MDM: Fundamentals, Security, and the Modern Desktop
eBook - ePub

MDM: Fundamentals, Security, and the Modern Desktop

Using Intune, Autopilot, and Azure to Manage, Deploy, and Secure Windows 10

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

MDM: Fundamentals, Security, and the Modern Desktop

Using Intune, Autopilot, and Azure to Manage, Deploy, and Secure Windows 10

About this book

The first major book on MDM written by Group Policy and Enterprise Mobility MVP and renowned expert, Jeremy Moskowitz!

With Windows 10, organizations can create a consistent set of configurations across the modern enterprise desktop—for PCs, tablets, and phones—through the common Mobile Device Management (MDM) layer. MDM gives organizations a way to configure settings that achieve their administrative intent without exposing every possible setting. One benefit of MDM is that it enables organizations to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows organizations to target Internet-connected devices to manage policies without using Group Policy (GP) that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.

With Microsoft making this shift to using Mobile Device Management (MDM), a cloud-based policy-management system, IT professionals need to know how to do similar tasks they do with Group Policy, but now using MDM, with its differences and pitfalls.

  • What is MDM (and how is it different than GP)
  • Setup Azure AD and MDM Auto-Enrollment
  • New PC Rollouts and Remote Refreshes: Autopilot and Configuration Designer
  • Enterprise State Roaming and OneDrive Documents Roaming

Renowned expert and Microsoft Group Policy and Enterprise Mobility MVP Jeremy Moskowitz teaches you MDM fundamentals, essential troubleshooting techniques, and how to manage your enterprise desktops.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access MDM: Fundamentals, Security, and the Modern Desktop by Jeremy Moskowitz in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Sybex
Year
2019
Print ISBN
9781119564324
eBook ISBN
9781119564270
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Chapter 1
Enterprise Mobility and MDM Essentials

In this first chapter, we’ll get to know what MDM is, where it came from, and how it’s different than its cousin Group Policy.
I think the best place to start is right at the top of a new page. Like this one.
And that’s kind of what Microsoft did when they decided to dedicate their efforts with EMM and MDM and not continue down the path of investing more features into existing core on-prem Active Directory and Group Policy technologies.
Again, as I stated in the book’s Introduction, Group Policy is not dead. And Microsoft has not “turned off” Group Policy usage for on-prem scenarios, nor should you live in fear that your favorite new, “Windows 10 gismo,” will lose the ability to be controlled by Group Policy.
But, going forward, you can expect that nearly all Windows 10 (and related settings like Edge) should be controllable with either Group Policy or MDM. There are some exceptions, but Microsoft is committed to adding new settings to GPO. That said, don’t expect new major Group Policy features (like enhanced Group Policy reporting new Group Policy Preferences, or additional troubleshooting tools). But do expect more Group Policy settings to be born each and every time Windows 10 ships, and you’ll see these as the Group Policy Admin Template policy settings (ADMX settings) you’ve come to know and love for umpteen years.
image
For new Group Policy features, like managing the Start Screen and Taskbar and File Associations, while there is some rudimentary stuff in the box, I heartily suggest you take a look at PolicyPak Group Policy edition, which will supplement the missing features most on-prem AD admins are looking for.
The reality is that the concept of Enterprise Mobility and thus using MDM to manage Windows is Microsoft’s new focus, and it’s not looking backward to bolster core Group Policy functions anymore. But at the same time, it is also not killing Group Policy either for use with your existing domain-joined machines.
Microsoft is expecting you to keep using traditional management like Group Policy for some scenarios and modern management with MDM for other scenarios.

