MD 102T00 ENU PowerPoint 08

Learning Path 8:
Deploy using cloud-

based tools
MD-102 Microsoft 365 Endpoint Administrator
© Copyright Microsoft Corporation. All rights reserved.

Learning Path Agenda
• Deploy Devices using Windows Autopilot
• Implement dynamic deployment methods
• Plan a transition to modern endpoint management
• Manage Windows 365
• Manage Azure virtual desktop

Module 1: Deploy Devices
using Windows Autopilot

Module 1: Deploy Devices using Windows Autopilot
• Use Autopilot for modern deployment
• Examine requirements for Windows Autopilot
• Prepare device IDs for Autopilot
• Implement device registration and out-of-the-box customization

• Examine Autopilot scenarios
• Troubleshoot Windows Autopilot

Use Autopilot for modern deployment
• No images, drivers, or infrastructure
• Customize the out-of-box-experience
• New devices typically have Windows 11 installed

– Autopilot can reconfigure device so re-image of OEM configuration should not be necessary
• Device refresh
– Autopilot can be used to reset device instead of using traditional methods

Use Autopilot for modern deployment
Comparing Autopilot with Traditional Methods
Traditional deployment Modern deployment

Deploys Windows 11 images Yes No
Can be used with any preinstalled

Yes No
operating system
Requires a previous Windows 11
No Yes
installation
Uses an on-premises infrastructure Yes No
Windows ADK, Windows

Windows Configuration
Deployment Services, Microsoft
Tools for preparing the deployment Designer and Windows
Deployment Toolkit (MDT), and
Autopilot
Microsoft Configuration Manager
Examine requirements for Windows Autopilot
Devices must have Windows 11 Devices must be registered to the

1 preinstalled: 4 organization:
• Windows Pro, Enterprise, or Education • Device-specific information uploaded to
the cloud
Devices must have internet connectivity: Organization must be using Azure AD

2 • Windows Autopilot is a cloud service
5 (Entra ID):
• It must also use Microsoft Store for
Business or Intune
Intune or other mobile device Access to required URLs

3 management service (optional): 6 • go.microsoft.com
• For managing deployed Windows 10 and • login.microsoftonline.com
later devices
• etc.

Prepare device IDs for Autopilot
• Windows Autopilot deployment process:
– Obtain hardware IDs of devices that you want to deploy.
– Upload the hardware IDs.
– Create a Windows Autopilot deployment profile.
– Apply the Windows Autopilot deployment profile to the devices or device groups.
• Manage Windows Autopilot in Intune

– Configure automatic mobile device management enrollment of Azure AD (Entra ID) member devices.
• Prepare a Microsoft Autopilot deployment

– Manage Windows Autopilot deployment using Intune or Microsoft Store for Business.
• Obtain or create device-specific CSV file

– CSV file required to deploy devices by using Windows Autopilot.
• Import a device hash directly into Intune

Prepare device IDs for Autopilot

Implement device registration and out-of-the-box
customization
Step 1 Step 2
Create a Windows Autopilot Apply a deployment profile
deployment file
• A required profile that specifies the • Until you apply the deployment profile,
settings to apply to the devices Windows Autopilot doesn’t manage the
• You can create and use multiple OOBE setup phase on the device
deployment profiles with Windows • Windows Autopilot takes control of the
Autopilot, but can only use a single profile OOBE setup phase on the devices to which
to deploy each device you apply the profile

Implement device registration and out-of-the-box
customization
Default OOBE setup phase OOBE setup phase with Windows Autopilot
Examine Autopilot scenarios
1 Windows Autopilot user-driven mode
2 Windows Autopilot Self-Deploying mode
3 Autopilot for existing devices
4 Windows Autopilot for pre-provisioned deployment
5 Windows Autopilot Reset

Troubleshoot Windows Autopilot
When troubleshooting Windows Autopilot, verify:

• Configuration
• Network connectivity
• Autopilot OOBE behavior
• Azure AD join issues
• MDM enrollment issues
Use Windows Autopilot Diagnostics

