Mastering Microsoft Intune: The Complete Enterprise Device Management Playbook
You're not just managing devices anymore. You're securing the entire digital perimeter of a modern enterprise. And if you're like most IT professionals, that pressure is real. Shadow IT is growing, remote work is here to stay, and your leadership expects seamless device compliance without sacrificing user productivity. One misconfigured policy could mean a breach. One delayed rollout could slow down hundreds. The stakes have never been higher. You know Microsoft Intune is the solution, but getting from I've used it before to I lead Intune strategy confidently is a massive leap. Most learning resources stop at the basics. What you need is a battle-tested, end-to-end playbook that transforms you from someone who uses Intune to someone who owns it-someone who architects secure, scalable, and automated device ecosystems across Windows, macOS, iOS, and Android. Mastering Microsoft Intune: The Complete Enterprise Device Management Playbook is that transformation. This course takes you from uncertainty to authority in 30 days, guiding you to design, deploy, and govern a full-scale Intune environment with real organisational impact. You'll create a board-ready compliance framework, build automated device provisioning workflows, and produce a documented, auditable configuration blueprint that reflects enterprise-grade standards. Take James, an infrastructure engineer at a 12,000-person financial services firm. After completing this course, he restructured his company’s entire endpoint policy. Within six weeks, device compliance rose from 64% to 98%, reducing security incidents by 70%. His work was presented at the regional IT governance meeting. He was promoted two months later. The old way of learning Intune-scattered documentation, outdated forums, incomplete tutorials-is over. This is the structured, outcome-driven path forward for professionals who want to be trusted with mission-critical infrastructure. Here’s how this course is structured to help you get there.Course Format & Delivery Details Self-paced, always available, built for your schedule. This course is designed for IT leaders, administrators, and security architects who need depth without disruption. You gain immediate online access to the full learning system, allowing you to progress at your own pace, during quiet hours, between meetings, or during dedicated learning blocks. There are no live sessions, fixed dates, or time commitments. Most learners complete the core curriculum in 20 to 30 hours, with key results-such as building a compliant device policy or configuring conditional access-achievable in under 48 hours of focused study. You’ll be applying what you learn to real-world environments from Day 1. Lifetime access, zero expiry. Once enrolled, you own permanent access to all materials. This includes ongoing updates as Microsoft evolves Intune’s capabilities. No additional fees. No subscription traps. You’ll always have the most current enterprise device management strategies at your fingertips, protected under a full reprint and update guarantee. Accessible anywhere, on any device. Whether you're working from your laptop, reviewing architecture on a tablet, or referencing policies during an audit from your phone, the course is fully mobile-friendly and available 24/7 across all global regions. Instructor Access & Support
You’re not alone. Throughout the course, you have direct access to guided expert support. Our certified Microsoft 365 instructors provide structured feedback paths and clarification workflows for complex implementation challenges. This is not a forum full of unknown voices-it’s a disciplined support channel designed to resolve technical blockers efficiently, helping you maintain momentum without getting stuck. Certificate of Completion Issued by The Art of Service
Upon finishing, you’ll earn a verifiable Certificate of Completion issued by The Art of Service, a globally recognised credential in enterprise IT and cloud operations. This certificate is widely respected across industries and signals deep, practical mastery of Microsoft Intune-backed by documented project outcomes, not just theory. No Risk. No Hidden Fees. Full Confidence.
We eliminate every barrier to your success. The pricing is transparent and upfront, with no hidden fees and no recurring charges. We accept all major payment methods, including Visa, Mastercard, and PayPal, for fast, secure processing. Your success is guaranteed. If this course doesn’t deliver measurable clarity, tangible skills, and actionable strategies for enterprise device management, you are covered by our 30-day money-back guarantee. No questions asked. No hurdles. We reverse the risk so you can move forward with confidence. Will This Work for Me?
