Modern Work Week

FY21/Q4
https://aka.ms/modernworkweekjuni
Modern Management -
Microsoft Endpoint
Manager deep dive
Jens Grabow
Simon Taylor
Sebastian Meiforth
 Microsoft Endpoint Manager
A cloud-enabled transformative platform for unified and secure endpoint management

Cloud-driven
Intelligence

Unified admin console

Configuration Manager Microsoft Intune
Microsoft Autopilot
endpoint Desktop Analytics App Protection Policies Endpoint Analytics
Endpoint Security
manager
Other endpoint management capabilities in Microsoft 365
Reference Architecture
Enrolled in Intune Azure
O365 M365

MDM Microsoft Intune

Client Apps Office Resource Device Widows Update Device Endpoint

Click-to-run Access Configuration For Business Compliance Protection
Apps Policies Policies Policies Policies Policies
MDM
Joined to AD Registered in AAD
Internet Enrolled in Intune Apps Policy
Workloads Workloads
On-premises

Windows 10
Intune Console
Configmgr Agent Client Apps Office
Click-to-run
Resource
Access
Device Widows Update Device
Configuration For Business Compliance
Endpoint
Protection
Apps Policies Policies Policies Policies Policies

Configmgr Agent
Legacy clients
Configuration Manager
Configuration
Manager Console

Windows 7/8.x
Microsoft Endpoint Manager Key Capabilities

Secure and Intelligent Streamlined and Flexible Maximizes Investment

Native integration with cloud-powered security Flexible support for diverse corporate and BYOD Maximize your investment and accelerate time
controls and risk-based conditional access for scenarios while increasing productivity and to value with fast rollout of services and devices
apps and data collaboration with end-to-end integration across familiar
Microsoft stack

Intelligent Risk-based Unified Zero Touch Advanced Deep Microsoft 365

Security Control Management Provisioning Analytics Integration
Windows Hello, Endpoint Compliance Mobility and PC Windows Autopilot Technology Experience Role Based Admin
Attestation and Risk Management Android Enterprise Score Graph API
Security Baselines Conditional Access M365 Admin Center Apple ADE Desktop Analytics PowerShell
BitLocker Management App Protection Policy Guided Deployments Samsung Knox Log Analytics Audit
Advanced Threat Third Party Risk and Office 365 Pro Plus Mobile Enrollment Real Time Advanced Cloud Content
Protection Compliance Signaling Edge Threat Detection Optimization
Productivity Score Dynamic User Risk
Assessment
Mobility
Why choose Microsoft?

Most complete Most secure Fastest time to value

Transform how you Apply conditional Maximize user productivity

manage iOS, Android, access and security with fast roll-out of new
macOS, and Windows controls for all apps services and out-of-box
devices, powered by the and data, on corporate integration with Microsoft
Microsoft intelligent cloud and personal devices architecture and apps
Transform IT delivery and
device management

Zero-touch IT provisioning for all

devices using Windows Autopilot,
Apple Business Manager, or Android
Enterprise

App lifecycle management for

in-house (LOB) apps, public store
apps, and traditional Win32 apps

Depth of configuration and security

controls across any device
Secure apps and data in the
modern workplace

Respond to internal and external

threats with real-time risk-analysis
before access to company data

Protect corporate data before, during

and after they are shared, even outside
the company

Extensive visibility and intelligent

cloud-powered insights to improve
end-to-end security posture
Maximize user productivity

Deliver native app experiences that

work and feel natural on any platform

Simplify access to resources

employees need with single sign-on,
for faster service roll-out

Enable Office apps that users

love on mobile devices, without
compromising data security
Transform Device
Management

Most complete
Microsoft simplifies mobile and PC management

Modernize device
and OS provisioning

Simplify app lifecycle

Complete management
Management
Platform
Consolidate security
policies and settings
 Modern desktop provisioning with Windows Autopilot

