Cloud Computing Gets Better With Windows 365

Cloud technology has evolved rapidly over the last few decades. Right now, it is very much integral to the operations of many businesses. Especially as we consider the unprecedented disruptions that have been brought about by the global pandemic since early 2020. Moving forward, a hybrid work environment is increasingly becoming the norm.

And Windows 365 looks to provide clients with the digital solutions necessary to bring about technological transformation. This will make it even simpler for employees to remain connected and collaborate regardless of whether they are working from home or are in the office. Cloud computing can undoubtedly be a key driver in the success of any business.

Windows in the cloud

Microsoft’s latest offering is certainly looking to take cloud technology to a higher level. Just to recap, Windows 365 is a subscription-based cloud PC service. In a way, you could describe it as an Operating System-as-a-Service solution.

All you need to do is purchase a subscription and you can remotely access a Windows desktop in any modern web browser. The service will provide you with a consistent experience across any device.

So if you happen to be working on a project with several application windows open and then you disconnect, that exact same state will be restored when you reconnect, regardless of whether you’re using the same device. Built on Microsoft’s Azure Virtual Desktop technology, Windows 365 could just be a game-changer.

Explaining cloud computing

Cloud computing refers to the delivery of on-demand computing services over the internet that are paid for according to your needs. These services can include servers, storage, applications, databases, networking, intelligence, analytics, and processing power. Because you only pay for the services you need, your business can lower its operating costs, run infrastructure more efficiently, and scale accordingly as per your needs.

The most common types of cloud services that you’ll come across include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). IaaS allows you to rent IT infrastructure such as servers and virtual machines from a cloud services provider.

PaaS can help developers to work more efficiently when creating web or mobile apps. This is because users can rent an on-demand environment to develop, test, deliver, and manage software applications. And then with SaaS, service providers can deliver software applications to clients over the internet on a subscription basis.

And Microsoft is looking to enhance the technology even further. As Satya Nadella, chairman and CEO of Microsoft put it, “We are building the cloud for the next decade, expanding our addressable market and innovating across every layer of the tech stack to help our customers be resilient and transform.”  

He went on to further explain, “With Windows 365, we’re creating a new category: the Cloud PC. Just like applications were brought to the cloud with SaaS, we are now bringing the operating system to the cloud, providing organizations with greater flexibility and a secure way to empower their workforce to be more productive and connected, regardless of location.”

Modern computing

Constantly changing technology means that businesses need to embrace digital transformation processes to remain competitive. Integrating new forms of technology such as Windows 365 can have a significant impact on a business by speeding up, automating, and improving processes.

By leveraging the capabilities of the cloud, organizations can easily achieve the goals of digital transformation. This is because the cloud provides the natural solution to the heavy computational and storage needs that are required to implement these digital solutions.

If you are still on the fence about cloud technology then you should also consider that according to a study by 451 research, you are already behind 90% of companies. Cloud technology is clearly not a passing phenomenon, it’s here to stay. And it’s not hard to see why, when looking at just what businesses stand to gain:

  • Cloud services are scalable and flexible enough to adapt to any business’ needs,
  • Businesses can make significant savings by eliminating the need for massive investments in on-premises infrastructure,
  • Companies stand to gain a competitive advantage from the valuable insights they get from the huge volumes of big data available,
  • The cloud also ensures business continuity in the event of a disaster, cyber attack, etc. A case in point being how businesses have remained operational despite the pandemic.

What does Windows 365 add?

We all know that cloud computing is not a new phenomenon. Neither is virtual technology. In fact, Microsoft itself already has Azure Virtual Desktop available. So naturally, one would wonder what does Windows 365 bring to cloud computing that isn’t already there? Apparently, quite a bit.

Windows 365 promises to provide clients with an alternative to their physical PCs. An alternative that lives permanently in the cloud and runs Windows 10 or (once it’s available later this year) Windows 11. The service would also allow you to sign in to that alternative PC on any desktop PC, Mac, or mobile device and pick up exactly where you left off.

With Windows 365, at least according to Microsoft, setting up, maintaining, and managing Windows will become easier. In addition, the Cloud PC provides a secured place to store apps, files, and documents that your employees will have access to at any time and on any device with an internet connection.

This creates a situation where your location doesn’t matter and you can easily switch between devices without losing your work. Also, unlike Azure Virtual Desktop’s consumption-based rate, Windows 365 offers flat subscription rates.

Functionality

Having seen what Windows 365 can bring to the table, you’ll probably need to know how the service functions. Firstly, you’ll need to determine what the needs of your organization are and then select a plan from the ones available.

