Microsoft Intune Skills Plan

La gestione efficace degli endpoint presenta una serie di criticità. Ad esempio, come si gestiscono gli investimenti esistenti? In che modo è possibile garantire livelli di sicurezza appropriati sotto forma di controllo di accesso e crittografia? Come si può determinare quale utente, dispositivo o app è conforme in base ai requisiti aziendali?

La gestione degli endpoint è importante perché offre maggiore visibilità su tutti i dispositivi usati nell'organizzazione. Poiché il numero di dispositivi che le persone usano per lavorare è aumentato, la superficie di attacco è cresciuta. La gestione degli endpoint offre gli strumenti per monitorare i dispositivi, assicurarsi siano aggiornati, rilevare la presenza di eventuali minacce e fermare rapidamente attacchi basati su endpoint.

Microsoft Intune è una famiglia di soluzioni per la gestione degli endpoint che ti consentono di proteggere e gestire tutti gli endpoint da un unico posto. Questi prodotti ti consentono di:

• Unificare tutti gli strumenti di gestione degli endpoint in un'unica soluzione e di semplificare l'amministrazione.
• Rafforzare la sicurezza della gestione degli endpoint con funzionalità che ti consentono di proteggere i dati aziendali e di mantenere la conformità dei dispositivi.
• Ridurre i costi ottimizzando le prestazioni dei diversi dispositivi e consolidando i fornitori delle soluzioni di sicurezza e di gestione degli endpoint.

L'intelligenza del cloud è al cuore dell'informatica moderna e Microsoft Intune offre questa gestione moderna. Qui di seguito ci sono alcuni link che vi permetteranno di approfondire la vostra conoscenza di Microsoft Intune.

Deploy Windows client

Plan and implement a Windows client deployment by using Windows Autopilot

• Configure device registration for Autopilot
  • Manually register devices with Windows Autopilot
• Create, validate, and assign deployment profiles
  • Create device groups
  • Configure Autopilot profiles
• Set up the Enrollment Status Page (ESP)
  • Windows Autopilot Enrollment Status Page
  • Set up the Enrollment Status Page
• Deploy Windows devices by using Autopilot
  • Windows Autopilot user-driven mode
  • Windows Autopilot self-deploying mode
  • Windows Autopilot Reset
• Troubleshoot an Autopilot deployment
  • Troubleshooting overview

Configure remote management

• Configure Remote Help in Intune
  • Remotely assist users that are authenticated by your organization
  • Utilizzare Remote Help con Microsoft Intune

Manage identity and compliance

Manage identity

• Implement user authentication on Windows devices, including Windows Hello for Business, passwordless, and tokens
  • Windows Hello for Business Deployment Overview
  • Passwordless authentication options for Azure Active Directory
  • Plan a passwordless authentication deployment in Azure Active Directory
  • Authentication methods in Azure Active Directory – OATH tokens
  • Enable passwordless security key sign-in
• Manage role-based access control (RBAC) for Intune
  • How To Create and Assign Custom Intune Roles With PowerShell (Blog)
  • Role-based access control (RBAC) with Microsoft Intune
• Register devices in and join devices to Azure AD
  • How it works: Device registration
  • Dispositivi Azure AD Joined, Hybrid Azure AD Joined e Azure AD Registered: facciamo chiarezza
• Implement the Intune Connector for Active Directory
  • Deploy hybrid Azure AD-joined devices by using Intune and Windows Autopilot
• Manage the membership of local groups on Windows devices
  • Manage local groups on Windows devices
  • Microsoft Intune – Rimozione degli utenti che hanno effettuato il join ad Azure AD dal gruppo Administrators
  • Microsoft Intune – Gestire l’appartenenza ai gruppi locali di Windows
• Implement and manage Local Administrative Passwords Solution (LAPS) for Azure AD
  • Get started with Windows LAPS and Azure Active Directory
  • Microsoft Intune – Configurazione delle password amministrative locali con Windows LAPS

