MD-102T00 Microsoft 365 Endpoint Administrator
5 Days Course • Instructor-Led Training • Intermediate
Course Overview
In this course, students will learn to plan and execute an endpoint deployment strategy using
contemporary deployment techniques and implementing update strategies.
The course introduces essential elements of modern management, co-management approaches,
and Microsoft Intune integration. It covers app deployment, management of browser-based
applications, and key security concepts such as authentication, identities, access, and compliance
policies.
Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for
Endpoint are explored to protect devices and data.
Audience Profile
The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing,
managing, and monitoring devices and client applications in a corporate setting. Their duties
include managing identity, access, policies, updates, and apps. They work alongside the M365
Enterprise Administrator to develop and execute a device strategy that aligns with the
requirements of a modern organization.
Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess
extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as
well as non-Windows devices. Their role emphasizes cloud services over on-premises
management technologies.
Pre-Requisite
The Modern Desktop Administrator must be familiar with M365 workloads and must have strong
skills and experience of deploying, configuring, and maintaining Windows 11 and later, and non-
Windows devices.
1
� Course Outline
28 Modules
Module 01 – Explore the Enterprise Desktop
This module covers modern endpoint management and enterprise desktop lifecycle concepts. It
teaches the stages of the lifecycle (planning, deployment, maintenance) and provides a
foundation for future learning.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the benefits of Modern Management.
Ø Explain the enterprise desktop life-cycle model.
Ø Describe considerations for planning hardware strategies.
Ø Describe considerations for post-deployment and retirement.
Module 02 – Explore Windows Edition
This module covers Windows OS editions, features, and installation methods. Learners gain a
deeper understanding of the available editions and corresponding installation processes.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain the differences between the different editions of Windows.
Ø Select the most suitable Windows device for your needs.
Ø Describe the minimum recommended hardware requirements for installing Windows 11.
2
� Course Outline
28 Modules
Module 03 – Manage Azure Active Directory Identities
This module teaches how to use Azure AD effectively. You'll learn about RBAC, user roles, creating
and managing users and groups, using PowerShell cmdlets, and synchronizing objects from AD DS
to Azure AD.
Learning Objectives
Ø After completing this module, you'll be able to:
Ø Describe RBAC and user roles in Azure AD.
Ø Create and manage users in Azure AD.
Ø Create and manage groups in Azure AD.
Ø Use Windows PowerShell cmdlets to manage Azure AD.
Ø Describe how you can synchronize objects from AD DS to Azure AD.
Module 04 – Manage Device Authentication
In this module, you learn about device authentication and management in Azure Active Directory
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Azure AD join.
Ø Describe Azure AD join prerequisites, limitations and benefits.
Ø Join device to Azure AD.
Ø Manage devices joined to Azure AD.
3
� Course Outline
28 Modules
Module 05 – Enroll Devices Using Microsoft Configuration Manager
This module introduces students to client deployment options and some of the high-level
management and monitoring options that are available using Configuration Manager.
Learning Objectives
Ø After completing this module, you'll be able to:
Ø Describe Microsoft Endpoint Manager.
Ø Understand the advantages of managing a client with Configuration Manager.
Ø Deploy the Configuration Manager client.
Ø Monitor the Configuration Manager client.
Ø Manage Configuration Manager devices.
Module 06 – Enroll Devices Using Microsoft Intune
Students will learn how to configure and setup Intune to more easily manage Windows, Android,
and iOS devices.
Learning Objectives
After completing this module, you'll be able to:
Ø Prepare Microsoft Intune for device enrollment.
Ø Configure Microsoft Intune for automatic enrollment.
Ø Explain how to enroll Windows, Android and iOS devices in Intune.
Ø Explain when and how to use Intune Enrollment Manager.
Ø Understand how to monitor and perform remote actions on enrolled devices.
4
� Course Outline
28 Modules
Module 07 – Execute Device Profiles
Students learn about the various types of device profiles, and how to create and manage them.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the various types of device profiles in Intune.
Ø Explain the difference between built-in and custom profiles.
Ø Create and manage profiles.
Module 08 – Oversee Device Profiles
This module introduces students to monitoring profiles to ensure correct assignments and resolving
conflicts when multiple profiles are applied.
Learning Objectives
After completing this module, you'll be able to:
Ø Monitor the assignments of profiles.
Ø Understand how profiles are synchronized and how to manually force synchronization.
