About this course
This three-day, instructor-led course is the first of a two-part Community Courseware replacement for 20703-1. Written by a former SCCM MOC author with over 20 years of experience teaching SMS/SCCM/MEM, this course is intended for IT professionals who are interested in expanding their knowledge about and technical skills in the management of Windows computers and other devices by using Microsoft Endpoint Configuration Manager Current Branch version 2203. In this course, students will learn Configuration Manager fundamentals and day-to-day asset-management tasks, such as gathering and reporting hardware inventory and software metering information. Students will also learn about the site system roles and other features required to deploy the Configuration Manager client software and how to prepare for implementing Configuration Manager's change-management features.
Audience Profile
This course is intended for experienced IT professionals who are responsible for desktop and device management in medium-sized, large, and enterprise organizations and who have at least six months of experience managing Windows computers in a workplace environment or who have completed course WS-011: Windows Server 2019 Administration.
At Course Completion
-
Module 1: Microsoft Endpoint Manager and Configuration Manager
This module introduces the Microsoft Endpoint Manager suite and Configuration Manager. It also explains the various asset-management, change-management, and administrative features in Configuration Manager. The module introduces the Configuration Manager console, including its installation, and the support tools included with Configuration Manager, including CMTrace.
Lessons
- Microsoft Endpoint Manager and Features of Configuration Manager
- Configuration Manager Concepts and Fundamentals
- The Configuration Manager Console, CMTrace, and Other Tools
Lab 1: Installing and Using the Configuration Manager Console and CMTrace
- Installing the Configuration Manager Console
- Using the Configuration Manager Console
- Using CMTrace
After completing this module, students will be able to:
- Describe the features of Configuration Manager and explain where it fits within the Microsoft Enpoint Manager suite framework.
- Navigate the Configuration Manager console and explain where each of the major features of Configuration Manager can be managed.
- Install and use the Configuration Manager console and CMTrace.
Module 2: Infrastructure Preparation for Client Deployment and Management
This module explains how to prepare the Configuration Manager infrastructure for deploying the Configuration Manager client software and the subsequent management of client devices. The module covers Active Directory integration, resource discovery, resource collections, and the configuration of boundaries and boundary groups.
Lessons
- Configuration Manager integration with Active Directory
- User and System Resource Discovery
- Resource Collections
- Boundaries and Boundary Groups
Lab 1: Configuring Active Directory Integration, Discovery, and Collections
- Verifying the Configuration of Active Directory Integration
- Configuring Resource Discovery Methods
- Creating Collections
Lab 2: Configuring Boundaries and Boundary Groups
- Configuring and Discovering Boundaries
- Configuring Boundary Groups
After completing this module, students will be able to:
- Explain the Configuration Manager infrastructure configuration requirements for client deployment.
- Configure Configuration Manager/Active Directory integration.
- Configure user and system resource discovery.
- Configure boundaries and boundary groups.
Module 3: The Configuration Manager Client
This module introduces the Configuration Manager client and explains its functions in Configuration Manager operations. It discusses the platforms and operating systems for which the Configuration Manager client is available. The module also explains the various client-installation methods and the site system roles and other infrastructure requirements for each of those methods. Finally, the module explains client settings and monitoring client health.
Lessons
- Configuration Manager Client Fundamentals
- Client Installation
- Client Settings
- Client Health
Lab 1: Installing the Configuration Manager Client
- Configuring Roles and Settings for Client Installation
- Installing the Configuration Manager Client
- Monitoring the Client Installation Process
Lab 2: Configuring Client Settings and Monitoring Client Health
- Configuring and Verifying Client Settings
- Verifying Client Health
After completing this module, students will be able to:
- Explain the various deployment methods for the Configuration Manager client, select a client deployment method appropriate for the organization's environment, and implement the selected method.
- Configure client settings for the Configuration Manager client.
- Monitor Configuration Manager client health.
