WGU Capstone

Hybrid Cloud Identity and MDM Implementation Project

Capital City School District’s Hybrid Cloud Needs

For my WGU capstone project, I created a hybrid cloud identities management solution and implemented a solution for managing devices through Microsoft Intune in Microsoft Azure. For the project, Capital City School District, a fictitious school district that needed a solution for allowing better mobility of users and management of devices off-premises had its resources synced with Microsoft Azure to implement a hybrid cloud environment.

The project had one overarching goal, user mobility, and by the end of the project, this goal was completed successfully along with all of the other goals.

Prior to the completion of the project, all resources existed locally on the district’s internal network. To successfully complete the project, and allow for a better user experience, the following tasks needed to be completed:

  • On-premises identities needed to be synced with the Azure Active Directory environment.
  • Student laptops needed to be managed from a centralized location in the cloud.
  • Applications needed to be made available to users and installed on user devices regardless of their location.
  • Students needed to be able to sign into applications and devices even when off of the district’s network.

Syncing On-Premises Identities into Microsoft Azure Active Directory

Screenshot of the on-premises Active Directory implementation.

The first part of undertaking this project was to set up a local Active Directory environment. User accounts were created and placed in organizational units to make it appear as if this was a live environment.

The next step in the setup was to create an Azure Active Directory tenant that the on-premises users would be synced to.

After the tenant and local AD environment were configured, a tool called Azure AD Connect was used to sync the local user identities into the Azure AD environment. In Azure Active Directory, on-premises users were successfully synced into the cloud as depicted by the screenshot below. 

A synced user’s identity was then used to sign into devices and Office 365’s website to verify that identities were synced properly.

Screenshot of the Azure Active Directory tenant with synced on-premises identities.

Laptop Onboarding into Mobile Device Management (MDM) Solution

The next step in the completion of this project was to onboard devices into the cloud environment. In order to accomplish this and accomplish the goals of the project, a trial of Microsoft’s Enterprise Mobility + Security (EMS) solution was obtained. Using EMS, Azure AD Premium licenses were obtained but most importantly, the ability to use Microsoft’s Intune service was also made available.

With Microsoft Intune obtained, a group of test devices was then enrolled in the service as depicted below. Devices were enrolled in two separate groups (HVMS and CCHS). These groups were then used to assign applications and settings. 

Once enrolled in Intune user accounts that were synced from the on-premises Active Directory environment were used to sign in to all of the devices to ensure that everything was functioning as expected.

Screenshot of all devices that have been enrolled into Microsoft's Endpoint Manager service. The screenshot depicts enrolled devices that are being managed using Microsoft Intune.

Application Management and Pushes

As with device management, Microsoft Intune was used to centrally manage applications that were made available to the group of devices that were enrolled. Applications were made available via software pushes and through a company portal, allowing for users to install those applications themselves.

The applications that were pushed to the devices were verified to have installed successfully. Users were able to open the applications without any issues. Additionally,  the installation progress was monitored from a centralized console in the cloud.

The picture above demonstrates that Office 365 applications were installed successfully on a device.
Screenshot of the overview page in Microsoft Intune monitoring the installation off Microsoft 365 apps on devices that were enrolled into Intune.

Screenshots of Project’s Tasks, Deliverables and Outcomes

Below is a full list of screenshots that were taken throughout the completion of the project. These screenshots include completion of tasks, as well as objectives and deliverables that were met.

CCSD's Local Active Directory.
CCSD's Local Active Directory.
Finalization page on Azure AD Connect before identities synced into the cloud.
Finalization page on Azure AD Connect before identities synced into the cloud.
Azure Active Directory Users page. Page depicts on-premises identities that were synced into Azure AD.
Azure Active Directory Users page. Page depicts on-premises identities that were synced into Azure AD.
Overview page of CCSD's Active Directory tenant.
Overview page of CCSD's Active Directory tenant.
Optional features in AD Connect that were enabled.
Optional features in AD Connect that were enabled.
Intune enrollment overview page.
Intune enrollment overview page.
All devices enrolled in Intune.
All devices enrolled in Intune.
Overview of a Wi-Fi network configuration policy that was pushed to devices in Intune.
Overview of a Wi-Fi network configuration policy that was pushed to devices in Intune.
Overview of a compliance policy that was pushed to devices.
Overview of a compliance policy that was pushed to devices.
Overview page of Office 365 installation progress on enrolled devices.
Overview page of Office 365 installation progress on enrolled devices.
Managed applications on a device that was enrolled into Intune.
Managed applications on a device that was enrolled into Intune.
Screenshot of a Windows 10 device's notifications. Screenshot depicts installation of apps that were pushed.
Screenshot of a Windows 10 device's notifications. Screenshot depicts installation of apps that were pushed.
Windows 10 device's start menu verifying that applications were pushed and installed successfully.
Windows 10 device's start menu verifying that applications were pushed and installed successfully.
Azure Active Directory tenant overview page.
Azure Active Directory tenant overview page.
On-pemises synced user signing into Office 365 website.
On-pemises synced user signing into Office 365 website.