Register devices Autopilot profile sync

Existing PC estate Autopilot Service Intune and Azure AD

IT Admin Register devices, Self-deploy

configure profiles

New PC vendor New Devices User

Deliver direct to Employee

Provision new devices direct Upgrade existing devices, Lower IT effort and cost;
to employees, ready for use reimaged with Autopilot user gets productive faster
 Modern device provisioning for iOS, macOS, Android

EMS +

Apple iOS macOS macOS Android

(with Jamf)

Device Enrollment Program Deploying cert and settings Intune MDM features + Android Enterprise (ZTE)
Apple School Manager Zero-touch (DEP) Extensive inventory Samsung Knox (KME)
Apple Business Manager Conditional access Scripting support Kiosk mode
Supervised Mode Device wipe, encryption Depth of security controls Work Profiles
Intune APP managed Self-service controls Intune APP managed
 Simplify Windows application lifecycle management

Deploy Win32 apps, line- Application compatibility Intune leverages Windows

of-business (LOB) apps, assurance using desktop 10 cloud management
and Microsoft store apps analytics capabilities
from the cloud
 Simplify Managed Google Play store integration

IT control over what Managed app Consistent end user

apps end users can configuration; including experience for LoB (in-
install in work context silent installs for house) and Store apps; app
‘required’ apps badging in Work Profile
 Simplify Managed Google Play store integration

IT control over what Managed app Consistent end user

apps end users can configuration; including experience for LoB (in-
install in work context silent installs for house) and Store apps; app
‘required’ apps badging in Work Profile
 Simplify managed app lifecycle for iOS and macOS

Distribute purchased apps Revoke assigned VPP Simplified setup for EDU
from the app store (VPP) licenses for target app, with Apple School
device, or token Manager
 On managed devices, Intune can
manage hundreds of 3rd party apps
Demo
App deployment
Simon Taylor
Most Trusted
Workplace

Most secure
Protect your data on virtually any device with Intune

Mobile Device Enroll devices for

management
Provision settings,
certs, profiles
Management (MDM)
Conditional Access: Report & measure Remove corporate
Restrict access to managed device compliance data from devices
and compliant devices

Mobile Application Publish mobile

apps to users
Configure and
update apps
Management (MAM)
Conditional Access: Report app Secure & remove
inventory & usage corporate data within
Restrict which apps can be mobile apps
used to access email or files
Corporate data
Multi-identity
App protection policies
Personal data
policy
for personal devices

Enables bring-your-own (BYO) and

Managed apps
personal devices at work where users
may be reluctant to “enroll” their device

Ensures corporate data cannot be

copied and pasted to personal apps
within the device
Personal apps

Intune App Protection policies are

useful to protect Office 365 apps where
devices are unmanaged or managed by
3rd party
 Intune-enlightened apps
provide the best control, with
or without enrollment.

Check back frequently…

we are constantly adding new apps to this list
Demo
MAM
Simon Taylor
Conditional access to data
with real-time risk analysis
Conditions Controls
10TB
Employee and Allow
Define contextual policies at the Partner Users Session
access
Risk
user, location, device, and app levels Machine
Limit
Trusted and learning 3
Compliant Devices access

Controls adapt to real time

conditions based on monitoring Real time
Require
MFA

of perceived risks Evaluation

Engine
Force
password
Risks calculated based on advanced Physical &
Virtual Location
Policies Effective
****** reset

Microsoft machine learning Client apps &

policy
Deny
Auth Method access
Control what happens after data has been accessed

Multi-identity Email
policy attachment

Corporate Personal
data data
Copy Paste Save

Paste to Save to
personal app personal storage

Azure Information Protection Separate company managed Intune APP ensure corporate
(AIP) empowers you to apps from personal apps, and data can’t be copied and
control how data is accessed set policies on how data is pasted to personal apps
from employee devices accessed from managed apps within the device
Intune threat protection for device risk-based conditional access

Threat protection EMS role:

partner detects: Intune evaluates compliance Allow Microsoft Azure
Azure AD enforces Conditional Access Enforce MFA
Malicious Apps Enroll device

