MECM, SCCM, MEMCM, and Intune:  A Comprehensive Guide to Microsoft Endpoint Manager

Paths

MECM, SCCM, MEMCM, and Intune: A Comprehensive Guide to Microsoft Endpoint Manager

Author: Greg Shields

With the current IT landscape we live in today, managing the endpoints within your organization and keeping them efficient, up to date, and secure is of the utmost importance. In... Read more

What you will learn

  • Explain the purpose and use cases for Microsoft Endpoint Manager solutions and prepare a lab environment
  • Deploy an on-premises MECM site
  • Deploy MECM Clients
  • Manage inventory, queries/collections, and CMPivot with MECM
  • Deploy and use Cloud Management Gateway with MECM
  • Monitor and maintain an on-premises MECM site
  • Co-Manage Intune with Tenant Attach and Client Attach
  • Package software for deployment with MECM and Intune
  • Deploy applications with MECM
  • Deploy applications with Intune
  • Configure devices and endpoint protection with MECM
  • Configure devices and endpoint protection with Intune
  • Configure compliance policies with MECM and Intune
  • Implement Windows updates and servicing with MECM and Intune
  • Deploy operating systems and desktop analytics with MECM
  • Deploy/Integrate Windows Autopilot, Windows 365, and Azure Virtual Desktop with MECM/Intune

Pre-requisites

You should be familiar with Microsoft environments and operating systems.

MECM, SCCM, MEMCM, and Intune: A Comprehensive Guide to Microsoft Endpoint Manager

With the current IT landscape we live in today, managing the endpoints within your organization and keeping them efficient, up to date, and secure is of the utmost importance. In this path, you’ll be taken through Microsoft Endpoint Manager start to finish. As Microsoft’s main solution for managing endpoints both on premises and via the cloud, you’ll learn all you need to know about Microsoft Endpoint Configuration Manager as well as Microsoft Intune. As an added note, the products here are also known in various circles as SCCM, MECM, MEMCM, and ConfigMgr.

Microsoft Endpoint Manager: Introduction and Lab Preparation

by Greg Shields

Sep 7, 2021 / 1h 18m

1h 18m

Start Course
Description

Whether you're new to Microsoft Endpoint Manager, or have worked with it's many versions, you're surely aware of how complex any MEM implementation can be. The reach of this solution is so broad, and also so deep, that you almost have to know everything about MEM to truly appreciate anything about it.

Adding to the challenge is the significant overlap in functionality between MECM and Intune. Both solutions can solve very similar problems, but in different ways. This first course of sixteen, Microsoft Endpoint Manager: Introduction and Lab Preparation, gets you started in understanding the high-level architectures for both, with the goal of setting the stage for all the content to follow.

First, you'll start with an introduction to Microsoft Endpoint Manager and it's two major components, Microsoft Endpoint Configuration Manager and Microsoft Intune. Next, you'll explore the architectures of these two similar, but different solutions. Finally, you'll get to know the lab environment, including the Hyper-V virtual machines and Microsoft 365 instance you'll need if you plan on following along. By the end of this course, you will be more familiar with the content in the learning path, explore MEM, MECM, and Intune architectures, and be prepared in your lab environment.

Table of contents
  1. Course Overview
  2. Introduction
  3. Introduce Microsoft Endpoint Manager
  4. Explore Architectures for MECM and Intune
  5. Build Your Self-hosted Lab Environment

Microsoft Endpoint Manager: Deploy an On-premises MECM Site

by Greg Shields

Sep 7, 2021 / 1h 57m

1h 57m

Start Course
Description

The central core of an MECM hierarchy is the site, and for a lot of environments it's the primary site. That site is the boundary of administration for all the devices, machines, and software that needs configuration control.

But before you can manage those devices, there are some significant setup activities required to get an MECM primary site operational. Digging deeply into those setup activities is the theme for this course.