And once you purchase a subscription, you can then link your Windows 365 product to an existing Microsoft account. With this done, all your apps, tools, data, and settings will become accessible from any device anywhere.

Moreover, Windows 365 is a fully customizable platform that allows you to customize the amount of power and storage that your Cloud PC uses both at the point of subscription and once you start using it.

One of the major challenges with existing cloud computing technology is the difficulty that one faces with scaling. So the fact that Windows 365 essentially eliminates this issue is a fantastic advantage. 

Another great tool that you have is the integration with Azure AD and Microsoft Endpoint Manager (MEM). For organizations that are already leveraging Azure virtual desktop infrastructure, Windows 365 will automatically integrate itself with your Azure AD infrastructure. In addition to your other virtual assets as well. Also, management and security policies can be applied to your Cloud PCs.

Cloud PC capabilities

The Cloud PC is designed to offer a better cloud experience than other services on the market. Including Windows traditional devices. Developed for hybrid working, Windows 365 can offer the kind of flexibility that allows seamless device changes without affecting the status of the work.

Not only that, but users will be happy to know that Windows 365 is compatible with other Microsoft 365 business applications. This means that you won’t miss out on your favorite apps such as Word, Planner, or SharePoint.

According to Wangui McKelvey, general manager for Windows 365, “However, the ability to work anytime, anywhere has become the new normal. All employees want technology that is familiar, easy to use, and available across devices. In the most complex cybersecurity environment we’ve ever seen, organizations need a solution that helps their employees collaborate, share, and create while protecting their data. We have the opportunity to develop the tools that enable this new world of hybrid work with a new perspective and the power and security of the cloud.“

Windows 365 also aims to tackle the security issues that organizations have been facing. And this can be done through integration with the security and identity management policies that you already have in place such as Azure AD.

Major features

There’s plenty to like about Windows 365 from the information that we have about the service so far. Features that enable this service to be a game-changer in the world of cloud computing. And these features include:

  • Instant boot to a personal Cloud PC,
  • Clients get the full Windows experience in the cloud,
  • Clients can also stream various applications, tools, data, and settings directly from the Microsoft cloud across any device,
  • You get a choice of running either Windows 10 or (once it’s available later this year) Windows 11,
  • Secure by design, and fully compliant with Microsoft’s Zero Trust principle,
  • Flexible per-user, per-month pricing plans at flat subscription rates,
  • A scalable set of virtual hardware parameters that lets you adjust to changing conditions whenever necessary,
  • Fully compliant with Azure AD and MEM,
  • Fast setup process that provisions your Cloud PC within minutes.

Addressing security concerns

Remote access has been essential during the pandemic in helping plenty of businesses to remain operational. But, the concern with working from home has always been how to maintain the security of an organization’s network.

This is why Windows 365 is attempting to resolve some of those security challenges by using a Zero Trust architecture. A service that also comes with multi-factor authentication (MFA). This means that login or access attempts to the Cloud PC will be verified using integration with Microsoft Azure Active Directory.

Furthermore, you will get options to delegate specific permissions such as licensing, device management, and cloud PC management using specific rules. This is in addition to getting to use Microsoft Defender for Endpoint to improve your overall security posture.

And then to make things even more secure, there is going to be high-level encryption for all stored data at rest, all managed disks running Windows 365-based Cloud PCs, as well as all network traffic to and from the PCs.

What else should you know?

One of the first questions you may be asking yourself as you find out more about Windows 365 is, is this for me? And according to Microsoft, Windows 365 is for all businesses regardless of size. As long as you need secure and agile hybrid work solutions for elastic workforces, distributed employees, etc, then this service can help you.

What about Windows Hybrid Benefit? This will also be available to you if you have a device with a valid Windows Pro 10 license. Each person assigned a Windows 365 Business license with a Windows Hybrid Benefit license must be the primary user of a Windows 10 Pro licensed device, and that device must be their primary work device.

Another thing that Microsoft says clients need not worry about is their apps. All apps that worked on Windows 7, Windows 8.1, and Windows 10 should have no issues on Windows 365.

In case of any issues, Microsoft will help you to fix them at no cost. And as far as devices are concerned, as long as you have an internet connection then most modern devices will work with the service. Also, with regards to bandwidth, how much you need will depend on the workload. The requirements for Windows 365 are as follows:

  • HTML5 browser,
  • DSL connection or a wireless internet connection capable of streaming a video.

Wrap up

When all is said and done, there is no escaping the fact that cloud computing has grown to become essential to how businesses operate. The endless possibilities that hybrid work environments can create can only mean good things.