Device manipulation

Network exploits
Block access
Wipe device
Data privacy violations

Microsoft Defender ATP integration

Mobile threat defense (MTD)

partners on iOS and Android
Improve security posture with cloud-powered analytics

Get insights from Simplify migration to Monitor device

Microsoft cloud Intune policy settings compliance and automate
machine-learning using security baselines remediation tasks
Stay secure with Microsoft Edge for iOS and Android
Designed for best secure browsing with Microsoft Intune policies

Security
Conditional Access
App Protection Policies

Productivity
Personal & Corporate
Identity Support
App Proxy, SSO

Manageability
Managed Favorites
& Home Shortcut
Blocked Sites
Demo
Conditional Access & Security Baselines
Simon Taylor
Accelerate Business
Productivity

Fastest time to value

 User-centered design for high user productivity
Comprehensive device settings ensure devices are
productivity-ready with minimal user set-up.

Automatic Configuration Resource

Enrollment app updates & compliance access
 User-centered design in the new Company Portal app

Search apps & books Enhanced filtering Custom branding Native experience
Search history with and without enrollment without Safari WebView
Self-service for more productivity,
fewer support calls

User can enroll or un-enroll devices at their

discretion using the Company Portal

Add SaaS and public store apps required by

your organization

Use self-service password or PIN reset

saving the user time and helpdesk costs

Join and manage groups without needing

to go through IT
Enable more business scenarios

New device-based subscription to

manage ‘things’ like digital signage,
public kiosks, and phone room devices

Enable device management controls for

devices not affiliated with any user-
identity at a lower cost

Works for shared devices used by

multiple users without login
All endpoints managed from a Microsoft 365 console

Microsoft 365 Microsoft 365

Admin Center Device Management
Demo
M365 Admin Center & Endpoint Manager Admin
Center
Simon Taylor
 Microsoft Technology Partners
Intune integrated partners enhance the Microsoft 365
user experience and protect your company resources

MOBILE THREAT DEFENSE SECURE RESOURCE ACCESS MANAGEMENT PARTNERS

Microsoft device management is for all organizations

Knowledge Firstline SMB Teachers/

Workers Workers Employee Students

Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365 Education

Enterprise F1 Business (Intune for Education)
Microsoft recognized
as a Leader*
175M+ managed devices
worldwide

115M+ seats installed base

* Source: Gartner, Magic Quadrant for Unified Endpoint Management Tools,

Chris Silva, Manjunath Bhat, et al, 6 August 2019
Disclaimer: This graphic was published by Gartner, Inc. as part of a larger
research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request from
https://aka.ms/IntuneMQ
Gartner does not endorse any vendor, product or service depicted in its
research publications, and does not advise technology users to select only
those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner’s research organization and
should not be construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research, including any
warranties of merchantability or fitness for a particular purpose.
Microsoft Intune compliance offerings
Help comply with requirements governing collection and use of individual's data
FastTrack for all Microsoft 365 customers
Team of engineers to help plan your deployment, included with every subscription

Deploy
new cloud
capabilities

Access
engineering
expertise

Gain user
adoption
Microsoft
Productivity Score
Productivity Score
Insights that transform how work gets done

Visibility
Understand how your
organization works

Actions Insights
Update skills and systems Identify where you can
so everyone can do enable improved
their best work experiences
Visibility
Productivity Score
 Organizational level score

 Comprised of People
Experiences and Technology
Experiences

 Measure progress with

six months of history

 Benchmark against others

organizations

 Set interim targets

Productivity Score
 Organizational level score

 Comprised of People
Experiences and Technology
Experiences

 Measure progress with

six months of history

 Benchmark against others

organizations

 Set interim targets

Productivity Score
 Organizational level score

 Comprised of People
Experiences and Technology
Experiences

 Measure progress with

six months of history

 Benchmark against others

organizations

 Set interim targets

People Experiences
Quantifies how the organization
works:
• Content Collaboration
• Mobility
• Communication
• Meetings
• Teamwork

