
|
Getting Started with Compliance Policy |
|
|
385 | (8) |
|
Final Thoughts on Windows Health and Happiness |
|
|
393 | (2) |
| Chapter 10 Security with Baselines, BitLocker, AppLocker, and Conditional Access |
|
395 | (44) |
|
|
|
396 | (8) |
|
Creating Your Security Baselines in Intune |
|
|
397 | (2) |
|
Assigning Your Security Baseline to a Group |
|
|
399 | (1) |
|
Syncing Your Client to Get the Baseline |
|
|
400 | (1) |
|
|
|
401 | (1) |
|
Reporting and Monitoring Baselines |
|
|
402 | (2) |
|
BitLocker: Full Disk Encryption |
|
|
404 | (13) |
|
Enabling BitLocker Using Intune |
|
|
404 | (8) |
|
BitLocker Key Recovery and Management |
|
|
412 | (4) |
|
BitLocker Final Thoughts and Additional Resources |
|
|
416 | (1) |
|
Application Whitelisting with AppLocker or PolicyPak Least Privilege Manager |
|
|
417 | (9) |
|
Using AppLocker for Whitelisting |
|
|
417 | (3) |
|
Using Your AppLocker Rule with Intune |
|
|
420 | (3) |
|
PolicyPak Least Privilege Manager for Whitelisting |
|
|
423 | (3) |
|
|
|
426 | (8) |
|
Setting Up Azure Conditional Access |
|
|
427 | (7) |
|
Final Thoughts on Security |
|
|
434 | (5) |
| Chapter 11 MDM Add-On Tools: Free and Pay |
|
439 | (34) |
|
|
|
439 | (9) |
|
Setting Up Company Portal Branding |
|
|
440 | (1) |
|
Users Interacting with the Company Portal App |
|
|
441 | (7) |
|
Microsoft Graph and the Graph Explorer |
|
|
448 | (7) |
|
PolicyPak On-Prem & MDM Edition |
|
|
455 | (12) |
|
Getting Started with PolicyPak |
|
|
456 | (2) |
|
Using PolicyPak to Export Existing Group Policy to MDM |
|
|
458 | (3) |
|
Using PolicyPak to Overcome UAC Prompts |
|
|
461 | (2) |
|
Using PolicyPak to Block and Allow UWP Applications |
|
|
463 | (1) |
|
Using PolicyPak to Manage Application, Browser, and Java Settings |
|
|
463 | (3) |
|
Using PolicyPak to Manage Windows Features (and Optional Features) |
|
|
466 | (1) |
|
PolicyPak Deployment with Intune (or Any MDM) |
|
|
466 | (1) |
|
Interesting Things I Found on the Internet |
|
|
467 | (3) |
|
Untested, but Seemingly Useful Scripts |
|
|
467 | (1) |
|
Yodamiitti Intune Management GUI |
|
|
468 | (2) |
|
Final Thoughts (on This
Chapter, and about the Book!) |
|
|
470 | (3) |
| Index |
|
473 | |
