Tag: AutoPilot

Accelerate your modern desktop journey – get started with a boom!

The benefits of a modern workplace and modern desktop are many. Users and companies now more than ever need to be ready for a mobile world. A user expects to be able to work from anywhere and many organizations needs to be prepared for changes such as scaling in terms of growth, acquisitions or even in the worst-case downsizing.

The road to a modern desktop the Microsoft way is to activate and use co-management to take it in baby steps. My philosophy is to build a use case without co-management using a cloud-only solution and use that to showcase what can be done in your organization. The idea is to accelerate the journey to the modern desktop as it will be a great example of what can be achieved and how well it works.

Vision

Do “deployment” of a new Windows 10 device or reset your existing Windows 10 device and have in mind that everything you need should be available to you automatically! That means settings, applications and documents and files so that you can start working immediately.

The goal is to setup an environment where you can join any Windows 10 device to your environment, letting it be totally agnostic from your physical network.

License pre-reqs

  • Azure AD Premium P1 (or P2) or EM+S E3 or E5 or Microsoft 365 E3, E5 or any other license including Azure AD P1 (or the automatic MDM enrollment feature).
  • Intune licenses as part of EM+S or Microsoft 365 or standalone Intune licenses.
  • Windows 10 Pro or Enterprise.

AutoPilot as the modern “deployment solution”

Deployment in the new world is not done image based with certification of drivers and network PXE boot. Instead you (or preferably the vendor or a partner) register devices you need to deploy using the AutoPilot service that Microsoft provide.

When the device is booted for the first time, it fetches the AutoPilot profile and applies it, and when your user login using their email address the Windows 10 device is joined to Azure AD and at the same time enrolled into Intune (requires Azure AD Premium P1 license).

By activating the Intune Enrollment Status page, you can also see the progress and making sure that the device is (almost) ready when the user´s logged in.

Actions:

OneDrive Known Folder Move is the modern folder redirection

One of the most important things I want available on any device I use is my files and documents. By activating and using OneDrive Known Folder Move, I can get my Desktop, Documents and Pictures folders redirected to my OneDrive for Business.

This is just like good old folder redirection where you redirect these folders to the network with offline files (yikes!), but now you do it for OneDrive where you also get a better sync than with offline files.

Actions:

MSIX is the future

Repackaging packages to MSIX is the future. Why? Because there are several benefits over traditional MSI packaging and distribution. Delta updates of apps is one advantage, another big advantage is how the updates of apps work, which is a huge problem today in many enterprises.

But wait, did not Microsoft release Win32 app support in Intune? Yeah, they did, but why on earth would you want to put makeup on the pig? By moving your existing Win32 app packages to a modern management solution is like moving to a new house and bringing everything with you, not only your stuff and furniture but also the dust and dirt.

Actions:

Enterprise state roaming

To get some basic sync of settings such as background image and other customizations as well as favorites in Edge, saved credentials in Windows and more you activate Enterprise State Roaming so that the settings roam with you. This feature has a lot to wish for but at least provides basic profile roaming.

Actions:

Follow up using Windows Analytics

As all your clients are disconnected from your infrastructure in our scenario you need to be able to followup important things such as patch status, and this can be done using Windows Analytics and Update Compliance specifically.

Actions:

Helping your users remotely

When your Windows 10 devices are basically anywhere in the world you must be able to remote control them to provide support whenever needed. You can do this using Quick Assist which has been with Windows 10 since 1607. It works just like TeamViewer, which is very popular, in the sense that Quick Assist works basically anywhere if you have a working internet connection.

Worth noting is that in Windows 10 v1809 you will learn that the person giving assist is signed on to the Quick Assist app when providing support, so all you must do is to provide the connection ID to the end user and off you go!

Key fact – access to on-premise recourses!

Well, I think most can agree on that they few organizations have no moved or migrated all on-premise resources to the cloud. Therefore, most users still need to access resources only available on-premise.

A magic feature exists thanks to Azure AD Connect, which means that whenever your Azure AD joined Windows 10 devices is on your corporate network and has contact with a domain controller you get a Kerberos ticket for that user! This can be used to access any on-premise resources although the device is not part of the on-premise domain at all!

Read more about how this works from Michael Niehaus.

Summary

With all these steps you have a quick way of getting started with a top modern workplace which works anywhere in the world. And, to add to that, whenever their devices are in the corporate network, the user gets access to any internal resources such as files, printers and applications the user have access to.

If you want to deep dive into this, contact either Addskills Cornerstone Group or Lexicon group for a 3-day training on managing and deploying Windows 10 in a new modern way.

Follow-up to TechDays Sweden session “Windows 10 in new smart ways – not like you’ve always done it”

This is a follow-up blog post to my session yesterday at TechDays Sweden: “Windows 10 in new smart ways – not like you’ve always done it”. Thank you all who attended my session – it was a pleasure! The slides can be found here (in Swedish).

The link I mentioned about all news coming to MDM, and in particular new MDM settings are published at docs.microsoft.com.

And finally some resources to get you started with the move to modern IT – as I demoed in my session. Remember that the transition to a modern environment for managing devices will take time. As you lay a puzzle, lay out your path to modern management and IT one piece at a time!

AutoPilot – “hands-free deployment“

Desktop App Converter – Make AppX:s out of your MSI:s and legacy apps

“Co-management”
This basically mean that you can manage clients with SCCM and MDM at the same time. It’s branded as SCCM+MDM but you can also leverage this if you are not using MDM. So you can basically use and on-premise AD domain joined machine which is configured using GPOs and MDM join that machine to get MDM configuration at the same time. The idea is to make the move to modern management in a smooth way!

Windows Update for Business + Update Compliance
Transition from using WSUS (+SCCM) to manage updates and move to Update Compliance to follow up the status of patches, not quality updates and feature updates.

Device Health
Verify crashes for your Windows clients and more to come very soon!

Power BI – Intune Data Warehouse
Insights into how your users are actually accessing for instance Office 365 applications