Professional Training

Audience Profile

This course is aimed at support personnel working in organizations that have a continued Active Directory on-premises environment, but are also moving resources and devices to Microsoft 365.

Pre-requisites

Before attending this course, you must:

• Have configured Windows client operating systems, such as Windows 7 or newer
• Have some working experience with Windows Server on-premises environments
• Be familiar with cloud fundamentals and Microsoft 365 workloads in particular
• Be able to configure basic network settings on Windows client devices
• Understand basic security principles, such as authentication, authorization, exploit protection, and defence in depth

Introducing Windows 11

L1: What’s new in Windows 11?
• What’s new in Windows 11 24H2?
• What can we expect in Windows 12?
• New features for IT administrators

L2: Windows 11 system architecture
• Application subsystems
• The executive
• The kernel, process management, and storage
• Devices and drivers

Lab A: Exploring processes
• Exercise 1: Installing Sysinternals Suite
• Exercise 2: Using the tools in the Sysinternals Suite

L3: Remote management options
• Remote Desktop
• Quick Assist
• Windows PowerShell
• Windows Admin Center
• TeamViewer
• Intune Remote Help

L4: Implement remote management using PowerShell
• What is PowerShell?
• Using PowerShell commands
• Enabling PowerShell remoting
• Demo: Managing devices with PowerShell Remoting

L5: Implement remote management using Windows Admin Center
• WAC requirements
• Installing Windows Admin Center
• Demo: Using Windows Admin Center

Lab B: Managing Windows devices remotely
• Exercise 1: Enable remote management
• Exercise 2: Manage a remote device using Quick Assist
• Exercise 3: Implement PowerShell Remoting
• Exercise 4: Implement Windows Admin Center

Provisioning Windows 11

L1: Overview of provisioning options
• Imaging
• Provisioning
• Subscription Activation
• Windows Autopilot

L2: Deployment using MDT
• Overview of MDT
• Description of task sequences
• Demonstration: Deploying Windows 11 using MDT

L3: Provision by using Windows Configuration Designer
• Overview of Windows ADK
• Creating Windows Configuration Designer provisioning packages
• Deploying provisioning packages during OOBE
• Demonstration: Creating and using provisioning packages

L4: Provision by using Intune
• Overview of Windows AutoPilot
• AutoPilot requirements
• Demonstration: Configuring for AutoPilot

L5: Licensing and activation
• What is activation?
• Activation methods

Lab: Provisioning and updating Windows 11
• Exercise 1: Using MDT to deploy Windows 11
• Exercise 2: Creating a provisioning package
• Exercise 3: Deploying a provisioning package
• Exercise 4: Provisioning Windows 11 with Autopilot

Upgrading to Windows 11

L1: Assess hardware and software compatibility
• Minimum and recommended hardware
• Devices and device drivers
• Application compatibility

L2: Perform in-place upgrade or wipe-and-load migration?
• Choosing an in-place upgrade
• When to use a wipe and load migration

L3: Use MDT to upgrade
• Create the appropriate task sequence

L4: Use Intune to upgrade
• Endpoint analytics Windows 11 readiness
• Windows Update rings

L5: Migrate user state
• Overview of user state
• Using USMT
• Using OneDrive Known Folder Move

Lab: Upgrading to Windows 11
• Exercise 1: Assess upgrade readiness
• Exercise 2: Perform an in-place upgrade with MDT
• Exercise 3: Perform an in-place upgrade with Intune

Networking in Windows 11

L1: Configure networking
• IPv4 addressing
• IPv6 addressing
• Implementing an IPv4 network
• Implementing an IPv6 network

L2: Implement name resolution
• Name resolution methods
• How DNS works
• Reviewing DNS zones
• Configuring client DNS settings

L3: Implement remote access
• Available remote access options
• Implement RADIUS with NPS
• Deploy VPN settings with WCD and Intune

L4: Troubleshoot networks
• Troubleshoot network connections
• Troubleshoot name resolution
• Troubleshoot VPNs

Lab: Configuring and troubleshooting networking
• Implementing and troubleshoot a network connectivity issue
• Implementing and troubleshoot name resolution
• Implementing and troubleshoot remote access

Managing identity and access

L1: Overview of identity providers
• Active Directory
• Entra ID
• Entra Domain Services
• Synchronizing identities to the cloud

L2: Implement Entra ID registration
• Device register
• Device join
• Device hybrid join
• Device enrollment
• Device settings

L3: Implement identity protection
• Credential Guard
• Manage the membership of local groups on Windows devices by using Intune
• Implement and manage LAPS for Microsoft Entra ID
• Self-service password reset in Entra ID
• Overview of Windows Hello
• Overview of MFA
• Implementing Windows Hello in Intune
• Implementing MFA in Entra ID

Lab: Managing identity and access
• Exercise 1: Configuring Entra device settings
• Exercise 2: Performing device join with Entra
• Exercise 3: Enrolling devices in Intune
• Exercise 4: Implementing LAPS, Windows Hello, SSPR, and MFA

