WGU Capstone
Hybrid Cloud Identity and MDM Implementation Project
Capital City School District’s Hybrid Cloud Needs
For my WGU capstone project, I created a hybrid cloud identities management solution and implemented a solution for managing devices through Microsoft Intune in Microsoft Azure. For the project, Capital City School District, a fictitious school district that needed a solution for allowing better mobility of users and management of devices off-premises had its resources synced with Microsoft Azure to implement a hybrid cloud environment.
The project had one overarching goal, user mobility, and by the end of the project, this goal was completed successfully along with all of the other goals.
Prior to the completion of the project, all resources existed locally on the district’s internal network. To successfully complete the project, and allow for a better user experience, the following tasks needed to be completed:
- On-premises identities needed to be synced with the Azure Active Directory environment.
- Student laptops needed to be managed from a centralized location in the cloud.
- Applications needed to be made available to users and installed on user devices regardless of their location.
- Students needed to be able to sign into applications and devices even when off of the district’s network.
Syncing On-Premises Identities into Microsoft Azure Active Directory
The first part of undertaking this project was to set up a local Active Directory environment. User accounts were created and placed in organizational units to make it appear as if this was a live environment.
The next step in the setup was to create an Azure Active Directory tenant that the on-premises users would be synced to.
After the tenant and local AD environment were configured, a tool called Azure AD Connect was used to sync the local user identities into the Azure AD environment. In Azure Active Directory, on-premises users were successfully synced into the cloud as depicted by the screenshot below.
A synced user’s identity was then used to sign into devices and Office 365’s website to verify that identities were synced properly.
Laptop Onboarding into Mobile Device Management (MDM) Solution
The next step in the completion of this project was to onboard devices into the cloud environment. In order to accomplish this and accomplish the goals of the project, a trial of Microsoft’s Enterprise Mobility + Security (EMS) solution was obtained. Using EMS, Azure AD Premium licenses were obtained but most importantly, the ability to use Microsoft’s Intune service was also made available.
With Microsoft Intune obtained, a group of test devices was then enrolled in the service as depicted below. Devices were enrolled in two separate groups (HVMS and CCHS). These groups were then used to assign applications and settings.
Once enrolled in Intune user accounts that were synced from the on-premises Active Directory environment were used to sign in to all of the devices to ensure that everything was functioning as expected.
Application Management and Pushes
As with device management, Microsoft Intune was used to centrally manage applications that were made available to the group of devices that were enrolled. Applications were made available via software pushes and through a company portal, allowing for users to install those applications themselves.
The applications that were pushed to the devices were verified to have installed successfully. Users were able to open the applications without any issues. Additionally, the installation progress was monitored from a centralized console in the cloud.
Screenshots of Project’s Tasks, Deliverables and Outcomes
Below is a full list of screenshots that were taken throughout the completion of the project. These screenshots include completion of tasks, as well as objectives and deliverables that were met.