Course Overview
About this course
: This course provides administrators with the knowledge and skills necessary to deploy and manage Windows 10 desktops, devices, and applications in an enterprise environment. Students learn how to plan and implement Windows 10 deployments in large organizations. Students also learn how to manage the Windows 10 installations after deployment to provide secure identity and data access using technologies related to Group Policy, Remote Access, and Workplace Join. To support a variety of device and data management solutions, Microsoft Azure Active Directory, Microsoft Intune, and Microsoft Azure Rights Management are introduced. These services are part of the Enterprise Mobility Suite, which provides identity and access management, and cloud-based device, application, and update management. In addition, Enterprise Mobility Suite offers more secure data access to information stored both in the cloud and on location within corporate networks.
Audience profile
This course is intended for IT professionals who are interested in specializing in Windows 10 desktop and application deployments, and in managing cloud-based application and data service environments for medium-to-large enterprise organizations. These professionals typically work with networks that are configured as Windows Server domain-based environments with managed access to the Internet and cloud services. This course also is intended to provide skills for individuals who seek to pass the 70-697 Configuring Windows Devices exam.
At course completion
After completing this course, students will be able to:
- Describe the challenges and solutions for desktop and device management in an enterprise environment.
- Deploy Windows 10 Enterprise desktops.
- Manage user profiles and user state virtualization.
- Manage desktop and application settings by using Group Policy.
- Manage Windows 10 sign-in and identity.
- Manage data access for Windows-based devices.
- Manage remote access solutions.
- Manage Windows 10 devices by using enterprise mobility solutions.
- Manage desktop and mobile clients by using Intune.
- Manage updates and Endpoint Protection by using Intune.
- Manage application and resource access by using Intune.
- Configure and manage client Hyper-V.
Prerequisites
Students should have at least two years of experience in the IT field and should already have the following technical knowledge:
- Networking fundamentals, including Transmission Control Protocol /Internet Protocol (TCP/IP), User Datagram Protocol (UDP), and Domain Name System (DNS)
- Microsoft Active Directory Domain Services (AD DS) principles
- Windows Server 2012 R2 fundamentals
- The Windows client operating system essentials; for example, working knowledge of Windows 8.1 and/or Windows 7
Microsoft Windows Client essentials; for example, working knowledge of Windows 7 and/or Windows 8.1
Course Outline
Module 1: Managing Desktops and Devices in an Enterprise Environment
This module explains the most current trends and information related to desktop and device management in the enterprise. It also provides an overview of on-premises management compared to cloud-based IT management and services.
Lessons
- Managing Windows 10 in the Enterprise
- Managing a Mobile Workforce
- Supporting Devices in the Enterprise
- Extending IT Management and Services to the Cloud
Lab Planning for Windows 10 and Device Management in the Enterprise
- Reading the scenario
After completing this module, students will be able to:
- Discuss managing Windows 10 in an enterprise environment.
- Explain the complexities of managing a mobile workforce.
- List the challenges of supporting devices in the enterprise.
- Explain how to extend IT Management and services to the cloud.
Module 2: Deploying Windows 10 Enterprise Desktops
This module explains the various deployment scenarios for Windows 10 and the considerations to keep in mind while performing these deployments. This module also explains how to deploy Windows 10 by using the Windows Assessment and Deployment Kit (WADK) and the Microsoft Deployment Toolkit (MDT). This module also explains how to maintain Windows 10 by using DISM and Windows Imaging and Configuration Designer (ICD). Additionally, it explains the different types of volume activation technologies and tools to manage activation.
Lessons
- Overview of Windows 10 Enterprise Deployment
- Customizing Enterprise Desktop Deployments
- Deploying Windows 10 by Using MDT
- Maintaining a Windows 10 Installation
- Volume License Activation for Windows 10
Lab Building a Reference Image by Using Windows Assessment and Deployment Kit (ADK) Tools
- Configuring Custom Windows PE Boot Media
- Creating a Custom Answer File by Using Windows SIM
- Installing a Reference Computer by Using an Answer File
- Preparing a Reference Computer by Using Sysprep
- Capturing a Reference Computer
Lab Using MDT to Deploy Windows 10 Desktops
- Creating and Configuring an MDT Deployment Share
- Creating a Task Sequence
- Deploying a Windows 10 Image by Using MDT
Lab Maintaining a Windows 10 Installation by Using Windows ICD
- Creating and Configuring a Windows ICD Provisioning Package
After completing this module, students will be able to:
- Describe the Windows 10 enterprise deployment process.