But, the key to all of this is having a service that offers a great user experience as well as unquestionable cybersecurity. This is what Windows 365 claims to bring to the table.

An enhanced, modern cloud computing experience that is built on the foundation of other already successful Microsoft services. By leveraging the latter, Windows 365 has the potential to create a whole new paradigm.

Top 10 Benefits of Windows Autopilot

Gaining even the slightest advantage over your competitors can make a massive difference to the success of your business.

With so much technology available, you need to choose the right solutions for the growth of your organization. Windows Autopilot is a collection of technologies that helps you to make better use of your time. It does this by helping you to pre-configure new devices and thus reducing the time to productivity.

So, not only is this going to simplify the operations of your IT department, but it will also empower your employees. Below we’ll go over the top 10 benefits of Windows Autopilot to your business.

1.    Self-deployment

There are few better ways to enhance your productivity than by having new devices ready for business straight off the shelf. Any new Windows 10 devices that have been pre-enrolled in the Windows Autopilot program will be ready to use on arrival with zero-touch and no involvement from your IT team. When a user takes possession of such a device, all they’ll need to do is turn it on, connect to a network, and then wait a little.

2.    No OS re-imaging

This part of setting up new devices is one that has always taken up a significant amount of time. With IT departments having to manually install apps and drivers, manage infrastructure, and set policies, the process took relatively long. But, Windows Autopilot does away with all that. By using a smart and easy pre-configuration, all of this becomes an automatic process. Once you have set up an Autopilot profile in Microsoft Intune, all the Windows devices that you have under that profile will have these settings applied.

3.    Customize OOB experience

To save time, Autopilot allows you to customize the out-of-the-box experience (OOBE) in advance. All you need to do is set your organization’s preferences. And this will simplify things for end-users by eliminating entire sections during setup that previously required manual input. So now they’ll be able to get through the setup process much faster and with a lot less hassle. With this kind of capability, you can ship devices directly to end-users and they’ll be up and running in no time.

4.    Enrollment status

Bypassing IT when setting up devices is something that will understandably concern some people. However, Autopilot has an enrollment status feature to alleviate those concerns. What this feature does is to ensure that a device is fully configured, compliant, and secure before the end-user gains access. That way, IT still gets to assess devices, make sure that they are properly set up, and resolve any errors when issues arise.

5.    Independent of MDM

Can you use Autopilot if your organization doesn’t use Microsoft Endpoint Manager/Microsoft Intune? The answer is yes you can. Any MDM will work with Autopilot but for an optimum experience with all the features then Intune would be best. So for any business that prefers other non-Microsoft technologies, you can still reap the benefits that Autopilot offers. You may be missing out on using this fantastic technology because of some of the misconceptions that people have.

6.    Available for existing devices

This is another area that often requires clarification as some existing devices can qualify. To be specific, users with Windows 1809 and above can also benefit from Windows Autopilot for existing devices. IT people can now facilitate processes like Windows 7 to Windows 10 migration through Autopilot. They can do this by using a ConfigMgr task sequence and then followed by an Autopilot user-driven mode.

7.    Simple redeployment

Occasionally, certain devices will need to be given to new users or repurposed entirely. Autopilot makes wiping a device a simple process that you can do in minutes. And once that is done, you’ll have a device back in OOBE status and ready to be handed over to someone else. This new user will receive the device with the specific configurations that they need already in place. By making resetting devices this easy, Autopilot further empowers IT teams and enhances their productivity.

8.    Avails latest technology

By pre-configuring devices, Autopilot enables end-users to immediately gain access to the latest versions of essential tools. These include Microsoft technologies such as Teams, Word, PowerPoint, Excel, etc. And so without the need to wait on IT, end-users will have all the essential apps they need with all the necessary settings already applied. Furthermore, you no longer need to worry about third-party bloatware that is often a nightmare to deal with. 

9.    No maintenance of images and drivers

Custom images require a significant time investment to create and maintain. And they will need you to wipe every single device that your organization acquires. Undoubtedly, they place a lot of work on the schedules of your IT people. With Autopilot, however, these custom images become unnecessary. All you have to do during provisioning is to get in touch with the manufacturer to get the device ID.

Latest Updates for Windows 10 Driver Management

Microsoft has claimed that the main cause of Windows 10 or hardware failures has been the hardware drivers themselves. And this happens to be an area in which Microsoft has had no control.

In the past, Microsoft has given the driver update authority to the various hardware manufacturers. As a result of that, these manufacturers have retained the ability to directly push drivers to their users through the system update.

Given the number of issues that users have been facing, Microsoft has decided to make some adjustments to their driver update management policy. These updates will likely have a significant impact so let’s take a look and see what this means for us all.

