Manage Devices with all the tools of Microsoft Azure

Modern Managed Devices from Zero to Production («MMDZP»)

Mobile devices are everywhere to find in a today's world. They should be managed in an enterprise environment just like any other computer.
Date5 days

Course facts

In this training, you will learn to manage devices from a cloud perspective using Microsoft Intune.

Devices in a today's world can work from anywhere and whenever the users want, this changes the security requirements and the possibilities to manage them. You need to learn how this type of devices can be managed. Learn how to play with teaching end users to make your live better instead of locking down a device and handle all the problems outside of your organization. Learn to identify business cases, generate use cases and bring the right workload with the right technology to the modern workers.
This course is focusing on managing and securing devices with Microsoft EM&S suite. Expert and double MVP Mirko Colemberg developed this five-day hands-on lab, based on field experience.

Microsoft offers a new way to manage, deploy and service Windows devices. This training aims to show you how to keep Windows running based on our real-world experiences with Windows 10, AAD and Intune. We will build a virtual company and start from scratch to integrate a complete business-driven integration into the Microsoft's cloud. 

Here is an example of a use case: A Company has between 50 and 150 users, they like to stop having servers in a local Infrastructure. Move to modern. Start from scratch to Modern (Office 365, Azure AD and Intune). 

Business case: The company is an industrial enterprise that produces solar panels. Half their staff are working from around the world and from home, some people work in the office on shared computers, some are running around with tablets. A few people work at the office desk, in HR, Marketing and Sales. Now we must create a solution where this customer can remove the server infrastructure and have any application online as a SaaS app or third-party webhosting etc. The complete network infrastructure is connected to the Internet or/and has also over VPN (site-to-site, express route, always-on). We will walk you through each step; some areas will seem straightforward and easy while others will be rather deep and complex. 

We will cover: 

  • Listening to customer business/ use cases / workloads
  • Starting the planning phase
  • Setting up Azure Active Directory and Intune
  • Piloting the Integration, Get results from Pilot
  • Integrating it to production


Listening to a business case

  • House keeping
  • Getting the key aspects out of it
  • Possible solutions
  • What options do we have?
  • What are the goals of an integration?


  • Introduction to Windows-as-a-Service
    • Windows SAC, SAC-T, LTSC
    • Office SAC, SAC-T, LTSC
    • Creating a servicing plan
  • Tools/solutions
    • AD classic / SCCM
    • AAD / Intune
    • Co-management
  • Scenarios, big picture
    • GPO vs. OMA-URI (CSP)
    • Autopilot
    • mOSD
    • Wipe & Load vs. Reset


  • Azure AD
    • AAD and how it works
    • Branding
    • Intune Enrollment
    • AD Sync to AAD
    • Naming of groups
    • SSGM (groups, Naming)
    • SSPR
  • Intune
    • Create/manage policy
    • Create/manage profiles
    • Device config
    • Device compliance
    • Bitlocker config
    • Managing certificates
    • Creating use cases base Prof/Pol
    • Security baselines
    • Device enrollment
    • Enrollment manager
    • MFA for enrollment
  • Application Management
    • Configuring MSfB
    • Handling in-box apps
    • Installing win32-Bit Application
    • Installing Office 365 pro plus
    • Configure O365 Policy
    • Run PowerShell Scripts
    • Manage ADMX with PoSh
    • Integration Ruckzuk
    • Chocolatley
    • Syntaro
    • Your own Blob storage as repository
    • Running Powershell scripts
    • Manage ADMX with PoSh
    • Integration of Intune security baselines
  • Troubleshooting
    • Check installation of Application (Log)
    • Check Policy config (Logs)
  • Autopilot integration
    • Setting up Autopilot
    • AP profiles
      • User-based
      • Kiosk
    • Assignment APs
    • Importing Hash ID (Devices)
    • Script PoSh get HashID
    • Integrating Azure Automation for HashID
    • mOSD USB Stick
    • Using JSON without Posh
    • AD join connector
    • Dynamic AAD Groups
  • Security
    • Windows Defender Antivirus
    • Windows Defender Exploit Guard
    • Windows Defender SmartScreen
    • Windows Defender Firewall
    • Credential Guard
    • Secure Boot
    • Windows Defender ATP
    • Security baselines
    • Overview of all Azure Based Protection today
    • Windows Hello
    • Password reset on the Device login
    • Secure score
    • Cloud App Security
    • Hardware-based isolation
    • Protect devices from exploits
    • Controlled folder access
    • Security with Defender
  • Analytics
    • Desktop Analytics
    • Windows Analytics
    • Upgrade Readiness
    • OMS integration
    • Desktop App Assure
  • Take away during the course
    • Completing use case integration
    • Conditional Access Possibilities (Patch = Resource access)
    • Device config finish
    • Review of the integration
  • Starting from scratch, building and implementing any required settings for Azure AD and EM&S use by yourself
  • Getting from business cases to use cases and adding the workloads to the right technology
  • Implementing the right technology with all the settings you need to get your workloads done
  • Learning all the different settings that help implement a working environment based on your cases from your company:
    • Getting Azure AD running
    • Application Management
    • Modern OSD
    • Security baselines best practices
    • Analytics
    • Troubleshooting

50 percent of the time is dedicated to hands-on labs and exercises, 20 percent is use case and workload concepts with methods to work in production environments.

This course is intended for IT Professionals that require a deeper understanding of Modern Workplace with Windows and Azure Services and wish to increase their knowledge level. This course also provides background in business / use cases to taking the proper action to implement the proper possibilities for the proper workload.

  • Basic knowledge of how networks and the Internet work
  • Knowledge of processes with business and use cases
  • Basic PowerShell knowledge
  • Read about: OMA–URI (CSP) and Graph/AIP

Material goodies:

  • Student lab manual (online on Azure AD)
  • Slide decks (PDFs), lab files
  • A Surface GO device
  • Entering a Teams group on a private channel for all attendees:
    • to exchange your experience
    • Chat
    • Wiki
    • script sharing
    • from time to time an online meeting for important updates