About Thomas.Marcussen

Technology Architect & Evangelist, Microsoft Trainer and Everything System Center Professional with a passion for Technology

Should You Allow Self-Service With Windows Autopilot?

With Windows Autopilot, Microsoft gives clients a collection of technologies designed to eliminate the challenges that come with building, maintaining, and applying custom images.

It’s a platform that IT professionals can utilize to set new desktops to join pre-existing configuration groups and apply profiles to the desktops. All of this is so that new users can access fully functional desktops from their first logon.

By using Windows Autopilot, you can simplify the entire lifecycle of Windows devices. Meaning that it covers devices from the initial deployment through to the eventual end of the life cycle. The question, however, is should you allow self-service?

Changing landscape with Windows Autopilot

Over the last few years, we have certainly witnessed a rapid evolution in the remote work landscape. And this evolution has become even more pronounced with the prevailing global pandemic. This has made the need for technology like Windows Autopilot even greater.

Self-service technology has plenty to offer any business. Benefits can include improved end-user experience, effortless coordination for a remote or blended workforce, less complicated management, and significant increases in productivity.

So as the way businesses operate continues to evolve, Windows Autopilot can be the perfect tool to deal with the headaches that we have faced in the past with automated deployment and self-service setups.

Using the self-service setup

The way that Windows Autopilot’s self-service setup works is that it makes workplace devices configured and ready out of the box with its self-deploying mode.

This means that when the employee receives the device they only need to turn it on to start working. Self-deploying mode automatically joins a new device into your company’s Azure Active Directory (Azure AD).

The device is then enrolled into Intune for mobile device management (MDM). Also, you don’t need to worry about apps, certificates, policies, and networking profiles provisioned on the device as they will be dealt with as well.

What this means is that everyone has a lot to gain from using Windows Autopilot, whether you’re IT or the end-user. IT people have their processes simplified and no longer have to deal with the time-consuming, outdated, and overly complex IT processes they had before.

And as for the end-user, all one needs to do is unbox the device, turn it on, connect to the internet, and then verify their credentials.

Self-deploying mode of Windows Autopilot

This feature plays a key role in making Windows Autopilot the platform that it is. Using it will allow you to deploy a device with little to no user interaction. If you have an Ethernet connection then no user interaction will be needed. But, end-users whose devices are connected via Wi-Fi will need to choose the language, locale, and keyboard. And then, they need to make a network connection.

By using self-deploying mode, you can deploy a Windows 10 device as a kiosk, digital signage device, or a shared device. Moreover, it’s also possible to completely automate device configuration by combining self-deploying mode with MDM policies. To deploy in self-deploying mode, you need to follow the steps below:

  • The first step involves creating an Autopilot profile for self-deploying mode that has the settings you want.
  • Next, you need to create a device group in Azure AD and assign the Autopilot profile to that group. Before you try to deploy the device, you should check that the profile has been assigned to the device.
  • Finally, you need to boot the device and connect it to Wi-Fi (if necessary). And then wait for the provisioning process to complete.

Gaining value from technology

As already mentioned earlier, the technological landscape is evolving and so businesses can take advantage of these changes to add value to their operations. The ability to seamlessly deploy devices without IT involvement has huge implications in an increasingly remote-working world.

With countless employees not being on-premises, companies cannot afford to have delays between delivery and deployment. Leveraging Windows Autopilot means that you can eliminate OS image re-engineering and customize the out-of-the-box-experience (OOBE).

By doing this, your processes become easier and faster. And this is going to enhance productivity and potentially increase profitability.

Possible scenarios

Windows Autopilot provides support for a growing list of different scenarios, designed to support the varying needs that most businesses will have. These needs often differ depending on the type of business as well as where you are with moving to Window 10 and transitioning to modern management. Below are some of the common scenarios:

  • Deployment of devices that will be set up by an employee of the company and configured for that person.
  • Deployment of devices that will be automatically configured for shared use, as a kiosk, or as a digital signage.
  • Re-deploying a device in a business-ready state.
  • Pre-provisioning a device with up-to-date apps, policies, and settings.       
  • Provisioning of WIndows 365 devices

User-empowered modern workplace

Windows Autopilot is one of the key components in the Microsoft ecosystem that are helping to create a more user-centric workplace. An environment where users are empowered by IT rather than restricted as they were with legacy IT.

Users will immediately see this from the very beginning as they unbox new devices and have no time-wasting setup involved. Combined with the streamlined benefits of other solutions in the Microsoft ecosystem, this creates a modern, all-digital workplace.

Leveraging digital transformation with Windows Autopilot

So much technological innovation has come to the fore in the last few decades. However, many outdated facets of legacy IT persist including device setup and configuration. But it certainly doesn’t have to be the case for your organization.

Making use of tools like Windows Autopilot has massive potential benefits for your business. Self-service deployments not only make life simpler, but they can help you to operate faster and with fewer complications.

Not to mention how you can create more productive time. The extensive range of capabilities that you get here gives you more automated and user-friendly processes that can enhance your organization’s performance.

Understanding The Microsoft 365 Stack For Cloud Security

Microsoft 365 (M365) provides businesses with a solution that empowers people to fully utilize their creativity while working together securely. The Microsoft 365 Stack is your IT security blanket.

All of the features that you get should enhance the productivity of your business. But, the key to all of this is keeping your data secure.

Incidents of security breaches have been steadily increasing over the last few years so data security should be a top priority for all businesses. By understanding how the Microsoft 365 stack operates, we can see how the available features can strengthen your cybersecurity.

What’s in it?

The first question that one may ask is what will you get with Microsoft 365? And is it actually any different from Office 365 or is this merely a rebranding exercise?

Firstly, clients get local apps and cloud-based apps, and productivity services. These include both M365 Apps for enterprise, the latest Office apps (such as Word, Excel, PowerPoint, Outlook, and others), and a full suite of online services.

Secondly, you’ll also receive Windows 10 Enterprise which is the most productive and secure version of Windows. It meets the needs of users and IT for both large and medium enterprises.

And finally, you also benefit from device management and advanced security services including Microsoft Intune. So all in all, Microsoft 365 is designed to be a more comprehensive solution and the name change is more reflective of the range of features and benefits in the subscription.  

Businesses are vulnerable

The importance of cloud security to a business cannot be overstated. Especially when you take into consideration the study by the University of Maryland showing that cybercriminals infiltrate business data about once every 39 seconds.

And as remote work continues to expand, the use of personal devices to access sensitive data can be a massive additional risk. This is why businesses need platforms like Microsoft 365 Stack to not only enhance productivity but safeguard business data as well.

Backing up your data

Arguably one of the first things to consider in your data protection strategy is cloud backup. Because there are so many threats – internal and external – to data security, having your data backed up is a must. Using the Microsoft 365 Cloud Backup comes with several benefits that you simply cannot ignore. And these include:

  • Protection against accidental deletion of data which is something that will happen occasionally.
  • Protection against data losses resulting from cyberattacks.
  • Threats don’t always come from outside actors so backups will also protect you from the nefarious actions of internal actors.
  • Backups can help you to manage legal and compliance requirements.

Working from anywhere

One of the key selling points of Microsoft 365 is how it enables people to collaborate on various projects from just about anywhere. And this is made possible because the responsibility of your data’s security lies with Microsoft.

Businesses can rest easy knowing that their data is highly secure on the OneDrive platform or when shared across Teams and SharePoint.

What this also means is that you have fewer expenses by eliminating the need to maintain expensive hardware.

Furthermore, built-in security features such as the robust data loss prevention policy, Advanced Threat Analytics, and Exchange Online Protection will enable your employees to work remotely as securely as possible.

