Search in the document preview
CHAPTER -1 MANAGE IDENTITY
Objective 1.1: Support Windows Store and cloud apps Integrate Microsoft Account and Personalization Settings • Local account: A local account is stored in the local Security Account Manager (SAM) database
on a Windows 10 computer. • Domain account: A domain account is stored in the Active Directory Domain Services (AD DS)
database on a domain controller. Domain accounts can be used to authenticate a user on Windows computers joined to the domain.
Configuring Microsoft Account Settings by Using Group Policy: The setting is found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. You can choose from three different settings: • The policy is disabled If you disable or do not configure this policy, users will be able to use
Microsoft accounts with Windows. • Users can’t add Microsoft accounts: Users will not be able to create new Microsoft accounts
on this computer, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account. This is the preferred option if you need to limit the use of Microsoft accounts in your enterprise.
• Users can’t add or log on with Microsoft accounts If you select this option, existing Microsoft account users will not be able to log on to Windows. Selecting this option might make it impossible for an existing administrator on this computer to log on and manage the system.
Install and Manage Software • Installing apps by using Microsoft Office 365: Microsoft Office 365 is Microsoft Office in the
cloud, accessible via a user-based paid subscription. Office 365 updates are applied automatically. There’s no need for software maintenance tasks. Administrators can also decide where users’ data should be stored: on the on-premises data servers of a company, in private cloud-based storage, in the public cloud, or a combination of these. Office 365 is software as a service (SaaS). With SaaS, the user is provided a software product that they can use and consume, on demand.
• Managing software by using Office 365: You can manage all aspects of the Office 365 environment from Office 365 Admin Center. The admin center contains configuration and management pages for all the different features that affect Office app installation: o Dashboard: This page provides a view of overall service health, including Office related
components. It also contains shortcuts to administrative tasks, such as Reset User Passwords and Add New Users.
o Users: From this page, you can add, remove, and edit user accounts that are part of the Office 365 environment. You can also configure Active Directory synchronization and configure authentication methods and requirements.
o Domains: From this page, you can manage and add domains used by Office 365. o Service Settings: There are several pages available under the Service Settings menu,
including Updates, User Software, Passwords, Rights Management, and Mobile. o Tools: This page includes several important configuration and readiness tools for Office,
including: • Office 365 health, readiness, and connectivity checks
• Office 365 Best Practices Analyzer
• Microsoft Connectivity Analyzer
• Installing Apps by Using the Windows Store: The Windows Store is the standard source for Windows 10 apps, and the most common method for installing those apps. The Windows Store is installed by default on all Windows 10 computers. o The Windows Store is the primary repository and source for apps that are created and
made available to the public, as a free trial or paid app.
o Users must have a Microsoft account associated with their local or domain account to download any apps from the Windows Store.
o Windows Store apps designed for Windows 10 are universal apps. They will function on Windows 10 computers, tablets, and mobile phones or smart devices, as well as Xbox.
o Windows Store apps are limited to 10 devices per Microsoft account. A user can install an app on up to 10 devices that are associated with his or her Microsoft account.
o Apps designed for non-public use—that is, for a specific organization—can be submitted through the Windows Store and be made available only to members of the organization.
• Disabling Access to The Windows Store: Within Group Policy, navigate to the following
location: Computer Configuration\Administrative Templates\ Windows Components\App Package Deployment. Change the setting for Allow All Trusted Apps to Install to Disabled.
Exam Tip: Changes to Group Policy do not take place until a Group Policy refresh occurs. By default, this is every 90 minutes. To force a refresh, you can run gpupdate /force from the command prompt.
Sideload apps into offline and online images • Enabling sideloading in Windows 10: By default, the sideloading option in Windows 10 is
disabled. To enable sideloading, you need to use a Group Policy setting. To configure Group Policy so that computers can accept and install sideloaded apps that you created for your organization, navigate to Computer Configuration/ Administrative Templates/ Windows Components/ App Package Deployment. Double-click Allow All Trusted Apps to Install. When this setting is enabled, any line of business (LOB) Windows Store app, signed by a Certification Authority (CA) that the computer trusts, can be installed.
• Sideloading an app: After sideloading is enabled in Group Policy, you can sideload the app using the AppX Windows PowerShell module and the associated cmdlets. To manually sideload an app for the currently logged in user, perform the following steps from a Windows PowerShell prompt:
a. Type Import-module appx. Press Enter.
b. Type Add-appxpackage “path and name of the app” to add the app. Press Enter. Table 1-1 shows the available AppX cmdlets. If you need to add app dependencies, the command should look more like this: Add-appxpackage C:\MyApp.appx DependencyPath C:\appplus.appx.
The app installs, and then is available to the user. This needs to be done for each user if multiple users share a single computer. The AppX module for Windows PowerShell includes several cmdlets that you can use to install and manage LOB Windows Store apps.
Table 1-1 Cmdlets in the AppX module for Windows PowerShell
Add-AppxPackage To add a signed app package to a single user account
Get-AppxLastError To review the last error reported in the app package installation logs
Get-AppxLog To review the app package installation log
Get-AppxPackage To view a list of the app packages installed for a user profile
Get-AppxPackageManifest To read the manifest of an app package
Remove-AppxPackage To remove an app package from a user account
• Sideload apps by using Microsoft Intune: You can use Microsoft Intune to sideload apps via
the cloud and make them available to any authorized, compatible device that’s connected to the Internet. The following list outlines the high-level steps that you need to complete to sideload an app using Microsoft Intune.
a. Add users and create groups, if applicable.
b. Upload the app to Microsoft Intune.
c. Choose the users, groups, computers, and devices that can download the app, and link them (user-to-device).
d. For the self-service model in this example, choose how to deploy the app. It can be available, or available and required.
e. Verify that the app is available in the Windows Intune Company Store, and use the Company Store to install the app on devices.
• Deep link apps using Microsoft Intune: You can make Windows Store apps available to Windows RT users in your company portal by using Windows Intune as well as Configuration Manager. This section focuses on Windows Intune. You’ll follow the same basic process as you did when deploying an app via the Installed Software option, but this time you choose External Link in the Add Software Wizard. Before you begin, decide which Windows Store app you want to deploy. For this example, choose OneDrive for Business.
The first part of the process requires you to obtain the link to the app you want to add to your company portal. To obtain the link for OneDrive for Business, follow these steps:
i. From the Start menu, type Store, and then click Store.
ii. Search for Word Mobile, and then click it to access the installation page.
iii. On the Word Mobile page, click Share.
iv. In the Share area, click Mail.
v. The email contains the link. Send this link to yourself, copy the link, and paste it into Notepad, or otherwise make the link accessible for later.
The second part of the deep-linking process involves adding the app to Windows Intune:
i. Log on to the Microsoft Intune Administrator console.
ii. Click the Apps tab, and then click Add Apps.
iii. Wait for the Microsoft Intune Software Publisher to install, and then enter your Microsoft Intune credentials.
iv. In the Microsoft Intune Software Publisher window, click Next.
v. On the Software setup page, select External link, and then type the link you copied in step 5 of the previous task into the URL field, and then click Next.
vi. Carefully input the information to describe the software. What you input can be viewed by your employees. Click Next when finished.
vii. Verify that the information is correct, and then click Upload.
viii. After the upload is complete, click Close.