Configuring Windows 11

L1: Implement and troubleshoot Group Policy
• Overview of Group Policy
• Group Policy processing
• Changing default GPO processing behavior
• GPO filtering
• Tools for managing GPOs
• How GPOs apply
• Reasons for GPO failures
• Troubleshooting the application of GPOs

Lab A: Implementing and troubleshooting GPOs
• Exercise 1: Implementing GPOs per a requirement
• Exercise 2: Testing the application of GPOs
• Exercise 3: Troubleshooting the application of GPOs

L2: Migrate GPOs to Intune
• Implement administrative templates in Intune
• Import new ADMX files
• Review how your on-premises GPOs can be imported to Intune

L3: Configuring devices using Intune
• Use device configuration policies
• Resolve conflicts between policies

L4: Manage Windows 11 updates
• Overview of the update service model in Windows
• Selecting a servicing channel
• Local update settings
• Managing updates via GPO
• Managing updates via Intune
• Hot-patching

Lab B: Configuring devices with Intune
• Exercise 1: Migrate GPOs to Intune
• Exercise 2: Create and assign device configuration policies
• Exercise 3: Manage configuration profile conflicts
• Exercise 4: Deploy updates with Intune

Configuring Windows 11

L1: Deploy Microsoft Store apps
• Use Intune to deploy Store apps
• Restrict access to the Store
• Manage app updates

L2: Deploy Win32 apps
• Local deployment options
• Microsoft 365 apps for Enterprise deployment
• Enterprise app catalog

L3: Troubleshoot apps
• Why apps don’t work
• Mitigations for problematic apps

L4: Configure Windows Defender Application Control
• What is AppLocker?
• What is Application Control?
• Implementing Application Control

Lab: Managing apps
• Exercise 1: Deploy Store apps
• Exercise 2: Deploy Microsoft 365 apps
• Exercise 3: Reconfigure AppLocker
• Exercise 4: Manage Kiosk mode

Managing access to file resources

L1: Implement storage in Windows 11
• Local storage
• Removal storage
• Storage spaces
• Cloud storage (OneDrive and Azure Storage)
• File systems

L2: Manage and share files
• Configure and manage file access
• File and folder permissions
• Effective access
• Share files
• Manage share permissions
• Combine NTFS and share permissions
• Implement claims-based access

Lab: Managing file access
• Exercise 1: Creating a storage space
• Exercise 2: Securing folders with NTFS permissions
• Exercise 3: Sharing folders
• Exercise 4: Implementing claims-based access to files
• Exercise 5: Troubleshooting file access

Implementing security features

L1: Overview of security features in Windows 11
• Overview of Security Center
• Microsoft Defender features, including Credential Guard etc.

L2: Implement BitLocker using Intune
• What is BitLocker?
• Drive unlock options
• BitLocker recovery
• Managing BitLocker in Entra ID and Intune

L3: Implement device compliance
• What is device compliance
• Default Intune compliance policy
• Create and assign compliance policies
• Review device compliance state

L4: Implement Conditional Access
• Overview of Entra ID Conditional Access policies
• Reviewing Conditional Access templates
• Implementing Conditional Access for apps
• Implementing device compliance with Conditional Access

Lab: Implementing security features
• Exercise 1: Implementing BitLocker
• Exercise 2: Implementing device compliance
• Exercise 3: Implementing Conditional Access

Implementing threat protection and response

L1: Configure Microsoft Defender for Endpoint
• Overview of Microsoft Defender for Endpoint
• Implement Microsoft Defender for Endpoint

L2: Implement Intune security baselines
• Review Intune security baselines
• Update a security policy’s baseline

L3: Monitor and respond to security incidents
• Review security incidents
• Mitigate security incidents

Lab: Implementing threat protection and response
• Exercise 1: Implementing Microsoft Defender for Endpoint
• Exercise 2: Implementing Intune security baselines

Monitoring and optimizing Windows

L1: Manage events
• Describe how to review events
• Create an event subscription
• Review Intune device reports

L2: Optimize endpoint performance
• Understand key workstation resources
• Describe available performance monitoring tools
• Create and analyze data collector sets
• Review performance data in Intune

Lab: Monitoring and optimizing Windows
• Exercise 1: Managing events
• Exercise 2: Optimizing performance

Recovering Windows 11

L1: Implement data protection and recovery
• Review file recovery options, including OneDrive Recycle Bin and Windows Recycle bin.
• Implement File History to manage file versions and recovery.

L2: Analyze system crashes
• Review system crash debug information.
• Review startup logs.

L3: Use Windows recovery tools
• Windows startup architecture
• Managing the startup environment
• Describe the available recovery tools
• Access Windows RE
• Troubleshooting startup
• Describe System Restore
• Perform a System Restore

L4: Manage device and device drivers
• Describe procedures for troubleshooting hardware
• Managing device driver installation options
• Troubleshooting device drivers

L5: Review the Registry
• What is the Registry?
• Working with the Registry

Lab: Recovering Windows 11
• Exercise 1: Implementing File History
• Exercise 2: Reviewing startup logs and performing crash analysis
• Exercise 3: Performing a System Restore
• Exercise 4: Using recovery tools
• Exercise 5: Managing devices and device drivers