Troubleshoot Windows Autopilot
1 Troubleshooting Autopilot OOBE issues
2 Troubleshooting Azure AD (Entra ID) join issues
3 Troubleshooting Intune enrollment issues
4 Troubleshoot Device Import

Knowledge Check
Test your knowledge by answering the Knowledge Check

questions at the end of this Learn module
© Copyright Microsoft Corporation. All rights reserved. © Copyright Microsoft Corporation. All rights reserved.
Module 2: Implement dynamic
deployment methods

Module 2: Implement dynamic deployment methods
• Examine subscription activation
• Deploy using provisioning packages
• Use Windows Configuration Designer
• Use Azure AD (Entra ID) join with automatic MDM enrollment

Dynamic provisioning methods
Subscription activation Mobile Device Management Provisioning packages

Change the edition of Windows Auto-enroll existing Windows Apply configuration settings to a
devices to apply configuration Windows devices using either
policies and applications installed removable media or downloaded
directly to the device

Examine subscription activation
• Required to comply with licensing requirements
• Current volume activation methods

– Key Management Service (KMS).
– Multiple Activation Key (MAK).
– Active Directory-based activation.
• Windows Pro can be upgraded to Enterprise without reinstall or reboot
• Subscription Activation requirements

– Windows Pro/Pro Education/Enterprise/Education installed and activated.
– Instance of Azure AD (Entra ID) is available for identity management.
– Either Azure AD-joined or Hybrid Azure AD-joined devices.
• VDA Subscription Activation

Deploy using provisioning packages
• Apply configurations settings to Windows 10 or later devices using either removable media
or downloaded directly.
• Useful for BYOD scenarios, limited connectivity.
Installed software removal Edition upgrade Certificates
Management enrollment Add apps Accounts
Offline content Browser settings User interface customization
Connectivity settings Policies Assigned access

Use Windows Configuration Designer

Use Azure AD (Entra ID) join with automatic MDM
enrollment
• Similar concept to joining an on-premises AD DS domain
• Simplifies provisioning and support scenarios vs. using on-premises methods
• Applies to BYOD/CYOD scenarios
Using Azure AD(Entra ID) /MDM, you can:

• Join devices to Azure AD (Entra ID) automatically
• Auto-enroll your users’ devices into MDM services
• Configure the joined devices by using MDM policies

Knowledge Check

Module 3: Plan a transition
to modern endpoint
management

Module 3: Plan a transition to modern endpoint
management
• Explore using co-management to transition to modern management
• Examine prerequisites for co-management
• Evaluate modern management considerations
• Evaluate upgrades and migrations in modern transitioning
• Migrate data when modern transitioning
• Migrate workloads when modern transitioning

Explore using co-management to transition to modern
management
On-premises Active Directory or Microsoft Intune and Azure AD (Entra ID)

Configuration Manager and Active Directory
• Co-management simplifies the transition to modern management.

• Devices managed using both on-premises Active Directory and Azure Active Directory (Entra ID)
and Intune.
• Maximizes productivity through single sign-on (SSO) across cloud and on-premises resources.
• Intune enables you to manage policies on internet-connected devices without using Group
Policy that requires on-premises domain-joined devices.
Examine prerequisites for co-management
To enable co-management for on-premises Active Directory devices:

• Devices must be hybrid Azure AD (Entra ID) joined
• Latest Azure AD (Entra ID) connect installed and configured to sync computer accounts to Azure AD
• Intune MDM must be setup and configured for automatic enrollment
• Active Directory joined devices are using Windows 10 version 1709 or later
• Azure AD (Entra ID) automatic enrollment enabled
Transition workloads to Microsoft Intune:

• Resource access policies
• Windows Update policies
• Endpoint Protection
• Device Configuration

Evaluate modern management considerations
• Removes the imaging process wherever possible
• Transforms the existing operating system with little or no user interaction and without
deploying a new image
• Deploys faster, more efficiently, and with lower network utilization
• Requires Windows 11 or later on target device

– In-place upgrade is recommended for devices still running Windows 7 or 8.1
• Modern deployment can change an installed Windows 11 OS in many ways

