Managing Windows 11

Devices with Microsoft

Intune and Autopilot

Microsoft
Version 2306
Services
Module Overview
• Lesson 1: Introduction
• Lesson 2: Advanced Management
• Lesson 3: Subscriptions and Licensing
Lesson 1: Introduction
• Learn about the new challenges in IT
 Microsoft Intune
A unified solution to manage endpoints anywhere

Simplify endpoint management Protect a hybrid workforce Power better user experiences
Imagine if… SIMPLIFY ENDPOINT MANAGEMENT
…you could simplify your IT processes
and reduce complexity and costs

Today The future powered by Microsoft Intune.

• Multiple tools Management and Complete visibility Manage any device, Increase IT
security tools in a and actionable data regardless of efficiency and
• Limited resources for single solution ownership reduce cost
IT
• Limited cross
visibility
Manage cross-platform endpoints SIMPLIFY ENDPOINT MANAGEMENT
Day-in-the-life scenario

Paul needs to Paul realizes he can He can also use Paul saves time and
support workers’ manage most Intune for devices on money with a single
devices and premises and BYO. solution for most
device preferences.
majority of OSs endpoints.
within Intune.

Paul | IT administrator
Unified management saves SIMPLIFY ENDPOINT MANAGEMENT

time and resources

Reduced IT time frees up more

Centrally manage on-premises and
than $479,000 in human capital
cloud-based endpoints.
to apply to under-resourced
Empower advanced endpoint projects.*
management and security tools
from
a single, cloud-powered solution.

Reduce costs across hardware,

licensing, maintenance.

**“The Total Economic Impact™ Of Microsoft Endpoint

Manager,”
commissioned by Microsoft, Forrester Consulting, April 2021.
Proactive visibility and control SIMPLIFY ENDPOINT MANAGEMENT

Know the health, compliance,

and security status of any device.

Secure access to cloud and on-prem

apps.

Proactively manage updates,

patching,
and policy across platforms and apps.
Imagine if… PROTECT A HYBRID WORKFORCE
…you could protect hybrid
workers with integrated
management and security

Today The future powered by Microsoft Intune.

• Growing attack Data protection Risk-based policies Controls to enable Integrated endpoint
surfaces regardless of for conditional threat protection security and
enrollment access across platforms compliance for Zero
• Frequency of
Trust
security breaches
• Complex corporate
devices, BYOD,
shared devices
Securing people and devices PROTECT A HYBRID WORKFORCE
Day-in-the-life scenario

Both Tony and Patti Patti can deploy and Transparency gives Tony and Patti
care about endpoint adjust security Tony the ability to collaborate to
configurations. avoid security ensure endpoint
performance.
configuration conflicts security.
with device
configurations.

Tony | IT manager

Patti | Security manager

Endpoint security is PROTECT A HYBRID WORKFORCE

integral to a Zero Trust

approach

Verify user identities with strong

authentication methods.

Allow only verified apps and devices Microsoft Intune

access to cloud and on-prem
resources. Defender for Azure Active
Endpoint Directory
Reduce risk with data protection on
all devices regardless of ownership
Proactive detection and response PROTECT A HYBRID WORKFORCE

Improved security adds $1.2 million

to the bottom line.*

Automatically investigate alerts,

remediating threats faster.

Stop malicious activity from

trusted and untrusted
applications.

Revoke access to exploited

resources in near real time.

*”The Total Economic Impact™ Of Microsoft Endpoint Manager,”

commissioned by Microsoft, Forrester Consulting, April 2021.
Improve security with automatic PROTECT A HYBRID WORKFORCE
Day-in-the-life scenario
updates

Beverley wants to Josh must evaluate With Windows Beverley gets

understand how updates and schedule Autopatch, Josh can detailed
the rollout process in delegate updating to compliance reports
device update
addition to addressing Microsoft. – and Josh’s team
compliance impacts competing priorities. has increased
their security posture. capacity to address
other needs.

Beverley | Security manager

Josh | IT manager
Keep current, stay secure PROTECT A HYBRID WORKFORCE

Automated updating gives time back

to IT admins and peace of mind to
security teams

Trust Microsoft to manage

updates for Windows and
Microsoft 365

Harden your posture against

exploits and ransomware

Transparency and reporting keep

you in control

Microsoft leverages insights to

proactively address challenges
and limit interruptions
Imagine if… POWER BETTER USER EXPERIENCES
…you could empower end-user needs,
no matter the workplace, no matter the
endpoint

Today The future powered by Microsoft Intune.

• Fragmented Insights and Windows Integrated protection Zero-touch

technology proactive experiences: native, across virtually all deployments and
experience recommendations virtual Cloud PC, or endpoints frictionless access
BYOD
• Access challenges
• Devices not
customized for roles
and needs
Support Frontline Workers with POWER BETTER USER EXPERIENCES

remote troubleshooting
Day-in-the-life scenario

Miguel, a member of Miguel initiates a He can see the Miguel’s remote

the helpdesk team, Remote Help* employee’s access is verified in
needs to troubleshoot session from within environment and the background by
application access for Microsoft Intune. perform remote Microsoft Intune
one of the branch troubleshooting and Azure Active
employees. actions. Directory, limiting
security risks.

Miguel | Helpdesk staff

*Remote Help service is a premium add-on feature

Streamline endpoint experiences POWER BETTER USER EXPERIENCES

for remote and temporary

workforces

Zero-touch deployment provides

Windows 365
employees ready-to-use, secured
devices.

Automation enables IT to set up the

process and scale to distributed
workforce.

Provide virtual or cloud-delivered

endpoint experiences to rapidly
80% deployment time saved with
onboard workers using their own
Microsoft Intune.*
devices.

