SCCM Current Branch: Support Intune and Co-management

Get introduced to "modern" desktop management in this course by enabling SCCM and Intune Co-management and exploring common tasks in the Intune console.
Course info
Rating
(10)
Level
Intermediate
Updated
Nov 19, 2018
Duration
2h 2m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Nov 19, 2018
Duration
2h 2m
Description

Our learning path's long journey through SCCM ends in this course through its integration with Microsoft Intune. In this course, SCCM Current Branch: Support Intune and Co-management, we explore the SCCM and Intune Co-management configuration, as well as the everyday tasks in managing desktops via Microsoft's "modern" approach. In this final course out of seven, you'll experience the important differences between SCCM's traditional approach to desktop management and how Intune focuses on more of a light touch. First, you'll begin by enabling the co-management configuration and determining which of SCCM's workloads should be shifted wholesale over to Intune's control. Then, you'll enroll a series of Windows 10 desktops via both automated and manual enrollment. Next, you'll manage a few device configurations and even deploy a few applications via the Intune console. Finally, you'll walk through a simple, but powerful use case in applying device compliance and conditional access policies to restrict user access to company data when devices go noncompliant. By the end of this course, you'll be prepared to start your journey in shifting certain desktop workloads to Microsoft Intune in the cloud.

About the author
About the author

Greg Shields is an Author Evangelist at Pluralsight.

More from the author
More courses by Greg Shields
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey, this is Greg Shields, and you found the seventh and final course in my learning path on the configuration and everyday use of System Center Configuration Manager Current Branch and Microsoft Intune. I am Author Evangelist and a full-time author here at Pluralsight, and I've been building, managing, and helping others with SCCM since its earliest days as SMS version 1. 2. Our learning path's long journey through SCCM ends in this course through its integration with Microsoft Intune. Here in this course, we explore the SCCM and Intune co-management configuration, as well as the everyday tasks in managing desktops via Microsoft's modern approach. In this final course out of seven, you'll experience the important differences between SCCM's traditional approach to desktop management and how Intune focuses on more of a light touch. You'll begin by enabling the co-management configuration and determining which of SCCM's workloads should be shifted wholesale over to Intune's control. Then you'll enroll a series of Windows 10 desktops via both automated and manual enrollment. Next, you'll manage a few device configurations and even deploy a few applications via the Intune console. Lastly, you'll walk through a simple, but powerful use case in applying device compliance and conditional access policies to restrict user access to company data when devices go noncompliant. If you've just been tasked with building a new Configuration Manager environment, this course is your next stop on brushing up on those skills for success. And then from here, you'll be ready to conclude the learning path as you begin shifting certain desktop workloads to Microsoft Intune in the cloud. Let's get started.

Enforce Device Compliance and Enable Conditional Access
I want to finish out this course and this learning path with a quick look here at device compliance and conditional access, and specifically how Intune, whether in a co-management configuration or not, can combine these two elements together to deny access to company resources when conditions on a device aren't compliant. To that end, there is a small but growing list of use cases for which this combination of device compliance on one side and conditional access on the other can be used to restrict access to company data. And here in this module, I want to walk you through just a single, very simple but very powerful use case so that you're prepared for the steps that will get you started in creating many of the rest of them. For this use case, let's protect our Intune infrastructure from an inadvertent administrator whoops. Let's require the firewall to be enabled on an admin's Windows 10 machine for it to be in compliance, and if that firewall for any reason drops, then that machine is no longer compliant, and that admin can no longer access the Azure portal. Let's begin that process by preparing then Intune for then enforcing device compliance. There are a couple of different settings there that we want to take a look at that can define the notifications and the locations for where device compliance should apply and how people should get notified when they're not. And then from there, let's configure a device compliance policy, so determining what configuration makes one then in compliance. Let's also configure a conditional access policy that takes that compliance policy and turns it into what you should prevent that user from accessing, and then lastly validate that it's actually enforced correctly. Let's see then on one of our example desktops here what happens when that device thing goes out of compliance.