– Removing pre-installed software
– Upgrading a Windows 11 edition
– Joining a Windows 11 device to AD DS or Azure AD

Microsoft Configuration Windows
MDT
Manager Autopilot
Require the creation of golden images Yes Yes No
Ability to rebuilt or reset the device Yes Yes Yes

Ability to perform a bare-metal build Yes Yes No
Can be used with any preinstalled
No No Windows 11 only
operating system
Installation of applications when device is
Yes Yes Yes
being built
Deployment of applications post build No Yes Yes
Yes – OneDrive/Enterprise
Migration of user data (USMT) Yes Yes
State Roaming(ESR)
Yes (in combination with
Perform an in-place upgrade Yes Yes Microsoft Configuration
Manager)
• Scenarios to consider using imaging with modern management:

– A device experiences a Blue Screen of Death (BSOD) and cannot boot into Windows at all, resulting in
the need for a bare-metal build
– When you deliver a series of complex applications and dependencies onto a device, which is then co-
managed
– There’s a hardware failure of a device that requires network connectivity to install applications or join a
corporate Active Directory domain
• Situations such as client storage drive replacements, bare-metal deployments, and devices
that do not support an upgrade path to the desired OS.

Evaluate upgrades and migrations in modern transitioning
• Scenarios for migrating user data and configuration:

– Device replacement
– Device is being upgraded from an older OS to Windows 11 and an in-place upgrade is not possible
(such as an unsupported upgrade path)
– A clean installation is needed
• Two migration scenarios

– Side-by-side: Source and destination computer are different
– Wipe-and-load (refresh migration): Source and destination computer are the same
• Migration moves files and settings to a clean installation of the Windows operating system

In-Place upgrade Migration

Preserves the environment Provides a standardized environment
Doesn't need to reinstall apps or transfer data You can control what migrates
Upgrade can be rolled back if needed Cleans up the environment
Only certain upgrade paths are possible You must reinstall the apps
You must use the default Windows image You can use a custom Windows image

In-place upgrades
Adapt modern desktop deployment
with Windows Autopilot for an
existing legacy device
Transform a traditional domain
joined endpoint into an Azure AD
managed device and perform a
rebuild, all within the same piece of
automation

Migrate Data when modern transitioning
When migrating a user to a new device or performing an in-place migration, consider
what user and app settings should be retained and what method to use to ensure this
information is retained
Synchronizing user state Migrating user state

• When Enterprise State Roaming (ESR) is • Use the User State Migration Tool (USMT) to
enabled, the user only needs sign-in to the new migrate files or settings during upgrades and
device, and the device will retain all the settings migrations
that ESR supports
• Phase 1: Capture settings and data from the
• Migrate all settings and data that users need source computer and store them in a
(no unneeded or obsolete data) but consider migration store
the effort required to migrate certain types of
• Phase 2: Restore captured settings and data on
data
the destination computer (after installing OS)
• Don’t ignore simple configurations that have
significant impact
User state migration in the replace and refresh computer scenario

• In the replace scenario, the source and destination computers are different
– When deploying Windows on new computers, you can capture the user state from source computers
before or after you deploy Windows on destination computers
– After Windows deploys on destination computers, you can restore the user states on these computers
• In the refresh scenario, the source and destination computers are the same
– When upgrading to the Windows 10 or later operating system on computers that have existing
operating systems, you can capture the user state, store it in temporary storage, perform a clean
Windows installation, and then restore the user state on the upgraded computers
• Windows.old folder

Known Folder Move

• Automatically migrate
user files to OneDrive
• Prompt or Silent
operation
• Be mindful of bandwidth
when implementing
• Can’t use Known Folder
Move(KFM) if using
Folder Redirection or
unsupported file types

Using USMT with Microsoft Configuration Manager
Create a USMT Package Setup a State Migration Task Sequence Use USMT Templates
from Microsoft Point (Microsoft Can include USMT for Migration
Configuration Manager Configuration Manager xml templates that control
Occurs in the task
Create a custom USMT
Site System Role) sequence when: data that is collected in a
package or use the default Acts as a file share to • Capturing settings user’s profile:
package store data • Reinstating the settings for
• MigApp.xml
Stores a unique hash: a user depending on • MigDocs.xml

selected options • MigUser.xml
• Device that allows data to
be captured • ConfigMgr.xml
• Device upgraded
• Relevant data to be restored

