deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

1.11

Browse Source
This commit is contained in:
Paolo Matarazzo 2022-08-17 08:54:22 -04:00
parent f8b470f6f2
commit b501ec4ad9
9 changed files with 79 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
education/windows/school-deployment/management-overview.md → education/windows/school-deployment/configure-devices-overview.md
View File

@ -14,21 +14,17 @@ ms.collection: education
appliesto:
- ✅ <b>Windows 10</b>
- ✅ <b>Windows 11</b>
- ✅ <b>Windows 11 SE</b>
---
# Manage devices with Microsoft Intune
# Configure devices with Microsoft Intune
Microsoft Intune delivers streamlined remote management throughout the school year, giving IT the ability to manage apps, control security and privacy remotely, and generate compliance reports.
## Remote device management
With Intune for Education, you can manage groups, applications, resources, and individual needs of multiple students. There are several ways to manage students devices, including organizing what groups they belong to; determining what apps they have access to; and configuring device settings, customizations, and restrictions. You can also monitor when users sign in and troubleshoot devices remotely.
## Managing groups
By organizing students, classrooms, or learning curricula into groups, you can provide students with the resources they need, as well as manage several student devices all at once.
By organizing students, classrooms, or learning curricula into groups, you can provide students with the resources they need, as well as manage several student devices all at once.
**NOTE:** Before you begin creating groups, it is a good idea to plan them out to determine what students may need from their devices. For example:
**NOTE:** Before you begin creating groups, it is a good idea to plan them out to determine what students may need from their devices. For example:
- For all devices, block apps from using location services.
- For AP Computer Science, assign students apps to edit code.
@ -39,8 +35,6 @@ By organizing students, classrooms, or learning curricula into groups, you can p
Finally, two group types can be created: assigned groups and dynamic groups. Assigned groups are used when you want to manually add users or devices to a group. Dynamic groups reference rules that you create to assign students or devices to groups and then automate the assignment of devices to those groups.
For more information, see:
- [Create groups in Intune for Education](/intune-education/create-groups)
@ -57,9 +51,9 @@ Create update rings that specify how and when [feature and quality updates](/win
1. In the Microsoft Endpoint Manager admin center, select **Devices****Windows****Update rings for Windows 10 and later****Create Profile**.
![Create Update rings page in Microsoft Endpoint Manager admin center](./image23.png)
## [PICTURE HERE] Create Update rings page in Microsoft Endpoint Manager admin center
2. Under **Basics**, specify a name and description (optional).
1. Under **Basics**, specify a name and description (optional).
1. Under **Update ring settings**, configure settings for your school needs. For more information, see [Windows Update settings](/mem/intune/protect/windows-update-settings) and [Creating and assigning update rings](/mem/intune/protect/windows-10-update-rings).
**NOTE:** You can also create expedited quality updates for Windows 10 and later. This policy lets you expedite the installation of the most recent Windows security updates on Intune-managed devices. For more information, see [Create and assign an expedited quality update](/mem/intune/protect/windows-10-expedite-updates).
@ -96,12 +90,22 @@ Intune for Education makes it easy to add desktop apps to your deployment. You c
### Manage device policies
You can manage the settings of several devices from a single touchpoint. For more information, see:
You can manage the settings of several devices from a single touch point. For more information, see:
- [Add Wi-Fi profiles](/intune-education/add-wi-fi-profile)
- [Add Take a Test profile](/intune-education/take-a-test-profiles)
- [View all Windows device settings ](/intune-education/all-edu-settings-windows)
## Remote assistance
## Endpoint security
With devices managed by Intune for Education, you can remotely assist students and teachers with device issues. For more information, see [Remote assistance for managed devices - Intune for Education](/intune-education/remote-assist-mobile-devices).
Intune for Education helps protect devices and school data with tools like security baselines and Windows Update policies. Through the Endpoint security node, you can configure device security and manage security tasks for devices at risk. The node configures and deploys Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your schools security posture.
### Create security policies
To create security policies in Intune for Education:
1. In the [Microsoft Endpoint Manager admin center](https://intuneeducation.portal.azure.com/), select the **Endpoint security** node.
1. Under **Manage**, choose the policies you want to set from the included list. For more information, see [Antivirus](/mem/intune/protect/endpoint-security-antivirus-policy), [Disk encryption](/mem/intune/protect/endpoint-security-disk-encryption-policy), [Firewall](/mem/intune/protect/endpoint-security-firewall-policy), [Endpoint detection and response](/mem/intune/protect/endpoint-security-edr-policy), [Attack surface reduction](/mem/intune/protect/endpoint-security-asr-policy), and [Account protection](/mem/intune/protect/endpoint-security-account-protection-policy).
1. Select **Create policy**. For more information, see [Creating an endpoint security policy](/mem/intune/protect/endpoint-security-policy).
## [PICTURE HERE] Endpoint security overview page in Microsoft Endpoint Manager