Getting Ready to Use This Book

To go through some of the exercises in this book, you will need to own or get evaluations of some software. Or not, and just read the book and see the pictures and get a general feel for what would be involved.
You don’t have to do this now, but to take advantage of the walk-throughs in this book, you will be acquiring the following:
  • Azure AD (free) or Azure AD Premium (preferred for this book). And, if you have Office 365, you already have Azure AD.
  • An MDM service, like Microsoft Intune, VMware Workspace ONE, or MobileIron. Most of the main services have 30 day (or longer) evaluations.
Again: Don’t do this step now; we’ll tackle that in the next chapter.
If you did want to follow along with all the ideas I’ll be showing, you can take some time now to have some representative on-prem infrastructure to simulate what you might already have now. So if you don’t already have a test lab you can beat up, here’s my recommendation of the following computer names, with the following operating systems:
  • DC01 (I recommend Server 2019 or Server 2016.)
  • WIN10Computer.fabrikam.com joined to DC01. If you have other machines joined to Fabrikam.com too, that would be okay and likely useful as well.
  • WIN10-NDJ-1 not domain joined at all
  • WIN10-NDJ-2 also not domain joined at all
You might need more as we go along, but these are a good start.
I suggest you use VMware Workstation or Hyper-V on Windows 10 to make a simulated lab environment. That being said, fair warning, some of the scenarios in Chapter 8, “Rollouts and Refreshed with Configuration Designer and AutoPilot,” won’t work unless you have real hardware. I’ll call those scenarios out when the time comes.
I’m not going to provide any step-by-step instructions for you to bring up your own domain and Domain Controller. But one of my PolicyPak teammates created a video on how to do it here if you’re unfamiliar:
https://www.policypak.com/video/policypak-cloud-how-to-create-a-dc-for-editing-purposes.html
Then join at least Win10Computer to the domain you create; in my examples, I’ll be using the domain name Fabrikam.com.
You might want to have a small gaggle of on-prem AD users pre-created in an OU called Sales. Name your test users anything you like, but you’ll see mine in the book like EastSalesUser1, WestSalesUser7, and so on.
Additionally, as I go along, you might see me manually create other users (in on-prem AD and in Azure AD).
image
If case you’re curious on the backstory of Microsoft’s fake names, like Fabrikam.com, check out this old blog entry:
https://blogs.msdn.microsoft.com/oldnewthing/20061013-05/?p=29393

Why the Need for MDM

Throughout the years, I kept hearing the supposed death knell of Group Policy. But, it’s more than 19 years since Windows 2000, and, well, it’s still here, and seems pretty darned popular.
So much so that I went a little bananas in 2016 and 2017 and wrote a blog post called “The ‘Why Group Policy is Not Dead’ Manifesto.” I mentioned this in the book’s introduction, but if you didn’t read it then, take a moment to read it now. It can be found by moseying over to MDMandGpanswers.com at:
https://www.GPanswers.com/blogs/view-blog/the-why-group-policy-is-not-dead-manifesto
I highly recommend you take a moment and read it and then come back here to continue. It’s long, so maybe it takes two moments.
So, if Group Policy is so great, then why do we need MDM as something to look to for the future? Because as I said in the introduction, Group Policy cannot be the only transport if we want to solve for new scenarios and use cases.
Because in some ways the future is already here. Here are the key factors I see why people are looking at MDM:
New Workstyle: Constantly on the Go You have one. A cell phone. And it’s “constantly on the go.” In fact those are literally the words that Microsoft uses when it explains its position of the benefits of MDM. And yes, cell phones are the primary device that’s always on the go, but we can all agree that carrying around your laptop is easier than ever.
Note that you can see some of Microsoft’s position with regard to MDM if you read this blog entry called “Managing Windows 10 in your organization - transition to modern management.” It’s found at:
https://docs.microsoft.com/en-us/windows/client-management/manage-windows-10-in-your-organization-modern-management
New World: Internet Everywhere If not everywhere, pretty darn close to everywhere. There are always going to be third-world countries and submarines and dead spots. And broken Wi-Fi hot spots. But the prospect of LTE and 4G and (coming soon)...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. XXXXXXXXXXXXX
  5. Acknowledgments
  6. About the Author
  7. Foreword
  8. Introduction
  9. Chapter 1 Enterprise Mobility and MDM Essentials
  10. Chapter 2 Set Up Azure AD and MDM
  11. Chapter 3 MDM Profiles, Policies, and Groups
  12. Chapter 4 Co-Management and Co-Policy Management
  13. Chapter 5 MDM Migration and MDM Troubleshooting
  14. Chapter 6 Deploying Software and Scripts
  15. Chapter 7 Enterprise State Roaming and OneDrive for Business
  16. Chapter 8 Rollouts and Refreshes with Configuration Designer and Autopilot
  17. Chapter 9 Windows 10 Health and Happiness: Servicing, Readiness, Analytics, and Compliance
  18. Chapter 10 Security with Baselines, BitLocker, AppLocker, and Conditional Access
  19. Chapter 11 MDM Add-On Tools: Free and Pay
  20. Index
  21. End User License Agreement