Back to course
Expert75 to 105 minutesInstructor visible
Endpoint and Conditional Access design
Global users, plant-floor devices, contractors, admins, and acquired-company staff need different endpoint and access controls.
Business context
Security needs enforceable access without blocking business-critical workflows.
Technical objective
Create device compliance, app protection, enrollment, security baseline, and Conditional Access designs.
Student instructions
- 1Map user groups, devices, data sensitivity, and access outcomes.
- 2Define compliance policies, app protection, enrollment paths, and security baselines.
- 3Integrate device state with Conditional Access decisions.
- 4Validate the endpoint policy matrix.
Troubleshooting
- If access rules conflict, document precedence, exceptions, and testing plan.
Cleanup
- Export endpoint policy matrix and ADR.
Launch flow
Provisioning readiness
Waiting for launch
Click Launch lab to start the provisioning flow and watch each stage complete.
0%
- Request accepted
- Capacity reserved
- Templates queued
- Validation running
- Workspace ready
rdp-reachable
Pendingm365-simulated-tenant-ready
PendingRequired templates
- Windows 11 client - defined
- Microsoft 365 simulated tenant layer - defined
Validation checks
- Windows management reachable: The student access gateway can open a Windows console session.
- Simulated M365 tenant ready: The simulated tenant layer exposes users, groups, licensing, Exchange, Teams, SharePoint, OneDrive, Intune, compliance, and service-health scenarios.
Expected result
Endpoint and access-control design is complete for enterprise personas and acquisition users.
Reset policy: Windows client and simulated policy state can reset to baseline. Teardown policy: Course pod auto-tears down at TTL expiry with instructor override.