Vault™ > MD-102T00: Microsoft 365 Endpoint Administrator

Access to the Vault™ requires an active Microsoft Live Subscription.

Login Buy Subscription

MD-102T00: Microsoft 365 Endpoint Administrator

By Mark Jacob
5 Days
Live Class Recording
March 18, 2024

Courseware is available for this class. Click here to view in a new tab/window.

Course Description

In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.

Course Outline

Learning Path 1: Explore Modern Management

This learning path is designed to provide a comprehensive understanding of enterprise desktops, Windows editions, and Azure Active Directory. It includes exploring various Windows editions, including their features and installation methods. It delves into Azure Active Directory, highlighting its similarities and differences with AD DS and how to synchronize the two. Furthermore, learners will better understand managing Azure Active Directory identities. Overall, this learning path equips learners with the necessary knowledge and skills to effectively support enterprise desktops and manage Azure Active Directory identities.


  • The Enterprise Desktop
  • Azure AD Overview
  • Managing Identities in Azure AD
  • Manage Azure Active Directory identities


  • Managing identities in Azure AD
  • Using Azure AD Connect to connect Active Directories


Learning Path 2: Execute Device Enrollment

This learning path will cover Azure AD join and will introduce Microsoft Endpoint Manager. We'll also discuss how to configure policies for enrolling devices to Configuration Manager and Microsoft Intune.


  • Manage Device Authentication
  • Enroll device using Microsoft Endpoint Configuration Manager
  • Enroll device using Microsoft Intune


  • Configuring and managing Azure AD join
  • Manage Azure AD device registration
  • Manage Device Enrollment into Intune
  • Enrolling Devices into Intune


Learning Path 3: Configuring Profiles for User and Devices

This learning path explores Intune device profiles, the benefits of user profiles and how to synchronize profile data across multiple devices.


  • Execute Device Profiles
  • Oversee Device Profiles
  • Maintain User Profiles


  • Creating and Deploying Configuration Profiles
  • Using a Configuring Profile to configure Kiosk mode
  • Using a Configuring Profile to configure iOS and iPadOS Wi-Fi settings
  • Using Group Policy Analytics to validate GPO support in Intune
  • Monitor device and user activity in Intune


Learning Path 4: Examine Application Management

In this Learning Path, Learners will examine application management methods using on-premises and cloud-based solutions.


  • Execute Mobile Application Management (MAM)
  • Deploying and updating applications
  • Administering endpoint applications


  • Deploying Cloud Apps using Intune
  • Configure App Protection Policies for Mobile Devices
  • Deploy Apps using Endpoint Configuration Manager
  • Deploy Apps using Microsoft Store for Business
  • Deploy Apps using Microsoft Store for Business


Learning Path 5: Managing Authentication and Compliance

This learning path covers the various solutions for managing authentication. Students will also learn about the different types of VPNs, as well as compliance and conditional access policies.


  • Protecting Identities in Azure AD
  • Enabling Organization Access
  • Implement Device Compliance Policies
  • Generate inventory and compliance reports


  • Configuring Multi-Factor Authentication
  • Configuring Self-Service password reset
  • Configuring and validating Device Compliance
  • Creating device inventory reports


Learning Path 6: Managing Endpoint Security

In this learning path, students will learn about data protection and protecting endpoints against threats. This path will also cover the key capabilities of Microsoft Defender solutions.


  • Deploy device data protection
  • Manage Microsoft Defender to Endpoint
  • Managing Windows Defender for client
  • Managing Windows Defender for cloud apps


  • Configure and Deploy Windows Information Protection Policies by using Intune
  • Configuring Endpoint security using Intune
  • Configuring Disk Encryption using Intune
  • Describe the methods protecting device data.


Learning Path 7: Deployment using on-premise based tools

Students are introduced to deployment using the Microsoft Deployment Toolkit and Configuration Manager.


  • Assess Deployment Readiness
  • Deploy using the Microsoft Deployment Toolkit (MDT)
  • Deploy using Microsoft Configuration Manager


  • Deploying Windows 10 using Microsoft Deployment Toolkit
  • Deploying Windows 10 using Endpoint Configuration Manager


Learning Path 8: Deploy using cloud-based tools

This Learning Path Students will learn about using Windows Autopilot and deployment using Microsoft Intune. Students will also learn how co-management can be used to transition to modern management.


  • Deploy Devices using Windows Autopilot
  • Implement dynamic deployment methods
  • Plan a transition to modern endpoint management
  • Manage Windows 365
  • Manage Azure virtual desktop


  • Deploying Windows 10 with Autopilot
  • Refreshing Windows with Autopilot Reset and Self-Deploying mode
  • Configuring Cloud Attach and Co-Management Using Configuration Manager
Course Content
Class introduction
Learning Path 1: Explore Endpoint management
Module 1: Explore the enterprise desktop
Module 2: Explore Windows Editions
Module 3: Understand Azure Active Directory (Entra ID)
Module 4: Manage Azure Active Directory Identities (Entra ID)
Learning Path 2: Execute device enrollment
Module 1: Manage device authentication
Module 2: Enroll devices using Microsoft Configuration Manager
Module 3: Enroll devices using Microsoft Intune - and labs
Learning Path 3: Configure profiles for users and devices
Morning review
Module 1: Execute device profiles
Module 2: Oversee device profiles
Module 3: Maintain user profiles
Learning Path 4: Examine application management
Module 1: Execute mobile application management - and labs
Morning review
Module 2: Deploy and update applications
Module 3: Administer endpoint applications
Learning Path 5: Manage authentication and compliance complianceManage authentication and compliance
Module 1: Protect identities in Active Directory (Entra ID) - part 1
Module 1: Protect identities in Active Directory (Entra ID) - part 2
Module 2: Enable organizational access
Module 3: Implement device compliance
Module 4: Generate inventory and compliance reports - and labs
Morning review
Learning Path 6: Manage endpoint security
Module 1: Deploy device data protection
Module 2: Manage Microsoft Defender for Endpoint
Module 3: Manage Microsoft Defender in Windows client
Module 4: Manage Microsoft Defender for Cloud Apps
Learning Path 7: Deploy using on-premises based tools
Module 1: Assess deployment readiness
Module 2: Deploy using the Microsoft Deployment Toolkit
Module 3: Deploy using Microsoft Configuration Manager - and labs
Morning review
Learning Path 8: Deploy using cloud-based tools
Module 1: Deploy Devices using Windows Autopilot
Module 2: Implement dynamic deployment methods
Module 3: Plan a transition to modern endpoint management
Module 4: Manage Windows 365
Module 5: Manage Azure Virtual Desktop - and labs