Secure access to data

The Microsoft 365 stack ensures that even when employees are using personal devices, the security of your data is still maintained. This is possible because of features like multi-factor authentication (MFA) that add a layer of protection to the sign-in process.

So users will have to provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Also, you can add solutions like Microsoft Intune to use advanced capabilities that can enforce mobile device encryption and enable the use of PIN numbers. Microsoft ­365 has several threat protection tools that all businesses should know:

  • Microsoft Defender ATP: offers clients excellent endpoint protection and prevents cyberattacks and data breaches. With the increase in use of personal devices, this feature works great on mobile devices, which are particularly vulnerable to attacks.
  • Office 365 ATP: this feature aims to secure your communications by dealing with phishing attacks, zero-day threats, and other types of malware that users may encounter in emails and links.
  • Microsoft Cloud App Security: detects abnormal usage and incidents, alerting you to threats to your cloud apps.
  • Azure ATP: makes use of on-site active directory to keep your identities secure and also reduce the attack surface.

Simplifying update processes

One of the major advantages of having cloud-based software is the ability to have regular updates. This is particularly necessary when we consider the sophistication of the constant cyber threats that businesses have to contend with.

And the great thing about these updates is that Microsoft allows organizations to sign up to an update schedule that is convenient for them. By doing this, regular updates will stop being a nuisance that people sometimes ignore.

Especially given how important they are for bug fixing and patching up security issues. When organizations can have the most up-to-date software versions in their hands, this can significantly enhance their cloud security.

Securing your business

Cyber threats are targeting all kinds of organizations and small businesses are no exception. Without effective solutions in place, you are at risk of being shut down by cybercriminals. But by using Microsoft 365 Stack, you get a robust solution that is designed to provide companies with all the features they need to run a more secure and efficient business.

All the available tools and features will help you to address the data security and compliance issues that you are bound to encounter as time goes on. It may just be time to utilize the enterprise-grade service and protection of the M365 stack. 

Cloud Computing Gets Better With Windows 365

Cloud technology has evolved rapidly over the last few decades. Right now, it is very much integral to the operations of many businesses. Especially as we consider the unprecedented disruptions that have been brought about by the global pandemic since early 2020. Moving forward, a hybrid work environment is increasingly becoming the norm. And Windows 365 looks to provide clients with the digital solutions necessary to bring about technological transformation.

This Windows suite of solutions will make it even simpler for employees to remain connected and collaborate regardless of whether they are working from home or are in the office. Cloud computing can undoubtedly be a key driver in the success of any business.

Windows in the cloud

Microsoft’s latest offering is certainly looking to take cloud technology to a higher level. Just to recap, Windows 365 is a subscription-based cloud PC service. In a way, you could describe it as an Operating System-as-a-Service solution.

All you need to do is purchase a subscription and you can remotely access a Windows desktop in any modern web browser. The service will provide you with a consistent experience across any device.

So if you happen to be working on a project with several application windows open and then you disconnect, that exact same state will be restored when you reconnect, regardless of whether you’re using the same device. Built on Microsoft’s Azure Virtual Desktop technology, Windows 365 could just be a game-changer.

Explaining cloud computing

Cloud computing refers to the robust delivery of on-demand computing services over the internet that are paid for according to your needs. These services can include servers, storage, applications, databases, networking, intelligence, analytics, and processing power. Because you only pay for the services you need, your business can lower its operating costs, run infrastructure more efficiently, and scale accordingly as per your needs.

The most common types of cloud services that you’ll come across include, Infrastructure as a Service (IaaS) along with Platform as a Service (PaaS). Another is Software as a Service (SaaS). IaaS allows you to rent IT infrastructure such as servers and virtual machines from a cloud services provider.

PaaS can help developers to work more efficiently when creating web or mobile apps. This is because users can rent an on-demand environment to develop, test, deliver, and manage software applications. And then with SaaS, service providers can deliver software applications to clients over the internet on a subscription basis.

And Microsoft is looking to enhance the technology even further. As Satya Nadella, chairman and CEO of Microsoft put it, “We are building the cloud for the next decade, expanding our addressable market and innovating across every layer of the tech stack to help our customers be resilient and transform.”  

He went on to further explain, “With Windows 365, we’re creating a new category: the Cloud PC. Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

Modern computing

Constantly changing technology means that businesses need to embrace digital transformation processes to remain competitive. Integrating new forms of technology such as Windows 365 can have a significant impact on a business by speeding up, automating, and improving processes.

By leveraging the capabilities of the cloud, organizations can easily achieve the goals of digital transformation. This is because the cloud provides the natural solution to the heavy computational and storage needs that are required to implement these digital solutions.

If you are still unclear or on the fence about cloud technology then you should also consider that according to a study by 451 research, you are already behind 90% of companies. Cloud technology is clearly not a passing phenomenon, it’s here to stay. And it’s not too hard to see why, when looking at just what businesses stand to gain:

  • Cloud services are scalable and flexible enough to adapt to any business’ needs,
  • Businesses can make significant savings by eliminating the need for massive investments in on-premises infrastructure,
  • Companies stand to gain a competitive advantage from the valuable insights they get from the huge volumes of big data available,
  • The cloud also ensures business continuity in the event of a disaster, cyber attack, etc. A case in point being how businesses have remained operational despite the pandemic.

What does Windows 365 add?

We all know that cloud computing is not a new phenomenon. Neither is virtual technology. In fact, Microsoft itself already has Azure Virtual Desktop available. So naturally, one would wonder what does Windows 365 bring to cloud computing that isn’t already there? Apparently, quite a bit.

Windows 365 promises to provide clients with an alternative to their physical PCs. An alternative that lives permanently in the cloud and runs Windows 10 or (once it’s available later this year) Windows 11. The service would also allow you to sign in to that alternative PC on any desktop PC, Mac, or mobile device and pick up exactly where you left off.

With Windows 365, at least according to Microsoft, setting up, maintaining, and managing Windows will become easier. In addition, the Cloud PC provides a secured place to store apps, files, and documents that your employees will have access to at any time and on any device with an internet connection.

This creates a situation where your location doesn’t matter and you can easily switch between devices without losing your work. Also, unlike Azure Virtual Desktop’s consumption-based rate, Windows 365 offers flat subscription rates.

Windows 365 Functionality

Having seen what Windows 365 can bring to the table, you’ll probably need to know how the service functions. Firstly, you’ll need to determine what the needs of your organization are and then select a plan from the ones available.

And once you purchase a subscription, you can then link your Windows 365 product to an existing Microsoft account. With this done, all your apps, tools, data, and settings will become accessible from any device anywhere.

Moreover, Windows 365 is a fully customizable platform that allows you to customize the amount of power and storage that your Cloud PC uses both at the point of subscription and once you start using it.

One of the major challenges with existing cloud computing technology is the difficulty that one faces with scaling. So the fact that Windows 365 essentially eliminates this issue is a fantastic advantage. 

Another great tool that you have is the integration with Azure AD and Microsoft Endpoint Manager (MEM). For organizations that are already leveraging Azure virtual desktop infrastructure, Windows 365 will automatically integrate itself with your Azure AD infrastructure. In addition to your other virtual assets as well. Also, management and security policies can be applied to your Cloud PCs.

Cloud PC capabilities and Windows 365

The Cloud PC is designed to offer a better cloud experience than other services on the market. Including Windows traditional devices. Developed for hybrid working, Windows 365 can offer the kind of flexibility that allows seamless device changes without affecting the status of the work.

Not only that, but users will be happy to know that Windows 365 is compatible with other Microsoft 365 business applications. This means that you won’t miss out on your favorite apps such as Word, Planner, or SharePoint.