Module 4: Asset Management in Configuration Manager
This module explains how to configure and manage the asset-management features of Configuration Manager. It covers hardware inventory and legacy software inventory, including file collection, Asset Intelligence, and software metering. It also explains how to monitor and troubleshoot the various client and server processes involved in asset management and how to secure inventory collection.
Lessons
- Introduction to Asset Management Features
- Hardware Inventory
- Software Inventory
- Asset Intelligence
- Software Metering
Lab 1: Configuring and Managing Hardware and Software Inventory Collection
- Configuring Hardware Inventory
- Configuring Software Inventory and File Collection
- Testing Inventory Collection and Reviewing Results
Lab 2: Configuring Asset Intelligence
- Implementing the Asset Intelligence Synchronization Point
- Configuring Asset Intelligence Reporting Classes
- Importing Software License Data
Lab 3: Configuring and Managing Software Metering
- Configuring Software Metering
- Generating and Summarizing Software Metering Data
After completing this module, students will be able to:
- Describe the asset-management features of Configuration Manager.
- Implement hardware and software inventory, including file collection.
- Implement Asset Intelligence.
- Implement software metering.
Module 5: Queries and Reports
This module explains how to use queries and reports in Configuration Manager. It introduces data query concepts and explains how to create and run queries to retrieve data from the Configuration Manager database. The module also covers status message queries, which can provide process-status and component-health information. The module introduces the CMPivot feature for performing real-time queries on client devices. Finally, the module introduces SQL Server Reporting Services (SSRS), covers how to configure SSRS prior to implementing reporting in Configuration Manager, and explains how to run reports on-demand, create report subscriptions, and configure report security.
Lessons
- Data and Status Message Queries
- Real-time CMPivot Queries
- Reports
Lab 1: Creating and Running Queries
- Creating a Simple-value Query
- Creating a Prompted-value Query
- Creating a Subselected-value Query
- Copying, Modifying, and Using a Status Message Query
Lab 2: Using CMPivot
- Using Basic Functions of CMPivot
- Using CMPivot to Analyze the Current State of a Device
- Creating Collections Based on CMPivot Results
Lab 3: Implementing and Using Configuration Manager Reporting
- Configuring SQL Reporting Services
- Implementing a Reporting Services Point
- Running Reports
- Subscribing to Reports
After completing this module, students will be able to:
- Create and use data and status message queries.
- Perform real-time device queries by using CMPivot.
- Implement and use reporting features in Configuration Manager.
Course Outline
Module 1: Identity services in Windows Server This module introduces identity services and describes Active Directory Domain Services (AD DS) in a Windows Server environment. The module describes how to deploy domain controllers in AD DS, as well as Azure Active Directory (AD) and the benefits of integrating Azure AD with AD DS. The module also covers Group Policy basics and how to configure group policy objects (GPOs) in a domain environment. Lesson
- Introduction to AD DS
- Manage AD DS domain controllers and FSMO roles
- Implement Group Policy Objects
- Manage advanced features of AD DS
Lab: Implementing identity services and Group Policy
- Deploying a new domain controller on Server Core
- Configuring Group Policy
After completing this module, students will be able to:
- Describe AD DS in a Windows Server environment.
- Deploy domain controllers in AD DS.
- Describe Azure AD and benefits of integrating Azure AD with AD DS.
- Explain Group Policy basics and configure GPOs in a domain environment.
Module 2: Implementing identity in hybrid scenarios This module discusses how to configure an Azure environment so that Windows IaaS workloads requiring Active Directory are supported. The module also covers integration of on-premises Active Directory Domain Services (AD DS) environment into Azure. Finally, the module explains how to extend an existing Active Directory environment into Azure by placing IaaS VMs configured as domain controllers onto a specially configured Azure virtual network subnet. Lesson
- Implement hybrid identity with Windows Server
- Deploy and manage Azure IaaS Active Directory domain controllers in Azure
Lab: Implementing integration between AD DS and Azure AD
- Preparing Azure AD for AD DS integration
- Preparing on-premises AD DS for Azure AD integration
- Downloading, installing, and configuring Azure AD Connect
- Verifying integration between AD DS and Azure AD
- Implementing Azure AD integration features in AD DS
After completing this module, students will be able to:
- Integrate on-premises Active Directory Domain Services (AD DS) environment into Azure.
