Windows 10 Manageability

Windows 10: Manageability Improvements

Windows 10 will truly bring Windows into the BYOD sphere. We saw a glimpse of this with Windows 8.1 features like Workplace Join, but Windows 10 will bring it to a whole new level. First, users will be sign in to Windows using an account from Azure Active Directory. Devices will be able to be tied Azure AD and users given the option to log in. It’s similar to the current feature where users can sign in with their Microsoft accounts. The devices, though, will have to be tied to the organization’s Azure AD. It’s not clear yet as to how deeply the device will need to be integrated, whether it will be the same as joining a device to Active Directory, or something like the Workplace Join feature of Windows 8.1.

Intune will also play a large role with Windows 10. Administrators will be given options that have been available from other MDM solutions, such as remote wipe. Also included in the MDM updates is Enterprise Data Protection, which is similar to what Azure Rights Management brings to the table. Administrators can define what can be done with enterprise data on BYOD devices, whether that be the ability to modify files, copy them, delete them, etc.

We may see a true separation of devices that are in SCCM and in Intune with the release of Windows 10. For devices that remain “on campus”, Active Directory, Group Policy, and SCCM will be available to manage these devices. For mobile devices (i.e. “Off Campus”), Intune and Azure AD will be available. This distinction may require organizations that do not have Azure AD in place to consider getting there before adopting Windows 10 and these MDM options.

Microsoft is also working on new deployment options that will allow IT personnel to take a computer out of the box from an OEM and get it to a fully configured state without reimaging. For those dual shops out there, this has been available on Apple computers for some time. These new deployment options will look like the current SCCM task sequences, but they will not include reformat/reimage steps.

All of this, of course, could change between now and the RTM version of Windows 10. Hopefully, though, Microsoft will keep most of the options described here.

MDM Capabilities:

 Windows 8.1Windows 10
Out-of-box DeploymentNoYes
Full control of VPN/Wireless Profile SettingsNoYes
Enterprise Data Protection PoliciesNoYes
Windows Store controlSomeTotal
Device WipeNoYes
Log-in with ADYesYes
Log-in with Azure ADNoYes



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.