According to Wangui McKelvey, general manager for Windows 365, “However, the ability to work anytime, anywhere has become the new normal. All employees want technology that is familiar, easy to use, and available across devices. In the most complex cybersecurity environment we’ve ever seen, organizations need a solution that helps their employees collaborate, share, and create while protecting their data. We have the opportunity to develop the tools that enable this new world of hybrid work with a new perspective and the power and security of the cloud.“

Windows 365 also aims to tackle the security issues that organizations have been facing. And this can be done through integration with the security and identity management policies that you already have in place such as Azure AD.

Major features with Windows 365

There’s plenty to like about Windows 365 from the information that we have about the service so far. Features that enable this service to be a game-changer in the world of cloud computing. And these features include:

  • Instant boot to a personal Cloud PC,
  • Clients get the full Windows experience in the cloud,
  • Clients can also stream various applications, tools, data, and settings directly from the Microsoft cloud across any device,
  • You get a choice of running either Windows 10 or (once it’s available later this year) Windows 11,
  • Secure by design, and fully compliant with Microsoft’s Zero Trust principle,
  • Flexible per-user, per-month pricing plans at flat subscription rates,
  • A scalable set of virtual hardware parameters that lets you adjust to changing conditions whenever necessary,
  • Fully compliant with Azure AD and MEM,
  • Fast setup process that provisions your Cloud PC within minutes.

Addressing security concerns

Remote access has been essential during the pandemic in helping plenty of businesses to remain operational. But, the concern with working from home has always been how to maintain the security of an organization’s network.

This is why Windows 365 is attempting to resolve some of those security challenges by using a Zero Trust architecture. A service that also comes with multi-factor authentication (MFA). This means that login or access attempts to the Cloud PC will be verified using integration with Microsoft Azure Active Directory.

Furthermore, you will get options to delegate specific permissions such as licensing, device management, and cloud PC management using specific rules. This is in addition to getting to use Microsoft Defender for Endpoint to improve your overall security posture.

And then to make things even more secure, there is going to be high-level encryption for all stored data at rest, all managed disks running Windows 365-based Cloud PCs, as well as all network traffic to and from the PCs.

What else should you know?

One of the first questions you may be asking yourself as you find out more about Windows 365 is, is this for me? And according to Microsoft, Windows 365 is for all businesses regardless of size. As long as you need a secure and agile hybrid work solution for elastic workforces, distributed employees, etc, this service can help you.

What about Windows Hybrid Benefit? This will also be available to you if you have a device with a valid Windows Pro 10 license. Each individual assigned a Windows 365 Business license with a Windows Hybrid Benefit license must also be the primary user of a Windows 10 Pro licensed device. And that device needs to be their primary work device.

Another thing that Microsoft says clients need not worry about is their apps. All apps that worked on Windows 7, Windows 8.1, and Windows 10 should have no issues on Windows 365.

In case of any issues, Microsoft will help you to fix them at no cost. And as far as devices are concerned, as long as you have an internet connection then most modern devices will work with the service. Also, with regards to bandwidth, how much you need will depend on the workload. The requirements for Windows 365 are as follows:

  • HTML5 browser,
  • DSL connection or a wireless internet connection capable of streaming a video.

Wrap up

In the end, there is no escaping the fact that cloud computing has grown to become essential to how businesses operate. The endless possibilities that hybrid work environments can create can only mean good things.

But, the key to all of this is having a service that offers a great user experience as well as unquestionable cybersecurity. This is what this Windows solution claims to bring to the table.

An enhanced, modern cloud computing experience that is built on the foundation of other already successful Microsoft services. By leveraging the latter, Windows 365 has the potential to create a whole new paradigm.

Windows 365: What You Should Know

When Windows 365 unveiled by Redmond at its Microsoft Inspire 2021 event in July, there was expectedly a lot of buzz around it. And as with most major announcements, there were a lot of questions mixed in with the excitement. Additionally, those initial questions only seemed to inspire more speculation than clear answers. Until now.

With the launch of Windows 365, clients can start to look into what exactly Microsoft is offering and why today’s businesses need it. You can now take Windows 10 or eventually Windows 11 with you on your travels, wherever those may lead.

As the workplace environment continues to evolve, this capability offers businesses a better solution to some of the challenges they have been facing. So, with that said, let’s take a deeper look into Windows 365.

Getting set up with Windows 365 Business

You’ll have to start by accessing the virtual operating system and acquiring Windows 365 licenses. To do that, go to the admin center in the Microsoft 365 account, navigate over to the ‘Billing’ section, and select ‘Purchase services’. Once there, proceed to select the configuration that is most ideal for your needs. You can then complete the ordering process as you would when purchasing other Microsoft services.

With that done, head back to the Microsoft 365 admin center console and begin assigning licenses to users. Go to the ‘Users’ section, and select ‘Active users’. From here, you can assign users in your organization a Windows 365 deployment.

For each user, select ‘Licenses and apps’ on their profile. Next, assign a Windows 365 license and then save the changes. After this, users can start using Windows 365 by going to the Windows 365 web portal and logging in with their details.

Windows 365 Enterprise

For the most part, the process for setting up the Enterprise version is not a lot different. But, because this version has extra features and tools that the Business version does not have, the process does have some variations.

To start, confirm purchases and assignment of the licenses. You’ll need an on-prem network connection to create Cloud PCs, join them to your domain, and allow you to manage them via MEM.

After that, create a group policy in the Microsoft 365 admin center. Then, choose an image and select the Windows 10 Enterprise version. Then assign the Azure AD group to apply to the provisioning policy. After this, you can save these settings and create the policy.

It’s at this point that the Azure AD group members you’ve successfully assigned to the policy will directly receive the Cloud PC licenses that you add. The Cloud PCs will need about 30 minutes before they are ready to use. And then, just like the process for the Business edition, users can start using Windows 365 by going to the Windows 365 web portal and logging in with their details.

Plans and pricing

Over the last few weeks, this topic has been hot, generating great interest. Despite all the information about Windows 365 that Microsoft had made public, one key area remained unaddressed. But now, with the product launch official, that confusion is gone.

There are two subscription options on offer, Windows 365 Business and Windows 365 Enterprise. The former is targeted at companies with no more than 300 employees. The latter is best suited for larger organizations. However, they both share the same range of features with a total of twelve Windows 365 cloud PC configurations to choose.

At the lower end, is a subscription ideal for frontline and call center workers that costs $20 per user per month. On offer is 1vCPU, 2GB RAM, and 64GB storage. This is likely adequate for the lightweight computing tasks that this group performs.

And at the other end of the pricing spectrum, you get support for 8vCPU, 32GB of RAM, 512GB of storage, and 70GB of outbound data as an option. This will cost $158 per user per month. And it’s for users who perform compute-heavy tasks.

The pricing and configuration options are consistent across both Windows 365 Business and Enterprise.

The launch has gone well

If the first few days after the launch are any indication, then Microsoft may potentially have a winner on their hands. As expected, there were doubts about whether clients would be interested in Windows 365 when they already had Azure Virtual Desktop. But, the demand for free trials was so overwhelming that Microsoft had to press pause. After only a single day of sign-ups, the service reached maximum capacity. 

Microsoft has had to come out and address the situation. “Following significant demand, we have reached capacity for Windows 365 trials,” reads a statement from the Microsoft 365 Twitter account. “We have seen an unbelievable response to Windows 365 and need to pause our free trial program while we provision additional capacity,” explains Scott Manchester, director of Windows 365 program management. It obviously would be far too premature to call Windows 365 a success. However, if it delivers as promised, then we can expect interest in the service to grow even more.

Business or Enterprise?

As already mentioned, Windows 365 has two versions on offer, Business and Enterprise. But, is the difference as simple as one is targeted at smaller businesses and the other at larger organizations? Truth is, it’s a little more than that.

