Monthly Email Newsletter curated by our Top Editors
In a previous blog I explained how to enroll Windows 10 into Microsoft Intune manually. You can prepare a guide with screenshots and send it to your users or ask your Help Desk team to help users enroll their devices when you have a few dozen computers. But what do you do when you have thousands? You can create a provisioning package for bulk enrollment.
Prerequisites for Windows devices bulk enrollment:
- Windows 10 1709 or later
- Windows automatic enrollment (we configured before)
This package will automatically enroll your corporate devices into Azure Active Directory. That’s why automatic enrollment is required, because then all enrolled devices in Azure AD will be automatically enrolled into Intune.
#1 Does this protection use backups or hidden files?
Naive ransomware protection uses backup or hidden files as core to their protection. The one relies on the attacker not deleting backups, to “roll back” the encryption. Guess what – the attackers automatically look for and delete or encrypt the backups. Hidden files are designed to “trap” the attacker. Guess what – the attackers just avoid the obvious traps, to encrypt your system. Ransomware Rewind does not use backups or caches, and leverages deep operating system behavioral detection, analysis, and novel response techniques to protect systems.
Starting with version 2103,we can disable application deployments. Previously, we used to expire or delete the deployment temporarily and henceforth, we can use this feature to avoid creating new deployments again. Other deployments work as mentioned below.
- Software update deployments: Disable the deployment
- Phased deployments: Suspend the phase
- Package: Disable the program
- Task sequence: Disable the task sequence
- Configuration baseline: Disable the baseline
Disabling application deployments supported on the below scenarios and for user collections, it works only on Available deployments and you can disable both type of deployments for Device collections.
As you remember from our previous post, we enabled automatic Windows 10 enrollment for all users. This means if a user has a corporate device with Windows 10 operating system installed he can join his device to Azure Active Directory and a Windows 10 device will be automatically enrolled into Intune.
So let me describe one of the user self-enrollment scenarios. I will be joining my Hyper-V VM with Windows 10 Pro 20H2. This computer is not a member of workgroup or any on-premise AD.