Windows 10

Onboard Windows 10 devices for Windows Defender Advanced Threat Protection

by

This week a blog post about onboarding Windows 10 devices for Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP is a relatively new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks. In this post I’ll show how to onboard Windows 10 devices, via Configuration Manager and Microsoft Intune, and I’ll show the end result in the Windows Defender Security Center and the Configuration Manager administration console. Configuration There are multiple methods available to onboard Windows 10 devices for Windows Defender ATP, Group Policy, Configuration Manager, mobile device management (including Microsoft Intune) and a local script. I’ll have a closer look at the configurations for onboarding Windows 10 devices via Configuration Manager and Microsoft Intune. Create onboarding …

Read more

Company Portal app enrollment for Windows 10

by

This week a small blog post about the Company Portal app enrollment experience, for Windows 10 Desktop devices, that has been recently added to the Company Portal app. This new experience enables the end-user to perform the enrollment procedure during the initial sign-in to the Company Portal app and aligns the enrollment experience with the other supported platforms.. This blog post will show this new enrollment experience, the new alterative enrollment experience and the end result. Main end-user enrollment experience Now let’s start by looking at the main new end-user enrollment experience on Windows 10 Desktop devices via the Company Portal app. This complete experience is nothing more than the following 4 simple steps. 1 The end-user opens the Company Portal app and is prompted …

Read more

Deploy the commercial ID via Windows 10 MDM

by

Yeah, I had some problems this week with thinking of a title that would fit with the content. Usually I’ve got the title before I start with the content, this week not even close. The main reason for that is the fact that this weeks blog post is mainly focused on distributing the commercial ID that’s used for connecting Windows 10 devices to Windows telemetry related solutions, like Upgrade Analytics (preview) and Update Compliance (preview). As those features and terminologies are not that widely known, yet, using commercial ID in the title might not be very catchy. That being said, I used it anyway. This blog post will provide an introduction about what can be achieved by deploying the commercial ID, what the required configurations …

Read more

Managing Windows 10 IoT Core devices via MDM

by

This week a new challenge for a new blog post, managing Windows 10 IoT Core devices. The nice thing about Windows 10, even Windows 10 IoT Core, is the availability of MDM. The availability of MDM is what will help me with managing Windows 10 IoT Core devices. In this post I’ll go through the steps to create an enrollment profile to enroll Windows 10 IoT Core devices in Microsoft Intune hybrid. I’ll end this post with an overview of the end result in Configuration Manager Configuration Let’s start by looking at the configuration in Configuration Manager. To create an enrollment profile, for Windows 10 IoT Core devices, it’s required to provide a certificate profile and it’s optionally to provide a Wi-Fi profile. Create certificate …

Read more

The Software Center experience is getting better and better

by

Throughout my blog posts I always think its important to mention the end-user experience. This blog post will be mainly focused on the end-user experience in Software Center. Software Center went, from an end-user experience, through a complete revamp. The best thing is, it’s only getting better and better. Except for a few items, related to the devices of the end-user, Software Center is becoming the one place for the end-user to be. In this post I want to go through the latest changes to Software Center and show the related end-user experience. Changes Now let’s start with the latest changes to Software Center. It all started with a new modern look for Software Center and it quickly evolved to a easy customizable app. Especially …

Read more

Managing Windows Defender via Windows 10 MDM is getting easier and easier

by

This post is an updated version of a blog post that I did one-and-a-half year ago about managing Windows Defender, of Windows 10, via OMA-DM. As I still get questions about that post and the OMA-URI settings that are used in that post, I thought it would be good to mention that easier methods are available nowadays. Starting with Configuration Manager 1610 and the Microsoft Intune standalone update around March/ April 2016, it’s simply configurable through the console. No need anymore to configure all those OMA-URI settings manually. Within this post I’ll provide a quick overview of the configuration options, followed by an overview of the end result. That end result will show how the configured settings simply translate to the known OMA-URI settings. Configuration …

Read more

Automatic edition upgrade for Windows devices

by

My first blog post in this new year will be about the feature to automatically upgrade the edition of Windows devices. This is already possible, for a while, for Windows 10 devices managed via the MDM channel. However, starting with Configuration Manager 1610 this is now also possible for Windows 10 devices managed via the Configuration Manager client. In this post I’ll provide the general information and configuration settings that are applicable for Microsoft Intune hybrid and Microsoft Intune standalone. I’ll end this post by showing the details of the end result on a Windows 10 device managed via the Configuration Manager client. Think about details like how this is achieved and the relation to the MDM channel. Information The edition upgrade feature can be …

Read more

Managing browser settings via Windows 10 MDM

by

This week a short blog post about managing browser settings via Windows 10 MDM. Most of these settings are not very special and are very well documented in the Policy CSP. However, the configuration of the home page is a small exception. Not just because the documentation is slightly off, but also because of an important change with the anniversary update of Windows 10. As most of the settings are very well documented, this post will be focused on managing the home page. I’ll provide basic information, the configuration information and show the end-user experience. Information Before starting about the configuration of home pages, via Windows 10 MDM, it’s good to mention a few important notes: Browser settings for Microsoft Edge can be managed; Browser …

Read more

Predeclaring corporate-owned devices

by

This week something related to last week. This week will be about predeclaring corporate-owned devices. In other words, making sure that the Device Owner of the specified devices is set to Company after enrollment. It’s also a much easier solution, for a scripted solution that I created more than year ago, for automagically setting the mobile Device Owner to Company. In this blog post I’ll provide some information about this feature, I’ll show the configuration of this feature and I’ll show the administrator experience of this feature. Please note that this functionality is only available for Microsoft Intune hybrid. Information Predeclaring corporate-owned devices allows organizations to identify corporate-owned devices by importing the International Mobile Equipment Identity (IMEI) numbers, or, for iOS devices, by importing the …

Read more

Categorizing devices

by

This week something completely different as the last couple of weeks. This week no conditional access and nothing specifically related to Windows 10 devices. This week it’s all about categorizing devices. Within Microsoft Intune hybrid this functionality is named Device Categories and within Microsoft Intune standalone this functionality is named Device Group Mapping. Both of these functionalities can be used to achieve the same goal. In this post I’ll provide some more information, I’ll describe the configuration in Microsoft Intune hybrid and Microsoft Intune standalone and I’ll show the end-user experience. Information Categorizing devices can be useful to differentiate between device categories. For example, to differentiate between devices used by users of the sales department and the users of the human resources department. When categorizing …

Read more