Drives focus for what to change

Assigns equal points across
the categories
People Experiences
Quantifies how the organization
works:
• Content Collaboration
• Mobility
• Communication
• Meetings
• Teamwork

Drives focus for what to change

Assigns equal points across
the categories
Technology Experiences
Quantifies how well technology is
enabling a great user experience
though:
• Endpoint Analytics
• Network Connectivity
• Microsoft 365 Apps Health

Visibility into how user experience

and digital transformation are
impacted by underlying technology
performance factors
Points assigned to each category
individually, all of which contribute
to total score
Up to 6 months of history
Technology Experiences
Quantifies how well technology is
enabling a great user experience
though:
• Endpoint Analytics
• Network Connectivity
• Microsoft 365 Apps Health

Visibility into how user experience

and digital transformation are
impacted by underlying technology
performance factors
Points assigned to each category
individually, all of which contribute
to total score
Up to 6 months of history
Special Reports
Timely insights that help
measure impact and navigate
changes in the workplace that
are temporary in nature
Not factored in to score
Help understand the impact of
the sudden shift to remote work
Special Reports
Timely insights that help
measure impact and navigate
changes in the workplace that
are temporary in nature
Not factored in to score
Help understand the impact of
the sudden shift to remote work
Insights
People Experiences
 Primary insights show
different ways of working
that impact the score

 Evidence shows potential

benefits

 “Explore how your org”

provides contextual details
People Experiences
 Primary insights show
different ways of working
that impact the score

 Evidence shows potential

benefits

 “Explore how your org”

provides contextual details
People Experiences
 Primary insights show
different ways of working
that impact the score

 Evidence shows potential

benefits

 “Explore how your org”

provides contextual details
People Experiences
 Primary insights show
different ways of working
that impact the score

 Evidence shows potential

benefits

 “Explore how your org”

provides contextual details
People Experiences
 Primary insights show
different ways of working
that impact the score

 Evidence shows potential

benefits

 “Explore how your org”

provides contextual details
Endpoint Analytics
 Optimize PC startup
performance

 Proactively detect and

remediate common
support issues before
employees even notice

 Improve corporate access

for remote users with
recommended software
Endpoint Analytics
 Optimize PC startup
performance

 Proactively detect and

remediate common
support issues before
employees even notice

 Improve corporate access

for remote users with
recommended software
Network Connectivity
 Determine network
performance related to
Microsoft 365

 Understand adherence to
Microsoft network
configuration guidelines

 Define perimeter network

design - Local egress vs
backhauling to remote
datacenters
Network Connectivity
 Determine network
performance related to
Microsoft 365

 Understand adherence to
Microsoft network
configuration guidelines

 Define perimeter network

design - Local egress vs
backhauling to remote
datacenters
Network Connectivity
 Determine network
performance related to
Microsoft 365

 Understand adherence to
Microsoft network
configuration guidelines

 Define perimeter network

design - Local egress vs
backhauling to remote
datacenters
Microsoft 365
Apps Health
 Measures whether you the
best versions of Microsoft
365 apps deployed

 Calculates score based on

distribution of devices in
recommended update
channels

 How this has trended

over time.

 Insights into benefits of

recommended update
channels
Business Continuity
 Understand the shift to
remote work

 Data from Microsoft

Graph, usage analytics,
and Productivity Score

 Focuses on changes in
collaboration, wellbeing,
and sense of belonging

 Must have at least 100

email users to see report
Business Continuity
 Understand the shift to
remote work

 Data from Microsoft

Graph, usage analytics,
and Productivity Score

 Focuses on changes in
collaboration, wellbeing,
and sense of belonging

 Must have at least 100

email users to see report
Actions
People Experiences
Drive change in how work
gets done
• Raise awareness
• Plan training
• Enable features/services
• Update configurations

Correlate impact of technology

on people experiences
Measure progress of
change initiatives
People Experiences
Drive change in how work
gets done
• Raise awareness
• Plan training
• Enable features/services
• Update configurations

Correlate impact of technology

on people experiences
Measure progress of
change initiatives
People Experiences
Drive change in how work
gets done
• Raise awareness
• Plan training
• Enable features/services
• Update configurations

