Protect devices using Microsoft Intune
At a glance
-
Level
-
Skill
-
Product
-
Subject
In this learning path, you'll learn how to apply layered protection to managed endpoints using Microsoft Intune and the broader Microsoft Defender stack. You'll start by integrating Microsoft Defender for Endpoint with Intune, then implement device encryption (BitLocker, FileVault, and personal data encryption) to safeguard data at rest. You'll explore advanced threat protection scenarios, including attack surface reduction rules, endpoint detection and response, and risk-based Conditional Access. From there, you'll author and enforce compliance policies, drive remediation through Conditional Access, and monitor compliance posture at scale. The learning path concludes with two specialized scenarios - delivering secure mobile access using Microsoft Tunnel, and issuing and managing device certificates using Microsoft Cloud PKI.
Prerequisites
- Basic understanding of Microsoft Intune and device enrollment concepts
- Familiarity with Microsoft Entra ID and Conditional Access
- Completion of the "Prepare infrastructure for devices using Microsoft Intune and Microsoft Entra ID" learning path or equivalent experience
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
This module shows how to deploy endpoint security with Microsoft Defender through Microsoft Intune. You'll onboard Windows, macOS, and mobile devices, configure security baselines and endpoint security policies, deploy Endpoint Detection and Response (EDR) policies, and investigate and triage incidents in the Microsoft Defender portal.
Deploy and manage device encryption across Windows endpoints using Microsoft Intune. Configure BitLocker policies, manage recovery keys, monitor compliance, and audit encryption status with Microsoft Defender.
This module shows how to implement advanced threat protection across managed endpoints. You'll combine Microsoft Intune policy enforcement with Microsoft Defender to discover shadow IT, reduce the attack surface, enforce Zero Trust access, and automate remediation.
This module shows how to operationalize Microsoft Intune compliance policies as the foundation of a Zero Trust architecture. You'll create platform-specific policies, scope them with Microsoft Entra groups and assignment filters, configure graduated actions for noncompliance, automate remediation, and monitor compliance health across your tenant.
Deploy and manage Microsoft Tunnel Gateway to provide zero-trust access to on-premises resources from both enrolled and unenrolled mobile devices while maintaining security and compliance.
This module shows how to deploy and operate Microsoft Cloud PKI in Microsoft Intune. You'll build a two-tier CA hierarchy, automate SCEP-based certificate issuance and renewal, and monitor certificate health across your organization—without on-premises NDES or connector infrastructure.