In this second course out of sixteen, Microsoft Endpoint Manager: Deploy an On-premises MECM Site, you'll begin by understanding the steps in installing an MECM primary site. This installation comes with a significant series of prerequisites that must be considered before starting any setup routine. Next, once installed, you'll configure the highest-level site and site system properties that are the core requirements for any primary site. This configuration will include several of the core site system roles that are needed before clients get distributed. Finally, you'll configure the distribution point role. Of the roles needed at first, the DP role is the most complicated to configure correctly to meet client needs wherever they might be.

Table of contents
  1. Course Overview
  2. Introduction
  3. Install an MECM Primary Site
  4. Configure Site and Site System Properties
  5. Configure the Distribution Point Role

Microsoft Endpoint Manager: Deploy MECM Clients

by Greg Shields

Sep 7, 2021 / 59m

59m

Start Course
Description

With a primary site and site server now installed, this course turns the attention to MECM's clients. While MECM is a great solution for deploying software, there is as you might imagine some client-side bootstrapping that's required to install clients and begin communication. MECM supports at least six different ways to deploy client software, as well as innumerable ways to customize client behaviors once installed.

In this third course out of sixteen, Microsoft Endpoint Manager: Deploy MECM Clients, you'll begin by exploring the preparatory configurations that are required for any MECM primary site before beginning client deployment. Next, you'll first walk through four of the six major client deployment options, including all the steps you'll need to successfully automate your deployments. Finally, once installed, you'll explore the MECM client itself. By the end of this course, you'll understand the user-focused UI, as well as the monitoring solutions in the MECM console for validating client health over time.

Table of contents
  1. Course Overview
  2. Introduction
  3. Prepare for MECM Client Deployment
  4. Install the MECM Client
  5. Explore and Monitor the MECM Client

Microsoft Endpoint Manager: Inventory, Queries/Collections, and CMPivot with MECM

by Greg Shields

Sep 7, 2021 / 2h 13m

2h 13m

Start Course
Description

The previous course finishes most of the foundational configurations to get an MECM primary site operational. But one final preparation involves the settings required to configure and customize hardware and software inventory collection. Enabling this data collection delivers access to an impressive range of machine characteristics. Understanding both the art and the science of then querying that data is arguably the most important and the most difficult part of the job.

In this fourth course out of sixteen, Microsoft Endpoint Manager: Inventory, Queries/Collections, and CMPivot with MECM, you'll begin by walking through the enabling and customization of hardware and software inventory on attached clients. Then, you'll dig deeply into the practices -- and the creativity -- in building useful queries that can be turned into ConfigMgr collections. Next, for those situations when you need absolute real-time client data, you'll see how CMPivot can accomplish the task. Then, you'll explore MECM's reporting engine and how to customize reports. Finally, you'll explore some special use cases for this collected data with Asset Intelligence andf Software Metering. By then end of this course, you'll have a better understanding of the settings required to configure and customize hardware and software inventory collection.

Table of contents
  1. Course Overview
  2. Introduction
  3. Configure MECM Hardware and Software Inventory
  4. Construct MECM Queries and Collections
  5. Explore CMPivot
  6. Explore MECM Reports
  7. Configure Asset Intelligence and Software Metering

Microsoft Endpoint Manager: Cloud Management Gateway with MECM

by Greg Shields

Sep 7, 2021 / 1h 25m

1h 25m

Start Course
Description

Everything you've seen in the learning path thus far has focused on the on-premises use case. These days, though, the endpoint management solution your organization needs is one that can also service internet-based clients. Extending your on-premises MECM infrastructure to manage those clients is the topic for this course. You accomplish it by preparing for and deploying MECM's Cloud Management Gateway into an available Azure subscription.

In this fifth course out of sixteen, Microsoft Endpoint Manager: Cloud Management Gateway with MECM, you'll get an introductory look at the Cloud Management Gateway itself. First, you'll get to know the use cases for the CMG, and how and where it fits into the rest of Microsoft Endpoint Manager, including Microsoft Intune. Then, you'll prepare the hierarchy for and then deploy the CMG into an Azure subscription. Once deployed, you'll get a chance to see the user experience for clients who leave your local-area network. Next, you'll explore a few special situations for deploying MECM clients to machines outside your LAN who need to connect to MECM via the CMG. Finally, you'll explore a very different tool for extending not only client access, but also your server infrastructure to your Azure subscription.