4
education/windows/school-deployment/enrollment-aadj.md → education/windows/school-deployment/enroll-aadj.md
View File

@ -34,5 +34,5 @@ ________________________________________________________
## Section review and next steps
> [!div class="nextstepaction"]
> [< Enroll devices](enrollment-overview.md)
> [Manage devices >](management-overview.md)
> [< Enroll devices](enroll-overview.md)
> [Manage devices >](manage-overview.md)

4
education/windows/school-deployment/enrollment-autopilot.md → education/windows/school-deployment/enroll-autopilot.md
View File

@ -131,5 +131,5 @@ ________________________________________________________
## Section review and next steps
> [!div class="nextstepaction"]
> [< Enroll devices](enrollment-overview.md)
> [Manage devices >](management-overview.md)
> [< Enroll devices](enroll-overview.md)
> [Manage devices >](manage-overview.md)

6
education/windows/school-deployment/enrollment-overview.md → education/windows/school-deployment/enroll-overview.md
View File

@ -34,13 +34,13 @@ Windows Autopilot and the Set up School PCs app are usually the most efficient o
Select one of the following options to learn the next steps about the enrollment method you chose:
> [!div class="nextstepaction"]
> [Enroll devices via Azure AD join >](enrollment-aadj.md)
> [Enroll devices via Azure AD join >](enroll-aadj.md)
> [!div class="nextstepaction"]
> [Enroll devices with provisioning packages >](enrollment-package.md)
> [Enroll devices with provisioning packages >](enroll-package.md)
> [!div class="nextstepaction"]
> [Enroll devices with Windows Autopilot >](enrollment-autopilot.md)
> [Enroll devices with Windows Autopilot >](enroll-autopilot.md)
<!-- Reference links in article -->

4
education/windows/school-deployment/enrollment-package.md → education/windows/school-deployment/enroll-package.md
View File

@ -69,8 +69,8 @@ ________________________________________________________
## Section review and next steps
> [!div class="nextstepaction"]
> [< Enroll devices](enrollment-overview.md)
> [Manage devices >](management-overview.md)
> [< Enroll devices](enroll-overview.md)
> [Manage devices >](manage-overview.md)
<!-- Reference links in article -->

0
education/windows/school-deployment/management-inventory-reporting.md → education/windows/school-deployment/manage-inventory-reporting.md
View File

73
education/windows/school-deployment/advanced-capabilities.md → education/windows/school-deployment/manage-overview.md
View File

