Feature Connect sync Cloud sync Connect to single on-premises AD forest ● ● Connect to multiple on-premises AD forests ● ● Connect to multiple disconnected on-premises AD forests ● Lightweight agent installation model ● Multiple active agents for high availability ● Support for user objects ● ● Support for group objects ● ● Support for contact objects ● ● Support
Upgrade Plans PreReqs Wi-Fi profile changes Credential Guard overview | Microsoft Learn Default enablement Starting in Windows 11, 22H2 and Windows Server 2025, VBS and Credential Guard are enabled by default on devices that meet the requirements. The default enablement is without UEFI Lock, thus allowing administrators to disable Credential Guard remotely if needed. When Credential Guard is enabled, VBS is automatically enabled too. Security Baseline
Feature Windows Autopilotdevice preparation Windows Autopilot Features Support for Government Community Cloud High (GCCH) and Department of Defense (DoD) environments. Faster, more consistent provisioning experience. Near real-time monitoring and troubleshooting info. Support for multiple device types (HoloLens, Teams Meeting Room). Many customization options for the provisioning experience. Supported modes User-driven. User-driven. Pre-provisioned. Self-deploying. Existing devices. Join types supported Microsoft Entra join.
Intune Policy Configuration Platform – Set – Profile Type – Setting name [(optional info)] – Version Platform Set Profile Type Setting name optional info Version Indicator for platform type e.g. Win, macOS Indictor profile set e.g. Default, Kiosk, SharedDevices, PAW Indicator profile type e.g. Device restrictions, Custom Indicator setting e.g. Edge Favorites, for Custom AreaName/PolicyName Optional flag indicator e.g. test
If you are planning to manage your devices via EntraID in the clud in the future, there are some architectural decisions to be made in the area of device identity, device management and the type and manner of synchronization tools and methods. I will try to summarize the main decision paths as briefly as possible to give you an idea
Microsoft Intune Windows 365 Safety Artificial intelligence
New Update (in Preview) for Defender for Endpoint: Enroll devices without joining them to Azure AD: You need to enable the preview-feature in the Defender for Endpoint-Portal: Settings > Endpoints > Advanced features > Preview features And create a dynamic group based on the systemLabels property containing the “MDEManaged” value to get all MDE-managed devices “Important: If a Windows device was managed by Defender for Endpoint via
High-level architecture Source: Microsoft Overview Intune Azure AD (Entra) – Identity and access management Defender – Security
Intune Suite add-on capabilities Capability Standalone add-on Intune Plan 2 Intune Suite Advanced endpoint analytics ✔️ Endpoint Privilege Management ✔️ ✔️ Microsoft Tunnel for Mobile Application Management ✔️ ✔️ Remote help ✔️ ✔️ Specialized devices management ✔️ ✔️ Use Intune Suite add-on capabilities – Microsoft Intune | Microsoft Learn .