Implement compliance policies for all supported device platforms by using Intune

• Specify compliance policies to meet requirements
  • Use compliance policies to set rules for devices you manage with Intune
• Implement compliance policies
  • Create a compliance policy in Microsoft Intune
• Implement Conditional Access policies that require a compliance status
  • Create a device-based Conditional Access policy
• Manage notifications for compliance policies
  • Quickstart: Send notifications to noncompliant devices
  • Microsoft Intune – Distribuire Organizational messages
• Monitor device compliance
  • Monitor results of your Intune Device compliance policies
• Troubleshoot compliance policies
  • Troubleshooting policies and profiles in Microsoft Intune

Manage, maintain, and protect devices

Manage the device lifecycle in Intune

• Configure enrollment settings
  • Enrollment options for devices managed by Intune
  • Intune enrollment methods for Windows devices
• Configure automatic and bulk enrollment, including Windows, Apple, and Android
  • Quickstart: Set up automatic enrollment for Windows 10/11 devices
  • Bulk enrollment for Windows devices
  • Enroll Android devices
  • Enroll iOS/iPadOS devices in Intune
  • Set up automated device enrollment for IOS in Intune
  • Microsoft Intune – Enrollment di dispositivi Linux
• Configure policy sets
  • Use policy sets to group collections of management objects
  • Microsoft 365 Modern Desktop Management – Utilizzare Microsoft Endpoint Manager Policy Sets
• Restart, retire, or wipe devices
  • Remotely restart devices with Intune
  • Remove devices by using wipe, retire, or manually unenrolling the device

Manage device configuration for all supported device platforms by using Intune

• Specify configuration profiles to meet requirements
  • Apply features and settings on your devices using device profiles in Microsoft Intune
• Implement configuration profiles
  • Create a device profile in Microsoft Intune
  • Microsoft 365 Modern Desktop Management – Gestione di Windows 10 con Microsoft Intune utilizzando i device profiles
• Monitor and troubleshoot configuration profiles
  • Monitor device configuration profiles in Microsoft Intune
  • Troubleshooting policies and profiles in Microsoft Intune
• Configure and implement Windows kiosk mode
  • Windows 10/11 and newer device settings to run as a kiosk in Intune
  • Microsoft 365 Modern Desktop Management – Configurazione e distribuzione di kiosk devices con Windows AutoPilot – Self-deploying (Preview) con Microsoft Intune
• Configure and implement profiles on Android devices, including fully managed, dedicated, corporate-owned, and work profile
  • Enroll your Android Enterprise dedicated, fully managed, or corporate-owned with work profile devices
  • Android Enterprise device settings list to allow or restrict features on corporate-owned devices using Intune
  • Microsoft Intune – Enroll di un dispositivo Android in modalità COPE (Corporate-owned with work profile)
  • Microsoft Intune – Enroll di un dispositivo Android in modalità Corporate-owned dedicated profile
  • Microsoft Intune – Enroll di un dispositivo Android dedicato con Azure AD Shared mode
  • Microsoft Intune – Enroll di un dispositivo Android utilizzando Samsung Knox Mobile Enrollment (KME)
  • Microsoft Intune – Enroll di un dispositivo Android in modalità Corporate-owned, fully managed user profile
  • Microsoft Endpoint Manager – Microsoft Intune – Enrollment di un dispositivo Android personale (BYOD) con il profilo di lavoro
• Plan and implement Microsoft Tunnel for Intune
  • Microsoft Tunnel for Microsoft Intune
  • Microsoft Endpoint Manager – Microsoft Intune – Configurazione della soluzione Microsoft Tunnel

Monitor devices

• Monitor devices by using Intune
  • Use Windows Health Monitoring profile on Windows devices in Microsoft Intune
  • Monitor device profiles in Intune
• Monitor devices by using Azure Monitor
  • Microsoft Intune and Azure Log Analytics
• Analyze and respond to issues identified in Endpoint analytics and Adoption Score
  • Quickstart: Enroll Intune devices into Endpoint analytics
  • Microsoft Endpoint Manager – Microsoft Intune – Introduzione alla soluzione Endpoint Analytics
  • Endpoint analytics in Microsoft Adoption Score
  • Tutorial: Proactive remediations
  • Microsoft Intune – Proactive remediations in Endpoint Analitycs