- Install and configure directory synchronization using Azure AD Connect.
- Implement and configure Azure AD DS.
- Implement Seamless Single Sign-on (SSO).
- Implement and configure Azure AD DS.
- Install a new AD DS forest on an Azure VNet.
Module 3: Windows Server administration This module describes how to implement the principle of least privilege through Privileged Access Workstation (PAW) and Just Enough Administration (JEA). The module also highlights several common Windows Server administration tools, such as Windows Admin Center, Server Manager, and PowerShell. This module also describes the post-installation configuration process and tools available to use for this process, such as sconfig and Desired State Configuration (DSC). Lesson
- Perform Windows Server secure administration
- Describe Windows Server administration tools
- Perform post-installation configuration of Windows Server
- Just Enough Administration in Windows Server
Lab: Managing Windows Server
- Implementing and using remote server administration
After completing this module, students will be able to:
- Explain least privilege administrative models.
- Decide when to use privileged access workstations.
- Select the most appropriate Windows Server administration tool for a given situation.
- Apply different methods to perform post-installation configuration of Windows Server.
- Constrain privileged administrative operations by using Just Enough Administration (JEA).
Module 4: Facilitating hybrid management This module covers tools that facilitate managing Windows IaaS VMs remotely. The module also covers how to use Azure Arc with on-premises server instances, how to deploy Azure policies with Azure Arc, and how to use role-based access control (RBAC) to restrict access to Log Analytics data. Lesson
- Administer and manage Windows Server IaaS virtual machines remotely
- Manage hybrid workloads with Azure Arc
Lab: Using Windows Admin Center in hybrid scenarios
- Provisioning Azure VMs running Windows Server
- Implementing hybrid connectivity by using the Azure Network Adapter
- Deploying Windows Admin Center gateway in Azure
- Verifying functionality of the Windows Admin Center gateway in Azure
After completing this module, students will be able to:
- Select appropriate tools and techniques to manage Windows IaaS VMs remotely.
- Explain how to onboard on-premises Windows Server instances in Azure Arc.
- Connect hybrid machines to Azure from the Azure portal.
- Use Azure Arc to manage devices.
- Restrict access using RBAC.
Module 5: Hyper-V virtualization in Windows Server This module describes how to implement and configure Hyper-V VMs and containers. The module covers key features of Hyper-V in Windows Server, describes VM settings, and how to configure VMs in Hyper-V. The module also covers security technologies used with virtualization, such as shielded VMs, Host Guardian Service, admin-trusted and TPM-trusted attestation, and Key Protection Service (KPS). Finally, this module covers how to run containers and container workloads, and how to orchestrate container workloads on Windows Server using Kubernetes. Lesson
- Configure and manage Hyper-V
- Configure and manage Hyper-V virtual machines
- Secure Hyper-V workloads
- Run containers on Windows Server
- Orchestrate containers on Windows Server using Kubernetes
Lab: Implementing and configuring virtualization in Windows Server
- Creating and configuring VMs
- Installing and configuring containers
After completing this module, students will be able to:
- Install and configure Hyper-V on Windows Server.
- Configure and manage Hyper-V virtual machines.
- Use Host Guardian Service to protect virtual machines.
- Create and deploy shielded virtual machines.
- Configure and manage container workloads.
- Orchestrate container workloads using a Kubernetes cluster.
