Welcome to ONLC Training Centers

MOC On-Demand: 20398-Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On-Premises Tools Course Outline

 (5 days)

*** Note: This is an On-Demand Self Study Class, 5-days of content, 90-days unlimited access, $995 ***
You can take this class at any time; there are no set dates. It covers the same content as the 5-day instructor-led class of the same name. The cost for this MOC On-Demand class is $995. (Microsoft Enterprise customers paying with Software Assurance Vouchers, see SATV Payment note below.) In all cases, customers must call us directly to purchase this class at 800-288-8221.

MOC On-Demand Learner Profiles
MOC On-Demand is a self-study training solution that was designed for two types of learners. First, MOC On-Demand is a great fit for experienced IT professionals who don't need a traditional 5-day class to upgrade their existing skills. They can pick and choose topics to make the most effective use of their time. Second, MOC On-Demand is perfect for highly-motivated individuals who are new to a technology and need to space their learning over a period of weeks or months. These learners can take their time and repeat sections as needed until they master the new concepts.

About MOC On-Demand
Our MOC On-Demand classes are self-study courses with 30 to 40 hours of content. They include hours of videos, hands-on labs using the actual software, and knowledge checks and were created by Microsoft to mirror the content found in the traditional live instructor-led version of this course. Those features are all part of the standard MOC On-Demand training. But don't settle for the standard MOC On-Demand class! Check out the "ONLC Extras" that you get when purchasing this course from us.

ONLC Extras
ONLC Training Centers bundles in valuable extras with our MOC On-Demand Courses. These items are not available from other training companies.
Courseware After the Course. Get the digital courseware that is used in the live, instructor-led version of this class. While the MOC On-Demand access goes away after 90 days, you will have access to the "extra" digital courseware for an unlimited period of time.
24/7 Online Support. You will be able to chat online with a content matter expert while you are taking your MOC On-Demand class. And, with your permission, the expert can even take over your computer to provide with assistance with your labs.

Optional Add-Ons
These add-ons are available exclusively by ONLC Training Centers and are offered to you at an additional cost.
Upgrade to 180-Day Access, $250. Need more time? Extend the base 90-day access to 180 days on your MOC On-Demand class, complete with labs, videos and knowledge checks. Extension must be ordered at time of original purchase and is non-refundable.
Certification Pak, $150. Interested in obtaining certification? Get a Transcender practice exam and a Microsoft exam voucher at this reduced price.
ILT Listener, $250. Want to listen in and follow along with a live Instructor-Led Training (ILT) class? We offer this option for individuals on a limited budget who have time during the day to hear a live class in progress. ILT Listeners have access to their online support chat expert during the class but they do not have direct access to the live instructor.
ILT Participant, $ Varies. You've purchased MOC On-Demand, have gone through the training and decided that you still want a live class. Just pay difference between MOC On-Demand course and and the Instructor-Led Training (ILT) class and you can have a seat in our live class. Get both self-study and live, instructor-led training for the retail price of the instructor-led class alone!

Paying with Software Assurance Training Vouchers (SATV)
For Microsoft Enterprise customers paying with Software Assurance Vouchers, the cost of this class is 5 vouchers--this includes access to the self-study materials, the student workbook, 24/7 access to an online expert, and a corresponding exam voucher, if applicable, upon request.

Do You Still Prefer a Live, Instructor-led Class?
Already know MOC On-Demand is not right for you? We also offer this same course content in a live, instructor-led format. For more details, click on the link below:
20398 Instructor-led


This course teaches IT professionals how to use the Enterprise Mobility Suite to manage devices, users, and data. In addition, this course teaches students how to use other technologies, such as Group Policy and other Windows Server–based technologies, to manage devices and secure data. Students will learn how to design and implement cloud-based and on-premises solutions for managing Windows-based, iOS, and Android devices, and they will learn how to provide secure and efficient access to data and applications.

