Module 01: Prepare infrastructure for devices
Add devices to Microsoft Entra ID
- Choose an appropriate device join type
- Join devices to Microsoft Entra ID
- Register devices to Microsoft Entra ID
- Plan and implement groups for devices in Microsoft Entra ID
Enroll devices to Microsoft Intune
- Configure enrollment settings
- Configure automatic enrollment for Windows and bulk enrollment for iOS and Android
- Configure enrollment profiles for Android devices, including fully managed, dedicated, corporate owned, and work profile
Implement identity and compliance
- Manage roles in Intune
- Implement compliance policies for all supported device platforms by using Intune
- Implement Conditional Access policies that require a compliance status
- Configure Windows Hello for Business
- Implement and manage Local Administrative Passwords Solution (LAPS) for Microsoft Entra ID
- Manage the membership of local groups on Windows devices by using Intune
Module 02: Manage and maintain devices
Deploy and upgrade Windows clients by using cloud-based tools
- Choose between Windows Autopilot and provisioning packages
- Choose a Windows Autopilot deployment mode
- Apply a device name template
- Implement Windows client deployment by using Windows Autopilot
- Create an Enrollment Status Page (ESP)
- Plan and implement provisioning packages
- Plan and implement device upgrades for Windows 11
- Implement a Windows 365 cloud PC deployment
Plan and implement device configuration profiles
- Create device configuration profiles for Windows devices, including importing ADMX files
- Create device configuration profiles for Android devices
- Create device configuration profiles for iOS devices
- Create device configuration profiles for Mac OS devices
- Create device configuration profiles for Enterprise multi-session devices
- Target a profile by using filters
Implement Intune Suite add-on capabilities
- Configure Endpoint Privilege Management
- Manage applications by using the Enterprise App Catalog
- Implement Microsoft Intune Advanced Analytics
- Configure Microsoft Intune Remote Help
- Identify use cases for Cloud PKI
- Implement Microsoft Tunnel for MAM
Perform remote actions on devices
- Sync, restart, retire, or wipe devices
- Perform bulk remote actions
- Update Windows Defender security intelligence
- Rotate BitLocker recovery keys
- Run a device query by using KQL
Module 03: Manage applications
Deploy and update apps
- Prepare applications for deployment by using Intune
- Deploy apps by using Intune
- Deploy Microsoft 365 Apps by using Intune
- Configure policies for Office apps
- Deploy Microsoft 365 Apps as part of a Windows Autopilot deployment by using the Microsoft Office Deployment Tool (ODT) or Office Customization Tool (OCT)
- Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
- Deploy apps from platform-specific app stores by using Intune
Plan and implement app protection and app configuration policies
- Plan and implement app protection policies
- Implement Conditional Access policies for app protection policies
- Plan and implement app configuration policies for managed apps and managed devices
Module 04: Protect devices
Configure endpoint security
- Create antivirus policies
- Create disk encryption policies
- Create firewall policies
- Configure Attack surface reduction policies
- Plan and implement security baselines
- Integrate Intune with Microsoft Defender for Endpoint
- Onboard devices into Microsoft Defender for Endpoint
Manage device updates by using Intune
- Plan for device updates
- Create and manage update rings by using Intune
- Create and manage update policies by using Intune, including iOS and Mac OS
- Manage Android updates by using configuration profiles or firmware-over-the-air (FOTA) deployments
- Configure Windows client delivery optimization by using Intune
- Monitor updates