- Customize enterprise desktop deployments.
- Deploy Windows 10 by using MDT.
- Maintain a Windows 10 installation.
- Manage volume license activation for Windows 10.
Module 3: Managing User Profiles and User State Virtualization
This module explains how to manage user profiles and user state using tools such as the User State Migration Tool (USMT) and User Experience Virtualization (UE-V).
Lessons
- Managing User Profiles and User State
- Implementing User State Virtualization by Using Group Policy
- Configuring UE-V
- Managing User State Migration
Lab Configuring User Profiles and User State Virtualization
- Configuring Roaming User Profiles and Folder Redirection
- Implementing and Configuring UE-V
Lab Migrating User State by Using USMT
- Creating and Customizing USMT XML Files
- Capturing and Restoring User State on a Target Computer
After completing this module, students will be able to:
- Manage user profiles and user state.
- Implement user state virtualization by using Group Policy.
- Configure UE-V.
- Manage user state migration.
Module 4: Managing Desktop and Application Settings by Using Group Policy
This module explains how to manage Group Policy inheritance, administrative templates, and common enterprise desktop settings. This module also explains how to apply Group Policy Preferences using targeting and filtering.
Lessons
- Managing Group Policy Objects
- Configuring Enterprise Desktops by Using Group Policy
- Overview of Group Policy Preferences
Lab Configuring Group Policy Objects and Settings
- Managing Windows 10 by Using Group Policy
Lab Using Group Policy Preferences to Manage Desktop Settings
- Configuring Group Policy Preferences to Apply Drive and Printer Mapping
After completing this module, students will be able to:
- Describe Group Policy processing and management.
- Configure common settings to users and desktops by using Group Policy.
- Manage settings using Group Policy preferences.
Module 5: Managing Windows 10 Sign-In and Identity
This module explains the concept of identity and explains the methods to enhance identity security. This module also explains cloud identities and the use of Azure Active Directory in enterprise organizations.
Lessons
- Overview of Enterprise Identity
- Planning for Cloud Identity Integration
Lab Integrating a Microsoft Account with a Domain Account
- Signing up for a Microsoft Account
- Connecting a Microsoft Account to a Domain Account
Lab Joining Windows 10 to Azure Active Directory
- Signing up for Office 365 and Azure Trial Subscriptions
- Joining Windows 10 to Azure Active Directory
After completing this module, students will be able to:
- Describe the concept of enterprise identity.
- Plan for cloud identity integration.
Module 6: Managing Data Access for Windows-based Devices
This module explains how to provide secure access to company data. Solutions discussed include Device Registration (previous known as Workplace Join) and Work Folders. This module also explains how to configure and share data stored in Microsoft OneDrive.
Lessons
- Overview of Data Access Solutions
- Implementing Device Registration
- Implementing Work Folders
- Managing Online Data Using Cloud-Based Storage Solutions
Lab Configuring Data Access for Non-Domain Joined Devices Lab Managing Data Access by Using OneDrive
- Configuring OneDrive
After completing this module, students will be able to:
- Describe the data access solutions.
- Implement Device Registration.
- Implement Work Folders.
- Manage online data by using cloud-based storage solutions.
Module 7: Managing Remote Access Solutions
This module explains how to configure a virtual private network (VPN) and DirectAccess in Windows 10. This module also explains how to configure RemoteApp.