Module 6: Deploying and configuring Azure VMs This module describes Azure compute and storage in relation to Azure VMs, and how to deploy Azure VMs by using the Azure portal, Azure CLI, or templates. The module also explains how to create new VMs from generalized images and use Azure Image Builder templates to create and manage images in Azure. Finally, this module describes how to deploy Desired State Configuration (DSC) extensions, implement those extensions to remediate noncompliant servers, and use custom script extensions. Lesson
- Plan and deploy Windows Server IaaS virtual machines
- Customize Windows Server IaaS virtual machine images
- Automate the configuration of Windows Server IaaS virtual machines
Lab: Deploying and configuring Windows Server on Azure VMs
- Authoring Azure Resource Manager (ARM) templates for Azure VM deployment
- Modifying ARM templates to include VM extension-based configuration
- Deploying Azure VMs running Windows Server by using ARM templates
- Configuring administrative access to Azure VMs running Windows Server
- Configuring Windows Server security in Azure VMs
After completing this module, students will be able to:
- Create a VM from the Azure portal and from Azure Cloud Shell.
- Deploy Azure VMs by using templates.
- Automate the configuration of Windows Server IaaS VMs.
- Detect and remediate noncompliant servers.
- Create new VMs from generalized images.
- Use Azure Image Builder templates to create and manage images in Azure.
Module 7: Network infrastructure services in Windows Server This module describes how to implement core network infrastructure services in Windows Server, such as DHCP and DNS. This module also covers how to implement IP address management and how to use Remote Access Services. Lesson
- Deploy and manage DHCP
- Implement Windows Server DNS
- Implement IP address management
- Implement remote access
Lab: Implementing and configuring network infrastructure services in Windows Server
- Deploying and configuring DHCP
- Deploying and configuring DNS
After completing this module, students will be able to:
- Implement automatic IP configuration with DHCP in Windows Server.
- Deploy and configure name resolution with Windows Server DNS.
- Implement IPAM to manage an organization’s DHCP and DNS servers, and IP address space.
- Select, use, and manage remote access components.
- Implement Web Application Proxy (WAP) as a reverse proxy for internal web applications.
Module 8: Implementing hybrid networking infrastructure This module describes how to connect an on-premises environment to Azure and how to configure DNS for Windows Server IaaS virtual machines. The module covers how to choose the appropriate DNS solution for your organization’s need and run a DNS server in a Windows Server Azure IaaS VM. Finally, this module covers how to manage Microsoft Azure virtual networks and IP address configuration for Windows Server infrastructure as a service (IaaS) virtual machine. Lesson
- Implement hybrid network infrastructure
- Implement DNS for Windows Server IaaS VMs
- Implement Windows Server IaaS VM IP addressing and routing
Lab: Implementing Windows Server IaaS VM networking
- Implementing virtual network routing in Azure
- Implementing DNS name resolution in Azure
After completing this module, students will be able to:
- Implement an Azure virtual private network (VPN).
- Configure DNS for Windows Server IaaS VMs.
- Run a DNS server in a Windows Server Azure IaaS VM.
- Create a route-based VPN gateway using the Azure portal.
- Implement Azure ExpressRoute.
- Implement an Azure wide area network (WAN).
- Manage Microsoft Azure virtual networks (VNets).
- Manage IP address configuration for Windows Server IaaS virtual machines (VMs).
Module 9: File servers and storage management in Windows Server This module covers the core functionality and use cases of file server and storage management technologies in Windows Server. The module discusses how to configure and manage the Windows File Server role, and how to use Storage Spaces and Storage Spaces Direct. This module also covers replication of volumes between servers or clusters using Storage Replica. Lesson
- Manage Windows Server file servers
- Implement Storage Spaces and Storage Spaces Direct
- Implement Windows Server Data Deduplication
- Implement Windows Server iSCSI
- Implement Windows Server Storage Replica
Lab: Implementing storage solutions in Windows Server
- Implementing Data Deduplication
- Configuring iSCSI storage
- Configuring redundant Storage Spaces
- Implementing Storage Spaces Direct
After completing this module, students will be able to:
- Configure and manage the Windows Server File Server role.
- Protect data from drive failures using Storage Spaces.
- Increase scalability and performance of storage management using Storage Spaces Direct.
- Optimize disk utilization using Data Deduplication
- Configure high availability for iSCSI.
- Enable replication of volumes between clusters using Storage Replica.
- Use Storage Replica to provide resiliency for data hosted on Windows Servers volumes.
