1
00:00:02,440 --> 00:00:04,980
So now that we've completed our validation testing,

2
00:00:04,980 --> 00:00:07,950
we can move on to provisioning our endpoints using

3
00:00:07,950 --> 00:00:12,520
Intune. Now, with Intune provisioning, we have, again,

4
00:00:12,520 --> 00:00:17,110
a variety of different scenarios that we can support. And in this course, I'm

5
00:00:17,110 --> 00:00:22,630
focusing on the hybrid Azure AD join scenario, mostly because it's probably

6
00:00:22,630 --> 00:00:26,450
one of the most common. Most organizations are there. Organizations are

7
00:00:26,450 --> 00:00:30,720
quickly moving to native Azure AD join, but today it's predominantly hybrid

8
00:00:30,720 --> 00:00:35,080
Azure AD join, so we're going to focus on that. In a hybrid Azure AD join

9
00:00:35,080 --> 00:00:39,740
scenario, the assumption here, of course, is that your devices are joined to

10
00:00:39,740 --> 00:00:44,310
an on‑premises domain, that your computer accounts and user accounts are

11
00:00:44,310 --> 00:00:50,210
synchronized with Azure AD, and that your devices are enrolled for Intune

12
00:00:50,210 --> 00:00:51,000
management.

13
00:00:51,000 --> 00:00:56,250
Now, all of those things are easy to say, but they are not trivial to do.

14
00:00:56,250 --> 00:00:59,600
And unfortunately, during this course, it's not something that we cover.

15
00:00:59,600 --> 00:01:03,200
There are plenty of courses on Pluralsight that cover Intune

16
00:01:03,200 --> 00:01:06,860
management. We'd encourage you to check those out because there's a

17
00:01:06,860 --> 00:01:09,500
lot of things that you have to do to get all of this working and

18
00:01:09,500 --> 00:01:14,110
running, and our module or our course here assumes that all of that

19
00:01:14,110 --> 00:01:15,340
is already in place.

20
00:01:15,340 --> 00:01:19,140
And the last piece is that we assume that you're deploying, at least at

21
00:01:19,140 --> 00:01:22,460
this point, you're deploying your certificates using Active Directory

22
00:01:22,460 --> 00:01:27,060
and Group Policy. So when we create our device configuration profiles in

23
00:01:27,060 --> 00:01:31,420
Intune, these are all of the things that are already assumed to be in

24
00:01:31,420 --> 00:01:33,640
place and configured.

25
00:01:33,640 --> 00:01:37,040
So when we set up our Intune device configuration profiles,

26
00:01:37,040 --> 00:01:38,220
we're going to create two of them.

27
00:01:38,220 --> 00:01:40,020
We're going to create the first one for the user

28
00:01:40,020 --> 00:01:41,880
tunnel or the user‑based connection.

29
00:01:41,880 --> 00:01:47,370
And typically, I will deploy my user settings towards user groups, right?

30
00:01:47,370 --> 00:01:50,900
So I'm going to target the VPN profile for the user

31
00:01:50,900 --> 00:01:53,640
tunnel towards a group of VPN users.

32
00:01:53,640 --> 00:01:56,840
Conversely, for the device‑based connection or the device tunnel,

33
00:01:56,840 --> 00:02:00,040
I'm going to apply the device configuration profile

34
00:02:00,040 --> 00:02:02,170
and target a group of devices.

35
00:02:02,170 --> 00:02:03,250
And once again,

36
00:02:03,250 --> 00:02:06,200
the assumption here is that all of this is already configured, so you should

37
00:02:06,200 --> 00:02:16,000
already have those Active Directory groups synchronized with Azure AD, and everything should be in place, and we're ready to go.