Getting Started with Microsoft Endpoint Manager with Andy Malone MVP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] if you deploy mobile devices in your organization as part of microsoft 365 then you need to know microsoft endpoint manager but what is it how does it work well you've come to the right place welcome to this week's all you need to know [Music] hi i'm andy malone i'm a microsoft mvp and a microsoft certified trainer so in this week's all you need to know we're going to talk about microsoft endpoint manager recently be rebranded from microsoft used to be known as system center configuration manager and windows in tune and in fact many people still refer to it as that endpoint manager covers a lot of other things it allows you to not only deploy and manage devices but you can also manage and deploy applications on those devices as well now this alongside microsoft's other suite of security products is exactly as it says on the tin it provides not just the deployment capabilities but also security capabilities as well but i feel a need to show you a little bit more so let's take a look at microsoft endpoint manager so first of all here we are in microsoft 365 and i'm going to go into the admin center and in the admin center i'm going to scroll down go into show all and we have a product here called endpoint manager first of all to get endpoint manager well first of all a couple of things you should know before we get into it and typically endpoint manager is part of microsoft's em and s add-on enterprise mobility and security or you can get it with an e5 subscription as well but also if you have an e3 an enterprise e3 product you can also bolt it as a standalone add-in as well now if you have got just basic microsoft 365 anyone gets mobile device management which is like a cut down version of endpoint manager which basically means that you can manage mobile devices but if you want to manage pcs and macs then you need endpoint manager so first of all i'm going to go in and let's have a look at the product so i am going to first of all we've got the dashboard here so again i'm just using some kind of demo data here so don't worry too much about that and you can see one of the things that we can do is we can deploy both devices and applications now in a previous video that i did i spoke about deploying applications in azure active directory this is separate to that but if you want to go and look at that you can go and check out that other video obviously um so first up then well three components really you've got devices you've got applications and you've got endpoint security the rest of it is just really managing reports checking managing users and groups and then we have this new tenant administration area here so let's first of all have a look at devices and with the devices of course and this is where i would um deploy my devices now to deploy a device in 365 what we mean by a managed and an unmanaged device is that basically what happens is i would set up a deployment profile and with that deployment profile it basically says okay if you're a windows ios a mac os or an android user if you want to gain access to micro to our corporate applications then your device needs to be enrolled in the organization now for that what happens is the user then gets prompted to go to their local app store and their app store will then download an agent onto that machine once that agent's installed as an administrator i can then go and manage that for my users so as an example i'm going to go into ios here so this is of course the apple uh deployment here and you can see if i had any devices this is where they would appear um i've got the ios enrollment now um for ios and android devices you need a a push what we call a push certificate now you uh get this from apple i'm just giving apple as an example here and what happens um they will give you a unique number so let's say for example you worked in a school and you wanted to give all the kids an ipad of for the school work so what you would do is you would typically enroll this certificate into your mobile device management endpoint management console then you would go off call your vendor and say i want to purchase two and a half thousand devices and they will ask you for this certificate number okay that then gets associated with the bills of those devices so in essence what i'd now do is i now go in and do the the configuration and with the configuration this is where i basically set up my devices with an enrollment profile so all my settings i'm just i've just got a kind of a test one here if you will um i've got a a test one so for example i can go into my user settings here and what that does any settings any deployment that i've set up any configuration settings for things like compliance and security so for example in compliance you might want to only allow specific versions of ios so you might not want older versions for example with a configuration profile you can see here is an example profile here this is where i can go in and for example i can configure all the different settings for example which apps do i want the user to see on their device do i want them to get access to wireless devices and so on do i want them how do i want them to enroll um or to for security uh i should say do you want them to use a fingerprint a facial recognition or do you want to use a pin so this is what we mean by configuration settings so once you've created the the profile for the device what happens then is you go into enroll that device so when when those ios devices arrive at the school you just hand them out to the kids totally shrink wrapped nothing taken off there's no hands on from an it guy this kid simply take the wrapping off them switch it on and immediately that device is associated with your certificate your id and then it will just go ahead and deploy all the software for you and configure it and it's that