This is Part 1 of a 13 part series.
=====================================================================
Welcome to part 1 of my thirteen part series of tutorials taking you step by step on how to configure Microsoft Endpoint Manager / Intune, from initial DNS config up to Autopilot and application deployment. This series gives you all the knowledge you need for you to successfully deploy a basic Intune / Endpoint Manager environment.
Initial Tenant and Intune Configuration
1. Configure DNS and CNAME - Link - This Tutorial
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming - Link
3. Enable Conditional Access and MFA (Multi factor authentication) - Link - This Article
4. Configure Conditional Access Terms of Use - Link
5. Company Terms and Conditions - Link
6. User and Device Groups, and Device Categories - Link
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment - Link
7a. More information regarding options for configuring the MDM and MAM user scopes - Link
8. Enrollment Status Page - Link
9. Enrollment Restrictions - Link
10. Deploying Microsoft 365 apps (Office apps) - Link
11. Enable Microsoft Store for Business and publish the Company Portal app - Link
12. Assign Company Portal app - Link
13. Test autopilot via register online - Link
If you don't have a test environment for Intune / Endpoint Manager, just follow this guide on
How to get a Free Developer Tenant with 25 x E5 licenses and a free Top Level domain name - Link
=====================================================================
1. Configure DNS and CNAME
DNS is critical to every IT infrastructure, including Intune, so it is important to ensure this is configured correctly very early on.
Although this tutorial focuses on how to configure the DNS in FreeNom, the process will be very similar with all DNS hosting service.
FreeNom is used in my training environment as they provide free Internet routable domain names.
Follow this step by step tutorial on how to get a free top level domain -
Developer Tenant Sign-up - Getting a FREE Top Level Domain Name - Link
=====================================================================
Add the domain to the tenant
Log into the Office 365 Admin portal.
Select - Setup - Guided setup -
Ignore Install Office - Select Continue to progress to add the domain -
Add the domain - 
Verify domain -
Add the TXT record - 
Follow the guide to add the txt file to the domain records at Freenom
Log into Freenom -
Services - My Domains - Select your domain - Manage Domain
Manage Freenom DNS
Select the drop down arrow - Select TXT record
In Target - add the value that the setup advises.
Save changes -
In the Office 365 Portal - Guided Setup -
Wait a few minutes and select - Verify - (This may take up to ten minutes or longer to apply)
===================================================================
Create some users and license them
Share sign in information -
====================================================================
Connect the domain -
This is where we connect the DNS domain to the tenant.
As
this is a developer tenant, I am going to update the domain name
servers to point to Microsoft 365 so Microsoft can manage the DNS.
Select - Set up my online services for me
Choose the online services (default) - Exchange, Skype, Intune
Add DNS records (if needed, like www), or import.
As this is a new domain for Dev testing, just Continue
Transfer DNS Nameservers to Office 365 to be managed
Log into Freenom and update the nameservers to point to Office 365
Select the domain - Management tools - Nameserver
Update the nameservers to the ones below
ns1.bdm.microsoftonline.com
ns2.bdm.microsoftonline.com
ns3.bdm.microsoftonline.com
ns4.bdm.microsoftonline.com
Wait about 10 minutes for the change to apply.
Verify the new nameservers -
'Help people use Microsoft Teams' - Select - Don't send email about Teams
Setup is now complete - Go to admin center -
Go to each of the users and set the passwords to something you can remember for testing.
Confirm the CNAME records for Intune are correct
In a new tenant, the guided process will automatically configure the CNAME records for Intune.
Make sure these are correct by confirming the CNAME record.
Endpoint Manager - Devices - Enroll devices - 
Windows Enrollment - CNAME Validation - 
Enter the domain to test - (Make sure you test all domains registered for the tenant)
===============================================================
Check out all my tutorials - Link
Highlights include -
13 part series on how to perform the initial Tenant and Intune Configuration - Link
1. Configure DNS and CNAME
2. Company Branding - Self Service Password Reset (SSPR) - Enable Enterprise State Roaming
3. Enable Conditional Access and MFA (Multi factor authentication)
4. Configure Conditional Access Terms of Use
5. Company Terms and Conditions
6. User and Device Groups, and Device Categories
7. Set-up Autopilot profile and configure MAM and MDM scope for automatic enrollment
7a. More information regarding options for configuring the MDM and MAM user scopes
8. Enrollment Status Page
9. Enrollment Restrictions
10. Deploying Microsoft 365 apps (Office apps)
11. Enable Microsoft Store for Business and publish the Company Portal app
12. Assign Company Portal app
13. Test autopilot via register online
===============================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry
LinkedIn - https://www.linkedin.com/in/terry-munro/
Facebook - @IntuneAdmin - https://www.facebook.com/IntuneAdmin/
Facebook Community Group - https://www.facebook.com/groups/intuneadmin/
GitHub Repository - https://github.com/TeamTerry
I found this pretty good thanks Terry
ReplyDeleteGood Job its really useful and easy approach to understand Intune fundamental's
ReplyDelete