Manage device updates for all supported device platforms by using Intune

• Plan for device updates
  • Manage Windows 10 and Windows 11 software updates in Intune
• Create and manage update policies by using Intune
  • Update rings for Windows 10 and later policy in Intune
  • Microsoft Intune – Gestione degli aggiornamenti dei dispositivi Windows 10/11
  • Manage iOS/iPadOS software update policies in Intune
  • Manage macOS software update policies in Intune
• Manage Android updates by using configuration profiles
  • Best practices for updating your Android Enterprise apps
• Monitor updates
  • Intune compliance reports for updates
• Troubleshoot updates in Intune
  • Support Tip: Troubleshooting Windows 10 Update Ring Policies
• Configure Windows client delivery optimization by using Intune
  • Delivery Optimization settings in Microsoft Intune
• Create and manage update rings by using Intune
  • Settings for Windows Update that you can manage through Intune policy for Update rings

Implement endpoint protection for all supported device platforms

• Implement and manage security baselines in Intune
  • Manage security baseline profiles in Microsoft Intune
  • Distribuire le Windows security baseline con Microsoft Intune
• Create and manage configuration policies for Endpoint security including antivirus, encryption,
  firewall, endpoint detection and response (EDR), and attack surface reduction (ASR)
  • Antivirus policy for endpoint security in Intune
  • Disk encryption policy for endpoint security in Intune
  • Endpoint detection and response policy for endpoint security in Intune
  • Attack surface reduction policy for endpoint security in Intune
• Onboard devices to Defender for Endpoint
  • Onboard devices and configure Microsoft Defender for Endpoint capabilities
  • Onboarding di Windows 10/11 in Microsoft Defender for Endpoint/Business utilizzando Microsoft Intune
• Implement automated response capabilities in Defender for Endpoint
  • Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint
• Review and respond to device issues identified in the Microsoft Defender Vulnerability
  Management dashboard
  • Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint

Manage applications

Implement endpoint protection for all supported device platforms

• Deploy apps by using Intune
  • Windows 10/11 app deployment by using Microsoft Intune
  • Microsoft Endpoint Manager – Microsoft Intune – Distribuire e gestire le applicazioni in Windows 10 e Windows 11
• Manage Microsoft 365 Apps by using the Microsoft 365 Apps admin center
  • Overview of the Microsoft 365 Apps admin center
• Deploy Microsoft 365 Apps by using Intune
  • Add Microsoft 365 Apps to Windows 10/11 devices with Microsoft Intune
• Configure policies for Office apps by using Intune
  • Policies for Office apps
• Deploy apps to platform-specific app stores by using Intune
  • Add iOS store apps to Microsoft Intune
  • Microsoft Endpoint Manager – Microsoft Intune – Distribuire e gestire le applicazioni per dispositivi Apple iOS e iPadOS
  • Add Microsoft Store apps to Microsoft Intune
  • Microsoft Intune – Distribuire le app del Microsoft Store
  • Add Managed Google Play apps to Android Enterprise devices with Intune

Implement endpoint protection for all supported device platforms

•  Plan and implement app protection policies for iOS and Android
  • App protection policies for iOS/iPadOS and Android apps
  • Microsoft Intune – Creazione di una app protection policy per il Mobile Application Management (MAM) di dispositivi Android
• Manage app protection policies
  • App protection policies overview
  • How to validate your app protection policy setup in Microsoft Intune
  • How to monitor app protection policies
• Implement Conditional Access policies for app protection policies
  • Common Conditional Access policy: Require approved client apps or app protection policy
• Plan and implement app configuration policies for managed apps and managed devices
  • App configuration policies for Microsoft Intune
• Manage app configuration policies
  • App configuration policies for Microsoft Intune