Module 10: Implementing a hybrid file server infrastructure This module introduces Azure file services and how to configure connectivity to Azure Files. The module also covers how to deploy and implement Azure File Sync to cache Azure file shares on an on-premises Windows Server file server. This module also describes how to manage cloud tiering and how to migrate from DFSR to Azure File Sync. Lesson
- Overview of Azure file services
- Implementing Azure File Sync
Lab: Implementing Azure File Sync
- Implementing DFS Replication in your on-premises environment
- Creating and configuring a sync group
- Replacing DFS Replication with File Sync–based replication
- Verifying replication and enabling cloud tiering
- Troubleshooting replication issues
After completing this module, students will be able to:
- Configure Azure file services.
- Configure connectivity to Azure file services.
- Implement Azure File Sync.
- Deploy Azure File Sync
- Manage cloud tiering.
- Migrate from DFSR to Azure File Sync.
Prerequisites
- Windows client and Windows Server administration skills.
- An understanding of Windows networking fundamentals, including common protocols, routing, and IP addressing.
- Basic Active Directory-management skills.
- A basic understanding of common Windows Server roles, features, and services.
- An introductory-level understanding of Windows commands, scripting, and PowerShell syntax.
- An introductory-level understanding of public key infrastructure (PKI) security concepts.
מה זה Windows Server?
Windows Server היא מערכת הפעלה שרתית מבית מיקרוסופט. מערכת הפעלה מגוונת, בעלת יכולות מתקדמות ומספקת שירותים שונים לארגונים גדולים כקטנים.
בין השאר המערכת מספקת:
• שירותי Active Directory לצורך ניהול משתמשים, מחשבים ומשאבים ארגוניים.
• ניהול מערכות קבצים והרשאות- File Servers
• שירותי תשתיות Infrastructure כגון DHCP, DNS.
• שירותי Hyper-V לצורך מערכות וירטואליות Virtual Machines.
• מערכת המהווה תשתית למערכות שרתיות אחרות כגון מסדי נתונים (SQL) שירותי WEB ועוד.
• יכולת עבודה בצורה היברידית מול שירותי ענן ושרתים בענן.
האם קל ללמוד Microsoft Server?
לימוד מערכת ההפעלה Windows Server נחשב לקל יחסית ואינו דורש ידע קודם או ידע בתכנות או בתחומים אחרים. הקורס מיועד גם למי שמתחיל בתחום ה-IT וניהול הרשתות.
יחד עם זאת, הקורס מקיף מאוד וכולל לימוד של תחום שלם, מעבדות תירגול מפותחות ומעניינות ונותן תמונה מקיפה ורמת הבנה וידע נרחבת לתחום ניהול רשתות.
עם תום הקורס ניתן לגשת למבחני הסמכה של מיקרוסופט ולהוציא תעודה רישמית.
מה היתרונות של Windows Server?
למערכת ההפעלה השרתית Windows Server יתרונות ויכולות רבות.
המערכת מציעה שירותי ניהול לרשת מרמת התשתיות ועד רמת המשתמשים והאובייקטים ברשת.
יתרון נוסף של Windows Server הוא ביכולות המגוונות של מערכת ההפעלה. המערכת בנויה להוות תשתית תוכנתית לאפליקציות מבית מיקרוסופט ושל יצרנים אחרים המסתמכים עליה.
מערכת ההפעלה בנויה לתמוך בעולם היברידי שבו חלק ממשאבי הארגון נמצאים ברשת המקומית וחלקם נמצאים בענן.
מערכת ההפעלה בנויה על פי חשיבה עיסקית ויכולה להוות תשתית לכל סוג של ארגון ובכל גודל ולתת מענה לצרכים רבים.
למה משמש Windows Server?
Windows Server מתאים לארגונים קטנים כגדולים ולתת מענה למגוון גדול של צרכים לכל סוג של ארגון.
מערכת ההפעלה מודרנית, עדכנית ומאובטחת מתמיד ומספקת שירותי תשתיות וניהול נרחבים.