70-697- Manage identity, Lecture notes for Computer Science. Anna University of Technology

70-697- Manage identity, Lecture notes for Computer Science. Anna University of Technology

PDF (675 KB)
3 pages
6Number of download
135Number of visits
100%on 1 votesNumber of votes
2Number of comments
70-697- Manage identity Chapter 1 Configuring Windows devices
20 points
Download points needed to download
this document
Download the document
Preview3 pages / 3
Download the document


Objective 1.1: Support Windows Store and cloud apps Integrate Microsoft Account and Personalization SettingsLocal account: A local account is stored in the local Security Account Manager (SAM) database

on a Windows 10 computer. • Domain account: A domain account is stored in the Active Directory Domain Services (AD DS)

database on a domain controller. Domain accounts can be used to authenticate a user on Windows computers joined to the domain.

Configuring Microsoft Account Settings by Using Group Policy: The setting is found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. You can choose from three different settings: • The policy is disabled If you disable or do not configure this policy, users will be able to use

Microsoft accounts with Windows. • Users can’t add Microsoft accounts: Users will not be able to create new Microsoft accounts

on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.

Users can’t add or log on with Microsoft accounts If you select this option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.

Install and Manage SoftwareInstalling apps by using Microsoft Office 365: Microsoft Office 365 is Microsoft Office in the

cloud, accessible via a user-based paid subscription. Office 365 updates are applied automatically. There’s no need for software maintenance tasks. Administrators can also decide where users’ data should be stored: on the on-premises data servers of a company, in private cloud-based storage, in the public cloud, or a combination of these. Office 365 is software as a service (SaaS). With SaaS, the user is provided a software product that they can use and consume, on demand.

Managing software by using Office 365: You can manage all aspects of the Office 365 environment from Office 365 Admin Center. The admin center contains configuration and management pages for all the different features that affect Office app installation: o Dashboard: This page provides a view of overall service health, including Office related

components. It also contains shortcuts to administrative tasks, such as Reset User Passwords and Add New Users.

o Users: From this page, you can add, remove, and edit user accounts that are part of the Office 365 environment. You can also configure Active Directory synchronization and configure authentication methods and requirements.

o Domains: From this page, you can manage and add domains used by Office 365. o Service Settings: There are several pages available under the Service Settings menu,

including Updates, User Software, Passwords, Rights Management, and Mobile. o Tools: This page includes several important configuration and readiness tools for Office,

including: • Office 365 health, readiness, and connectivity checks

• Office 365 Best Practices Analyzer

• Microsoft Connectivity Analyzer

Installing Apps by Using the Windows Store: The Windows Store is the standard source for Windows 10 apps, and the most common method for installing those apps. The Windows Store is installed by default on all Windows 10 computers. o The Windows Store is the primary repository and source for apps that are created and

made available to the public, as a free trial or paid app.

o Users must have a Microsoft account associated with their local or domain account to download any apps from the Windows Store.

o Windows Store apps designed for Windows 10 are universal apps. They will function on Windows 10 computers, tablets, and mobile phones or smart devices, as well as Xbox.

o Windows Store apps are limited to 10 devices per Microsoft account. A user can install an app on up to 10 devices that are associated with his or her Microsoft account.

o Apps designed for non-public use—that is, for a specific organization—can be submitted through the Windows Store and be made available only to members of the organization.

Disabling Access to The Windows Store: Within Group Policy, navigate to the following

location: Computer Configuration\Administrative Templates\ Windows Components\App Package Deployment. Change the setting for Allow All Trusted Apps to Install to Disabled.

Exam Tip: Changes to Group Policy do not take place until a Group Policy refresh occurs. By default, this is every 90 minutes. To force a refresh, you can run gpupdate /force from the command prompt.

Sideload apps into offline and online imagesEnabling sideloading in Windows 10: By default, the sideloading option in Windows 10 is

disabled. To enable sideloading, you need to use a Group Policy setting. To configure Group Policy so that computers can accept and install sideloaded apps that you created for your organization, navigate to Computer Configuration/ Administrative Templates/ Windows Components/ App Package Deployment. Double-click Allow All Trusted Apps to Install. When this setting is enabled, any line of business (LOB) Windows Store app, signed by a Certification Authority (CA) that the computer trusts, can be installed.

Sideloading an app: After sideloading is enabled in Group Policy, you can sideload the app using the AppX Windows PowerShell module and the associated cmdlets. To manually sideload an app for the currently logged in user, perform the following steps from a Windows PowerShell prompt:

a. Type Import-module appx. Press Enter.

b. Type Add-appxpackage “path and name of the app” to add the app. Press Enter. Table 1-1 shows the available AppX cmdlets. If you need to add app dependencies, the command should look more like this: Add-appxpackage C:\MyApp.appx DependencyPath C:\appplus.appx.

The app installs, and then is available to the user. This needs to be done for each user if multiple users share a single computer. The AppX module for Windows PowerShell includes several cmdlets that you can use to install and manage LOB Windows Store apps.

Table 1-1 Cmdlets in the AppX module for Windows PowerShell


Add-AppxPackage To add a signed app package to a single user account

Get-AppxLastError To review the last error reported in the app package installation logs

Get-AppxLog To review the app package installation log

Get-AppxPackage To view a list of the app packages installed for a user profile

Get-AppxPackageManifest To read the manifest of an app package

Remove-AppxPackage To remove an app package from a user account

Sideload apps by using Microsoft Intune: You can use Microsoft Intune to sideload apps via

the cloud and make them available to any authorized, compatible device that’s connected to the Internet. The following list outlines the high-level steps that you need to complete to sideload an app using Microsoft Intune.

a. Add users and create groups, if applicable.

b. Upload the app to Microsoft Intune.

c. Choose the users, groups, computers, and devices that can download the app, and link them (user-to-device).

d. For the self-service model in this example, choose how to deploy the app. It can be available, or available and required.

e. Verify that the app is available in the Windows Intune Company Store, and use the Company Store to install the app on devices.

Deep link apps using Microsoft Intune: You can make Windows Store apps available to Windows RT users in your company portal by using Windows Intune as well as Configuration Manager. This section focuses on Windows Intune. You’ll follow the same basic process as you did when deploying an app via the Installed Software option, but this time you choose External Link in the Add Software Wizard. Before you begin, decide which Windows Store app you want to deploy. For this example, choose OneDrive for Business.

The first part of the process requires you to obtain the link to the app you want to add to your company portal. To obtain the link for OneDrive for Business, follow these steps:

i. From the Start menu, type Store, and then click Store.

ii. Search for Word Mobile, and then click it to access the installation page.

iii. On the Word Mobile page, click Share.

iv. In the Share area, click Mail.

v. The email contains the link. Send this link to yourself, copy the link, and paste it into Notepad, or otherwise make the link accessible for later.

The second part of the deep-linking process involves adding the app to Windows Intune:

i. Log on to the Microsoft Intune Administrator console.

ii. Click the Apps tab, and then click Add Apps.

iii. Wait for the Microsoft Intune Software Publisher to install, and then enter your Microsoft Intune credentials.

iv. In the Microsoft Intune Software Publisher window, click Next.

v. On the Software setup page, select External link, and then type the link you copied in step 5 of the previous task into the URL field, and then click Next.

vi. Carefully input the information to describe the software. What you input can be viewed by your employees. Click Next when finished.

vii. Verify that the information is correct, and then click Upload.

viii. After the upload is complete, click Close.

i love this awesome:)
very much helpful
Download the document