Windows 365 Business is the simpler version of the two. And it’s ideal for businesses with no more than 300 users. Because everything aligns with Azure AD natively, and all the components run in the Microsoft cloud, prerequisites are simple. There are no technological prerequisites. And there is no need for an Azure subscription or a domain controller.

Windows 365 Enterprise, meanwhile, is best for larger organizations. Additionally, it offers a wider range of tools and features for maintenance and security. As a result, it’s more complex and requires greater technical expertise to deploy and manage. Features that come with the Enterprise version include the following:

  • self-serve upgrades
  • universal print integrations
  • partner and programmatic enablement
  • custom images and image management

Impact of Windows 365

Windows 365 is designed to be a simple, secure, and versatile solution that can transform your IT operations for the better. It utilizes the power of the Windows operating system and the strength of the cloud to offer businesses greater peace of mind in three key ways:

Powerful: Users can instantly boot on to their personal Cloud PCs to stream apps, data, tools, and settings from the cloud and across any device. This will give you the full PC experience in the cloud. And because of the capabilities of the cloud, you’ll get versatility in processing power and storage and this enables IT to scale up or down, based on their needs.

Simple: Windows 365 provides an all-around simplified cloud computing experience. Users can log in and pick up right where they left off across devices. And for IT pros, deployment, updates, and management are a lot less complicated to perform. Mostly because Windows 365 doesn’t require any virtualization experience.

Since the service is optimized for the endpoint, it makes the job easier for IT to procure, secure, deploy, and manage Cloud PCs for their companies just as they manage physical PCs through Microsoft Endpoint Manager.

Secure: By leveraging the power of the cloud as well as Zero Trust, Microsoft has made Windows 365 a highly secure platform. This enables businesses’ data to be kept secure on the cloud and not on devices.

Additional user information

Before signing up for Windows 365, there are a few things that clients need to be aware of. Things that they can and cannot do. For instance, you only get allowance for 1 user per license and so there is no support for multiple users on a single Cloud PC.

Another thing is that if you need to cancel your Windows 365 subscription, all you need to do is go to the Microsoft 365 admin center. However, you should know that when you cancel a subscription, all associated data will be deleted.

If you are an Enterprise client and you want to upgrade to another Windows 365 plan, use the Resize feature to upgrade the RAM, CPU, and storage size to meet the users’ needs. This can be a great benefit for users who may need a more powerful Cloud PC to run CPU-intensive apps.

On the other hand, though, you cannot as yet perform a downgrade. Also, if you have a Windows 365 Business license, you cannot convert it to Windows 365 Enterprise. The only viable way around it would be to purchase the Enterprise license.

Hybrid benefit

Microsoft also offers another feature known as Windows Hybrid Benefit that is meant to make the Windows 365 experience even better. The former is a licensing benefit that helps reduce the cost of Windows 365 Business. In actual figures, what Windows Hybrid Benefit offers clients is a discount of up to 16 percent. And this will apply to your Windows 365 Business subscription for clients that are already using Windows 10 Pro on a device.

Therefore, Windows Hybrid Benefit is a feature that you have access to if you have devices with valid Windows 10 Pro licenses. A couple of things are necessary from all users that are assigned a Windows 365 Business license with a Windows Hybrid Benefit license:

  1. The user must be the primary user of a Windows 10 Pro licensed device,
  2. The device in question needs to be their primary work device.

However, you’ll need to maintain your discounted pricing during the subscription term in which you access the Windows 365 service. And to do that you must access the service from your Windows 10 Pro licensed device at least once during that term.

What about Microsoft partners?

Over the years, Microsoft partners have played a key role in the delivery of Microsoft services to clients across the globe. The broad range of products and services in Microsoft’s portfolio translates to partners having the power to build innovative, industry-specific solutions. And Windows 365 intends to continue that trend.

The new Cloud PC offers Microsoft partners plenty of opportunities to deliver new Windows experiences in the cloud. Whether you’re an independent software vendor (ISV), managed service provider, or an original equipment manufacturer, there are opportunities to take advantage of.

Businesses still need systems integrators and managed service providers to get the best from their Microsoft products. ISVs can still create Windows apps that can enhance how businesses operate while OEMs have the opportunity to better integrate Windows 365 into their wide array of products and services. By doing this, Microsoft partners can facilitate the creation of innovative, new ways of doing business that can bring about digital transformation. Therefore, the decades-long partnership that has benefited clients so immensely will not be ending.

Conclusion

Microsoft is looking for ways to constantly improve the work experience by leveraging the power of the cloud. And with Windows 365, the idea is to provide employees with technology that is secure, efficient, and easy to use. All this while enabling employees to remain productive anywhere and using any device.

Also, by giving users a familiar experience and IT simple processes for managing and deploying Cloud PCs, this cloud-based service will optimize IT operations for everyone. However, as a recently launched service, only time will tell how exactly and to what extent Windows 365 will affect the way businesses operate.

Once most clients have had an opportunity to use and review it, then conclusions can be made. But, the early signs point towards a positive, modern transformation that will boost most businesses.

Microsoft Launches Windows 365

An argument could be made that the need for tools that not only simplify but improve remote work has never been greater than it is today. In an increasingly connected world, leveraging cloud computing can be the answer to a lot of the challenges that businesses are currently facing.

With Windows 365, Microsoft is aiming to improve on existing technologies to make the cloud experience even better. By enabling the computing to be done remotely in a data center and then streamed to users’ devices, Microsoft can offer something that can be compared to game streaming.

As a new way of using a computer as hybrid Windows for a hybrid world, there’s plenty that we need to look into.

What are we looking at?

Just when people were thinking that Windows 10 would be the last in the line of Windows versions, Microsoft gives us another one.

A platform that in Microsoft’s own words is going to take the operating system to the Microsoft cloud and stream the full Windows experience to personal or corporate devices.

This will include settings, data, and apps. It’s what Microsoft calls the Cloud PC. Simply put, this is a service that allows business clients to access cloud PCs from anywhere.

So technically speaking, we should not look at this service as a new version of Windows. Rather, we should take it for what it truly is — a platform that is designed to stream the full experience of Windows 10 or 11 to any browser.

Regardless of which operating system your device may be running. If we are to consider how Microsoft’s Software-As-A-Service (SaaS) model has evolved over the last decade, this move was probably going to be the next step.

Launch date

The announcement from Microsoft was made on the 14th of July and in that statement, it was made known that we should expect Windows 365 on the 2nd of August. This, however, will be for businesses. Chances are that at some point, Microsoft may eventually avail the service to consumers and small shops — sole proprietorships.

Giving clients virtual PCs

By providing this service, Microsoft can potentially cut partners out and provide virtual PCs directly to its clients. Rather than only offering operating systems, applications, productivity suites such as Microsoft Office, etc. Windows 365 can give Microsoft an even bigger slice of the pie. Because of the massive cloud system available with Azure servers, Microsoft won’t have a problem running virtual machines.

This can provide a great tool for the evolution of the Desktop-As-A-Service (DaaS) offering. As Microsoft CEO Satya Nadella said in a statement, “Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

How does it work?

According to the information that has been made available so far, we know that there will be two versions of Windows 365 — Business and Enterprise. Both of these will be powered by Azure Virtual Desktop. Users will be able to use Windows 365 on any modern web browser or through Microsoft’s Remote Desktop app.

What this means is that users can gain access to their Cloud PC from a variety of devices. In a statement by one of Microsoft 365’s general managers, Wangui McKelvey, he says, “Windows 365 provides an instant-on boot experience.”

This capability simplifies how users can easily stream their Windows sessions. And Windows 365 enables them to do that with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices. As McKelvey goes on to explain, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.”