Audience profile
This course is intended for IT professionals and consultants who plan, deploy, and manage devices and applications in medium to large organizations. A significant portion of this audience works in on-premises Active Directory Domain Services (AD DS) environments with both domain-joined and non-domain joined devices, for which they need to provide mobile device management and secure data access. Devices in such environments typically run Windows 10, Windows 10 Mobile, iOS, and Android. They plan to extend on-premises AD DS to the cloud and they need to learn how to plan and implement Enterprise Mobility Suite.

In addition to their professional experience, students who attend this training should already have the following technical knowledge:
* TCP/IP networking fundamentals
* Understanding of Domain Name System (DNS)
* Working knowledge of Active Directory principles
* Understanding of the public key infrastructure (PKI) fundamentals
* Understanding of cloud-based service concepts
* Windows Server 2012 R2 fundamentals, including Remote Desktop Services
* Experience with Windows 10
* Familiarity with Windows PowerShell
* Basic knowledge of mobile platforms

At course completion
After completing this course, students will be able to:
Use devices in the enterprise environment.
Implement and administer Microsoft Azure Active Directory (Azure AD).
Connect AD DS with Azure AD.
Manage devices in Microsoft Office 365.
Plan and implement Intune.
Use Intune to manage devices.
Plan and implement app support.
Use Intune to manage applications and Resource Access.
Plan and implement Microsoft Azure Rights Management (Azure RMS).
Plan and implement Remote Access.
Plan and implement Dynamic Access Control and auditing.
Plan and protect data.
Recover data and operating systems.

Course Outline

Module 1: Using devices in the enterprise environment
This is an overview module that introduces changes and challenges in today's typical workplace, and the solutions to address them. The intention of this module is to set the stage for later modules, and to introduce the Enterprise Mobility Suite.
Overview of devices in an enterprise
Device management features
Overview of the EMS
Lab : Planning for device management
Selecting the appropriate products and technologies for device management
Working with mobile devices

Module 2: Implementing and administering Azure AD
In this module students will learn how to manage devices in an on-premises Active Directory environment. They will learn about cloud identity, and the features that Azure AD provides. They also will learn about Azure AD offerings, how to create and manage an Azure AD tenant, and how claims-based authentication works.
Overview of AD DS
Overview of Azure AD
Creating and managing Azure AD
Managing authentication in Azure AD
Lab : Working with Azure AD and providing access to claims-aware applications
Managing Azure AD users and groups
Joining a Windows 10 device to Azure AD
Accessing cloud applications with SSO

Module 3: Connecting AD DS with Azure AD
In this module students will learn how to connect their on-premises AD DS with Azure AD. They will learn about Azure AD Connect, and how either to synchronize entire identities to Azure AD, including password hashes, or to establish federation with Azure AD.
Preparing AD DS for directory synchronization
Implementing Azure AD Connect
Planning and implementing federation
Lab : Synchronizing on-premises AD DS with Azure AD
Implementing Azure AD Connect
Verifying synchronization of new objects
Implementing and using Azure AD Premium features

Module 4: Managing devices in Office 365
In this module students will learn about Office 365 and its main features. The focus of this module is on device management by using mobile device management for Office 365.
Overview of Office 365
MDM for Office 365
Lab : Managing devices in Office 365 (Part 1)
Obtaining an Office 365 subscription
Enabling MDM
Lab : Managing devices in Office 365 (Part 2)
Configuring and testing mobile device management in Office 365

Module 5: Planning and implementing Microsoft Intune
In this module students will learn how to plan for Microsoft Intune, how to deploy an Intune client, and how to perform basic Intune administration.
Planning for Intune
Deploying Intune clients
Basic Intune administration
Lab : Planning and implementing Intune
Deploying Intune clients and linking computers to users
Create Intune users
Delegating Intune permissions
Creating Intune groups

Module 6: Managing devices by using Intune
In this module students will learn how to enroll and manage mobile devices with Intune, create, manage and deploy different types of Intune policies, and manage updates and Windows Defender by using Microsoft Intune.
Working with Microsoft Intune policies
Mobile device management
Managing updates and Windows Defender
Lab : Using Microsoft Intune policies to manage devices
Configuring Azure AD with automatic mobile device management enrollment
Working with Microsoft Intune policies
Lab : Managing updates and Windows Defender
Managing updates by using Intune
Managing Windows Defender by using Intune