Addressing the issues

In early 2020, Microsoft quietly went about the process of starting to address the driver issues that have been plaguing users. It started with the announcement that there was going to be an introduction of rolling out drivers in phases.

And this would differ from the past where all Windows 10 computers were receiving major and minor updates automatically via Windows Updates that were released on the same day for everyone. The idea with the phase system is to allow the pushing of updates to highly active devices from where Microsoft can then collect diagnostic data that helps to assess compatibility issues.

Also, Microsoft mentioned implementing a new policy where their hardware partners can now ask them to block Windows 10 feature upgrades on a PC running an incompatible driver. The widespread problems that arose from Microsoft being the only one doing the assessing and blocking necessitated this change in approach. By doing all of this, Microsoft can begin the process of resolving the countless headaches that we have been facing.

Driver installation

So to bring an answer to this issue, Microsoft made another announcement to the effect that they would be adjusting the automatic driver installation strategy for Windows 10 20H2 from November 2020.

This update is meant to provide users with a greater degree of control over the driver update and in this way you will have better stability. This new driver management model is going to give hardware manufacturers options, either automatic or manual.

This is what Microsoft has said regarding the adjustments that came in to effect on the 5th of November last year:

1. Automatic driver updates will automatically be installed on your machine either when you plug-in a peripheral device for the first time, or when a device manufacturer publishes a driver to Windows Update. In other words, there will be no change to the plug-and-play scenario when an automatic driver is available on Windows Update.

2. Manual driver updates can be installed manually on your machine if you specifically request them by navigating to Settings > Update & Security > Windows Update > View optional updates.

However, these changes will only affect devices that receive updates directly from Windows Update. So if you’re an IT professional who manages drivers for a business, then these adjustments won’t affect the way you operate.

Manual driver updates

According to Microsoft, the abovementioned adjustments should now enable you to see a clear distinction between automatic and manual updates in Windows Update. With the end goal being to create a total transformation of the management of drivers, something that began earlier in the year with the rolling out of updates in phases.

All this should give users greater control by redefining the servicing of manual drivers for machines running Windows 10, version 2004 and later. Previously, when a user would connect a peripheral device with an optional driver such as a camera to their machine for the first time, there would be an automatic installation of that driver. Instead, with the changes that Microsoft has implemented, you now have control over how you proceed.

Driver distribution

When you submit a driver to Windows Update, the Driver Delivery Options section will present you with two radio buttons: Automatic and Manual. Under the Automatic option, there are two further options:

  • Automatically delivered during Windows Upgrades – under this option, drivers are classified as a Dynamic Update. When upgrading the OS, this is where Windows will automatically preload drivers.
  • Automatically delivered to all applicable systems – when you select this option, the drivers will be downloaded and installed automatically on all applicable systems once they are released.

How to submit a driver to Windows Update

Publishing a driver to Windows Update will require the creation of a hardware submission. Once that is done you can then proceed with the steps given below:

1) Find the hardware submission with the driver that you want to distribute.

2) Head over to Distribution and select New shipping label.

3) Under shipping label, go to Details and enter a name for the shipping label in the space provided. It’s this name that will allow you to search for and organize your shipping labels.

4) In the Properties section you will need to fill in the following fields: Destination, Specify the partner (if any) that is allowed visibility into this request, and Driver Delivery Options.

5) Go to Targeting and choose the driver package that you want to publish.

6) At this point, Select PNPs is now available so you can go ahead and choose the hardware IDs that you want to target.

7) Enter each CHID into the text box and select Add CHID(s) if you would like to add them.

8) You can limit public disclosure of your Shipping Label in the Windows Update Catalog and WSUS Catalog, by checking the Limit Public Disclosure of this Shipping Label information box.

9) If your driver targets Windows 10 in S mode, then you will need to select both boxes.

10) Select Publish to send your request to Windows Update or Save if you don’t want to publish as yet.

Optional installation

The optional updates feature is now available to users that have upgraded to Windows 10 20H2. With this feature, the system will let you know of the availability of device drivers other than the ones that the PC is currently using. If you go to the View optional updates section, you’ll see where it says Driver updates. And if you click on it, it will display a list of all the device drivers that are available for the target PC. Essentially what you get with this feature is the ability to install specific drivers if and when necessary. Otherwise, automatic updates will keep your drivers updated.

To install any of these drivers, simply follow the steps below:

1) Press WinKey + I to launch the Settings app.

2) Go to Update & Security and click on Windows Update.

3) Over on the right side, you’ll see View Optional updates just under the Check for updates button. Click on it.

