This webinar covered device management with Microsoft 365. It discussed using Azure Active Directory, Intune, and other mobile device management solutions to manage devices across BYOD, corporate-owned, and education scenarios. It also provided an overview of the new end user experience for enrolling devices and applying management policies through Intune, including guided device enrollment and app protection policies. The webinar concluded by providing resources for additional Microsoft 365 and cloud training from the presenter.

1. Need to Know Microsoft 365
Webinar
August 2019
@directorcia
http://about.me/ciaops

2. Web cast has started
Web cast is being recorded
If you can’t hear anything check
your speaker settings

3. For questions after the event:
Email : director@ciaops.com
Twitter : @directorcia

4. Webinar recordings at:
www.ciaopsacademy.com
Free access for CIAOPS patrons

5. Please:
- Turn off your mobile
- Turn off your email
- Have somewhere to
take notes

6. http://www.ciaopslearn.com

7. Agenda
- Microsoft 365 Update
- Device Management
- Q & A

9. News
• Microsoft365 Dark Mode
• https://medium.com/microsoft-design/designing-dark-mode-31400530787a
• Office 365 Outlook connector: Important upcoming changes
• https://flow.microsoft.com/en-us/blog/office-365-outlook-connector-important-upcoming-changes/
• Revamped student learning with Teams
• https://news.microsoft.com/features/high-tech-for-higher-ed-an-australian-engineering-professor-
revamps-student-learning-with-teams/
• MFA and End user Impacts
• https://c7solutions.com/2019/08/mfa-and-end-user-impacts
• What’s new in Teams
• https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/What-s-New-in-Microsoft-Teams-July-
2019/ba-p/779946

10. Device
Management with
Microsoft 365

11. Azure Active Directory
Azure AD Join
MDM Policies
Microsoft Intune
and other MDM
Traditional on-premCloud
Active Directory
Domain Join
Group Policy
System Center Configuration
Manager

12. Knowledge Workers
Productive on company-owned
and personal devices
Firstline Workers
Productive on shared/Kiosk
devices
SMB Employee
Productive personal devices
Simplified admin experience in
Teachers / Students
Productive on lab or school devices
Grouped based on classes/labs/carts
Customized console, policies for EDU
Intune and ConfigManager in Microsoft
365 Enterprise
Intune in Microsoft 365 F1 Microsoft 365 Business
powered by Intune
Intune for Education in
Microsoft 365 Education
M365 Flexible Device Management for all Organizations & Users

13. Mobile application
management
PC managementMobile device
management
Intune helps organizations provide their employees with access to corporate applications, data, and
resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT

14. Mobile devices and PCs Mobile devices
System Center
Configuration
Manager
Domain joined PCs
Configuration Manager integrated with Intune (hybrid)Intune standalone (cloud only)
IT IT
Intune web console Configuration Manager console

15. Consistent experience across:
Discover and install corporate apps
Manage devices and data
Ability to contact IT
Customizable terms and conditions

17. BYOD CORP OWNED

18. BYOD
Intune App Protection
Without Enrollment
AE Work Profile
Corp Owned
AE Dedicated (kiosk) AE Fully managed

19. New End User Experience

20. Guided Device Enrollment

22. Introduction to Intune App Protection Policies (APP)
Personal apps
Corporate apps
MDM
policies
Familiar Office experience
• Seamless “enrollment” into app management
• Use for personal and corporate accounts
Comprehensive protection
• App encryption at rest
• App access control – PIN or credentials
• Save as/copy/paste restrictions
• App-level selective wipe
MDM mgmt. by Intune or third-party is optional
Might be a good solution for these scenarios:
• BYOD when MDM is not required
• Extending app access to vendors and partners
• Already have an existing MDM solution
MAM
policies
MDM – optional
(Intune or 3rd-party)

23. + EMS

24. Modern Provisioning
Hardware Vendor
Windows
Autopilot Service
Employee unboxes device,
self-deploys
Ship Deliver direct to Employee
Self-deploy
IT Admin
Existing
DevicesRegister
devices
Intune and AAD
Register devices,
configure
profiles

25. Microsoft Cloud
3rd Party SaaS Apps
On Premises Apps
Microsoft Azure
Monitor users /
prevent data leak
Block various actions
Restrict download
Enforce MFA
Block sign-in
Allow sign-in
Access Control
Session Restrictions
OS Platform
Is Compliant / Domain joined
Is lost or stolen
Device Risk
Device
User identity
Group membership
Session Risk
User
Mobile or Cloud app
Per app policy
App
Location
IP range
Country / Region
ApplicationsPolicy Controls
Conditional Access
Policy Conditions
Windows
Defender
Azure AD
Identity
Protection
Service
Microsoft
Cloud App
Security
ODSP limited
access

26. Personal apps
Managed apps Company Portal
Are you sure you want to wipe
corporate data and applications
from the user’s device?
OK Cancel
Perform selective wipe via self-service company portal or admin console
Remove managed apps and data
Keep personal apps and data intact
ITIT

27. Personal apps
Managed apps
Maximize productivity while preventing leakage of company
data by restricting actions such as copy/cut/paste/save in
your managed app ecosystem
User

28. Enforce corporate data
access requirements
Prevent data leakage
on the device
Enforce encryption
of app data at rest
App-level
selective wipe

29. CIAOPS Resources
• Blog – http://blog.ciaops.com
• Free SharePoint Training via email – http://bit.ly/cia-gs-spo
• Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech
• Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops
• Free documents, presentations, eBooks – http://slideshare.net/directorcia
• Office 365, Azure, Cloud podcast – http://ciaops.podbean.com
• Office 365, Azure online training courses – http://www.ciaopsacademy.com
• Office 365 and Azure community – http://www.ciaopspatron.com
Twitter
@directorcia
Facebook
https://www.facebook.com/ciaops
Email
director@ciaops.com
Skype for Business
admin@ciaops365.com

30. Get access to the latest
information by becoming a
Patron
http://www.ciaopspatron.com

32. That’s all folks!
Thanks for attending