Lessons
- Overview of Remote Access Solutions
- Supporting DirectAccess with Windows 10
- Configuring VPN Access to Remote Networks
- Supporting RemoteApp
Lab Implementing DirectAccess
- Configuring the DirectAccess Server
- Configuring DirectAccess Clients
- Validating Remote Connectivity
Lab Configuring RemoteApp
- Creating an RD Sessiion Host Deployment
- Installing and Publishing a Remote Application
- Validating RemoteApp Functionality
After completing this module, students will be able to:
- Describe remote access solutions.
- Implement DirectAccess with Windows 10.
- Configure access to remote networks.
- Support RemoteApp for Windows 10.
Module 8: Managing Windows 10 Devices by Using Enterprise Mobility Solutions
This module provides an overview of the Enterprise Mobility + Security, Microsoft Azure Active Directory-Premium (Azure AD Premium), Azure Rights Management (Azure RMS), and Microsoft Intune.
Lessons
- Overview of the EMS
- Overview of Azure Active Directory Premium
- Overview of Azure RMS
- Overview of Intune
Lab Implementing an Intune Subscription
- Signing Up for an Intune Trial Subscription
- Adding Intune Users
After completing this module, students will be able to:
- Describe EMS.
- Manage directory services by using Azure AD Premium.
- Protect devices by using Azure RMS.
- Explore the options in Intune.
Module 9: Managing Desktop and Mobile Clients by Using Microsoft Intune
This module explains how to install the Microsoft Intune client software and configure and assign Intune policies. It also explains how to create Mobile Device Management (MDM) policies and enroll mobile devices to Intune. Additionally, this module explains how to use Intune to create and manage Windows Information Protection (WIP) policies.
Lessons
- Deploying the Intune Client Software
- Overview of Intune Policies
- MDM by Using Intune
- Overview of WIP
Lab Installing the Intune Client Software and Configuring a Policy
- Installing the Intune Client Software
- Configuring Intune Policy Settings
Lab Managing Mobile Devices Using Intune
- Configuring and Enrolling Mobile Devices into Intune
- Configuring a WIP Policy in Intune
After completing this module, students will be able to:
- Deploy the Intune client software.
- Describe Intune policies.
- Manage mobile devices by using Intune.
- Create and manage WIP policies.
Module 10: Managing Updates and Endpoint Protection by Using Microsoft Intune
This module explains how to configure updates and Endpoint Protection settings and reports using Microsoft Intune.
Lessons
- Managing Updates by Using Intune
- Managing Endpoint Protection
Lab Managing Updates and Endpoint Protection by Using Microsoft Intune
- Configuring Updates in Intune
- Configuring Endpoint Protection in Intune
After completing this module, students will be able to:
- Manage updates by using Intune.
- Manage Endpoint Protection.
Module 11: Application and Resource Access by Using Microsoft Intune
This module explains how to use the Microsoft Intune Software Publisher to deploy applications to managed clients. This module also explains the use of certificate profiles, Wi-Fi profiles, and VPN profiles to control access to company resources.
Lessons
- Application Management by Using Intune
- The Application Deployment Process
- Managing Access to Organizational Resources
Lab Deploying Applications by Using Microsoft Intune
- Publishing Applications for Deployment in Intune
- Deploying and Monitoring Application Deployment
Lab Managing Resource Access by Using Intune
- Configuring Certificate Deployment in Intune
- Configuring Conditional Access Policies
After completing this module, students will be able to:
- Describe the requirements for application management by using Intune.
- Describe the application deployment process by using Intune.
- Describe how to manage access to organizational resources by using Intune.
Module 12: Configuring and Managing Client Hyper-V
This module explains how to create virtual switches, virtual hard disks, and virtual machines by using Client Hyper-V.
Lessons
- Installing and Configuring Client Hyper-V
- Configuring Virtual Switches
- Creating and Managing Virtual Hard Disks
- Creating and Managing Virtual Machines
Lab Installing Client Hyper-V
- Creating a Virtual Switch, a Virtual Hard Disk, and a Virtual Machine
- Creating a Virtual Switch, a Virtual Hard Disk, and a Virtual Machine
After completing this module, students will be able to:
- Install and configure Client Hyper-V.
- Configure virtual switches.
- Create and manage virtual hard disks.
- Create and manage virtual machines.