4) Under the Driver Updates section, you’re going to find a list with all of the available updates for the computer.

5) Check all the boxes corresponding to the device drivers that you want to install. Click Download and install.

Windows 10 October 2020 Update common problems — and the fixes | Windows  Central

Windows 10 will then immediately start downloading the chosen driver updates. Once the process is complete, the system will install the updates and prompt the users to Restart Windows.

Should you install optional updates?

As mentioned above, you can install optional device drivers if the need for them arises. For instance, when doing a clean install of Windows 10, some may find it preferable to manually install graphic drivers that you download from Intel and NVIDIA.

However, it’s important to note that Windows will still automatically install all mandatory updates, including security updates and non-optional cumulative updates. Therefore you don’t need to worry about automatic driver updates because this new approach won’t affect them. This is because they will continue to be installed via Windows Update when they are published by the manufacturer or when you connect the device.

So with optional updates, Microsoft has changed the system such that driver updates are no longer forced on you. You can select those that you want and block any that give you problems. Most users will probably be leveraging this functionality for those times when compatibility issues arise.

Potential issues

Microsoft’s new model for driver management aims at resolving the multitude of problems that users have been grappling with. However, this new model is not without its potential issues. As much as it may give users more control, it’s also going to present challenges for peripherals that don’t have automatic drivers readily available.

This is because not everyone may be aware that they need to go to Windows Update and manually download the necessary driver for the hardware to work. Without this, Windows will return a Driver Not Found error that may leave more than a few people stuck.

Since Microsoft is also going to be blocking users from applying OEM or manufacturer drivers if Windows can’t verify software publisher, this will probably lead to a few driver errors when Microsoft is unable to verify the drivers. If verification fails, there are two error messages that you’ll likely see with the first being “Windows can’t verify the publisher of this driver software” and the second “No signature was present in the subject”. Microsoft’s advice in these scenarios is that you contact the manufacturer and ask them to upload the driver with appropriate fixes.

Key differences

Under the View Optional updates link, users get to view the optional updates that they won’t receive automatically. Using this link will replace having to use Windows 10’s Device Manager controls to find optional updates.

With Microsoft making minor adjustments to how Windows 10 drivers arrive for Windows Update service users, it’s important to note that this change is more than just a simple user-interface modification.

Those using the newer version of Windows 10 will get updated drivers only when they search for them using the View optional update command. And they’ll be getting only the drivers that are already on the device without searching for new ones via the Windows Update service.

In Windows 10, version 1909 and earlier, Windows Update automatically distributes manual drivers when:

a) a device has no applicable drivers available in the Driver Store (raising a “driver not found” error), and there is no applicable Automatic driver

b) a device has only a generic driver in the Driver Store, which provides only basic device functionality, and there is no applicable Automatic driver

But for users of Windows 10, version 2004, Windows Update distributes only Automatic drivers for a system’s devices. When Manual drivers are available for devices on the computer, the Windows Update page in the Settings app displays View optional updates.

Time to enhance driver management

The challenges that we have all witnessed in recent years were in dire need of a solution. And a major one at that. The countless incompatibility issues that saw the trashing of Windows 10 were slowly but surely eroding the confidence that users have in the operating system.

Problems such as audio not working, system crashes, slow performance, etc, are significant issues that can severely hinder the productivity of a business. So it’s not really a surprise when we look at all the updates that Microsoft made to its driver management policy in 2020.

Security has improved and the new driver management model is a more stable platform that gives users greater control. And all of this you’ll get without having to worry about key updates being affected. Those are still performed automatically to ensure that your system remains as secure as possible. Undoubtedly, there are still a few bugs to iron out here and there, but the rapidly improving system is certainly enhancing the Windows 10 experience.

Modernize Your Business With Azure Active Directory

The capabilities of the cloud have literally changed the way organizations view remote work. Because it is designed to simplify access from anywhere, the cloud allows organizations to efficiently manage their remote workforce by handling more typical in-house IT tasks. Azure Active Directory (Azure AD) is one of the key technologies that can improve how your business operates. So what is it and how can it help you?

What is Azure AD?

Plenty of office networks utilize Microsoft’s Active Directory to manage policies and permissions. What Azure AD does is to put that capability on the cloud. In short, it’s a cloud-based directory and identity management system. This infrastructure will enable your employees to sign in and access external resources in Office 365 as well as other SaaS applications. Being entirely cloud-based means that Azure AD can serve as your only directory or use Azure AD Connect to sync up with your on-premises directory.