Yes-even if you’re new to Intune, or have years of experience with only partial coverage. This course works for:
• Junior administrators who want to accelerate into senior roles
• Desktop support engineers transitioning to cloud management
• Security professionals integrating endpoint control into compliance frameworks
• IT consultants delivering Intune as part of client engagements This works even if: you’ve struggled with Microsoft documentation, feel overwhelmed by policy inheritance, or have only worked in on-prem environments. The learning path is structured to reinforce confidence at every stage, using real enterprise examples, progressive challenges, and actionable checklists. After enrollment, you’ll receive a confirmation email detailing next steps. Your access credentials and course materials are sent separately once your provisioning is complete, ensuring a secure and reliable learning experience from the start.
Module 1: Foundations of Modern Device Management - Understanding the shift from on-prem to cloud-based management
- Key differences between SCCM, Group Policy, and Microsoft Intune
- Intune’s role in Microsoft 365 and the Zero Trust security model
- Core components: Tenant, console, roles, and licensing
- Supported platforms: Windows, macOS, iOS, Android, and Linux
- Overview of Intune licensing SKUs and feature availability
- Device enrollment vs. user enrollment: what it means for control
- The importance of Azure Active Directory in device registration
- How device state is managed and reported in the cloud
- Understanding the role of the Intune Connector and on-prem integration
Module 2: Intune Tenant Setup and Governance - Step-by-step tenant configuration and naming best practices
- Setting up administrative units for delegated control
- Role-Based Access Control (RBAC): custom roles and scope groups
- Securing the global admin experience with PIM and MFA
- Implementing governance policies for configuration changes
- Audit logging and tracking admin activity in the Microsoft 365 portal
- Multi-tenant management for MSPs and consultants
- Setting up production vs. testing environments
- Backup and restore strategies for Intune configurations
- Documenting configuration baselines for compliance audits
Module 3: Device Enrollment and Registration - Auto-enrollment methods for Windows Autopilot
- Setting up Apple Business Manager and Automated Device Enrollment (ADE)
- Android Enterprise: fully managed vs. dedicated vs. corporate-owned
- Enrollment restrictions: who can enroll and which devices are allowed
- Hybrid Azure AD join: bridging cloud and on-prem identities
- Azure AD registration vs. join: detailed breakdown
- Configuring device limit policies to prevent over-enrollment
- Enrollment troubleshooting: common errors and resolution paths
- Using enrollment status pages to track deployment success
- Designing a phased rollout strategy for large organisations
Module 4: Endpoint Security Configuration - Intune’s role in the modern security stack
- Creating endpoint protection profiles for Windows 10/11
- Configuring Microsoft Defender Antivirus with real-time protection
- Setting up firewall rules and network protection policies
- Application control with Exploit Protection and SmartAppControl
- Securing macOS with Gatekeeper, FileVault, and System Extensions
- Hardening iOS devices using Configuration Profiles
- Implementing Android security policies: encryption, screen locks, and malware prevention
- Monitoring device threat levels in the security dashboard
- Integrating Intune alerts with Microsoft Defender for Endpoint
Module 5: Compliance Policies and Conditional Access - Defining compliance rules for device posture checks
- Creating compliance policies for OS version, encryption, and patch level
- Linking compliance policies to Conditional Access in Azure AD
- Blocking non-compliant devices from accessing corporate data
- Configuring remediation actions for non-compliant states
- Using compliance reporting for executive summaries
- Building hybrid compliance models with on-prem checks
- Implementing jailbreak and rooted device detection
- Designing exemption workflows for legacy systems
- Testing compliance policy impact before rollout
Module 6: Configuration Profiles and Device Restrictions - Understanding the anatomy of a configuration profile
- Managing Windows 10/11 settings with Templates and Custom OMA-URI
- Deploying macOS system preferences via Configuration Profiles
- Controlling iOS restrictions: app installation, camera, and iCloud
- Android Enterprise configuration: device policies and app restrictions
- Using Administrative Templates (ADMX-backed) for granular control
- Targeting policies with dynamic groups and filters
