Microsoft 365 Endpoint Administrator (Aligned Courseware)

Microsoft 365 Endpoint Administrator (Aligned Courseware) Courseware (MD-102)

In this course, students will learn to plan and execute an endpoint deployment strategy using contemporary deployment techniques and implementing update strategies. The course introduces essential elements of modern management, co-management approaches, and Microsoft Intune integration. It covers app deployment, management of browser-based applications, and key security concepts such as authentication, identities, access, and compliance policies. Technologies like Azure Active Directory, Azure Information Protection, and Microsoft Defender for Endpoint are explored to protect devices and data.

Based on customer feedback and demand from Training Service Providers (Learning Partners) and Microsoft Certified Trainers (MCTs) in regards to the content on Microsoft Learn not meeting the demands of students in the classroom, Specialist Courseware made the commitment to author courseware that aligned directly to the Microsoft Official Courses.

The content is aligned almost identically with official courses, with some exceptions.  Where we find deficiencies in the official courses based on the exam requirements, we may add or enhance content.  Where PPT slides lack detail, these have been amended to create a rich and more engaging experience for the students.


The Microsoft 365 Endpoint Administrator is responsible for deploying, configuring, securing, managing, and monitoring devices and client applications in a corporate setting. Their duties include managing identity, access, policies, updates, and apps. They work alongside the M365 Enterprise Administrator to develop and execute a device strategy that aligns with the requirements of a modern organization. Microsoft 365 Endpoint Administrators should be well-versed in M365 workloads and possess extensive skills and experience in deploying, configuring, and maintaining Windows 11 and later, as well as non-Windows devices. Their role emphasizes cloud services over on-premises management technologies.