 Transforming your business

Azure AD gives IT complete control over access to apps and resources. This is because of security protocols such as conditional access and MFA. By using built-in governance controls, IT can also apply automated lifecycle management and privileged access limitations. For end-users, they are going to benefit from faster and easier access to corporate resources using various devices and from just about anywhere. And with support for other virtual tools and operating systems, Azure AD enables you to leverage the technologies that are best for you.

Business security will improve

Azure AD has a wide range of security protocols to safeguard your organization from malicious or accidental issues. These include multi-factor authentication (MFA), privileged identity management (PIM), conditional access, and threat detection. Using MFA and conditional access will give you improved application security and management control. And then you also have advanced threat protection that gives you access to comprehensive reporting that monitors application usage. With this, you can apply enhanced security measures to protect your business.

Improving customer security

Customers need hassle-free solutions with robust security to optimize their experiences. And with Azure AD B2C you get a product that fully delivers. It uses reliable, proactive security measures to ensure world-class protection. Customers will get highly secure access across your web and mobile apps through MFA. Add threat detection to that and customers can have peace of mind knowing that their identities are very secure. Because the platform is based on Microsoft Azure, you’ll also retain the significant potential to scale according to your needs.

Adapting to innovation

Trying to hold on to legacy systems can prove very costly to a business. Not only are they costly to maintain but the complexity of running them is hardly worth it. Technology such as Azure Active Directory offers you incredible benefits for modernizing your infrastructure. With increased security and customer satisfaction, reduced overhead, and more streamlined operations, it’s worth signing up for or at least reading up on these technologies.

Building a Modernizing Infrastructure Using Microsoft Technologies

If what you have is working great, then why change it? While that may very well be true, every business needs to adapt to the times and modernize if they want to maintain their success. Otherwise, your rivals won’t hesitate to take advantage if they can. Take Nokia for instance.

During the 90s, it dominated the smartphone market and at its peak in late 2007, it had a 50.9% share of the smartphone market. Yet, just 6 years later that number had plummeted to just 3.1%. Other companies came in with new technologies, the market changed, and Nokia has never fully recovered.

Modernizing helps you to expand your capabilities while reducing operational costs. And by leveraging cloud capabilities, you can unlock the limitless potential that can take your business to the next level. Microsoft Technologies provide you with the ideal platform to transform your IT infrastructure. And in this blog, we’ll show you just what these solutions can add to your business.   

Created for evolving businesses

Technology has changed the way businesses operate. The various solutions that are available to us have created new markets as well as exciting ways to serve clients. Whether it’s the scalability that Azure gives you, the flexibility provided by Endpoint Manager, or the security you get with Microsoft Defender ATP. The benefits are plenty. Evolving businesses can put themselves in a position where they reduce their overhead, streamline their operations, and market themselves better. Microsoft has recognized the needs that businesses have regarding effective IT solutions. 

Overview of Microsoft Technologies

The Microsoft Technologies that we’ll be going over consist of brilliant tools that will modernize your IT infrastructure. Rather than being individual entities that operate completely apart, Microsoft has designed these technologies such that they can function together. This will enhance your overall IT management and bring greater efficiency to your organization. The following technologies are going to be the focus of this blog:

1) Azure Active Directory

Microsoft’s cloud-based multi-tenant identity and access management service enables employees to sign in and access services from anywhere. Azure Active Directory (Azure AD) has plenty of features that help modernize your infrastructure, among which:

  • Application management: manages all apps, both cloud and on-premises, using Application Proxy, single sign-on, the MyApps portal, and any SaaS apps.
  • Authentication: manages Azure AD self-service password reset, MFA, smart lockout, and custom banned password list.
  • Conditional access: enforces and maintains control over access to your cloud apps.
  • Device management: controls the access that cloud and on-premises devices get to corporate data.
  • Business-to-business: helps you to maintain control over corporate data by managing guest users and external partners.
  • Reports and monitoring: allows you to receive insights concerning the security and usage patterns in your environment.

Key benefits

The advantage you’ll get from features like single sign-on is that employees won’t need multiple sign-ons for all their apps so password compliance issues are reduced. Simplified collaboration with guest users is possible because Azure AD allows you to invite these users into your directory to assign access. Also, the availability of real-time monitoring in conjunction with MFA and conditional access provides your organization with excellent application security and management control. And if you have productivity solutions that aren’t Microsoft products, you can still use them because Azure AD supports other OS and virtual tools.