Advantages to businesses

Windows 365 can enable your businesses to create Cloud PCs within minutes and assign them to employees. And this can be done without the need for expensive, dedicated physical hardware.

Without a doubt, this could prove to be a very attractive option for plenty of businesses. Especially those that may need to hire remote workers or even temporary contract staff that need to securely access a corporate network.

Because your entire Windows PC is in the cloud, your employees can work comfortably on a very secure platform. Furthermore, they won’t need to navigate VPNs or worry about security on personal devices.

Other advantages that you can get include lower maintenance costs, better protection against cyberattacks and malware, faster provisioning, less downtime in case of cyberattacks, easier patching, and far less disruptive updates.

Licensing concerns

Expectedly, clients are going to have some concerns with regards to how this will affect their current licenses. Will you have to pay more, for potentially the same services? The way Microsoft puts it, that’s not what will happen.

For instance, if you already have a Microsoft 365 E3 license, then you have paid for that service and you won’t need to do so again. This means that you can continue to use the software you have paid for and that includes Windows 10.

When it comes to Windows 365 licenses, what you’ll need to pay for is access to the virtual PC service. The latter will be maintained by Microsoft on its vast network of servers with the aim of running the software that you already have.

In a way, you could consider it similar to purchasing a computer and then purchasing the operating system and applications that you need. As a new offering, things are still hazy but hopefully, Microsoft will further clarify the concerns and confusion that people may have.

One thing that we do know are the licensing requirements and they are as follows:

  • On Windows Pro endpoints: Windows 10 Enterprise E3 + EMS E3; or Microsoft 365 F3, E3, E5 or BP (Business Premium),
  • On non-Windows Pro endpoints: Windows VDA E3 + EMS E3; or Microsoft 365 F3, E3, F5, or BP (Business Premium).

In addition, you also need to know the non-licensing requirements:

  • Azure subscription,
  • Virtual Network (vNET) in Azure subscription,
  • Hybrid Azure Active Directory (AAD) join-enabled.

Cost of service

With the licensing issues out of the way, clients need to know just how much they will need to pay to use Windows 365. Unfortunately, despite the service launching so soon, Microsoft has yet to officially provide a guideline with regards to how much clients will pay. But, during a session at its Inspire partner conference, Microsoft did inadvertently mention how much Business plans would cost. And that came down to $31 per user, per month.

For this, you will get support for 2 CPUs as well as 4GB of RAM and 128GB of storage. However, it is worth noting that we can expect at least one other plan that will cost less. Clients can look forward to having an option for 1 PC, 2GB of RAM, and 64GB storage, aimed at small businesses.

Furthermore, there will also be Enterprise plans that can offer support for 4 or 8 different PCs, in addition to 8/16/32 GB of RAM and 128/256/512GB of storage. For now, however, clients can only guess how much they will have to fork out to access these plans.

Enhancing the capabilities of hybrid work

The global pandemic has changed the way that enterprises look at some of their business practices. With people having had to spend long periods of time at home, businesses had to increase their dependence on virtual processes and remote collaboration. It was necessary to keep businesses running and retain employees.

Although the situation is getting under control in several regions across the globe, the way businesses operate may potentially change. With Windows 365, businesses can tackle head-on the challenges that cloud computing and remote work has often presented.

Organizations will be able to provide employees with greater flexibility and more options to work from different locations. All of this while still ensuring the security of the organization’s data. This is because by taking advantage of the Cloud PC, you get hybrid personal computing that can turn all of your devices into a personalized, productive, and secure digital workspace.

Having this capability will simplify the process of managing seasonal workers without the challenges of issuing new hardware or securing personal devices. As said by Microsoft itself, Windows 365 offers you a better, more modern way to deliver a great productivity experience with increased versatility, simplicity, and security.

Are we getting two Windows versions?

As mentioned above, most people were of the belief that Windows 10 would be the last version we would get. And then in June, Microsoft announced Windows 11. Barely a few weeks after that announcement, along came Windows 365. So not one, but two new versions? But, it’s not quite as simple as that.

Windows 11 is the actual successor to Windows 10. It’s a new operating system packed with new features such as a brand new Start menu that no longer uses Live Tiles. It also comes with new system requirements such as CPUs based on the x64 architecture since there is no 32-bit version of Windows 11. That’s in addition to the 4GB of RAM and 64GB of storage you’ll need to install Windows 11.

So basically, Microsoft has only actually provided one new product, Windows 11 to succeed Windows 10. Windows 365, on the other hand, is something of a hybrid between a virtual machine and Microsoft Remote Desktop.

It’s the subscription service that allows you to create Cloud PCs that run Windows 10 or eventually Windows 11. So the platform is not tied to a particular operating system version therefore you pay a monthly fee based on the hardware configuration you want your PC to have.

What about Azure Virtual Desktop?

Another point that requires clarification is with regards to Azure Virtual Desktop (AVD). Why does Microsoft feel the need to have another VDI? For starters, Windows 365 appears to be more user-friendly than AVD.

Navigation has been made easier and the process of setting up an Azure Virtual Desktop system in the Azure cloud is also significantly less complicated. This is because Windows 365 focuses more on simplicity as compared to Azure whose goal is flexibility.

With Windows 365, you can let Microsoft handle the core infrastructure and platform piece. This is because the platform comes in the form of Software-As-A-Service. On the other hand, with AVD, clients need to manage a supporting Azure subscription, configure and implement the platform services required to allow a thin-client or Remote Desktop client to connect in.

So basically Windows 365 is an automated version of AVD that is aimed at companies of all sizes, including small businesses. Unlike AVD which targets the enterprise market. Below are some guidelines that Microsoft provides for you to choose the product that best suits you.

Azure Virtual Desktop:

  • Windows 10 personalized and multi-session desktops and remote app streaming.
  • Full control over management and deployment plus options for Citrix and VMware integration.
  • Flexible consumption-based pricing.

Windows 365:

  • Windows 10 personalized desktops.
  • Management and deployment with familiar desktop tools and skills.
  • Predictable per-user pricing.

Wrap Up

Windows 365 is introducing a whole different concept to both the Software-As-A-Service and Desktop-As-A-Service environments. This new platform seeks to set the tone for a more modern computing experience that can benefit businesses as well as individuals.

It’s still early stages and there is still a lot that we don’t know.

However, what is certain is that this is more than just a cloud-based version of Windows and can offer ersatz hardware as well. All of this is definitely going to make the future of cloud computing a lot more interesting.

How Microsoft Endpoint Manager is Bringing Intune and Configuration Manager Together

As people get access to more and more devices, the way that businesses operate has been rapidly evolving to keep up with the technology. And with more of these devices having access to a business’ data, this can help to improve productivity. Microsoft Endpoint Manager may have been designed with these dynamics in mind.

The problem, however, is that this can easily create a situation that puts the entire organization’s network at risk. So, a solution is necessary.

One that can enable a business to get the most it can from the devices that are available to its employees without compromising data security. This is why you need a platform like Microsoft Endpoint Manager that can bring together the most effective device management tools.

Creating the solution

Microsoft already had plenty of products available to help businesses with device management. And these products included the two that we’ll be focusing on today: Intune and Configuration Manager. So why did they feel the need to change things, to add yet another product?

What Microsoft Endpoint Manager (MEM) seeks to address is the need for a comprehensive management solution. MEM can help to reduce client confusion over the multiple products that are available by giving you a unified platform for all your devices including Windows 10, macOS, iOS, and Android. By using MEM, businesses can among other things:

  • proactively manage all of their devices,
  • maintain systems and software,
  • limit exposure and respond to security threats,
  • distribute settings, and much more.

Microsoft Intune

With Intune, what you are getting is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. Using it enables you to have control over the features and settings on Windows 10, Apple, and Android devices.