Table of contents
  1. Course Overview
  2. Introduction
  3. Introduce Cloud Management Gateway
  4. Deploy Cloud Management Gateway
  5. Deploy MECM Clients with CMG
  6. Extend and Migrate On-premises MECM Site to Azure

Microsoft Endpoint Manager: Monitor and Maintain an On-premises MECM Site

by Greg Shields

Sep 9, 2021 / 1h 20m

1h 20m

Start Course
Description

The daily monitoring and maintenance tasks of any IT service are as fundamental to their operation as is their actual usage. Keeping your MECM primary site healthy involves the same kinds of activities. Exploring the monitoring tools and the regular maintenance activities is the topic of this course.

In this sixth course out of sixteen, Microsoft Endpoint Manager: Monitor and Maintain an On-premises MECM Site, you'll begin by exploring the special configurations required to elevate MECM's security model to support HTTPS for site communication. Then, you'll step through the processes to delegate permissions to fellow IT administrators and help desk personnel. Next, you'll take a look at the monitoring tools included in the MECM console for digging into site system troubleshooting. Then, you'll explore the backup and recovery tasks for a primary site. Finally, you'll review the tasks in updating an MECM site, including all the preparatory work required before installing any of Microsoft's newest versions.

Table of contents
  1. Course Overview
  2. Introduction
  3. Explore Site Configuration for HTTPS
  4. Delegate MECM Permissions
  5. Monitor an MECM Site
  6. Explore MECM Site Backup and Recovery
  7. Update an MECM Site

Microsoft Endpoint Manager: Intune Co-management with Cloud Attach

by Greg Shields

Sep 15, 2021 / 2h 15m

2h 15m

Start Course
Description

Seven courses in, and this learning path finally gets around to the Microsoft Endpoint Manager integration between MECM and Intune. Delaying this topic to nearly the midpoint in the learning path was intentional, as the setup processes for MECM are so complex in nature. What results from their co-management interconnection is the ability to select which workload accomplishes each major category of activities.

In this seventh course out of sixteen, Microsoft Endpoint Manager: Intune Co-management with Cloud Attach, you'll start by diving deeply into the integration steps in configuring Cloud Attach between MECM and Intune, including steps in both the Tenant Attach and Client Attach configurations. Next, once integrated, you'll explore the reports that are surfaced by Endpoint Analytics across a small, but growing set of scenarios. Finally, you'll get to know the variety of ways to enroll devices into Intune, both with and without the MECM client, to expand the reach of your MEM infrastructure to other devices, including to your user's personal devices.

Table of contents
  1. Course Overview
  2. Introduction
  3. Configure Cloud Attach
  4. Explore Endpoint Analytics
  5. Enroll Windows Devices into Intune

Microsoft Endpoint Manager: Package Software for Deployment with MECM and Intune

by Greg Shields

Sep 15, 2021 / 1h 2m

1h 2m

Start Course
Description

At exactly the midpoint of this learning path, we have completed the steps necessary to build both an Intune and MECM environment, including their integration together. The second half of this learning path turns its attentions to actually using this environment. It begins with this course, which explores the tactics and techniques in software packaging -- all of which are needed to be successful in deploying software to devices via either half of Microsoft Endpoint Manager.

In this eighth course out of sixteen, Microsoft Endpoint Manager: Package Software for Deployment with MECM and Intune, you'll begin with an introduction to the art of software packaging. Today's software delivery mechanisms for Microsoft applications recognize a half-dozen major categories of application installations. This course's first module introduces you to the high-level best practices for addressing each. Next and finally, once you understand the high level tactics, you'll dig into the click-by-click steps needed to package and repackage each major category using tools that are freely available.