Module 1: Managing Identity
Lesson 1: Overview of Microsoft Intune
  • What is Microsoft Intune?
  • Intune integration
  • Enroll in device management, application management, or both
  • Protect data on any device
Lesson 2: Overview of Entra ID
  • What is Microsoft Entra ID?
  • What are the Entra ID editions?
  • Compare Microsoft Entra ID with AD DS
  • Demonstration: Compare AD DS and Entra ID
  • What is Azure AD Domain Services?
Lesson 3: The administrative model in Microsoft 365
  • Built-in roles
  • Custom roles
  • Scoping the roles
  • Managing RBAC roles
  • Demonstration: Reviewing RBAC roles and administrative units
Lesson 4: Managing user and group objects
  • Managing Microsoft 365 with Windows PowerShell
  • Managing user accounts
  • Managing Groups
  • Demonstration: Creating security principals
  • Lab: Managing identities in Azure AD
Lesson 5: Directory Synchronization
  • What is Directory Synchronization?
  • What is Azure AD Connect?
  • What is Azure AD Cloud Sync?
  • Considerations for directory synchronization
  • Planning writeback options
  • Configuring Azure AD Connect Sync
  • Demonstration: Configuring Azure AD Connect sync
  • Lab: Synchronizing Identities by using Azure AD Connect
Lesson 6: Managing device authentication
  • Prerequisites for Azure AD Join or Register
  • What is Azure AD Join?
  • What is Hybrid Azure AD Join?
  • What is Azure AD Register?
  • Demonstration: Performing Azure AD Join and Azure AD Register
  • Lab: Configuring and managing Azure AD Join
  • Lab: Manage Azure AD device registration
Module 2: Enrolling devices
Lesson 1: Overview of Intune lifecycle
  • Mobility is the new normal
  • What’s driving change?
  • Empowering enterprise mobility
  • Why Intune?
  • Enterprise Mobility Suite
  • Device management challenges
  • Enterprise mobility management with Intune
  • Comprehensive lifecycle management
Lesson 2: Enrolling devices in Intune
  • Supported device operating systems
  • Prerequisites for enrollment
  • Enrollment restrictions
  • Device enrollment managers
  • Demonstration: Preparing for device enrollment
  • Lab: Manage Device Enrollment into Intune
  • Enrolling Windows devices
  • Enrolling Android and iOS devices
  • Demonstration: Enrolling devices
  • Lab: Enrolling devices into Microsoft Intune
Lesson 3: Performing remote actions
  • Remote actions
  • Remotely lock devices
  • Reset or remove a passcode
  • Remove devices with wipe or retire
  • Perform a Fresh Start
  • Remotely restart devices
  • Apple device actions – Enable lost mode
  • Communication – Send custom notifications in Intune
  • Communication – Organizational messages
  • Sync a device
  • Use bulk device actions
  • Demonstration: Performing remote actions
Lesson 4: Overview of Windows remote management
  • Windows Admin Center
  • Demonstration: Using Windows Admin Center
  • PowerShell remoting
  • Implement and manage LAPS in Entra ID
  • Demonstration: Configuring LAPS
  • Implement Remote Help in Intune
Module 3: Configuring devices
Lesson 1: Review of Group Policy
  • Overview of Group Policy fundamentals
  • Group Policy Objects
  • Scoping GPOs
  • Group Policy inheritance
  • Administrative templates
  • Demonstration: Reviewing Group Policy
Lesson 2: Creating device configuration profiles
  • Reviewing supported operating systems and types of profile
  • Creating device configuration profiles
  • Using scope tags
  • Using policy sets
  • Demonstration: Implementing device configuration profiles
  • Lab: Creating and deploying configuration profiles
  • Creating a kiosk configuration profile
  • Demonstration: Implementing kiosk mode
  • Lab: Using a Configuration Profile to configure Kiosk mode
  • Lab: Using a Configuration Profile to configure iOS and iPadOS Wi-Fi settings
  • Migrating from Group Policy
  • Lab: Using Group Policy Analytics to validate GPO support in Intune
Lesson 3: Monitoring device configuration
  • Monitor device profiles
  • Manage device sync
  • Understand conflicts
  • Demonstration: Monitoring configuration profiles
  • Lab: Monitor device and user activity in Intune
Lesson 4: Synchronizing user state
  • Overview of Folder Redirection
  • Overview of UE-V
  • Overview of enterprise state roaming
  • Demonstration: Reviewing user state sync options
Module 4: Managing apps
Lesson 1: App deployment options
  • Overview of MAM
  • Review the app lifecycle
  • Methods for app deployment
  • Demonstration: Reviewing app management
Lesson 2: Microsoft 365 Apps for enterprise
  • Overview of Microsoft 365 Apps for enterprise
  • Microsoft 365 Apps for enterprise vs. Office Professional 2021
  • Internet requirements
  • Microsoft 365 Apps for enterprise licensing and activation
  • Customizing Click-to-Run options
  • Using the Microsoft Apps admin center
  • Creating a deployment configuration file
  • Overview of the Office Deployment Tool
  • Demonstration: Managing Microsoft 365 apps
Lesson 3: Deploying and managing apps with Intune
  • Deploying apps with Intune
  • Deploying Microsoft 365 apps for Enterprise with Intune
  • Demonstration: Deploying apps
  • Lab: Deploying cloud apps using Intune
  • Mobile Application Management options
  • Demonstration: Managing apps
  • Lab: Configure App Protection Policies for Mobile Devices
Module 5: Managing authentication and compliance
Lesson 1: Enabling organizational access
  • Overview of remote access options
  • What is a VPN?
  • Configuring a VPN
  • What is Microsoft Tunnel Gateway?
  • Demonstration: Reviewing Microsoft Tunnel Gateway setup
Lesson 2: Protecting identities in Entra ID
  • Managing multi-factor authentication
  • Implementing Windows Hello in Intune
  • Demonstration: Managing MFA
  • Self-service password reset
  • Demonstration: Managing SSPR
Lesson 3: Implementing compliance and conditional access policies
  • Managing device compliance
  • Demonstration: Configuring compliance policies
  • Managing conditional access policies
  • Demonstration: Configuring conditional access policies
  • Lab: Configuring Multi-factor Authentication
  • Lab: Configuring Self-service password reset for user accounts in Azure AD
  • Lab: Configuring and validating device compliance
Module 6: Securing endpoint devices
Lesson 1: Managing Microsoft Defender in Windows client
  • Windows 11 security features
  • Windows Firewall with Advanced Security
  • Microsoft Defender Antivirus
  • Demonstration: Implementing Microsoft Defender in Windows
Lesson 2: Implementing Endpoint security
  • Overview of security baselines
  • Endpoint detection and response
  • Demonstration: Securing endpoints in Intune
  • Lab: Configuring Endpoint security using Intune
Lesson 3: Implementing device data protection
  • Implementing Data Loss Prevention
  • Configuring BitLocker
  • Demonstration: Implementing device data protection
  • Lab: Configuring Disk Encryption Using Intune
Module 7: Deploying Windows with on-premises tools
Lesson 1: Overview of on-premises deployment
  • Overview of images
  • Overview of image-based installation tools
  • Creating, updating, and maintaining images
  • Windows ADK for Windows 10/11
  • Windows Deployment Services
  • Microsoft Deployment Toolkit
Lesson 2: Deploy using the Microsoft Deployment Toolkit
  • Creating images in MDT
  • Deploying images in MDT
  • Demonstration: Deploying Windows with MDT
  • Lab: Deploying Windows 11 using Microsoft Deployment Toolkit
Module 8: Deploying Windows with modern tools
Lesson 1: Dynamic provisioning
  • Windows Autopilot
  • Provisioning packages with Windows Configuration Designer
  • Implementing subscription activation
  • Azure AD join with automatic MDM enrollment
Lesson 2: Overview of Windows Autopilot
  • Autopilot for modern deployments
  • Device lifecycle management with Windows Autopilot and Intune
  • Requirements for Windows Autopilot
Lesson 3: Preparing for Windows Autopilot deployment
  • Preparing for Autopilot
  • Demonstration: Preparing for Autopilot
  • Registering devices
  • Demonstration: Uploading device IDs
  • Assigning an Autopilot deployment profile
  • Demonstration: Creating a deployment profile
Lesson 4: Deploying Windows using Windows Autopilot
  • Creating an enrollment status page
  • Windows Autopilot Deployment Scenarios
  • Demonstration: Deploying Windows with Autopilot
  • Lab: Deploying Windows with Autopilot
  • Lab: Refreshing Windows with Autopilot Reset and Self-Deploying mode
Module 9: Managing updates, upgrades, and using analytics
Lesson 1: Managing updates
  • What are the available Servicing Channels?
  • Applying Windows updates
  • Configuring Windows Update settings
  • Using Group Policy to configure Windows updates
  • Windows Server Update Services
  • Managing updates with Intune
  • What is Windows Autopatch?
  • Delivery Optimization for Windows Updates
  • Demonstration: Managing updates in Intune
Lesson 2: Understanding upgrades
  • Supported upgrade paths
  • Compare in-place upgrades with migrations
  • The process for performing an in-place upgrade to Windows 11
  • The process for migrating to Windows 11
Lesson 3: Using analytics
  • Setup Endpoint Analytics
  • Explore Endpoint Analytics
  • Demonstration: Using Endpoint Analytics

Required Prerequisites



Length: 5 days | $62.00 per copy
Labs providers: Skillable, go deploy

LicenseRequest More InformationRequest Trainer Evaluation Copy

*When labs are available, they must be purchased from the lab provider.