Ø Use PowerShell to execute and monitor scripts on devices.
5
� Course Outline
28 Modules
Module 09 – Maintain User Profiles
Students learn about the benefits of various Windows user profiles, how to manage them, and how
to facilitate profile data synchronization across multiple devices.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain the various user profile types that exist in Windows.
Ø Describe how a user profile works.
Ø Configure user profiles to conserve space.
Ø Explain how to deploy and configure Folder Redirection.
Ø Explain Enterprise State Roaming.
Ø Configure Enterprise State Roaming for Azure AD devices.
Module 10 – Execute Mobile Application Management
This module introduces Mobile Application Management (MAM). Students will learn about
considerations for implementing MAM and will be introduced to the management of MAM using
Intune and Configuration Manager.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain Mobile Application Management
Ø Understand application considerations in MAM
Ø Explain how to use Configuration Manager for MAM
Ø Use Intune for MAM
Ø Implement and manage MAM policies
6
� Course Outline
28 Modules
Module 11 – Deploy and Update Application
In this module, you'll master deploying applications using Intune, Configuration Manager, Group
Policy, and Microsoft Store Apps. These powerful tools and techniques will equip you to manage and
maintain diverse applications across your organization effectively.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain how to deploy applications using Intune and Configuration Manager
Ø Learn how to deploy applications using Group Policy
Ø Understand Microsoft Store Apps
Ø Learn how to deploy apps using Microsoft Store Apps
Ø Learn how to configure Microsoft Store Apps
Module 12 – Administer Endpoint Applications
In this module, you're introduced to managing apps on Intune managed devices. The module will
then conclude with an overview of how to use IE Mode with Microsoft Edge.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain how to manage apps in Intune
Ø Understand how to manage apps on non-enrolled devices
Ø Understand how to deploy Microsoft 365 Apps using Intune
Ø Learn how to configure and manage IE mode in Microsoft Edge
Ø Learn about app inventory options in Intune
7
� Course Outline
28 Modules
Module 13 – Protect Identities in Azure Active Directory
This module introduces students to the various authentication methods used to protect identities.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Windows Hello for Business
Ø Describe Windows Hello deployment and management
Ø Describe Azure AD Identity Protection
Ø Describe and manage self-service password reset in Azure AD
Ø Describe and manage multi-factor authentication
Module 14 – Enable Organization Access
This module describes how clients can be configured to access organizational resources using a
virtual private network (VPN).
Learning Objectives
After completing this module, you'll be able to:
Ø Describe how you can access corporate resources
Ø Describe VPN types and configuration
Ø Describe Always On VPN
Ø Describe how to configure Always On VPN
8
� Course Outline
28 Modules
Module 15 – Implement Device Compliance
This module describes how to use compliance and conditional access policies to help protect
access to organizational resources.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe device compliance policy
Ø Deploy a device compliance policy
Ø Describe conditional access
Ø Create conditional access policies
Module 16 – Generate Inventory and Compliance Reports
This module describes how to use Microsoft Endpoint Manager and Power BI to create compliance
and custom reports.
Learning Objectives
After completing this module, you'll be able to:
Ø Generate inventory reports and Compliance reports using Microsoft Intune
Ø Report and monitor device compliance
Ø Create custom reports using the Intune Data Warehouse
Ø Use the Microsoft Graph API for building custom reports
9
� Course Outline
28 Modules
Module 17 – Deploy Device Data Protection
This module describes how you can use Intune to create and manage WIP policies that manage
this protection. The module also covers implementing BitLocker and Encrypting File System.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Windows Information Protection
Ø Plan for Windows Information Protection usage
Ø Implement and use Windows Information Protection
Ø Describe the Encrypting File System (EFS)
Ø Describe BitLocker
Module 18 – Manage Microsoft Defender for Endpoint
This module explores using Microsoft Defender for Endpoint to provide additional protection and
monitor devices against threats.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Microsoft Defender for Endpoint
Ø Describe key capabilities of Microsoft Defender for Endpoint
Ø Describe Microsoft Defender Application Guard
Ø Describe Microsoft Defender Exploit Guard
Ø Describe Windows Defender System Guard
10
� Course Outline
28 Modules
Module 19 – Manage Microsoft Defender in Windows Client
This module explains the built-in security features of Windows clients and how to implement them
using policies.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Windows Security capabilities
Ø Describe Windows Defender Credential Guard
Ø Manage Microsoft Defender Antivirus
Ø Manage Windows Defender Firewall
Ø Manage Windows Defender Firewall with Advanced Security
Module 20 – Manage Microsoft Defender for Cloud Apps
This module covers Microsoft Defender for Cloud Apps, focusing on securing sensitive data, its
relevance in dynamic work settings, and effective utilization for improved security posture.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe Microsoft Defender for Cloud Apps
Ø Plan for Microsoft Defender for Cloud Apps usage
Ø Implement and use Microsoft Defender for Cloud Apps
11
� Course Outline
28 Modules
Module 21 – Access Deployment Readiness
Discusses some of the tools that you can use to perform detailed assessments of existing
deployments, and describes some of the challenges that you may face.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the guidelines for an effective enterprise desktop deployment.