@ -16,23 +16,44 @@ appliesto:
- ✅ <b>Windows 11</b>
---
# Advanced capabilities
# Manage devices with Microsoft Intune
This section of the cookbook provides information about the advanced capabilities in Intune for Education for device management, reporting, security, and support.
Microsoft Intune delivers streamlined remote management throughout the school year, giving IT the ability to manage apps, control security and privacy remotely, and generate compliance reports.
## Endpoint security
## Remote device management
Intune for Education helps protect devices and school data with tools like security baselines and Windows Update policies. Through the Endpoint security node, you can configure device security and manage security tasks for devices at risk. The node configures and deploys Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your schools security posture.
With Intune for Education, you can manage groups, applications, resources, and individual needs of multiple students. There are several ways to manage students devices, including organizing what groups they belong to; determining what apps they have access to; and configuring device settings, customizations, and restrictions. You can also monitor when users sign in and troubleshoot devices remotely.
### Create security policies
## Managing groups
To create security policies in Intune for Education:
By organizing students, classrooms, or learning curricula into groups, you can provide students with the resources they need, as well as manage several student devices all at once.
**NOTE:** Before you begin creating groups, it is a good idea to plan them out to determine what students may need from their devices. For example:
- For all devices, block apps from using location services.
- For AP Computer Science, assign students apps to edit code.
- For 12th grade History, enable web browsing to access academic articles.
- For all Photography students, enable the devices camera.
*Out of the box, Intune for Education comes with default groups that enable you to manage All devices and All users. There are also two additional groups if you use Microsoft SDS: All teachers and All students. SDS also creates individual groups for students and teachers of specific schools, which fold under the All teachers and All students groups. Beyond the defaults, groups can be customized to suit various needs. For example, if you have both Windows and iOS devices in your school, you can create groups, such as All iPads and All Windows 10 PCs.*
Finally, two group types can be created: assigned groups and dynamic groups. Assigned groups are used when you want to manually add users or devices to a group. Dynamic groups reference rules that you create to assign students or devices to groups and then automate the assignment of devices to those groups.
For more information, see:
- [Create groups in Intune for Education](/intune-education/create-groups)
- [Edit a group name](/intune-education/edit-groups-intune-for-edu)
- [Move a group up or down within your existing group list](/intune-education/edit-groups-intune-for-edu)
- Delete a group to remove apps and settings from devices
- [Assign and delegate group admins](/intune-education/group-admin-delegate)
- [Manually add or remove users and devices to an existing assigned group](/intune-education/edit-groups-intune-for-edu)
- [Edit dynamic group rules to accommodate for new devices, locations, or school years](/intune-education/edit-groups-intune-for-edu)
## Remote assistance
With devices managed by Intune for Education, you can remotely assist students and teachers with device issues. For more information, see [Remote assistance for managed devices - Intune for Education](/intune-education/remote-assist-mobile-devices).
1. In the [Microsoft Endpoint Manager admin center](https://intuneeducation.portal.azure.com/), select the **Endpoint security** node.
1. Under **Manage**, choose the policies you want to set from the included list. For more information, see [Antivirus](/mem/intune/protect/endpoint-security-antivirus-policy), [Disk encryption](/mem/intune/protect/endpoint-security-disk-encryption-policy), [Firewall](/mem/intune/protect/endpoint-security-firewall-policy), [Endpoint detection and response](/mem/intune/protect/endpoint-security-edr-policy), [Attack surface reduction](/mem/intune/protect/endpoint-security-asr-policy), and [Account protection](/mem/intune/protect/endpoint-security-account-protection-policy).
1. Select **Create policy**. For more information, see [Creating an endpoint security policy](/mem/intune/protect/endpoint-security-policy).
![Endpoint security overview page in Microsoft Endpoint Manager](./image22.png)
## Manage device firmware for Surface devices
@ -87,7 +108,7 @@ For more information, see [How to create Autopilot Profile](/surface/surface-man
#### Create an enrollment status profile
To ensure devices apply the DFCI configuration during OOBE before users sign in, you must configure enrollment status. For more information, see [Set up an enrollment status page](/intune/enrollment/windows-enrollment-status), and then return to this document to continue with the steps below.
To ensure devices apply the DFCI configuration during OOBE before users sign in, you must configure enrollment status. For more information, see [Set up an enrollment status page](/intune/enrollment/windows-enrollment-status).
#### Configure DFCI settings on Surface devices
@ -96,11 +117,10 @@ You can configure DFCI policy settings by editing the DFCI profile from Microsof
1. In the Microsoft Endpoint Manager admin center, select **Devices****Windows****Configuration profiles**.
1. Select the **DFCI profile name****Properties****Settings**.
:::image type="content" source="./image25.png" alt-text="Device Firmware Configuration Interface page in Microsoft Endpoint Manager admin center" border="true":::
## [PICTURE HERE] Device Firmware Configuration Interface page in Microsoft Endpoint Manager admin center
For more information, see [Configuring the DFCI environment and managing UEFI configuration settings for targeted Surface devices](/surface/surface-manage-dfci-guide).
## Microsoft Surface Management Portal
Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your schools Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more. When Surface Laptop SE devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
@ -118,6 +138,7 @@ To see the devices warranty information, select **Device warranty and coverag
5. To see support requests and their status, select **Support requests**.
## Autopilot motherboard replacement
Repairing Autopilot-enrolled devices can be complex, as OEM requirements must be balanced with Autopilot requirements. If a motherboard replacement is needed on an Autopilot device, we recommend the following process:
@ -129,28 +150,4 @@ Repairing Autopilot-enrolled devices can be complex, as OEM requirements must be
1. [Reset the device](/mem/autopilot/autopilot-mbr).
1. [Return the device](/mem/autopilot/autopilot-mbr).
For more information, see [Autopilot motherboard replacement scenario guidance](/mem/autopilot/autopilot-mbr).
**UP NEXT:** By this point in the cookbook, you have reviewed the basic steps for full device lifecycle management. In the next section, we'll look at some advanced Intune capabilities that can help support your device management needs today and into the future.
## How to contact Microsoft Support
Microsoft provides global technical, pre-sales, billing, and subscription support for cloud-based device management services. This support includes Microsoft Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.
Follow these steps to obtain support in Microsoft Endpoint Manager:
- Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)
- Select **Troubleshooting + support** > **Help and support**
:::image type="content" source="images/advanced-support.png" alt-text="Screenshot that shows how to obtain support from Microsoft Endpoint Manager.":::
- Select the required support scenario: Configuration Manager, Intune, Co-management, or Windows 365
- Above **How can we help?**, select one of three icons to open different panes: *Find solutions*, *Contact support*, or *Service requests*
- In the **Find solutions** pane, use the text box to specify a few details about your issue. The console may offer suggestions based on what you've entered. Depending on the presence of specific keywords, the console provides help like:
- Run diagnostics: start automated tests and investigations of your tenant from the console to reveal known issues. When you run a diagnostic, you may receive mitigation steps to help with resolution
- View insights: find links to documentation that provides context and background specific to the product area or actions you've described
- Recommended articles: browse suggested troubleshooting topics and other content related to your issue
- If needed, use the *Contact support* pane to file an online support ticket
> [!IMPORTANT]
> When opening a case, be sure to include as many details as possible in the *Description* field. Such information includes: timestamp and date, device ID, device model, serial number, OS version, and any other details relevant to the issue.
- To review your case history, select the **Service requests** pane. Active cases are at the top of the list, with closed issues also available for review
For more information, see [Microsoft Endpoint Manager support page](/mem/get-support).
For more information, see [Autopilot motherboard replacement scenario guidance](/mem/autopilot/autopilot-mbr).