2) Windows Autopilot

Windows Autopilot is Microsoft’s solution for transforming the provisioning of devices into an automated and friendly process. It aims to eliminate the countless, painful hours spent manually setting up devices. Undoubtedly, this is a product that will be a big hit with IT teams and it should please most employees as well. Its features include:

  • User-driven mode: provides a simple do-it-yourself approach to setting up new devices. This enables end-users to quickly get up and running without needing IT.
  • Self-deploying mode: allows you to deploy a Windows 10 device as a kiosk, digital signage device, or a shared device with minimal user interaction.
  • Support for existing devices: makes the process of deploying the latest version of Windows 10 to your existing devices quick and painless. In addition, whatever apps you need will be installed automatically and you’ll get your work profile synched as well.
  • Pre-provisioned deployment: partners and IT can pre-provision Windows 10 devices and have them business-ready for companies and their end-users.
  • Windows Autopilot reset: allows you to easily repurpose a device by wiping personal files, apps, and settings then restoring the device’s original settings.
  • Enrollment Status Page (ESP): the ESP tracks the setting up of the device to ensure that the device is fully configured correctly before the end-user can gain access.

Key benefits

As the saying goes, time is money. Hence the importance of the customized out-of-the-box experience (OOBE). It gets devices set up according to an organization’s preferences so that when the end-user receives it, they can immediately start using it. And they’ll have all the collaboration and productivity apps they need already installed. You’ll also gain time by not having to do any OS re-imaging because it’s done automatically. All of this will help to create an environment that empowers the user thereby increasing productivity rather than the restrictive nature of legacy IT.

3) Microsoft Endpoint Manager

Announced at Ignite 2019, Microsoft Endpoint Manager (MEM) is a brilliant development that merges ConfigMgr and Intune into a unified management platform. And you’ll get a lot of services with the product including co-management, Desktop Analytics, and the above-mentioned Windows Autopilot. MEM plays a key role in demonstrating the integration of Microsoft Technologies. Moreover, clients who already have Microsoft 365 licensing can benefit from the majority of the technologies that are within Microsoft Endpoint Manager.

What can MEM do for you?

According to Brad Anderson, Microsoft corporate vice president for Microsoft 365, MEM came about as a way to resolve the confusion surrounding modern management. It offered simplicity. And this simplicity should ease the way of doing business. For clients with ConfigMgr licenses, they automatically get Intune licenses thus enabling them to co-manage their devices.

With up to 190 million devices currently under ConfigMgr or Intune management, IT will get incredible insights that you can use for problem-solving and device deployment. MEM allows you to utilize the cloud where all data is stored in Azure thus eliminating data centers. This gives you the mobility advantages of the cloud as well as the security of Azure. However, some organizations prefer mixed environments so you can still use the cloud while retaining your on-premises infrastructure.

4) MSIX

The endless packaging and repackaging of applications has been the source of constant headaches over the years. Whenever you’d purchase new software, the problems would begin. Someone had to come up with a solution, and thus MSIX came to the fore.

MSIX is a universal package format designed for Windows 10 apps and has support for desktop, mobile, and all other Windows 10 devices. It’s an improvement on AppX and aims to resolve app packaging issues. The UWP features, app customization, and support for all Windows applications make MSIX a massive improvement on the currently available installers. Key features include:

  • Reliability: MSIX can just about guarantee installs with a success rate standing at a very impressive 99.96%.
  • Network bandwidth optimization: MSIX only downloads the 64k block and this allows for a reduction in impact to network bandwidth. It does this by leveraging the AppxBlockMap.xml file that’s in the MSIX app package.  
  • Disk space optimizations: MSIX doesn’t duplicate files across apps and Windows will manage the shared files across apps. Because apps remain independent, updates won’t affect other apps that share the file.

What you stand to gain

Microsoft has created a product that gives you the advantages of both MSI and AppX while eliminating their limitations. And it doesn’t just work on Windows only. You can use it on Linux, OSX, iOS, and Android. MSIX enables you to take a huge step towards modern management. Instead of the previous uncertainties, it offers you safety, reliability, and predictability of deployment. Security is enhanced as well with Windows giving you integrity for apps through tamper protection and policy controls.

5) Microsoft Defender ATP

As amazing as the above technologies are, you cannot successfully modernize your IT infrastructure without effective cybersecurity. In fact, all your efforts would probably be futile. But, with Microsoft Defender Advanced Threat Protection (MDATP), you get an enterprise endpoint security platform that enables your enterprise networks to prevent, detect, investigate, and remediate advanced threats.