Also, if you have on-prem infrastructure, there will be Intune connectors available. Namely the Intune Connector for Active Directory and the Intune certificate connector.

And by making it a part of MEM, Microsoft allows you to use Intune to create and check for compliance, as well as deploy apps, features, and settings to your devices using the cloud.

Configuration Manager

Whereas Intune is a 100% cloud-based solution, Configuration Manager gives you the on-premises management solution. With this, businesses can manage desktops, servers, and laptops that are on their network or internet-based. It is a flexible solution that you can cloud-enable if you want to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services.

Furthermore, Configuration Manager gives you a great tool for the deployment of apps, software updates, and operating systems. Not only that, but you can also stay on top of queries and compliance issues so that you can act in real-time.

What are the requirements for Microsoft Endpoint Manager?

The beauty of Microsoft Endpoint Manager is that there is no complicated configuration or migration that you need to worry about. And this goes for the licensing as well.

If you have an existing Configuration Manager license then you can continue to use it, while simultaneously taking advantage of the Microsoft cloud-based security and compliance benefits of Intune.

Combining these two solutions has allowed Microsoft to avail Configuration Manager to clients with Intune licenses and vice versa. All of this without the usual roadblocks that you previously had to deal with.

This simplifies the process of giving clients a more comprehensive management platform. For management of non-Windows devices, however, you will need an Intune license, an Enterprise Mobility & Security (EMS) license, or a Microsoft 365 E3 or higher license

Taking advantage of MEM

There are plenty of reasons why any business should consider using MEM to improve the way it operates. As mentioned above, people now have access to plenty of different devices and businesses should benefit from that.

But, with the complexities that are involved in device management, there is no single tool that can meet all the requirements.

This is why bringing together Intune and Configuration Manager can work so well. By supporting a diverse BYOD ecosystem, MEM makes it easy to manage all endpoints. Whether they are on-premises and remote, corporate-owned and personal, desktop and mobile, MEM can handle them.

In addition, MEM is flexible enough to meet you where you are in your cloud journey and will not disrupt your existing processes. Your business can also leverage the integrations with other platforms such as Microsoft 365 and Azure AD to enhance productivity.

Combining products gives clients a lot to look forward to. Especially when you consider the simplified licensing arrangement. Overall, this combination will vastly improve the end-user experience and also allow IT teams to save costs and function more efficiently.

Addressing concerns about Microsoft Endpoint Manager

We all have our preferred tools that we use and that enable our businesses to operate optimally. So naturally, there will be concerns about combining Intune and Configuration Manager. What exactly does it mean for these products?

By bringing these products together under one umbrella, Microsoft is not doing away with Configuration Manager as many think. And the choice of name allows Microsoft to keep adding features to the platform.

Therefore if you have solutions that are built on Configuration Manager and want to continue using it, you are free to do so. But, the difference is that you’ll also get to leverage the intelligence of the Microsoft 365 cloud.

Basically, starting in version 1910 Configuration Manager now falls under the Microsoft Endpoint Manager branding. And as for the other components of the System Center suite, there are no changes to report.              

Wrap up & Microsoft Endpoint Manager

The solutions that businesses use need to continuously evolve to allow us to boost productivity and enhance data security. We need solutions that can offer the deployment of a seamless, end-to-end management solution.

And by combining Microsoft Intune and Configuration Manager into Microsoft Endpoint Manager, we can get just that. A solution that gives clients modern management and security while integrating with other Microsoft products in a way that optimizes device management.

How Endpoint Analytics Just Got Better

End-users commonly experience challenges such as long boot times, application crashes, and so on. These problems may be the result of a lack of optimized software configurations, legacy hardware, and issues that may arise due to configuration changes and updates. Enters Microsoft Endpoint Manager and the solution businesses need.

By using Endpoint Analytics, you can begin addressing these issues.

You’ll be able to improve user productivity as well as reduce IT costs because of the insights that you’ll receive. The latter will give you information about device setup, startup and sign-in times, and overall system performance.

Not only that, but the introduction of new features can enhance the user experience even more.

Benefits of Microsoft Endpoint Manager Analytics

Introduced in September 2020, Endpoint Analytics is the tool that can help your organization to gather significant amounts of data and thus help you to view and understand the performance of your managed Windows 10 estate. At the initial release, Microsoft Endpoint Manager Analytics had three main areas of focus:

  1. Startup performance: the insights provided help you understand your devices’ reboot and sign-in times and this enables IT to get users from power-on to productivity quickly without lengthy boot and sign-in delays.
  2. Proactive remediation scripting: swiftly fix common issues before they become problematic for end-users.
  3. Recommended software: recommendations for providing the best user experience.

To make the product even better, Microsoft has added two new features to give IT greater visibility in order to enhance the overall end-user experience.

The application reliability report

The first of the two new features is called the application reliability report (APR). This is something that will provide you with insights into potential issues for desktop applications on managed devices.

Utilizing this feature helps you to quickly identify the top applications that are impacting end-user productivity. Moreover, it also enables you to view aggregate app usage along with app failure metrics for these applications.

To take advantage of this feature, devices should be enrolled in Endpoint Analytics. And for devices enrolled from Configuration Manager, they’ll need client version 2006 or later installed.

To view the APR, you won’t need to do anything if your devices are Intune managed or co-managed. You’ll easily locate it beside the rest of the Endpoint Analytics reports in the Microsoft Endpoint Manager admin center console.

On the other hand, if you have devices enrolled through tenant attach, you need to upgrade to Configuration Manager 2006 for this report to populate.

How Microsoft Endpoint Manager works

To find your app reliability score, head over to the overview page. Here, you’ll also get the baseline score which is the median across all organizations. Below that you get a list of the apps most likely to have reduced user productivity during the previous 14 days. And then on the right column are app reliability Insights and Recommendations prioritized by which are most likely to boost your score.

To view the list of all your company’s apps, you can go to the App performance tab. You can sort out these apps according to various criteria such as name, publisher, active devices, and app reliability score. In addition, you may also sort apps out using the mean time to failure, which is the average number of times the app can be used across the organization between crashes.

In order to see your business’ application reliability performance, you can also leverage other pivots like the model, and OS version deployed, as well as troubleshoot application reliability issues with individual devices.

Devices will be given a device app health score that you find in device performance. This score is determined by the frequency of app crashes on a particular device during the last 14 days. To help you with troubleshooting, you can view a timeline of app crash and app hang events by clicking into each device.

Restart frequency feature of Microsoft Endpoint Manager

The second of the two recent additions to Endpoint Analytics is the restart frequency feature. This tool provides you with information regarding when devices are being rebooted and why.

You also see improvement for the existing startup performance report thus helping to improve the user experience even further. All of this should enable operational and helpdesk departments to be more proactive and provide insights on end-user devices.

The data provided aims to clarify the type of reboots that occur. To achieve that, these reboots will be classified as either normal or abnormal. When we talk of normal restarts, this refers to restarts that go through the normal Windows shutdown processes such as Windows update installations.

And when we talk about abnormal restarts, this refers to those that don’t follow normal Windows shutdown processes. Because abnormal restarts can be problematic they need to be looked into further. There are three categories of them:

  • Blue screens: This type of abnormal restart type is also a stop error. On average, one may expect no more than two stop errors per device per year.
  • Long power button press: Occurs when you hold down the power button to force a restart. This type happens less frequently than blue screens.
  • Unknown: The last category is for shutdowns that don’t align in either of the two previous categories.

Wrap up

Deployment of new laptops and desktops to users in an organization is a constantly ongoing process for a lot of businesses. As such, IT departments need efficient ways of managing devices and ensuring the optimization of the end-user experience.