simple that's what makes this technology so powerful now in terms of um devices you can also for example if you've got windows 10 devices you can also again manage configurations for windows 10. so things like you might want to deploy scripts you might want to set up an enrollment policy one of the nice things is if you're using windows hello microsoft's biometric platform you can go ahead and you can deploy windows hello for business so simply with a couple of clicks i can go in here and i'm saying am i going to for example enforce or enable windows hello for business do i want to set a minimum or a maximum pin length um do i want to use uppercase lowercase letters am i going to allow biometric authentication so again windows biometric features absolutely fantastic so again you can set those settings up as per your security policy within your organization and it's that simple it really is um so when your users when they're domain joined i.e when they're joined to microsoft 365 and they can do that just by going to the school and workplace join on their windows 10 pc and they just basically put in their username and password and it will join them directly to microsoft 365 with nothing on premises no service to manage no services to manage and from then you can essentially manage those devices here okay so you can then for example set up what we call compliance policies so for example if it was an android device or an apple device you don't want jail broken devices on your network you might want to set a minimum and a maximum um version that you're going to allow um again you might want to deploy powershell script setup scripts in your environment okay so that is as i say that's the devices now what happens for example with ios and macos um if you know if you happen to have users who are using bring your own device absolutely great no problems at all you can use bring your own device and what we install what we enroll is a corporate um environment so a kind of a it's a application and it's like a corporate bubble if you will so all your corporate applications are deployed into this portal on the user's device and that basically prevents the device from interacting with users applications angry birds or whatever game that they're playing this week okay now the other thing that you can also do so i'm just going to go back to devices here and the other thing that you can also do is i can scroll down and you can see device cleanup so i can go in and set a rule to clean up a device maybe an employee leaves a company you can remove that device easily from that user and again the fact that you can manage all of these devices it absolutely rocks so again once you've enrolled the device you've got compliance policies so as i've mentioned them already you've also got conditional access policies as well so for example you may want users who are outside of the organization if they're going to use a particular app on a particular device in a particular location they have to meet certain conditions please note if you want to know more about conditional access there's a couple of videos on my youtube channel which go into this very in-depthly okay now the other type of as i mentioned you've got configuration policies conditional access policies and also uh those there now once you've deployed it of course we have a number of different reports so you can check out reports for example diagnostic settings you've got uh device compliance reports so you know i'm not allowing jail broken devices so how many jail broken devices have tried to get onto my network so once you've deployed those devices then it's the turn of deploying applications and to deploy applications you can deploy them by platform as it says and the other things that we've got here are the different types of policies for apps so for example an app protection policy basically is a set of rules which say okay you can only run this app on this device if you meet these certain conditions okay again we've got configuration policies here as well and again you've also got policies for office applications so again there are a large number of 365 office applications as well i mentioned that if a user leaves the company we've got this selective wipe here down at the bottom and one of the things that you can do is in a previous video i talked about the app stores and downloading apps and one of the things you might like to do is create a list of categories so when your users are browsing or when you add applications for your users you can add them into these categories and that's really nice and really easy to do so if i go into all apps here you can see that we have a nice list of the various uh types of applications and i can add more of course i can click on add and again i can choose which type of application and where it's coming from so from it for example from the ios app store or the android app store and you can add that application in here and then make it available to your users okay um again you can see that we have got for example here's my android apps so i can go into you know this is the current apps that i've deployed i can click onto the actual app itself and i can get details on the app so for example have any users had problems installing it what's the status is it currently running okay you there you've got the device install status here so it tells me if any users have failed to install you know sometimes users install things and maybe it doesn't quite go right so that's quite nice uh little report there um you've also got um you can deploy ebooks as well to your devices so you know if you want if you've got like training manuals um you can deploy those uh ebooks as well um and as i mentioned you've also got things like app protection policies which sit alongside things like conditional access so for example if if i if you're working in a secure location and i've got a mobile device if i'm not in the secure location