- Resolving policy conflicts and precedence rules
- Best practices for naming, tagging, and versioning profiles
- Using Scoped Collections to limit policy scope
Module 7: Application Management and Deployment - Application lifecycle: add, deploy, monitor, retire
- Adding Win32 apps with proper detection and install commands
- MSI vs. EXE packaging and repackaging strategies
- Using the Microsoft Win32 Content Prep Tool
- Deploying LOB apps from the Microsoft Store for Business
- Managing Microsoft 365 Apps updates via Intune
- iOS app distribution: VPP tokens, volume purchase, and deployment
- Android app management: private stores, managed Google Play
- Configuring app configuration settings and policies
- Using app protection policies (MAM) without device enrollment
- Deploying line-of-business (LOB) web apps as managed resources
- Setting up app update schedules and silent installations
- Monitoring app installation success and failure rates
- Uninstalling apps remotely based on compliance policies
- Creating dependency chains for app deployment sequences
Module 8: Windows Autopilot: Deployment at Scale - Understanding the Windows Autopilot architecture
- Registering devices via OEM, Deployment Program, or Import Wizard
- Creating Autopilot deployment profiles: white glove vs. self-deploying
- Customising the out-of-box experience (OOBE) for branding
- Assigning devices to users before shipment
- Using Autopilot for device refresh and reset scenarios
- Integrating Autopilot with third-party imaging tools
- Autopilot in hybrid environments with existing SCCM
- Monitoring Autopilot device status and provisioning logs
- Automating device assignment using dynamic Azure AD groups
Module 9: macOS and iOS Device Management - Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Understanding the shift from on-prem to cloud-based management
- Key differences between SCCM, Group Policy, and Microsoft Intune
- Intune’s role in Microsoft 365 and the Zero Trust security model
- Core components: Tenant, console, roles, and licensing
- Supported platforms: Windows, macOS, iOS, Android, and Linux
- Overview of Intune licensing SKUs and feature availability
- Device enrollment vs. user enrollment: what it means for control
- The importance of Azure Active Directory in device registration
- How device state is managed and reported in the cloud
- Understanding the role of the Intune Connector and on-prem integration
Module 2: Intune Tenant Setup and Governance - Step-by-step tenant configuration and naming best practices
- Setting up administrative units for delegated control
- Role-Based Access Control (RBAC): custom roles and scope groups
- Securing the global admin experience with PIM and MFA
- Implementing governance policies for configuration changes
- Audit logging and tracking admin activity in the Microsoft 365 portal
- Multi-tenant management for MSPs and consultants
- Setting up production vs. testing environments
- Backup and restore strategies for Intune configurations
- Documenting configuration baselines for compliance audits
Module 3: Device Enrollment and Registration - Auto-enrollment methods for Windows Autopilot
- Setting up Apple Business Manager and Automated Device Enrollment (ADE)
- Android Enterprise: fully managed vs. dedicated vs. corporate-owned
- Enrollment restrictions: who can enroll and which devices are allowed
- Hybrid Azure AD join: bridging cloud and on-prem identities
- Azure AD registration vs. join: detailed breakdown
- Configuring device limit policies to prevent over-enrollment
- Enrollment troubleshooting: common errors and resolution paths
- Using enrollment status pages to track deployment success
- Designing a phased rollout strategy for large organisations
Module 4: Endpoint Security Configuration - Intune’s role in the modern security stack
- Creating endpoint protection profiles for Windows 10/11
- Configuring Microsoft Defender Antivirus with real-time protection
- Setting up firewall rules and network protection policies
- Application control with Exploit Protection and SmartAppControl
- Securing macOS with Gatekeeper, FileVault, and System Extensions
- Hardening iOS devices using Configuration Profiles
- Implementing Android security policies: encryption, screen locks, and malware prevention
- Monitoring device threat levels in the security dashboard
- Integrating Intune alerts with Microsoft Defender for Endpoint
Module 5: Compliance Policies and Conditional Access - Defining compliance rules for device posture checks
- Creating compliance policies for OS version, encryption, and patch level
- Linking compliance policies to Conditional Access in Azure AD
- Blocking non-compliant devices from accessing corporate data
- Configuring remediation actions for non-compliant states