Table of contents
  1. Course Overview
  2. Introduction
  3. Understand the Art of Software Packaging
  4. Package Software for Deployment

Microsoft Endpoint Manager: Deploy Applications with MECM

by Greg Shields

Sep 30, 2021 / 2h 25m

2h 25m

Start Course
Description

Your work in packaging applications in the last course of this learning path sets the stage for delivering those applications in this course. MECM includes a robust -- and some might say complicated -- engine for configuring the who, when, and how applications get deployed. Configuring an application for deployment can literally require dozens of clicks, along with significant planning for all the deployment options you'll need to configure. Disentangling those options and walking you through the process is the mission for this course.

In this ninth course out of sixteen, Microsoft Endpoint Manager: Deploy Applications with MECM, you'll begin by preparing the MECM infrastructure for software deployment, including all the prerequisite configurations to enable software deployment to Windows devices. Next, you'll experience a comprehensive look at all the options that require attention for successfully crafting a deployment. Then, you'll explore the monitoring visualizations MECM provides alongside the troubleshooting tactics you can use in resolving failed deployments. Finally, you'll explore a series of advanced topics in MECM software deployment that exist to address a wide range of edge use cases.

Table of contents
  1. Course Overview
  2. Introduction
  3. Prepare MECM for Software Deployment
  4. Deploy Applications with MECM
  5. Monitor and Troubleshoot Deployments
  6. Advanced Topics in MECM Software Deployment

Microsoft Endpoint Manager: Deploy Applications with Intune

by Greg Shields

Oct 8, 2021 / 1h 11m

1h 11m

Start Course
Description

It may seem counterintuitive that Intune's application deployment mechanisms are a bit simpler than those for Configuration Manager. But when you think about the long-lived history of MECM, it makes sense that Intune arrives with much less historical baggage in accomplishing the task. Comparing the actions in configuration application deployments between these two solutions is the mission for this course.

In this tenth course out of sixteen, Microsoft Endpoint Manager: Deploy Applications with Intune, you'll start by exploring a few preparation tasks for application deployment in the Intune administrator's UI. You'll revisit the differences in the Company Portal interface for the variety of Azure AD connected devices, look at how Azure Enterprise Applications get surfaced to users, and see the easy deployment of the MECM client to Intune-enrolled devices. Then, you'll dig into the deployment of applications using the Intune admin UI, with a broad range of examples across the variety of different applications you'll be expected to deploy. Finally, you'll explore the monitoring and troubleshooting tools that Intune makes available for understanding the root causes of why applications don't install successfully.

Table of contents
  1. Course Overview
  2. Introduction
  3. Prepare Intune for Application Deployment
  4. Deploy Applications with Intune
  5. Monitor and Troubleshoot Deployments

Microsoft Endpoint Manager: Device Configuration and Endpoint Protection with MECM

by Greg Shields

Oct 14, 2021 / 57m

57m

Start Course
Description

Although MECM has lived a longer lifecycle than Intune, along with that long history comes a few legacy approaches to performing certain tasks. This course on device configuration may seem a little strange, because significant portions of the course are all about tasks that you ... shouldn't ... do in Configuration Manager. For many of today's device configuration and endpoint protection activities, Microsoft Intune simply offers a far superior solution. That said though, understanding where these configurations exist in MECM, and which ones you should enable versus those you can safely ignore is the mission for this course.

In this eleventh course out of sixteen, Microsoft Endpoint Manager: Device Configuration and Endpoint Protection with MECM, you'll start by exploring the options in MECM that exist for deploying device configurations to clients. Some of these, perhaps not surprisingly, involve technologies that have nothing to do with MECM at all, while others involve approaches that are better served through Intune's more MDM-like architecture. Next, you'll look at the endpoint protection policies in MECM, including which ones remain relevant for configuring via MECM today versus those better delivered from the Azure cloud.

