Now, this is where we get into some of the nitty gritty of Microsoft 365 with tools like Intune and the Windows as a Service model. Starting off, we'll talk about Intune and the Azure Active Directory. Traditionally, devices owned or managed by an organization had to use a tool known as the Configuration Manager to set up devices with the organization settings. However, this could cause a problem when you're working with a remote workforce, as the configuration manager requires you to have the device in hand to manage the setup. And this is where Intune and Windows Autopilot come into play. Microsoft Intune is a mobile device and app management service that can be used to manage an organization's devices. 

Intune works with organization's own devices and also supports bring your own device models, so users can access organizational data on personal devices while still meeting privacy requirements set by the organization. Windows Autopilot is a feature within Intune that allows IT to preconfigure devices remotely and manage the setup of a device so once the user goes through the setup process, they are all set with a new compliant device. Organizations also have access to a tool called the Microsoft Endpoint Manager, which is effectively a combination of the Configuration Manager, Intune, and Windows Autopilot all into one dashboard. 

So, IT can easily manage an organization's devices from one centralized location. On the other side of the coin, we have Azure Active Directory, which often gets confused with Intune as they tend to work very closely together. Azure Active Directory, also known as Azure AD, is an identity and access management tool. Azure AD can verify users through a multitude of different ways. However, the most common is by requiring multi-factor authentication through things like biometrics, SMS verification, and PIN numbers. All of this is managed by Microsoft, but for organizations that already have on-premises servers and directories, they can still connect to Azure AD by using a tool called Azure AD Connect. 

Essentially, it allows Azure AD to connect to your on-premises directory and gives you the same identity and access management features that Azure AD provides without having to worry about losing your existing infrastructure. Now, let's talk about everyone's favorite thing, Windows Updates. Microsoft 365 provides a service called Windows-as-a-Service. This is effectively a way to roll out Windows updates to businesses that minimize disruptions and downtime to streamline updates throughout an entire organization's managed devices. It does this with a mixture of different update types, servicing channels, and alongside something called deployment rings to minimize interference with daily activity. 

The two types of updates are feature updates and quality updates. Feature updates provide new features in Windows and are rolled out twice a year while quality updates provide security patches and fixes which are usually released once a month. These updates roll out from Microsoft in different frequencies based on the servicing which can be one of three different options. First off, we have the Insider Preview, which is effectively the preview version of the update for testing purposes. Next, the Semi-Annual Channel, which is the most common channel that provides updates twice a year. And finally, the Long-term Servicing Channel, which is the least common. It's a specialized channel that only updates once every few years and is meant for devices like servers or specialized devices like medical equipment where updates could be very disruptive. 

And finally, the last thing I want to talk about is rings of deployment, which is effectively how an organization decides to roll out those updates across its userbase. Each ring is like a step of the deployment process where you start off with Insiders, move to Pilot Users, and eventually it gets to the bulk roll out across the entire userbase. Insiders would be a very small group of users meant to test the feature update and get a feel for the value it provides, while pilot users expand upon that a bit, includes a larger group of internal testers all across the organization meant to see how an update works across all departments and hammer out any potential issues before the updates go live across the entire or with the bulk rollout. With that all out of the way, let's now move into the security space and cover how Microsoft 365 protects organizations from security threats. Like last time, if you need any more clarification on anything spoken about within this lecture, please refer to the Microsoft 365 Administration course, also in the MS-900 learning path.