Professional Documents
Culture Documents
Microsoft End-Point Manager
Microsoft End-Point Manager
ENDPOINT MANAGER
MICROSOFT ENDPOINT MANAGER
Microsoft Endpoint Manager(MEM)
Microsoft Endpoint Portal
Microsoft Configuration Manager(SCCM)
Microsoft Intune (MDM & MAM)
Defender Suite
Configuring MEM for Windows & Mobile devices
Configuring Defender
Microsoft Endpoint Manager
• Microsoft Endpoint Manager is a single, integrated
management platform for managing, protecting, and
monitoring all of your organizations endpoints.
We can deploy apps, software updates and operating system and monitor the
devices real-time.
And can cloud enable it to integrate with intune and move tasks to the
cloud by co-management.
Configuration Manager Sites:
1. Central Administration Site
2. Primary Site
3. Secondary Site
1. Central Administration Site :
install this site in separate server.
3. Secondary Site:
Optional Site install this site in separate server.
Need Windows Server 2012 or greater. Need Windows Server 2012 or
SQL Database for storage. greater.
Manages upto 8,25,000 Client. Optional Site.
Manage Primary Site servers. SQL-database for storage.
Manages upto 15,000 Client.
2. Primary Site :
Manages and collect data from
install this site in separate server.
clients from remote Locations.
Need Windows Server 2012 or Used in Branch Offices.
greater.
Mandatory Site.
SQL database for storage.
Manages upto 1,75,000 Client.
Manages and collect data from
clients in well connected N/w.
Used in Headquarters
Microsoft Intune:
Intune is a cloud-based management service, use to create and check for
compliance, and deploy apps, features, and settings to your devices using the
cloud.
It provides Mobile device Management(MDM) & Mobile Application
Management(MAM).
Microsoft Intune enables mobile device management for:
Personal devices, including personally owned phones, tablets, and PCs.
Corporate-owned devices, including phones, tablets, and PCs owned by your
organization and distributed to employees and students for use at work or
school.
It lets you control features and settings on Android, Android Enterprise,
iOS/iPadOS, macOS, and Windows 10 devices. It integrates with other
services, including Azure -AD, Endpoint defender and more.
If you have on-premises infrastructure, Active Directory, the Intune
connectors are also available.
The Intune Connector for Active Directory adds entries to your on-premises
Active Directory domain for computers that enroll using Windows
Autopilot.
Mobile Device Management(MDM):
Mobile Application Management(MAM):
Co-management:
• Co-management enables you to concurrently manage Windows
10 or later devices by using both Configuration Manager and
Microsoft Intune.
• As part of Endpoint Manager, co-management uses cloud
features, including conditional access. You keep some tasks on-
premises, while running other tasks in cloud by Intune.
Desktop Analytics:
• Desktop Analytics is a cloud-based service that integrates with
Configuration Manager.
• It provides insight and intelligence for you to make more
informed decisions about the update readiness of your Windows
clients.
• It provides information on security updates, apps, and devices in
your organization, and identifies compatibility issues with apps
and drivers.
Windows Autopilot:
• Windows Autopilot sets up and pre-configures new devices, getting
them ready for use. It's designed to simplify the lifecycle of
Windows devices, for both IT and end users.
• It is a complete cloud native solution.
• Its about making Factory State Device to Business Ready State.
Email and collaboration with Defender for Office 365 - Defender for Office 365
safeguards your organization against malicious threats posed by email messages, links
(URLs) and collaboration tools.
Identities with Defender for Identity and Azure (Azure AD) Identity Protection -
Defender for Identity uses your on-premises Active Directory Domain Services (AD
DS) signals to identify, detect, and investigate advanced threats, compromised
identities, and malicious insider actions directed at your organization. Azure AD
Identity Protection automates the detection and remediation of identity-based risks in
your cloud-based Azure AD.
Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for
Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong
data controls, and enhanced threat protection to your cloud apps.
Windows Device Configuration
Pre-requisites:
Microsoft Intune subscription
Azure Directory / Company Portal
Get your work/school Credentials
Steps:
1. Open Company Portal and sign in with your work or school account.
2. On the Set up your device screen, select Next.
3. On the Connect to work screen, select Connect.
4. Sign in with the credentials
5. At setting up screen select Go and
6. At next screen Click Done
7. You will now see the added account as part of the Access work or
school settings on your Windows desktop.
By this configuration on windows to intune is done.
• To confirm the device enrollment is completed.
After that now the user can switch user in windows device by signing-in with that credentials
And get access to that particular machine.
Configuring Mobile Device
Configuring Mobile devices with the Intune Company Portal app gives a secure access
to your organization’s email, files, and apps.
After your device is enrolled, it becomes managed and organization can assign policies
and apps to the device through Intune.
Pre-requisites:
1. Intune Subscription
2. Install Intune portal app
Android Device:
Steps:
1. Signing with your credentials.
2. Accept Permissions to enroll your device
3. You see a Contoso LLC screen , click to continue.
4. Then you see a permissions screen , Click Accept
5. Next Device Administrator company portal screen , Click on Activate.
6. Here you go, you will see your Apps, Devices, Contact IT.
Android Intune Portal App Home Screen
Here you can see the apps, devices which are assigned by the
organization.
Configuring Mobile Device
iOS-Device:
Pre-requisites:
1. Intune Subscription
2. Enable MDM Authority
3. Be sure the Apple Push Certificate is added to Endpoint Manager, and is active.
This certificate is required to enroll iOS/iPadOS devices.
4. Install Intune portal app
Steps:
1. Install & Open the Company Portal app and sign in with your Credentials.
2. You will see a notification request permission, Tap Ok and Allow.
3. Next screen, Set up Device to access, Click on Begin.
4. Next, Device management and your privacy screen, Click can and Continue.
5. Click continue, its download Company Profile, go to setting and
click on management profile and Device , then click Con tinue.
6. Its all set, now you can access your work apps, data and more.
Configuring Defender for Endpoint
Pre-requisites:
1. Microsoft 365 E5 Subscription.
2. Enable Microsoft Defender for Endpoint in MEM Admin Console.
Steps :
1. Go to Microsoft Defender for Endpoint page in the Microsoft Endpoint
Manager admin center.