Correlate impact of technology

on people experiences
Measure progress of
change initiatives
People Experiences
Drive change in how work
gets done
• Raise awareness
• Plan training
• Enable features/services
• Update configurations

Correlate impact of technology

on people experiences
Measure progress of
change initiatives
Endpoint Analytics
 Optimize startup performance
(boot and sign-in times):
• Replace poorly performing hardware​

• Troubleshoot and perform root cause

analysis using device boot and sign-
in history

• Understand the impact of Group

Policy and tune policies on affected
devices

• See the impact of startup processes

on sign-in times

 Measure the impact of

changes (progress or
regressions) using baselines
Endpoint Analytics
 Optimize startup performance
(boot and sign-in times):
• Replace poorly performing hardware​

• Troubleshoot and perform root cause

analysis using device boot and sign-
in history

• Understand the impact of Group

Policy and tune policies on affected
devices

• See the impact of startup processes

on sign-in times

 Measure the impact of

changes (progress or
regressions) using baselines
Endpoint Analytics
 Apply proactive remediations
for common support issues
before employees even notice
• Detection script monitors for the
issue​

• Remediation script fixes the issue

when detected​

• Detailed reporting of issue scope

script effectiveness

 Use Microsoft-supplied scripts

or create your own
Endpoint Analytics
 Apply proactive remediations
for common support issues
before employees even notice
• Detection script monitors for the
issue​

• Remediation script fixes the issue

when detected​

• Detailed reporting of issue scope

script effectiveness

 Use Microsoft-supplied scripts

or create your own
Endpoint Analytics
 Scripts are accessed via the
Script Library, which
aggregates scripts from
various sources in a single
repository
• Microsoft-supplied scripts

• Custom scripts written in-house

Endpoint Analytics
 Scripts are accessed via the
Script Library, which
aggregates scripts from
various sources in a single
repository
• Microsoft-supplied scripts

• Custom scripts written in-house

Network Connectivity
Evaluate recommended actions
- deep dive into specific go-dos
using this documentation

Review available research

options to learn more about
specific issues affecting
locations

Engage others in IT:

• Drive awareness of findings
• Update configurations
• Get up to date on latest Microsoft
network configuration guidance
Network Connectivity
Evaluate recommended actions
- deep dive into specific go-dos
using this documentation

Review available research

options to learn more about
specific issues affecting
locations

Engage others in IT:

• Drive awareness of findings
• Update configurations
• Get up to date on latest Microsoft
network configuration guidance
Microsoft 365
Apps Health
 Exposes actions to allow
you to change update
channel settings for all
devices or groups of
devices

 Links to tailored solutions

based on organization size
and those with or without
Microsoft Endpoint View related content

Manager
Microsoft 365
Apps Health
Exposes actions to allow you
to change update channel
settings for all devices or
groups of devices

Links to tailored solutions

based on organization size
and those with or without
Microsoft Endpoint Manager

View related content

Business Continuity
Leverage data-driven best
practices to protect
wellbeing and empower
teams to do their best work
Discover how data can help
people and organizations
work smarter
Learn more about additional
Microsoft 365 solutions to
help the organization thrive
• Workplace Analytics
• MyAnalytics
Business Continuity
Leverage data-driven best
practices to protect
wellbeing and empower
teams to do their best work
Discover how data can help
people and organizations
work smarter
Learn more about additional
Microsoft 365 solutions to
help the organization thrive
• Workplace Analytics
• MyAnalytics
Demo
Productivity Score
Simon Taylor
Demo
On-demand ☺
Simon Taylor
 Solution website: aka.ms/endpointmanager

Zero-Trust overview (includes eBook): aka.ms/zero-trust

Resources
How-To documentation #MSIntune: aka.ms/device-security-docs

Co-management of Windows 10: aka.ms/comanagement

Zero-Trust device mgmt. overview: aka.ms/zero-trust-device

© Copyright Microsoft Corporation. All rights reserved.