0
education/windows/school-deployment/management-remote-actions.md → education/windows/school-deployment/manage-remote-actions.md
View File

29
education/windows/school-deployment/toc.yml
View File

@ -4,31 +4,34 @@ items:
- name: Microsoft Education
href: microsoft-education.md
- name: 1 . Prepare your tenant
items:
items:
- name: Overview
href: prepare-tenant-overview.md
- name: Set up your tenant
href: set-up-your-tenant.md
- name: Set up Microsoft Intune
href: set-up-microsoft-intune.md
- name: 2. Configure devices with Intune
- name: 3. Enroll devices in Intune
href: configure-devices-overview.md
- name: 3. Deploy devices
items:
- name: Overview
href: enrollment-overview.md
href: enroll-overview.md
- name: Enroll devices with Windows Autopilot
href: enrollment-autopilot.md
href: enroll-autopilot.md
- name: Enroll devices with provisioning packages and SUSPCs
href: enrollment-package.md
href: enroll-package.md
- name: Enroll devices manually
href: enrollment-aadj.md
href: enroll-aadj.md
- name: 4. Manage devices with Intune
items:
- name: Overview
href: management-overview.md
href: manage-overview.md
- name: Remote actions
href: management-remote-actions.md
href: manage-remote-actions.md
- name: Device inventory and reporting
href: management-inventory-reporting.md
- name: Advanced capabilities
href: advanced-capabilities.md
- name: 5. Reset and wipe devices
href: reset-wipe.md
href: manage-inventory-reporting.md
- name: Reset and wipe devices
href: reset-wipe.md
- name: 5. Troubleshoot and get help
href: troubleshoot-overview.md