then i can't open up that copy of the spreadsheet so you can only open a certain document on a certain application on a certain phone in a certain location it's so powerful and granular here now obviously once you've deployed your applications you can see here that we've got monitoring so this is great some apps of course have uh licenses and some apps come free but this is a great way to monitor the licenses and as i mentioned you've also got an install status so if it tells me if the app has been installed if it's not installed if there's problems and also if the app protection status has kicked in as well so you know are there any rules that are hitting if a user have problems for example so devices and apps another thing of course that if you're using an e5 or em and s subscription you obviously want to monitor security in your environment so this is um again fantastic set of tools so this comprises of azure threat protection and eop exchange online protection um you can set for example on your devices i might want to configure encryption so if you're using windows 10 for example you might go ahead here and create a windows 10 encryption policy requiring those devices to be encrypted again you might want to configure the firewall deploy some antivirus to your users and we've got an attack surface reduction tool here so closing down ports closing down surfaces services rather that your users really don't need to have again it's all about reducing the potential attack surface here you've got other features as well so again device compliance brings me back into compliance and if it detects any devices so if i've set up let's say a conditional access policy that bans jail broken devices then that is clearly a violation and this would hit here yes and so we can have a look at the compliance policy in a little bit more detail so um you can see that we've got the policy name here and then you've got the compliance settings so for example you need to have email configured let's say are you going to allow the user to set email up or not um what's the device health so again i want to definitely block uh jail broken devices on my system okay um require the device to be under the device threat level so again you might want to depending on the type of organization how secure is your organization and so on then of course you can set the minimum maximum os versions um for that and you can also choose your system security settings so for example yes this device definitely must have a password and you can set the minimum by the maximum lengths and so on so when the user enrolls this device all of these settings kick in these policies kick in and any um any situation where the user doesn't meet that compliance conditional access might then say i'm sorry that user is not getting on with this device or please report to an administrator and so on so endpoint i love endpoint security and again it's a three-step process um i might you you know in the future i might do this as a separate um video um because in fact it's it's pretty big in itself there is also tenant administration so this is where you can manage um all of your settings tenant wide that means everything all right um now again um again this is quite complex here and i don't really want to go into it in this introductory video so for the moment i am just going to kind of not go in to that that stuff there but next time i'll do another video on that for you so in essence um endpoint manager is a combination of three things it allows me to manage devices it allows me to manage apps and also endpoint security as well it also has fantastic reporting capabilities on things like device user compliance things like and you've got things like diagnostic settings so if users are having trouble there's a whole set of tools here for that you have it just a look at getting started with microsoft endpoint manager and a number of its components now if you want to know more about it then check out docs.microsoft.com and there is a wealth of training out there for it so i really hope though that this has given you a taster for the product remember if you've enjoyed the session click on that subscribe button on the bell so that you don't miss a thing and i'll see you next time okay have a great day thank you [Music] [Music] you
Info
Channel: Andy Malone
Views: 19,813
Rating: 4.9281435 out of 5
Keywords: Microsoftendpointmanage, microsoft365, MSLearn, Andymalone, MVPBuzz, microsoft 365, microsoft intune, microsoft intune tutorial
Id: H6BraYUeWhQ
Channel Id: undefined
Length: 22min 14sec (1334 seconds)
Published: Mon Jun 01 2020
Related Videos
Administering Microsoft Endpoint Manager Part 1
Andy Malone
9K
What Is Microsoft Intune? (Microsoft Endpoint Manager)
Harry Lowton
21K
S01E01 - Setting up your Microsoft Intune Tenant (I.T)
Intune Training
158K
Why was Facebook down for five hours?
Ben Eater
466K
Get Started with Microsoft Information Protection
Andy Malone
225
Microsoft Endpoint Manager updates with Brad Anderson | Microsoft Ignite 2020
Microsoft Mechanics
22K
Microsoft Endpoint Manager Intune Client Apps Part VIII Apps Android
Microsoft Endpoint Manager - Steve Rachui
312
Microsoft Endpoint Manager Intune Intro, Windows 10 Autopilot Enrolment, Hybrid Azure AD join Part 1
Cloud Inspired
11K
How to get started with Azure AD Conditional Access
Andy Malone
730
Music to put you in a better mood ~ lofi / relax / stress relief
Little Soul
3.2M
Microsoft Endpoint Manager: Bringing together SCCM and Intune capabilities (Microsoft Ignite)
Microsoft Mechanics
58K
What's NEW in Microsoft SharePoint Online for Admins
Andy Malone
965
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
12M
Microsoft Endpoint Manager
Silversandsltd
132
S01E02 - Setting up Windows Autopilot with Microsoft Intune - (I.T)
Intune Training
121K
Why Dutch Bikes are Better (and why you should want one)
Not Just Bikes
2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.