- Using compliance reporting for executive summaries
- Building hybrid compliance models with on-prem checks
- Implementing jailbreak and rooted device detection
- Designing exemption workflows for legacy systems
- Testing compliance policy impact before rollout
Module 6: Configuration Profiles and Device Restrictions - Understanding the anatomy of a configuration profile
- Managing Windows 10/11 settings with Templates and Custom OMA-URI
- Deploying macOS system preferences via Configuration Profiles
- Controlling iOS restrictions: app installation, camera, and iCloud
- Android Enterprise configuration: device policies and app restrictions
- Using Administrative Templates (ADMX-backed) for granular control
- Targeting policies with dynamic groups and filters
- Resolving policy conflicts and precedence rules
- Best practices for naming, tagging, and versioning profiles
- Using Scoped Collections to limit policy scope
Module 7: Application Management and Deployment - Application lifecycle: add, deploy, monitor, retire
- Adding Win32 apps with proper detection and install commands
- MSI vs. EXE packaging and repackaging strategies
- Using the Microsoft Win32 Content Prep Tool
- Deploying LOB apps from the Microsoft Store for Business
- Managing Microsoft 365 Apps updates via Intune
- iOS app distribution: VPP tokens, volume purchase, and deployment
- Android app management: private stores, managed Google Play
- Configuring app configuration settings and policies
- Using app protection policies (MAM) without device enrollment
- Deploying line-of-business (LOB) web apps as managed resources
- Setting up app update schedules and silent installations
- Monitoring app installation success and failure rates
- Uninstalling apps remotely based on compliance policies
- Creating dependency chains for app deployment sequences
Module 8: Windows Autopilot: Deployment at Scale - Understanding the Windows Autopilot architecture
- Registering devices via OEM, Deployment Program, or Import Wizard
- Creating Autopilot deployment profiles: white glove vs. self-deploying
- Customising the out-of-box experience (OOBE) for branding
- Assigning devices to users before shipment
- Using Autopilot for device refresh and reset scenarios
- Integrating Autopilot with third-party imaging tools
- Autopilot in hybrid environments with existing SCCM
- Monitoring Autopilot device status and provisioning logs
- Automating device assignment using dynamic Azure AD groups
Module 9: macOS and iOS Device Management - Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Auto-enrollment methods for Windows Autopilot
- Setting up Apple Business Manager and Automated Device Enrollment (ADE)
- Android Enterprise: fully managed vs. dedicated vs. corporate-owned
- Enrollment restrictions: who can enroll and which devices are allowed
- Hybrid Azure AD join: bridging cloud and on-prem identities
- Azure AD registration vs. join: detailed breakdown
- Configuring device limit policies to prevent over-enrollment
- Enrollment troubleshooting: common errors and resolution paths
- Using enrollment status pages to track deployment success
- Designing a phased rollout strategy for large organisations
Module 4: Endpoint Security Configuration - Intune’s role in the modern security stack
- Creating endpoint protection profiles for Windows 10/11
- Configuring Microsoft Defender Antivirus with real-time protection
- Setting up firewall rules and network protection policies
- Application control with Exploit Protection and SmartAppControl
- Securing macOS with Gatekeeper, FileVault, and System Extensions
- Hardening iOS devices using Configuration Profiles
- Implementing Android security policies: encryption, screen locks, and malware prevention
- Monitoring device threat levels in the security dashboard
- Integrating Intune alerts with Microsoft Defender for Endpoint
Module 5: Compliance Policies and Conditional Access - Defining compliance rules for device posture checks
- Creating compliance policies for OS version, encryption, and patch level
- Linking compliance policies to Conditional Access in Azure AD
- Blocking non-compliant devices from accessing corporate data
- Configuring remediation actions for non-compliant states
- Using compliance reporting for executive summaries
- Building hybrid compliance models with on-prem checks
- Implementing jailbreak and rooted device detection
- Designing exemption workflows for legacy systems
- Testing compliance policy impact before rollout
Module 6: Configuration Profiles and Device Restrictions - Understanding the anatomy of a configuration profile
- Managing Windows 10/11 settings with Templates and Custom OMA-URI
- Deploying macOS system preferences via Configuration Profiles