Ø Explain how to assess the current environment.
Ø Describe the tools that you can use to assess your current environment.
Ø Describe the methods of identifying and mitigating application compatibility issues.
Ø Explain considerations for planning a phased rollout.
Module 22 – Deploy Using The Microsoft Deployment Toolkit
Discusses the shifts from traditional to modern management and where on-premises solutions
best fit in today’s enterprise.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the fundamentals of using images in traditional deployment methods.
Ø Describe the key benefits, limitations, and decisions when planning a deployment of -
Windows using Microsoft Deployment Toolkit (MDT).
Ø Describe how Configuration Manager builds upon MDT and how both can work in harmony.
Ø Explain the different options and considerations when choosing the user interaction
experience during deployment, and which methods and tools support these experiences.
12
� Course Outline
28 Modules
Module 23 – Deploy Using Microsoft Configuration Manager
This module explains the common day to day tasks that Administrators would use Configuration
Manager to perform.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the capabilities of Configuration Manager.
Ø Describe the key components of Configuration Manager.
Ø Describe how to troubleshoot Configuration Manager deployments.
Module 24 – Deploy Devices Using Windows Autopilot
Use Autopilot to deploy new hardware or refreshing an existing hardware with the organization’s
desired configuration, without using the traditional imaging process.
Learning Objectives
After completing this module, you'll be able to:
Ø Explain the benefits of modern deployment for new devices.
Ø Describe the process of preparing for an Autopilot deployment.
Ø Describe the process of registering devices in Autopilot.
Ø Describe the different methods and scenarios of Autopilot deployments.
Ø Describe how to troubleshoot common Autopilot issues.
Ø Describe the process of deployment using traditional methods.
13
� Course Outline
28 Modules
Module 25 – Implement Dynamic Deployment Methods
Use dynamic provisioning methods such as Subscription Activation, Provisioning packages, and
Azure AD join to reconfigure an existing operating system.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe how Subscription Activation works.
Ø Describe the benefits of Provisioning Packages.
Ø Explain how Windows Configuration Designer creates Provisioning Packages.
Ø Describe the benefits of using MDM enrollment with Azure AD join.
Module 26 – Plan a Transition to Modern Endpoint Management
Explore considerations and review the planning of transitioning to modern management, focusing
on migration and newly provisioned devices.
Learning Objectives
After completing this module, you'll be able to:
Ø Identify usage scenarios for Azure AD join.
Ø Identify workloads that you can transition to Intune.
Ø Identify prerequisites for co-management.
Ø Identify considerations for transitioning to modern management.
Ø Plan a transition to modern management using existing technologies.
Ø Plan a transition to modern management using Microsoft Intune.
14
� Course Outline
28 Modules
Module 27 – Manage Windows 365
This module teaches managing Microsoft's cloud-based PC management solution, Windows 365,
offering personalized, secure Windows 11 experience from any device. Learn features, setup,
management, security, deployment options, and licensing to optimize your environment.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the key features of Windows 365
Ø Describe the Windows 365 management experience
Ø Describe the Windows 365 security model
Ø Describe the Windows 365 deployment options
Ø Describe the Windows 365 licensing model
Module 28 – Manage Azure Virtual Desktop
Learn to manage Azure Virtual Desktop, a cloud-based VDI solution providing personalized, secure
Windows 11 experiences. Understand key features, management, security, and deployment options
for optimizing your environment.
Learning Objectives
After completing this module, you'll be able to:
Ø Describe the key features of Azure Virtual Desktop
Ø Describe the Azure Virtual Desktop management experience
Ø Describe the Azure Virtual Desktop security model
Ø Describe the Azure Virtual Desktop deployment options
15
