Modern Endpoint Operations
Modern Endpoint Operations — day-to-day management model for Intune-managed devices
Device Lifecycle & Onboarding
Device Lifecycle & Onboarding — enrollment methods, device re-assignment, and decommission procedures
Mobile & Endpoint Security
Configuration standards for Windows 11 devices using the Open Intune Baseline (OIB), with compliance-aligned modifications for security and auditability.
Intune Diagnostics & Audit Evidence
Intune Diagnostics & Audit Evidence
Defender for Endpoint
Microsoft Defender for Endpoint onboarding, configuration, and security compliance mapping
M365 Apps Deployment via ODT
Package Microsoft 365 Apps and Company Portal as a Win32 Intune app using the Office Deployment Tool — avoiding the fragile built-in M365 Apps policy.
Intune RBAC & Governance
Intune RBAC, scope tags, and assignment filters — delegation model and tagging taxonomy for a well-governed Intune environment
Entra Device Hygiene — Stale and Duplicate Object Cleanup
Identifying and removing stale and duplicate Entra ID device objects to maintain accurate device inventory, correct Conditional Access evaluation, and defensible compliance posture
GPO-to-Intune Migration — Structured Policy Buildout
A top-down framework for migrating Group Policy Object estates into a well-structured Intune policy architecture using the Open Intune Baseline, Group Policy Analytics, and a tiered deployment sequence