- Controlling iOS restrictions: app installation, camera, and iCloud
- Android Enterprise configuration: device policies and app restrictions
- Using Administrative Templates (ADMX-backed) for granular control
- Targeting policies with dynamic groups and filters
- Resolving policy conflicts and precedence rules
- Best practices for naming, tagging, and versioning profiles
- Using Scoped Collections to limit policy scope
Module 7: Application Management and Deployment - Application lifecycle: add, deploy, monitor, retire
- Adding Win32 apps with proper detection and install commands
- MSI vs. EXE packaging and repackaging strategies
- Using the Microsoft Win32 Content Prep Tool
- Deploying LOB apps from the Microsoft Store for Business
- Managing Microsoft 365 Apps updates via Intune
- iOS app distribution: VPP tokens, volume purchase, and deployment
- Android app management: private stores, managed Google Play
- Configuring app configuration settings and policies
- Using app protection policies (MAM) without device enrollment
- Deploying line-of-business (LOB) web apps as managed resources
- Setting up app update schedules and silent installations
- Monitoring app installation success and failure rates
- Uninstalling apps remotely based on compliance policies
- Creating dependency chains for app deployment sequences
Module 8: Windows Autopilot: Deployment at Scale - Understanding the Windows Autopilot architecture
- Registering devices via OEM, Deployment Program, or Import Wizard
- Creating Autopilot deployment profiles: white glove vs. self-deploying
- Customising the out-of-box experience (OOBE) for branding
- Assigning devices to users before shipment
- Using Autopilot for device refresh and reset scenarios
- Integrating Autopilot with third-party imaging tools
- Autopilot in hybrid environments with existing SCCM
- Monitoring Autopilot device status and provisioning logs
- Automating device assignment using dynamic Azure AD groups
Module 9: macOS and iOS Device Management - Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Defining compliance rules for device posture checks
- Creating compliance policies for OS version, encryption, and patch level
- Linking compliance policies to Conditional Access in Azure AD
- Blocking non-compliant devices from accessing corporate data
- Configuring remediation actions for non-compliant states
- Using compliance reporting for executive summaries
- Building hybrid compliance models with on-prem checks
- Implementing jailbreak and rooted device detection
- Designing exemption workflows for legacy systems
- Testing compliance policy impact before rollout
Module 6: Configuration Profiles and Device Restrictions - Understanding the anatomy of a configuration profile
- Managing Windows 10/11 settings with Templates and Custom OMA-URI
- Deploying macOS system preferences via Configuration Profiles
- Controlling iOS restrictions: app installation, camera, and iCloud
- Android Enterprise configuration: device policies and app restrictions
- Using Administrative Templates (ADMX-backed) for granular control
- Targeting policies with dynamic groups and filters
- Resolving policy conflicts and precedence rules
- Best practices for naming, tagging, and versioning profiles
- Using Scoped Collections to limit policy scope
Module 7: Application Management and Deployment - Application lifecycle: add, deploy, monitor, retire
- Adding Win32 apps with proper detection and install commands
- MSI vs. EXE packaging and repackaging strategies
- Using the Microsoft Win32 Content Prep Tool
- Deploying LOB apps from the Microsoft Store for Business
- Managing Microsoft 365 Apps updates via Intune
- iOS app distribution: VPP tokens, volume purchase, and deployment
- Android app management: private stores, managed Google Play
- Configuring app configuration settings and policies
- Using app protection policies (MAM) without device enrollment
- Deploying line-of-business (LOB) web apps as managed resources
- Setting up app update schedules and silent installations
- Monitoring app installation success and failure rates
- Uninstalling apps remotely based on compliance policies
- Creating dependency chains for app deployment sequences
Module 8: Windows Autopilot: Deployment at Scale - Understanding the Windows Autopilot architecture
- Registering devices via OEM, Deployment Program, or Import Wizard
- Creating Autopilot deployment profiles: white glove vs. self-deploying
- Customising the out-of-box experience (OOBE) for branding
- Assigning devices to users before shipment
- Using Autopilot for device refresh and reset scenarios
- Integrating Autopilot with third-party imaging tools
- Autopilot in hybrid environments with existing SCCM
- Monitoring Autopilot device status and provisioning logs