Migrate workloads when modern transitioning
• Migrate client management to Intune

– Consider cloud-based management of client devices when legacy OS versions are removed
– Reducing Microsoft Configuration Manager use can reduce or eliminate a layer of

complexity
– Review other considerations for moving to 100% cloud-based management
• Choosing workloads within Intune

– Larger organizations may want to continue using Microsoft Configuration Manager and
leverage co-management in Intune
– Maintains time investment in Microsoft Configuration Manager
– Value in migrating some workloads (OS deployment, some applications)

Knowledge Check

Module 4: Manage
Windows 365

Module 4: Manage Windows 365
• Explore Windows 365
• Configure Windows 365
• Administer Windows 365

Explore Windows 365
Windows 365 editions: Access cloud PCs

Windows 365 Business
• For smaller companies (up to 300 seats) who want ready-to-
use Cloud PCs with simple management options.
• No licensing prerequisites.
• No dependencies on Azure or Active Directory.
Windows 365 Enterprise

• For larger companies who want unlimited seats for creating
Cloud PCs.
• Includes options to create custom Cloud PCs based on
custom device images.
• More management options and full integration with
Microsoft Intune.
Configure Windows 365
• Assign licenses to users

• Create an Azure
network connection
• Configure custom
image (optional)
• Create provisioning
policies
• Configure and apply
device/app profiles

Administer Windows 365
Cloud PC management is just

like physical device
management
• Most remote actions same as
physical devices:
– Restart
– Sync
– Rename
– Quick Scan
– Full Scan
– Update Windows Defender
• Cloud PC unique actions:
– Reprovisioning
– Resizing
– Collect diagnostics

Knowledge Check

Module 5: Manage Azure
Virtual Desktop

Module 4: Azure Virtual Desktop
• Examine Azure Virtual Desktop
• Explore Azure Virtual Desktop
• Configure Azure Virtual Desktop
• Administer Azure Virtual Desktop

Examine Azure Virtual Desktop
• Cloud-based desktop and app virtualization service on Azure
• Connect through Windows, Mac, iOS, Android, and Linux devices with internet access using a
native application or the Azure Virtual Desktop web client
• Azure Virtual Desktop benefits
– Centralized security management for user desktops with Azure AD (Entra)
– Simplified Management
– Performance Management
– Multi-session Windows 10 Deployment
– Licensing Options
– Compute Cost Savings

Explore Azure Virtual Desktop
• With Azure Virtual Desktop running on Azure, you can:
– Establish a multi-session Windows 10 or 11 Windows experience.
– Deploy Microsoft 365 Apps and optimize them for multi-user virtual scenarios.
– Migrate existing RDS and Windows Server desktops and applications to any device.
– Virtualize both desktop environments and individual applications.
– Administer desktops and applications through a unified management platform.
• Key Capabilities:
– Comprehensive desktop virtualization environment within your Azure subscription.
– Publish host pools as needed to support diverse workloads.
– Use your own image for production workloads or test from the Azure Gallery.
– Save on costs with pooled, multi-session resources.
– Offer individual ownership with personal (persistent) desktops.
– Autoscale to automatically adjust capacity based on day/time, or fluctuating demand.
• Deploy/manage, and assign/connect users to virtual desktops

Configure Azure Virtual Desktop
• Create and connect to a Windows 11 desktop with Azure Virtual Desktop:

– Create a personal host pool.
– Create a session host virtual machine (VM) joined to your Azure Active Directory (Entra ID) tenant with
Windows 11 Enterprise and add it to the host pool.
– Create a workspace and an application group that publishes a desktop to the session host VM.
– Assign users to the application group.
– Connect to the desktop.
• Prerequisites:
– An Azure account with an active subscription.
– The account must be assigned the Owner or Contributor built-in RBAC roles.
– A virtual network in the same Azure region you want to deploy your session hosts to.
– A user account in Azure Active Directory you can use for connecting to the desktop.
– A Remote Desktop client installed on your device to connect to the desktop.