Table of contents
  1. Course Overview
  2. Introduction
  3. Configure Devices with MECM
  4. Configure Endpoint Protection Policies with MECM

Microsoft Endpoint Manager: Device Configuration and Endpoint Protection with Intune

by Greg Shields

Oct 21, 2021 / 2h 54m

2h 54m

Start Course
Description

One might argue that there's an "old" way and a "new" way to performing device configuration and endpoint protection. The old way focused on files and registry keys, sometimes hacking either or both to force a machine into a certain configuration. The new way is more MDM-like in nature, leveraging onboard Configuration Service Providers to manage, perform, and report back on the change.

In this twelfth course out of sixteen, Microsoft Endpoint Manager: Device Configuration and Endpoint Protection with Intune, you'll explore deeply how Intune enacts change via the latter of these approaches. First, you'll start with an introduction to the basic foundation of device configuration in Intune -- the configuration profile, which accomplishes a lot but not everything. Next, you'll dig deeply into custom configurations using ADMX-backed profiles. Then, you'll explore how configuration profiles can enable many of the common endpoint protection services in Windows. Afterwards, you'll walk through an end-to-end example of deploying certificates to Intune-enrolled devices. Finally, you'll see a special use case that is App Protection Policies for encrypting and protecting data as it gets created. By the end of this course, you'll be one step further on your path to understanding the vast ways of using Intune as part of Microsoft Endpoint Manager.

Table of contents
  1. Course Overview
  2. Introduction
  3. Configure Configuration Profiles with Intune
  4. Configure ADMX-backed Policies with Intune
  5. Configure Endpoint Security with Intune
  6. Deploy Device Certificates with Intune
  7. Configure App Protection Policies with Intune

Microsoft Endpoint Manager: Compliance Policies with MECM and Intune

by Greg Shields

Oct 27, 2021 / 52m

52m

Start Course
Description

The conversation about device configuration over the last couple of courses has focused on just the configurations themselves. As performed, those configurations are more like preferences than any real policy. They configure machines, but users can adjust those configurations generally at will.
In this thirteenth course out of sixteen, Microsoft Endpoint Manager: Compliance Policies with MECM and Intune, you'll learn enforcing configurations, declaring misconfigured machines as non-compliant, and then bringing consequences to those misconfigurations. First, you'll start by looking at compliance in MECM. Next, you'll configure some custom compliance policies in MECM including auto-remediation and see how they look from the user's perspective. Then, you'll shift over to Intune to explore the very different approach Intune uses to address compliance. You'll create and deploy Intune compliance policies to see their effect on user's machines. Finally, you'll connect compliance policies to conditional access policies and deny access to corporate resources when machines go non-compliant. By the end of this course, you'll have a better understanding of enforcing configurations to meet compliance in MECM and Intune.

Table of contents
  1. Course Overview
  2. Introduction
  3. Configure Compliance Rules with MECM
  4. Configure Compliance Policies and Conditional Access with Intune

Microsoft Endpoint Manager: Windows Updates and Servicing with MECM and Intune

by Greg Shields

Nov 1, 2021 / 1h 6m

1h 6m

Start Course
Description

Most organizations have a very different relationship today with Microsoft updates than did they in the past. The move to cumulative updates and the wholesale shift in thinking away from individual patch installations has greatly decreased the bookkeeping efforts in keeping machines up-to-date. But some use cases in some environments still need discrete update control, which is why exactly those abilities still exist in endpoint manager today. Exploring the surprising number of update deployment approaches available in MECM and Intune is the topic of this course.

In this fourteenth course out of sixteen, Microsoft Endpoint Manager: Windows Updates and Servicing with MECM and Intune, you'll begin with a look at the history of patch and update management on Windows devices, and how that history informs why so many options exist for update deployment. Next, you'll prepare your MECM environment's Software Update Point and WSUS services for synchronizing and deploying update packages. Then, you'll explore the various approaches available in MECM for getting updates on machines. Finally, you'll peek at the new -- and far simpler, but far less granular -- Windows servicing approach using Windows Update for Business policies and update rings in Microsoft Intune.