- Automating device assignment using dynamic Azure AD groups
Module 9: macOS and iOS Device Management - Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Application lifecycle: add, deploy, monitor, retire
- Adding Win32 apps with proper detection and install commands
- MSI vs. EXE packaging and repackaging strategies
- Using the Microsoft Win32 Content Prep Tool
- Deploying LOB apps from the Microsoft Store for Business
- Managing Microsoft 365 Apps updates via Intune
- iOS app distribution: VPP tokens, volume purchase, and deployment
- Android app management: private stores, managed Google Play
- Configuring app configuration settings and policies
- Using app protection policies (MAM) without device enrollment
- Deploying line-of-business (LOB) web apps as managed resources
- Setting up app update schedules and silent installations
- Monitoring app installation success and failure rates
- Uninstalling apps remotely based on compliance policies
- Creating dependency chains for app deployment sequences
Module 8: Windows Autopilot: Deployment at Scale - Understanding the Windows Autopilot architecture
- Registering devices via OEM, Deployment Program, or Import Wizard
- Creating Autopilot deployment profiles: white glove vs. self-deploying
- Customising the out-of-box experience (OOBE) for branding
- Assigning devices to users before shipment
- Using Autopilot for device refresh and reset scenarios
- Integrating Autopilot with third-party imaging tools
- Autopilot in hybrid environments with existing SCCM
- Monitoring Autopilot device status and provisioning logs
- Automating device assignment using dynamic Azure AD groups
Module 9: macOS and iOS Device Management - Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Setting up Apple Business Manager and APNs certificates
- Configuring Device Enrollment Program (DEP) for automatic supervision
- Supervised vs. non-supervised iOS devices: scope of control
- Deploying macOS with Apple Silicon using User-Enforced Setup Assistant
- Managing FileVault encryption centrally via Intune
- Configuring macOS login items, extensions, and security settings
- Deploying configuration profiles for Safari, Mail, and Wi-Fi
- Restricting iCloud Drive, Backup, and Photo Stream
- Managing iOS passcode, Touch ID, and Face ID policies
- Controlling app installation and AirDrop usage
- Enabling single app mode for kiosks and shared devices
- Building and deploying custom iOS configuration profiles
- Using Managed Apple IDs for application access control
- Reporting on macOS and iOS compliance posture
- Handling device supervision loss and certificate renewals
Module 10: Android Enterprise Management - Understanding Android Enterprise ownership models
- Fully managed vs. dedicated devices vs. work profile
- Setting up Android Enterprise with Google Workspace
- Enrolling corporate-owned and employee-owned devices
- Configuring device policies: encryption, screen locks, and safe browsing
- Deploying private apps via managed Google Play
- Setting up kiosk mode for single-use devices
- Managing work profile app data separation
- Factory reset protection and device recovery
- Monitoring Android device health and compliance
- Using DPC extras for advanced device configuration
- Integrating Android Enterprise with existing EMM tools
- Auditing device access and user activity logs
- Handling BYOD data wipe requests securely
- Managing Samsung Knox-specific policies
Module 11: Identity and Access Integration - Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Deep integration between Intune and Azure AD
- Using dynamic groups based on device and user attributes
- Conditional Access policies for app and resource access
- Multi-factor authentication enforcement via device state
- Named locations and trusted IP ranges in access policies
- Session controls: sign-in frequency and persistent browser access
- Combining device compliance with user risk levels
- Configuring device-based Conditional Access exemptions
- Testing Conditional Access policies in report-only mode
- Using Sign-in logs to audit access attempts
Module 12: Network Access and Connectivity - Configuring Wi-Fi profiles for corporate and guest networks
- Deploying VPN profiles: Always On, per-app, split tunneling
- Integrating with third-party VPN providers
- Deploying email profiles (Exchange ActiveSync) across platforms
- Setting up certificate profiles for device authentication
- Using SCEP and trusted CA for certificate deployment
- Configuring proxy settings for managed devices
- Managing cellular data plans on iOS and Android
- Controlling hotspot and tethering settings
- Deploying network boundary policies for access control
Module 13: Automation and Proactive Remediation - Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Using Endpoint Analytics for health insights