*“The Total Economic Impact™ Of Microsoft Endpoint Manager,” a commissioned study

conducted by Forrester Consulting, April 2021. Forrester based all savings estimates on
the composite organizations developed for its TEI studies.
Proactively manage the POWER BETTER USER EXPERIENCES

quality of user experiences

Use app and device health scores to

improve the everyday experiences of
end users with Endpoint analytics.

Remediate issues before they impact

end users and provide Remote Help* for
live troubleshooting.

Provide unobtrusive application

protection with unified mobile
application management.

*Remote Help service is a premium add-on feature

Transitioning to modern management
Adopt & Connect Transition to Modern

ConfigMgr DPs to cloud content delivery

Modernize Apps

Kerberos to modern auth

GPO to MDM policy

Imaging to AutoPilot

WSUS to WUfB Modernizing with co-management

(ConfigMgr+AD and Intune+Azure
Adopt Windows 10/11 AD)

Adopt Microsoft 365 Apps

AD/Azure
AD Connect

Today Timelines are for

illustration purposes
only
Roadmap to Windows Modern
Management

Tradition
On-prem Active Endpoint Management Operating System

al
Group Policies
Directory Configuration Custom Image
Deployment
Logon Scripts Manager PXE / USB
File Shares WSUS
Office MSI

Hybrid
Hybrid AAD Endpoint Operating System
File
JoinShares -> Co-Management
Management Windows Autopilot Pilot
Deployment
OneDrive for Microsoft 365 Apps
Business

Modern
Azure AD Join Endpoint Operating System
OneDrive for Business Intune managed
Management Deployment
Microsoft 365 Apps Windows Autopilot
Identity protection
MDM Policies Windows Update for
Business

This workshop focusses on the GREEN

Lesson 2: Advanced Management
• Learn about advanced Intune features and
technologies
 Current situation
g together mission-critical management and security tools into a single, cloud-powered solutio

Microsoft Intune Adjacent

solutions

Device Application
Enrollment Management

Updates Conditional Scenario

and Access Gaps
Compliance

Security
Policy and Data
Enforcement Protection
 The vision to deliver value over
time
together mission-critical management and security tools into a single, cloud-powered solution

Manage endpoint privilege and

Provide secure, remote assistance
elevation

Enable VPN access on unenrolled Microsoft Simplify certificate management in

mobile BYOD the cloud
Intune

Automated vulnerability management Optimize experiences based on

(+TVM) Microsoft Cloud data

Simplify endpoint Protect hybrid workforce Power better user experiences

management Strengthen your Zero Trust security posture Increase satisfaction
Reduce TCO
The approach
Announce the vision and
Launch bundled
intent
suite

2022 Subsequent Add-ons launch over the next ~12+

months

Add-on
Intune Remote
2
Help Add-on 3
Add-on Add-on 4
Add-on 5
Add-on 6

As solutions are delivered … Reduce cost and complexity

• Unify value-added solutions in Intune • Adopt the cost-effective bundled suite
• Save IT resources with one management control • Adopt any combination of the individual
console Add-ons
• Reduce overhead and cost with vendor
consolidation
• Improve security posture with the scale of the
Lesson 3: Subscriptions and Licensing
• Learn about possible moves to modern
management
 Microsoft 365 Enterprise
Microsoft 365 Apps for Enterprise Mobility+ Windows 10/11 Enterprise
enterprise Security
Chat-centric workspace Identity & Access Management Advanced Endpoint Security
Email & Calendar Identity Driven Security Designed For Modern IT
Voice, Video & Meetings Managed Mobile Productivity More Productive
Office applications/ co- Information Protection Powerful, Modern devices
authoring

E3
• Access the Microsoft 365 core products and features to securely enhance
workplace productivity and drive innovation.

• This plan includes all E3 capabilities, plus advanced security, voice, and data
E5 analysis tools. These include Defender for Office 365, security tools, and
collaboration tools.

F3
• Connect with your first-line workers through purpose-built tools and resources
that they can use to help them do their best work.
Enterprise Mobility + Security (EMS)
EMS is a core component of Microsoft 365
• The most trusted identity and access management solution in the market
Azure Active Directory that helps you safeguard user credentials and connect people securely to the
apps they need

• Cloud-based unified endpoint management, access management, and data

Microsoft Intune protection. Also managing on-premises PCs, servers with Configuration
Manager.

Microsoft Information • Cloud-based data classification, tracking, protection, and encryption.

Protection

• Cloud-based solution that helps protect your organization’s identities from

Microsoft Defender for Identity multiple types of advanced targeted cyberattacks.

Microsoft Defender for Cloud • Cloud access security broker with discovery, behavioral analytics, risk
Apps assessment, data protection, and threat protection.
Intune Plan1 > Plan 2 > Intune Suite
• Microsoft Intune now offers
Intune add-ons
• Can be found under Tenant
administration – Intune add-ons

• Some add-ons can be licensed

standalone
Lab: Setup virtual
machines and cloud
subscriptions

Your lab on demand will contain

all necessary trial licenses.
 MMWS_Host (Windows 11 + Hyper-
V)
Lab on Demand Platform

Client 1 Client 2 Client 3

Lab Overview
Windows 11 Pro VM Windows 11 Pro VM Windows 11 Pro VM
Manual AAD join Autopilot Client
Work/school Account
Module Summary
• Understand the changes driving the IT change
• Understand how Microsoft can help addressing
this change
• Learn about Intune and Advanced Management
• Learn about the components of Microsoft 365
© 2023 Microsoft Corporation. All rights reserved.