Table of contents
  1. Course Overview
  2. Introduction
  3. Prepare MECM for Software Updates
  4. Deploy Software Updates with MECM
  5. Configure Windows Servicing with Intune

Microsoft Endpoint Manager: Operating Systems Deployment with MECM

by Greg Shields

Nov 12, 2021 / 2h 35m

2h 35m

Start Course
Description

In many ways, delivering an operating system to an awaiting device represents the capstone of our efforts in this learning path with MECM. The steps to accomplish an OS deployment are the most complex of all the tasks we've accomplished so far, but they're also the most robust. With a collection of all the applications, device configurations, updates, and security settings that we've built thus far, MECM's OS deployment offers a way to join everything together to deploy fully-realized operating systems via automated means.

In this fifteenth course out of sixteen, Microsoft Endpoint Manager: Operating Systems Deployment with MECM, you'll start by getting to know the use cases and scenarios for OS deployment in MECM. Then, you'll prepare MECM's site system roles for OSD. Next, you'll construct a series of task sequences in the MECM console to capture and deploy OSs. Once completed, you'll then integrate user state migration into your task sequence automations. Finally, you'll take a quick look at endpoint manager's soon-to-be-retired Desktop Analytics solution for bringing data to the OS upgrade process. By the end of this course, you'll have gained a deeper understanding of MECM's task sequences for OC deployment automation.

Table of contents
  1. Course Overview
  2. Introduction
  3. Understand OS Deployment with MECM
  4. Prepare MECM for OSD
  5. Capture and Deploy OS Images
  6. Integrate User State Migration
  7. Integrate Desktop Analytics

Microsoft Endpoint Manager: Windows Autopilot, Windows 365, and Azure Virtual Desktop

by Greg Shields

Nov 18, 2021 / 1h 12m

1h 12m

Start Course
Description

The courses in this learning path have been a long journey beginning with an MECM implementation, through an Intune integration, past a comprehensive look at MEM's major services, and ending here with how Intune can deploy and manage operating systems.

In this the sixteenth and final course in the path, Microsoft Endpoint Manager: Windows Autopilot, Windows 365, and Azure Virtual Desktop, you'll learn a deep exploration into Windows Autopilot. First, you'll understand the use cases for leveraging this cloud-centric OS deployment solution and walk through a detailed demonstration of how to enable it in your Intune subscription. Next, you'll get to know the integrations between Intune and Azure Virtual Desktop. Then, you'll discover that Intune treats AVD VMs much like regular physical devices, but with a few notable limitations. Finally, you'll experience the integration between Windows 365 and Intune, exploring the special requirements for VMs licensed as Windows 365 Enterprise. When you're finished with this course, you'll gain a fundamental understanding of Intune's OS deployment features.

Table of contents
  1. Course Overview
  2. Introduction
  3. Deploy Devices with Windows Autopilot
  4. Integrate Azure Virtual Desktop and Windows 365
Learning Paths

MECM, SCCM, MEMCM, and Intune: A Comprehensive Guide to Microsoft Endpoint Manager

  • Number of Courses16 courses
  • Duration26 hours

With the current IT landscape we live in today, managing the endpoints within your organization and keeping them efficient, up to date, and secure is of the utmost importance. In this path, you’ll be taken through Microsoft Endpoint Manager start to finish. As Microsoft’s main solution for managing endpoints both on premises and via the cloud, you’ll learn all you need to know about Microsoft Endpoint Configuration Manager as well as Microsoft Intune. As an added note, the products here are also known in various circles as SCCM, MECM, MEMCM, and ConfigMgr.

Courses in this path

MECM, SCCM, MEMCM, and Intune: A Comprehensive Guide to Microsoft Endpoint Manager

With the current IT landscape we live in today, managing the endpoints within your organization and keeping them efficient, up to date, and secure is of the utmost importance. In this path, you’ll be taken through Microsoft Endpoint Manager start to finish. As Microsoft’s main solution for managing endpoints both on premises and via the cloud, you’ll learn all you need to know about Microsoft Endpoint Configuration Manager as well as Microsoft Intune. As an added note, the products here are also known in various circles as SCCM, MECM, MEMCM, and ConfigMgr.

Join our learners and upskill
in leading technologies