- Setting up device health monitors and KPIs
- Creating custom detection scripts for configuration drift
- Building remediation scripts for automated fixes
- Script scheduling and execution frequency
- Monitoring script run results and error logs
- Automating patch compliance with scheduled actions
- Integrating with Microsoft Graph API for automation
- Using PowerShell for Windows device remediation
- Creating cross-platform detection logic
Module 14: Patch Management and Update Control - Windows Update for Business: deployment rings and policies
- Defining feature and quality update deferral periods
- Synching updates with maintenance windows
- Using update compliance reporting in Microsoft Endpoint Manager
- Patch management for macOS: version enforcement and restrictions
- iOS and iPadOS update control via configuration profiles
- Android security patch level monitoring
- Creating phased rollouts with ring-based targeting
- Handling update failures and rollback procedures
- Reporting on patch compliance across all platforms
Module 15: Reporting, Monitoring, and Alerts - Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Using the Intune dashboard for operational visibility
- Generating device inventory and software reports
- Analysing compliance and policy assignment status
- Exporting reports for audit and governance requirements
- Setting up email alerts for critical events
- Using Log Analytics and Azure Monitor integration
- Building custom queries for device state trends
- Creating executive dashboards for leadership
- Monitoring user-driven enrollment and app usage
- Tracking license allocation and consumption
Module 16: Advanced Policy Design and Troubleshooting - Understanding policy inheritance and conflict resolution
- Using scope tags to manage policy assignment
- Conflict tracing using Intune’s policy evaluation tools
- Diagnosing device registration failures
- Reading and interpreting Intune logs
- Using Company Portal app troubleshooting features
- Remote actions: restart, locate, wipe, and more
- Device limit enforcement and detection
- Handling stale devices and cleanup policies
- Using the Microsoft Endpoint Manager Admin Center effectively
Module 17: Integration with Third-Party Tools and Services - Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Connecting Intune with ServiceNow for ticketing
- Integrating with Jamf for macOS hybrid management
- Using Ivanti or ManageEngine for complementary control
- API integration with Power Automate and Azure Logic Apps
- Exporting data to SIEM platforms like Splunk or Sentinel
- Syncing user data with HR systems via Azure AD Connect
- Using Microsoft Graph for custom automation
- Integrating with cloud storage providers for policy distribution
- Linking Intune with Microsoft Defender for Endpoint
- Connecting to cloud backup and DLP solutions
Module 18: Cost Optimisation and Licensing Efficiency - Analysing Intune license requirements by use case
- Reducing unnecessary license assignments
- Using shared device licensing for frontline workers
- Managing license pools for temporary workers
- Reporting on inactive devices and reclaiming licenses
- Choosing between per-user and per-device models
- Optimising license usage in hybrid environments
- Forecasting future licensing needs based on growth
- Documenting license allocation for compliance audits
- Using Power BI to visualise license spend and utilisation
Module 19: Identity-First Security and Zero Trust Implementation - Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance
Module 20: Capstone Project: Building an Enterprise-Ready Intune Environment - Defining organisational requirements and security posture
- Designing a complete Intune architecture blueprint
- Creating a reference device policy framework
- Building a compliance and Conditional Access policy suite
- Designing application deployment and update workflows
- Setting up monitoring, alerts, and executive reporting
- Documenting rollout strategy and user communication
- Developing a disaster recovery and rollback plan
- Presenting a board-ready device management proposal
- Earning your Certificate of Completion issued by The Art of Service
- Applying Zero Trust principles to device management
- Device identity as a core pillar of verification
- Continuous access evaluation and reevaluation
- Microsegmentation and app-specific access controls
- Implementing least privilege access for device policies
- Using device health as a signal for access decisions
- Integrating Intune with Azure AD Identity Protection
- Building adaptive policies based on risk levels
- Designing user and device risk-based policies
- Documenting Zero Trust posture for compliance