Let's learn about the new standards for controlling device settings in a Microsoft environment. Get a discount on all my courses right now here: examlabpractice.com/courses
Пікірлер: 18
@examlabpractice4 ай бұрын
Get a discount on all my courses right now here: examlabpractice.com/courses
@garcialex063 ай бұрын
Thanks JC! I've been working with Intune for a while and with this shown I got some cool ideas for my endpoint management. Best regards!
@boyejohnson42874 ай бұрын
Great video! many thanks.
@Yti7464 ай бұрын
Hey, love your videos. I also took your Udemy course on Azure Virtual Desktop (AZ-140). In a couple weeks I'm on a project where I need to set up an AVD environment with FSLogix and MS Entra AD DS. Can you make a video about what to consider with Entra Active Directory and how to best configure FSLogix for user profiles? It shouldn't be that complicated, but I kept getting errors that I couldn't solve yet. Would be very interesting. Thank you!!!
@admalvinanticamara57314 ай бұрын
Intune policies only apply to Windows 10/11 workstations and Android, iOS mobile devices. GPOs are still being used for Windows Server endpoints.
@examlabpractice4 ай бұрын
Absolutely.. for now. Just keep an eye though on where they’re going with all this. And remember, I’ve been a fan of GPOs for 24 years. Im for sure not here to bad mouth them and talk down about them. In some cases they are the only way to get certain the done in an on premises environment
@user-oe5bk1nz3m4 ай бұрын
Thank you for the great video. I am a bit confused and I appreciate your help. 1- Can I apply those InTune profiles only on JOINED domain computers? 2 - As I recall, I can apply group policy on Entra ID (Azure) joined devices , so why I have to use inTune profiles please? 3 - I watched your video (Imaging vs provisioning) and it is really interesting, can I apply policies from AutoPilot during the provisioning configuration? Thank you in advance
@examlabpractice4 ай бұрын
You can apply Intune profiles to either domain joined or non-domain joined devices. GPO's can only be deployed to Active Directory Domain Joined devices, not just entra ID devices. Autopilot is a form of provisioning.
@guilhermeguizi11544 ай бұрын
Could you help me? I created a settings catalog to work as our security baseline, but the Tenable program that calculates the % of settings really enabled on the machine reported the audit settings are not enabled. Intune shows them with "Success" applied status. How can I check (audit) them? I believe more in Intune, but I have to prove I am not wrong. An exemple would be "Account Logon Logoff Audit Logoff"
@examlabpractice4 ай бұрын
To address the discrepancy between what Microsoft Intune reports and the findings from your Tenable program, you can manually verify the settings on a device to ensure they're applied as intended. Here's a step-by-step guide to check the status of "Account Logon Logoff Audit Logoff" or similar audit settings on a Windows device, which is a common scenario for Intune-managed devices: Step 1: Use Local Group Policy Editor On the target device, open the Run dialog box by pressing Win + R. Type gpedit.msc and press Enter to open the Local Group Policy Editor. Step 2: Navigate to Audit Policies In the Local Group Policy Editor, navigate to Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies. Under Audit Policies, look for Logon/Logoff policies. Step 3: Check Audit Settings In the Logon/Logoff category, find the policy for "Audit Logoff" or similar. Double-click on it to check its configuration. Ensure it's set to "Success" or "Success and Failure," depending on your requirements. Step 4: Use Event Viewer to Confirm Audit Logs Close the Local Group Policy Editor. Open the Run dialog box again (Win + R), type eventvwr.msc, and press Enter to open the Event Viewer. In the Event Viewer, navigate to Windows Logs -> Security. Look for events with IDs related to logon/logoff activities (e.g., Event ID 4634 for logoff events). Verify if the events are being logged as expected. Step 5: Compare with Intune Reporting Log into the Microsoft Endpoint Manager admin center. Navigate to the device or user profile where the policy is applied. Check the policy status to ensure it's marked as "Success." Additional Tips: If the policies are not applied as expected, it could be due to policy inheritance, conflicts with other policies, or the device not receiving or applying the policy correctly. Ensure the device is properly enrolled in Intune and has received the latest policy updates. Consider using the "Resultant Set of Policy" (RSoP) tool or the gpresult command line tool to get a comprehensive report of all applied group policies. If, after these checks, you find that the settings are correctly applied and logged, but Tenable still reports discrepancies, you might need to investigate how Tenable assesses these settings or contact their support for further assistance. It's possible that Tenable's assessment criteria or method might differ from the actual state of the device, leading to such discrepancies.
@massfrat55014 ай бұрын
Hey John, I just reviewed your Udemy AZ500 and will also take your SC200. I have used Udemy courses in the past and some I have found are outdated and I had to navigate around it. I realize it's almost impossible to constantly update IT material but was wondering when did you start both the AZ500 and SC200 Udemy course. Also how often do you update them if at all. Thanks kindly!
@markhokanson24014 ай бұрын
John's courses almost always start out with 3-4 lessons that orient you to how his courses work, one of which touches on this question very, very clearly. The TL;DR version -> he does his best to update everything that he can, but due to just how often things changes with M$'s different Iaas, Paas and SaaS offerings (weekly in some cases), and the sheer number of courses he provides, it takes time for him to get to everything and keep it all up to date as possible.
@examlabpractice4 ай бұрын
Hi, yes you are correct on the difficulty involved in updates. Micrsoft changes their portals about every week.. at least it feels like they do. The concepts remain the same though for the most part. I work hard to update courses all the time. I've updated about 3 courses just in the past few days. FYI, on udemy courses you can always see when the last updates occurred on a certain course by viewing the sales page. Also, think about it like this. On Udemy, when courses are out of date, the reviews will reflect that. Students will write bad reviews about how the course is way out of date. My advice is always read reviews! That includes on my courses! I hope you'll find my reviews speak for themselves :) Remember, if you plan to buy any of my courses, get a Udemy discount by going to the link in the description of this video.
@massfrat55014 ай бұрын
@@examlabpracticeAppreciate your prompt response and explanation.
@massfrat55014 ай бұрын
@@markhokanson2401Thanks for the input Mark!
@mg2prime4 ай бұрын
So who create these? Security team, desktop engineering or server administration. That's going to cause issues in responsibilities. I'm afraid they're not going to let Desktop control these yet they want us to configure it and get the certification called md102. Desktop support and engineering are two different things and yet organizations have yet to realize this.
@markhokanson24014 ай бұрын
Totally depends on the org. Some of us only have 3-4 people on the IT team, so desktop and administration ARE the same people. Some folks are doing the entire IT department all by themselves. Ultimately it's up to your org's brass to decide who does what.
@examlabpractice4 ай бұрын
Yeah I was about to say a lot of the same things @markhokanson said. It's gonna depend on the company. The main issue right now is getting IT Managers up to speed on how things are changing. A LOT of IT managers are set in their ways and they aren't learning the new concepts. It's the "Old dog new tricks" problem. They are over the people that are learning the new concepts. So it's a challenge sometimes to get IT Managers to realize they need to handle control over certain things differently then they did 15 years ago. The good news is, it is possible with Intune to just give specific power over to certain people. You don't have to give an admin the keys to the kingdom, just to create a config profile.