Modern Endpoint Operations
Modern Endpoint Operations — day-to-day management model for Intune-managed devices
Device Lifecycle & Onboarding
Device Lifecycle & Onboarding — enrollment methods, device re-assignment, and decommission procedures
Mobile Device Management & App Protection
Mobile enrollment models for iOS and Android — MDM and MAM postures, broker apps, BYOD strategy, and Play Integrity device attestation.
Open Intune Baseline Deployment
Open Intune Baseline (OIB) deployment for GCC High (CMMC Level 2) and Commercial (NIST 800-171 Rev. 3) tenants — layered policy framework, IntuneManagement tool import, sovereign-cloud modifications, compliance policies, USB device control, update rings, and Wi-Fi configuration.
Intune Diagnostics, Reporting & Audit Evidence
Intune monitoring setup, diagnostic settings export to Log Analytics, Endpoint Analytics, Reports center, role-based dashboards, KQL alerting patterns, policy troubleshooting, and audit evidence packages
Defender for Endpoint and the Endpoint Security baseline
Microsoft Defender for Endpoint onboarding plus the 12 Layer 1 policies of the Endpoint Security baseline (ASR, AV, BitLocker, WHfB Configuration + Cloud Kerberos Trust, LAPS, Local Admins, Firewall, EDR, Exploit Protection, Device Control)
M365 Apps Deployment via ODT
Package Microsoft 365 Apps and Company Portal as a Win32 Intune app using the Office Deployment Tool — avoiding the fragile built-in M365 Apps policy.
Intune RBAC & Governance
Intune RBAC, scope tags, and assignment filters — delegation model and tagging taxonomy for a well-governed Intune environment
Entra Device Hygiene — Stale and Duplicate Object Cleanup
Identifying and removing stale and duplicate Entra ID device objects to maintain accurate device inventory, correct Conditional Access evaluation, and defensible compliance posture
GPO-to-Intune Migration — Structured Policy Buildout
A top-down framework for migrating Group Policy Object estates into a well-structured Intune policy architecture using the Open Intune Baseline, Group Policy Analytics, and a tiered deployment sequence