Module 7: Using Microsoft Intune to manage applications and resource access
In this module students will learn how to manage application deployments by using Microsoft Intune. They will also learn how to deploy settings, such as VPN profiles, Wi-Fi profiles and certificates to Intune clients.
Application lifecycle management
Application deployment process
Managing access to company resources
Lab : Using Intune to deploy and monitor applications
Using Intune to deploy and monitor applications
Lab : Using Intune to manage resource access
Configuring certificate deployment in Intune
Configuring conditional access policies

Module 8: Planning and implementing Azure RMS
In this module students will learn how to plan and implement Azure Rights Management to protect digital content. They also will learn which applications can integrate with Azure Rights Management, and how to use Azure Rights Management with Office 365 in an on-premises infrastructure.
Overview of Azure RMS.
Implementing Azure RMS.
Lab : Using Azure RMS to protect documents and data
Protecting documents with Azure RMS
Using FCI with Azure RMS

Module 9: Planning and implementing app support
In this module students will learn how they can mitigate compatibility issues between applications on the same device, and between the application and the operating system. They also will learn about RemoteApp and Azure RemoteApp programs, which enable you to run Windows apps on any device with the Remote Desktop Protocol (RDP) client.
Planning and implementing application compatibility options
Publishing and using RemoteApp programs
Publishing and using Azure RemoteApp
Lab : Publishing and using RemoteApp and Azure RemoteApp
Publishing and accessing RemoteApp programs
Publishing and accessing Azure RemoteApp programs

Module 10: Planning and implementing remote access
In this module students will learn how to provide remote access from devices to a company network. They also will learn how to provide access to company infrastructure servers, data in work folders, and data that is stored in the cloud.
Overview of remote access solutions
Implementing remote infrastructure access
Planning and implementing Work Folders
Implementing cloud data access
Planning and implementing mobility options
Lab : Configuring and using VPN and Work Folders
Configuring a VPN server and a VPN client
Configuring and using Work Folders
Lab : Using Offline Files and OneDrive
Configuring and using Offline Files
Synchronize settings between Windows 10 devices
Configuring and using OneDrive

Module 11: Planning and implementing Dynamic Access Control and auditing
In this module students will learn how to implement Dynamic Access Control, and how to configure and use advanced auditing.
Planning and implementing Dynamic Access Control
Planning and deploying advanced audit policies
Lab : Implementing secure data access
Preparing for Dynamic Access Control deployment
Implementing Dynamic Access Control
Validating and remediating Dynamic Access Control
Using advanced audit policies

Module 12: Planning and protecting data
In this module students will learn how to protect data on a device by using encryption or BitLocker. They will also learn about Enterprise Data Protection and how data can be remotely wiped if a device is lost or stolen.
Planning and implementing encryption
Planning and implementing BitLocker
Protecting data on devices
Lab : Protecting data by using encryption and BitLocker
Encrypting and recovering access to encrypted files
Using BitLocker to protect data

Module 13: Recovering data and operating systems
In this module students will learn how to plan and implement file recovery and device recovery of Windows 10 devices. They also will learn how to update a Windows 10 device, and learn about Windows Branch.
Planning and implementing file recovery
Planning and implementing device recovery
Planning and implementing updates
Lab : Implementing file recovery and device recovery
Using File History to recover files
Using Previous Versions to recover files
Recovering a device with a restore point
Using the advanced startup options to recover a device

View outline in Word


Attend hands-on, instructor-led MOC On-Demand: 20398-Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On-Premises Tools training classes at ONLC's more than 300 locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Courses and select the one that's right for you.

Microsoft Gold Partner
Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Attend computer classes from ONLC Training Centers Request a copy via mail


Class Format
Class Policies
Student Reviews

Bookmark and Share

First Name

Last Name