And this is why if you’re not already enrolled you should be considering Endpoint Analytics.

End-users may face various issues in their day-to-day work that they will not report. Because of this, the user experience suffers and this will inevitably affect productivity. But, by utilizing Endpoint Analytics and its great new features, organizations can get high-level visibility into these various issues enabling them to address them quickly and efficiently.

Microsoft Defender for Endpoint Tamper Protection Extends Client Coverage

Every business needs to be on top of its game when it comes to matters of the security of its IT infrastructure. Because even the smallest of vulnerabilities can be exploited to devastating effect. And Microsoft Defender ATP is ready to mitigate those risks.

Not recognizing these risks can potentially cause the shutting down of a business, at best temporarily. And research has shown that the cost of downtime to a company can quite easily run into hundreds of thousands of dollars.

As we can all imagine, the losses that a business would suffer would be colossal, to say the least. Hence the need to enhance one’s security to keep bad actors at bay. By using Tamper Protection, you immediately strengthen the security of your business.

Why Tamper Protection?

Arguably the greatest challenges to an organization’s IT infrastructure come in the form of malware or malicious apps that tamper with your security settings and potentially create vulnerabilities in your system.

With these changes having been made, your organization becomes a significantly easier target for cybercriminals. It is with this in mind that Microsoft introduced Tamper Protection two years ago.

Simply put, and as the name itself implies, the Microsoft Defender ATP feature essentially locks Microsoft Defender thus preventing anyone from tampering with your security settings. Including modifications that may be made by administrators.

As a key element of Microsoft’s security strategy, Tamper Protection helps to ensure that Windows 10 clients do not need third-party anti-virus software.

However, Tamper Protection does not have an impact on third-party antivirus registration. So this means that third-party antivirus offerings will still register with the Windows Security application. By using Tamper Protection, you can prevent the following:

  • Deactivation of virus and threat protection.
  • Deactivation of real-time protection.
  • Disabling of behavior monitoring.
  • Disabling antivirus (such as IOfficeAntivirus (IOAV))
  • Blocking of cloud-delivered protection.
  • Removal of security intelligence updates.

Extending client coverage

With the obvious benefits that Tamper Protection brings to any organization, it only makes sense to try and extend coverage wherever possible. And this is what Microsoft did with their announcement in September last year.

This feature was extended to cover ConfigMgr 2006-only clients on both Windows 10 and Windows Server 2019, delivered via Tenant Attach. To enable Tenant Attach, the process is fairly straight forward and you can find the instructions provided here.

Having done that, you can then go to Endpoint security > Antivirus in the MEM admin center. From there you can proceed to create and deploy the Tamper Protection setting. After that, you’ll then need to configure the aforementioned setting.

This you will then deploy to a Configuration Manager collection of devices. If you want to view the policy status, go to the Monitoring > Deployments section which you find in ConfigMgr. However, you can also find it in the policy status in the Endpoint Manager Admin center

Utilizing Tenant Attach

Tenant Attach provides a method for attaching your ConfigMgr hierarchy to your tenant and leverages the capabilities available from the cloud. This includes things such as discovering cloud users and groups, synchronizing Azure AD groups from a device collection, etc.

Moreover, you can sync your on-prem only ConfigMgr clients into the MEM admin center thus enabling the delivery of Endpoint security configuration policies to your on-prem clients.

With this tool, a device does not necessarily have to be enrolled in Intune. In fact, it can be managed by either ConfigMgr or Intune. Alternatively, devices can also be co-managed.

Management of Tamper Protection

In addition to managing Tamper Protection using tenant attach as described above, there are a few other management options available. These are:

  1. Management of Tamper Protection using the Microsoft Defender Security Center. You can turn Tamper Protection on or off for your tenant via the Microsoft Defender Security Center. This option is on by default for all new deployments and the setting is applied tenant-wide. So it affects all devices that are running Windows 10 or Windows Server 2016 or Windows Server 2019.
  2. Management of Tamper Protection using Intune. If your organization’s subscription includes Intune then Tamper Protection can be turned on or off in the Microsoft Endpoint Manager admin center.
  3. Management of Tamper Protection on an individual device. Tamper Protection can be managed via the Windows Security app by individuals who are either home users or are not under settings managed by a security team. To do this, however, you need to have the appropriate admin permissions on your device to change security settings.

Keeping track of security data

Having preventive measures in place does not negate the need for constantly reviewing the security information.

You need to regularly check what is going on within your system so that you can stay on top of things because several tampering attempts are usually a sign of something bigger. And that may potentially be a bigger cyberattack.

Cybercriminals can attempt to alter your organization’s security settings as a way to persist and stay undetected.

Therefore, in every business, security teams should review information about such attempts, and then take the appropriate actions to mitigate threats.

The system is designed to raise alerts in the Microsoft Defender Security Center when tampering attempts are made. By utilizing tools such as endpoint detection and response and advanced hunting capabilities, you can investigate further and then implement the necessary measures to address the problem/s.

Wrap up

Microsoft is looking to tackle the surge in cybercrime head-on. Bad actors are constantly seeking out weaknesses in organizations’ systems and occasionally they find them. This is why businesses need to leverage the next-gen security strategies that Microsoft can offer.

With features like Tamper Protection, you get additional security to help your organization block nefarious elements from altering your security settings and leaving you vulnerable. Advanced breaches and increasing incidences of ransomware campaigns need all businesses to start getting proactive about their security. Otherwise, the consequences could prove to be very costly.

Microsoft Endpoint Manager – New, Exciting Features To Know About

When it comes to Microsoft Endpoint Manager (MEM), there’s always a steady stream of new features that clients should be paying attention to.

Technology is constantly changing and the products that we use need to improve as well. Especially if we consider the recent surge in cybercrime as seen in the FBI’s 2020 internet crime report.

No business is immune and as such, technology companies have to consistently enhance their products to ensure that clients’ data is secure. With security in mind, let’s take a look at the exciting new features that Microsoft is bringing to the MEM platform.

Enhancing security through Microsoft Endpoint Manager filters

Microsoft Endpoint Manager has now made it possible for IT admins to use filters to target apps, policies, and other workload types to specific devices.

By utilizing these filters, IT admins get more flexibility and can better protect data within applications, simplify app deployments, and speed up software updates.

Furthermore, it is now easier for admins to comply with their organizational policies and compliance requirements by deploying:

  • A Windows 10 device restriction policy only to the corporate devices of users in a particular department without including personal devices,
  • An iOS app to only the iPad devices for users in another department,
  • An Android compliance policy for mobile phones to all users in the company but exclude Android-based meeting room devices that don’t support the settings in that mobile phone policy.

To see how to make use of these filters, check out this video.

Windows 10 Enterprise multi-session support

Windows 10 Enterprise multi-session is a new Remote Desktop Session Host exclusive to Windows Virtual Desktop on Azure which allows multiple concurrent user sessions. Additionally, with this feature, users get the benefit of a familiar Windows 10 experience. In addition, IT can benefit from the cost savings that a multi-session allows and use existing per-user Microsoft 365 licensing.

By leveraging Intune, you can manage multi-session remote desktops with device-based configurations like a shared, user-less Windows 10 client. Moreover, you can enroll Hybrid Azure AD joined VMs in Intune automatically and target with OS scope policies and apps.

This means that now you can:

  • Host multiple concurrent user sessions using the Windows 10 Enterprise multi-session SKU exclusive to Windows Virtual Desktop on Azure.
  • Manage multi-session remote desktops with device-based configurations like a shared, user-less Windows 10 Enterprise client.
  • Automatically enroll Hybrid Azure AD-joined virtual machines in Intune and target them with device scope policies and apps.

