Configure and document Azure Endpoint Manager & Azure VPN
€18-36 EUR / hod.
Configure and document Azure Endpoint Manager & Azure VPN
Resume
Setup Azure VPN
Setup Azure Endpoint Manager (Intune) configuration profiles
Setup Bit locker security (create policies for bitlocker and windows defender)
Advise on design and implementation
Documentation
Current setup
Currently we have assigned Intune Device licenses to all shop users within the company. Only the device located in our shops are currently registered in MS Endpoint Manager. Some basic policies are created which should be reviewed.
For the backoffice we don’t have an setup yet. We need advice in setup and Intune licensing.
Azure VPN
A VPN resource should be set up and all devices should be connected to this VPN. All traffic should be routed through this VPN.
Split VPN scenario: In the backoffice and shop networks which are by default connected with a Site-to-Site VPN the VPN client on the endpoint should not be started. This should only be the case when the endpoint is connected to a foreign network.
Only whitelisted websites can be accessed.
Backoffice devices
We have 1 backoffice with 20 devices (PC’s) owned by the company and 25 backoffice users which should have the following requirements:
- Users are not an administrator on the device
- System Administrators role/group is admin on the device
- It is only possible to login with a @[login to view URL] AAD account
- O365 apps (Word, Outlook, Excel) are installed
- Desktopshortcuts to web-apps (Edge)
- Kaspersky Antivirus is installed/Microsoft Defender is configured
- Xelion 7 from the Microsoft App Store is installed
- Splunk universal forwarder is installed
- A company image is set on the user’s desktop background (Company Branding)
- The device name is visible on the desktop
- Users can not install any apps themselves
- All traffic is routed through a VPN (Azure) when connected to a foreign network
- It is not possible to save data locally, only onedrive is allowed.
- It is only possible to use company USB flash drives, it is not possible to transfer data from or to devices not registered in MS Endpoint Manager
- RDP access only available through VPN
- Pre-configurerd WiFi access
- Lock screen within 10 minutes
- Not allowed to configure Windows PIN code
- Customize Windows Start menu with predefined apps
- Windows automatic updates after work hours (after 20:00 a clock)
Shop devices
We have 35 shops with 70 shop devices (laptops) owned by the company and 300 shop users which should have the following requirements:
- Users are not an administrator on the device
- System Administrators role/group is admin on the device
- It is only possible to login with a @[login to view URL] AAD account
- Desktopshortcuts to web-apps (Edge)
- Microsoft defender is configured
- Splunk universal forwarder is installed
- A company image is set on the user’s desktop background (Company Branding)
- The device name is visible on the desktop
- Only Microsoft Edge can be used
- MFA is enabled (kiosk mode does not support this)
- All traffic is routed through a VPN (Azure) when connected to a foreign network.
- It is not possible to save data locally, only onedrive is allowed.
- RDP access only available through VPN
- Pre-configurerd WiFi access
- Lock screen within 10 minutes
- Not allowed to configure Windows PIN code
- Customize Windows Start menu with predefined apps
- USB drive is blocked for USB flash devices
- USB should be still available for barcode scanners
- Windows automatic updates after work hours (after 20:00 a clock)
About provisioning devices
What is the best way to register shared endpoints in Microsoft Endpoint Manager? We are currently creating a new user for every 5 devices.
We require someone who can advise us with the requirements above and help us with the implementation and documentation.
Identifikační číslo projektu: #32177325
O projektu
Uděleno uživateli:
Hello,\r\n\r\nI would like to help you with your requirement related to configure and document Azure Endpoint Manager & Azure VPN as we do have experienced Azure developers.\r\n\r\nIt will be great if we can communicat Další
11 Freelnceři na váš projekt zveřejňují nabídky v průměru €34/hod.
I am certified Microsoft 365 Solution Consultant and responsible for managing and designing Cloud and Infrastructure platform. Expertise in Microsoft 365 Messaging, Security & Compliance, Intune , Exchange, Teams, Shar Další
Hello, Hope you are well. I've read your project description. I can do your project completely as you want. I'm very professional at server administration & programming. I'm in this profession for 3 years. I'm giving m Další