Scott Duffey - Learning Microsoft Endpoint Manager: Unified Endpoint Management with Intune and the Enterprise Mobility + Security Suite

Copyright 2021 Scott Duffey

All rights reserved.

Contents

C

A

About the author

I am a Program Manager at Microsoft and I work on Microsoft Endpoint Manager features. My passion for the product started in the early days when it had a lot of wrinkles and was branded Windows Intune. I am especially proud to witness its transition to awesomeness and ascension to the top-right of the Gartner Magic Quadrant (in case you dont follow industry analyst reports, this just means its one of the best UEM products in market). In my first years at Microsoft, I worked in a customer-support type role as a Premier Field Engineer (PFE). I worked with a new customer each week helping IT folks tweak their Windows desktop configurations through Group Policy or Configuration Manager to improve performance, security or end-user experiences. I jumped on the Intune train early because it seemed new and interesting, and I thought I could make this my new special skill. My managers at the time were all about something called a T-shape, referring to a popular metaphor at the time for ones breadth and depth knowledge. The top of the T-shape represents your breadth skills and the lower portion represents depth. The idea was that you should have broad technical knowledge in some areas and deep knowledge in others. I was inspired to go deep on Intune, so I learned as much as I could and started teaching the customers I worked with, doing workshops and setting up proofs-of-concepts with them. At this stage, there was very little enterprise use or interest in Intune, and it was really all about mobile phones (including Windows Phone), not PCs. When Windows 8.1 came out there was a new cloud management stack on it and a lot of buzz around Modern Management where admins were encouraged to throw out all the management tools they knew and loved (Group Policy and Configuration Manager), forget all the skills they had learned and earned their living on over the last ten years and move to this new, shiny, simple thing in the cloud. That message did not go down well at all.

After about a year or so of Intune deployment with customers, I had an opportunity to move from the field into the Intune product group, in a new team called the Customer Acceleration Team (CAT). The idea behind this team was that Microsoft product groups could be directly engaged with large enterprise customers who were actively deploying Intune so that the engineering teams would gain a deep understanding of customer blockers and issues. Knowing about them sooner could fast-track important product development and prioritization. It was my job to work directly with a few special and large customers in the Asia region, understand their concerns and summarize the impact to the rest of the product team. I also helped those clients rapidly get Intune from proof-of-concept to fully deployed in their environments. There were perks to this job: the travel was fun and interesting, and I was no longer tied to an office. I worked from home 80 percent of the time and spent the rest travelling. Since I was covering the Asia region, I spent time onsite with customers from India to Japan and many across Australia. I also traveled to Microsoft headquarters in Seattle a couple of times a year to meet with the rest of my team, fill up the knowledge-tank on upcoming features and innovations and tap feature PMs on the shoulder for updates on blockers that were affecting my customers. I really enjoyed the CAT team but realized that I wanted to have a bigger role in the direction of the product and its features. On one of my trips to head office, I put out feelers and told a few folks that being a feature PM in Intune would be my dream job. Next thing I knew, I was boarding my family on a plane from Australia to start a new adventure at Microsoft head office in Redmond, Washington.

I have always had a passion for writing. I have blogged, written, and rewritten product documentation and too many product specifications to count but never a book. When the COVID-19 pandemic broke out in March 2020, Microsoft was one of the first companies to close offices and send people home to work. I needed a creative outlet and writing this book helped me scratch that itch. It motivated me to get out of bed at 5am each morning in the dark cold in front of my computer, headphones on, cup of coffee in hand and a smile on my face. I was also motivated by the fact that there were no other Microsoft Endpoint Manager books yet. I knew admins around the world were struggling with the learning curve and I could help.

This book contains knowledge I have picked up over the years that I would gladly share with any MEM customers I meet or even new members of the MEM product development team who need to ramp up quickly. Thank you for reading it!

Acknowledgments

So many people were involved in bringing this book to you I am thankful to the people that contributed directly but also to the people in my personal and work life that gave me a leg-up at some point so that I could eventually write this book:

Roger Southgate my good friend and mentor. Thank you for your contribution as Chief Technical Reviewer for this book.

Leaders and mentors Callan Tenabel, my first hiring manager at Microsoft who took a chance when he hired me based on potential rather than experience. Ben Francis, Martin Morrison, Ian Bartlett, Bryan Keller and Heidi Cheng too all Microsoft managers who pointed me in the right direction.

My brother, Chad, for being a great role model in tech and one of the most generous people I know. I wont forget the things you do for me.

My Microsoft colleagues and teammates, both developers and PMs, for patiently teaching me things I now can teach to others.

Lastly my wife, Mandy, for giving me the time and space to work on projects like this. Thank you.

Chapter 1

Introduction

Did you just land an IT job only to learn your new employer is using Microsoft Endpoint Manager (MEM) for device management? Perhaps you stretched the truth on your resume and suggested you knew it already? Maybe you are an old-hat, know-your-stuff device management pro for another product but your boss just told you the company is migrating? Whatever the case, this book will be your zero-to-hero ramp-up guide.

In authoring this book, I promise you a few things firstly, I promise an easy but content-rich read. MEM is complicated enough without acronyms and tech-speak. I will keep it simple and articulate, and Ill take the time to explain industry terminology. Second, I learn by doing stuff (and breaking stuff) and so do most of the IT admins I know. To maximize learning, I will get you doing stuff as much as possible. Exercises will not have fine-grained, explicit steps; instead, I will guide you through the flow and prevent you from getting stuck or breaking too much stuff. The book is structured to start out simple, adding building blocks as you go until you reach a point where you can fish for yourself. I recommend that you go beyond the basic steps provided and take regular detours to explore additional configurations, settings and features along the way. At the end of this book, you should be comfortable building-out full scenarios in lab or production environments and be ready to show your boss how awesome you are.

There is one promise I cannot make. MEM is a cloud service; it gets updated super-frequently (once a month, sometimes more). So frequently that some content will get stale. Features and entire products get renamed, new features get added or just annoyingly moved around the UX! You will be fine, though I will teach you the broad stuff, the concepts and administration patterns and give you all the resources you need to stay up to date to handle the inevitable product changes so you can be your companys go-to MEM ninja for years to come.