Policy management made simpler

Using the settings catalog simplifies the process of customizing, setting, and managing device and user policy settings. Remember, managing policy configuration through custom Open Mobile Alliance Uniform Resource Identifier (OMA-URI) policy is not the easiest of tasks to undertake.

Moreover, what the 2105 service release does is support your move from Group Policy Objects (GPO) or custom OMA-URI to cloud-based consolidated policies.

Clients will be happy to note that 5,000 settings have been added to the settings catalog for Edge, Office, and OneDrive, including additional settings for macOS and Windows.

Microsoft Tunnel Gateway changes

There are a couple of changes to note for the Microsoft Tunnel Gateway:

  • Microsoft Tunnel Gateway (MTG) is now out of preview and thus is generally available. However, while the MTG server component is out of preview, the following Microsoft Tunnel apps are not – Microsoft Tunnel standalone app (for both Android and iOS) and Microsoft Defender for Endpoint with support for Microsoft Tunnel for Android.
  • Custom setting support in VPN profiles for Microsoft Tunnel for Microsoft Defender for Endpoint for Android. New changes here mean that you can now use custom settings in the VPN Profile for Microsoft Tunnel to configure Microsoft Defender for Endpoint when using the Microsoft Defender for Endpoint as your Microsoft Tunnel client app for Android and as an MTD app.

Device security with Microsoft Endpoint Manager

Another update that is certain to make MEM clients happy is that conditional access on Jamf-managed macOS devices for Government Cloud is now available.

By using Intune’s compliance engine, you can now evaluate Jamf-managed macOS devices for Government Cloud.

All one has to do to achieve this is to activate the compliance connector for Jamf. The steps on how to do that can be found here.

New Microsoft Endpoint Manager settings available

There are new settings now available when creating a device restrictions policy for iOS/iPadOS (14.5 devices and newer). Moreover, these are the updates that have been introduced:

  • Block Apple Watch auto unlock: You can set this to Yes and this will prevent users from unlocking their device with Apple Watch.
  • Allow users to boot devices into recovery mode with unpaired devices: If you want to allow users to boot their device into recovery with an unpaired device, you can set this one to Yes.
  • Block Siri for dictation: To disable connections to Siri servers so that users can’t use Siri to dictate text, set to Yes.

To view these settings you can go here.

App management

Clients will now get new tiles that show the number of app installation failures for the tenant. You can find these in the Home, Dashboard, and Apps Overview panes. All one has to do is follow a few simple steps:

  • Go to the Microsoft Endpoint Manager admin center,
  • To view the Home pane select Home,
  • Alternatively, if you want to view the Dashboard pane select Dashboard.
  • And to view the Apps Overview pane, select Apps > Overview.

Wrap up

Microsoft Endpoint Manager has many different ways that various companies can use it. It gives you a fantastic platform to gather end-point information. Also, it gives you the ability to push out Microsoft Desktop apps, Microsoft Edge as well as several other apps. And by consistently updating the features, Microsoft can help your business to operate more efficiently and enhance your data security and privacy.

Why Cloud Management Gateway Is So Important Now

With the prevailing global situation requiring more and more people to work from home, businesses need to ensure that productivity does not suffer. And to do that, you need to effectively manage remote devices. Hence the need for technology such as the Cloud Management Gateway (CMG).

By utilizing the CMG, your business has an alternative to IBCM that most would consider a significant upgrade. This creates a favorable environment that allows your organization to eliminate the obstacles of having a remote workforce. Needless to say but the CMG can play a massive role in your organization and its importance is certainly worth discussing.

Requirements

Before you can use the Cloud Management Gateway you need to meet the following requirements:

  • An Azure subscription to host the CMG,
  • You need a Full administrator or Infrastructure administrator user account in Configuration Manager,
  • During the initial creation of certain components, the participation of an Azure admin is needed,
  • You need at least one on-premises Windows server to host the CMG connection point,
  • A server authentication certificate for the CMG,
  • There needs to be an integration of the site with Azure AD to deploy the service with Azure Resource Manager,
  • Depending on your client OS version and authentication model, other certificates may be required,
  • Clients are required to use IPv4.

When is it useful?

There are several scenarios where the CMG could come in handy and they include the following:

  • For management of traditional Windows 10 clients using modern identity which can either be hybrid or pure cloud domain-joined with Azure AD.
  • For management of traditional Windows clients with Active Directory domain-joined identity. The clients included are Windows 8.1 and Windows 10.
  • For installation of the Configuration Manager client on Windows 10 devices over the internet.
  • For new device provisioning with co-management.

Benefits to your business

CMG enables your Enterprise admins to perform several actions. Among the things they can do, they can manage the following over the internet:

  • Push software updates and enable endpoint protection,
  • Inventory and client status,
  • Compliance settings,
  • Software distribution,
  • Windows 10 in-place upgrades,
  • Manage branch office devices over less expensive internet instead of across expensive WAN or VPN connections.

Eliminates complications

Although Internet-based client management (IBCM) has been around for years, a lot of users tend to find it complicated. CMG aims to be a simpler solution. It is an Azure-hosted service that manages internet-based clients through a new role called the cloud management gateway connector point.

By adding the CMG to your environment, you’ll get an intermediary cloud solution. And this can be your bridge to a full cloud management solution of your Windows 10 devices through Microsoft Intune.

Also, your organization doesn’t need to expose on-premises infrastructure to the internet and neither will you require additional infrastructure. So by using the CMG, you get rid of a lot of what users don’t like about IBCM.

Manage internet clients

Cloud Management Gateway helps you to easily and effectively manage clients that are on the internet. Often, there are going to be events in your environment that will require a swift response.

However, previously this was problematic for clients that would not be currently on-premises. By leveraging the CMG, you can manage clients all over the world as long as they have an internet connection.

Furthermore, it doesn’t require you to buy any additional IT infrastructure. So unlike IBCM that would need additional hardware that you need to maintain, for the CMG you just need to have Azure.

Strengthen your security

The moment you have systems that are not directly connected to your IT infrastructure, your data security is at an increased risk. This is particularly evident with remote work.

Although a lot of businesses have responded by using VPNs, you cannot adequately protect workstations through VPN channels. Hence the importance of the Cloud Management Gateway.

With it, you can better manage devices connected to the Internet and thus improve your corporate security posture. This is further enhanced by the fact that you can leverage Microsoft Azure services so that there is no need to expose your infrastructure to the internet.

Cost management

Whenever you use cloud services, you will incur costs associated with your usage. And the Cloud Management Gateway is no exception. Fortunately for clients, Microsoft intends to help you to keep those costs under control. You can do this through client settings, for instance, where you can determine which clients can access the CMG.

Another feature you can leverage is virtual machine configuration. The latter enables you to choose between 1 and 16 virtual machines per instance of Cloud Management Gateway. Also, if you want to, you can stop the CMG so that it’s no longer serving clients.

Therefore, to optimize user experience for all clients, the CMG helps to reduce the unavoidable costs that come with cloud services.

Constantly evolving

Another reason why the CMG is so important is how the technology is constantly evolving. There has been a lot of innovation taking place such as the ability to automatically do a client install through the CMG.

This is a great option to have because it eliminates the need for the client to be on the intranet. In addition, the platform is adaptable to your organization’s needs. So it can handle several scenarios such as:

  • Traditional PC management (Windows 7, 8.1, 10),
  • Modern PC management (Windows 10 with modern identity),
  • Internet client installs.

Wrap up

Every organization should be looking for ways to make the most of its IT investments. Thus from the information available, we can see that every environment that uses ConfigMgr can benefit from using the Cloud Management Gateway. And you can leverage the CMG for clients all across the globe. The convenience that this provides you cannot be overstated. As the world changes and technology evolves, we need platforms that can help organizations to become more efficient and enhance productivity.