Administer Azure Virtual Desktop
• Use Azure CLI and Azure PowerShell

– Use Azure CLI extension and an Azure PowerShell module for Azure Virtual Desktop to create, update,
delete, and interact with Azure Virtual Desktop service objects instead of using the Azure portal.
• Azure CLI extension and Azure PowerShell module:
– Azure CLI: az desktopvirtualization
– Azure PowerShell: Az.DesktopVirtualization
• Azure CLI extension doesn't have commands for applications

– Use Azure PowerShell module instead.

Knowledge Check

Practice Labs
• Deploying Windows 11 with Autopilot

• Refreshing Windows with Autopilot Reset and
Self-Deploying mode
Learning Path Recap
In this learning path, we:
• Deploy Devices using Windows Autopilot

• Implement dynamic deployment methods
• Plan a transition to modern endpoint management
• Manage Windows 365
• Manage Azure virtual desktop


MD 102T00 ENU PowerPoint 08

Uploaded by

Copyright:

Available Formats

MD 102T00 ENU PowerPoint 08

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MD 102T00 ENU PowerPoint 08

Uploaded by

Copyright:

Available Formats

Learning Path 8:

Deploy using cloud-

© Copyright Microsoft Corporation. All rights reserved.

• Deploy Devices using Windows Autopilot

• Implement dynamic deployment methods

• Plan a transition to modern endpoint management

• Manage Windows 365

• Manage Azure virtual desktop

© Copyright Microsoft Corporation. All rights reserved.

© Copyright Microsoft Corporation. All rights reserved.

• Use Autopilot for modern deployment

• Examine requirements for Windows Autopilot

• Prepare device IDs for Autopilot

• Implement device registration and out-of-the-box customization

• Troubleshoot Windows Autopilot

© Copyright Microsoft Corporation. All rights reserved.

• No images, drivers, or infrastructure

• Customize the out-of-box-experience

• New devices typically have Windows 11 installed

© Copyright Microsoft Corporation. All rights reserved.

Traditional deployment Modern deployment

Can be used with any preinstalled

Uses an on-premises infrastructure Yes No

Windows ADK, Windows

Devices must have Windows 11 Devices must be registered to the

Devices must have internet connectivity: Organization must be using Azure AD

Intune or other mobile device Access to required URLs

© Copyright Microsoft Corporation. All rights reserved.

• Manage Windows Autopilot in Intune

• Prepare a Microsoft Autopilot deployment

• Obtain or create device-specific CSV file

• Import a device hash directly into Intune

© Copyright Microsoft Corporation. All rights reserved.

© Copyright Microsoft Corporation. All rights reserved.

© Copyright Microsoft Corporation. All rights reserved.

1 Windows Autopilot user-driven mode

2 Windows Autopilot Self-Deploying mode

3 Autopilot for existing devices

4 Windows Autopilot for pre-provisioned deployment

5 Windows Autopilot Reset

© Copyright Microsoft Corporation. All rights reserved.

When troubleshooting Windows Autopilot, verify:

• Autopilot OOBE behavior

• Azure AD join issues

• MDM enrollment issues

Use Windows Autopilot Diagnostics

© Copyright Microsoft Corporation. All rights reserved.

1 Troubleshooting Autopilot OOBE issues

2 Troubleshooting Azure AD (Entra ID) join issues

3 Troubleshooting Intune enrollment issues

4 Troubleshoot Device Import

© Copyright Microsoft Corporation. All rights reserved.

Test your knowledge by answering the Knowledge Check

© Copyright Microsoft Corporation. All rights reserved.

• Examine subscription activation

• Deploy using provisioning packages

• Use Windows Configuration Designer

• Use Azure AD (Entra ID) join with automatic MDM enrollment

© Copyright Microsoft Corporation. All rights reserved.

Subscription activation Mobile Device Management Provisioning packages