Main capabilities

  • Endpoint behavioral sensors: these are sensors that are embedded in Windows 10 that collect and process behavioral signals from the OS. This data is then sent to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
  • Threat and vulnerability management: MDATP has an overview of all the software on a device and can detect security vulnerabilities. It can then provide security recommendations for remediating endpoint vulnerabilities and misconfigurations.
  • Attack surface reduction: this capability enables you to put in place controls that reduce areas that are vulnerable to cyberattacks. With proper configuration settings and application of exploit mitigation techniques, this capability will resist attacks and exploitation.
  • Next-generation protection: MDATP offers you next-generation protection to catch all types of emerging threats.
  • Endpoint detection and response (EDR): EDR is designed to target advanced threats that make it past the first two security pillars.
  • Automated investigation and remediation: these capabilities help to create a reduction in the volume of alerts in minutes at scale.  
  • Microsoft secure score for devices: this tool will help you to carry out an assessment of the security status of your enterprise network and identify unprotected systems. After which, you can apply recommended actions to improve the overall security of your organization.

6) Windows Virtual Desktop

The advances that are happening in the field of technology not only enhance the modern workplace but can also completely change it. And with the internet creating “one global village”, the popularity of remote work has grown significantly. But for this to work, you need effective solutions. Enter Windows Virtual Desktop (WVD).

WVD is a desktop and app virtualization service that leverages the power of Microsoft Azure and runs on the cloud. So it can deliver a virtual desktop as well as remote apps to any device. Depending on your needs, you can configure WVD to run Windows 10 Enterprise, Windows 7 Enterprise, or Windows Server 2012 R2, 2016, 2019.

Benefits to your organization:

  • WVD gives you the ability to deliver Windows 10 desktops on any device, anywhere. By extension, you’ll give your employees an optimum virtual experience.
  • Cybersecurity is crucial and WVD has in-built intelligent security that is fully capable of proactive threat detection and remediation. Security protocols such as Azure Firewall, Azure Security Center, Azure Sentinel, and Microsoft Defender ATP ensure that corporate data is highly secure.
  • Your organization can become more efficient and productive because deployment and scaling can be carried out easily and quickly.
  • Utilizing the modern cloud-based virtual desktop infrastructure (VDI) is a great way to save costs. You’ll only pay for what you use.
  • Another way in which you’ll save costs is licensing. WVD is a free service so it comes with your Microsoft 365 or Windows per-user license.

Maximizing potential

By now most organizations are starting to appreciate just how legacy technology can hold them back. Instead of holding on to what has worked in the past, it’s important to know that technology can expire. Therefore, transformation is a must. Modern infrastructure will help you to reduce your costs, improve your cybersecurity, and provide easy and convenient access to corporate resources from anywhere. Microsoft has a vast array of technologies that can take your organization to the next level. The powerful and flexible hybrid-cloud architecture is something that we can all benefit from.

How AppLocker Improves Security and Compliance

The security of your organization is not something that you can afford to leave to chance. The wave of cybercrime over the last few years has been unrelenting. This is why you need to take advantage of platforms such as AppLocker. By leveraging its application whitelisting feature, you’ll get a very powerful way of stopping a multitude of attacks. And if you configure it correctly, you can massively increase the amount of time it would require for a cyberattacker to get around the system. This is the kind of technology that can enhance the security of your organization. Hence why we need to discuss just how AppLocker will help you with security and compliance measures.

Securing your organization

Arguably the biggest security risk for most organizations comes from employees simply running applications. As long as users can run executables or have access to files that can potentially contain malicious code, your organization is at risk. Such incidents could compromise the entire network and not just a single device. So by helping you to determine which files and applications users can run, AppLocker immediately improves your security. These files can include DLLs, scripts, Windows Installer files, and packaged app installers. Giving system admins greater control in these particular areas will shore up your business’ defenses.

Control allowed software

To maintain high-level security for corporate data and your business as a whole, system admins need to be strict about which softwares and applications are allowed to run. Otherwise, you risk giving access to software that can create vulnerabilities in your network. AppLocker is fully capable of denying applications from running when you exclude them from the list of allowed apps. And in the production environment, when AppLocker rules are enforced any apps that are not in the allowed rules are blocked from running. Therefore, users can’t intentionally or accidentally run software that is explicitly excluded from the allowed list.

AppLocker rules

AppLocker has several different types of files that it can block. This makes it extremely efficient in its whitelisting capabilities because it’s highly unlikely that anything that you want to block will make it through. The types of files that AppLocker can block include the following:

  • Executable files such as .exe, and .com
  • Windows installer files such as .mst, .msi and .msp
  • Executable files such as .bat, .ps1, .cmd, .js and .vbs
  • DLL executables
  • Packaged app installers such as .appx

The organization of the above into rule collections is something that will help you to easily differentiate the rules for different types of apps.

Default rules

In addition to the above, AppLocker also gives you default rules for each rule collection. These rules are allowed in an AppLocker rule collection and they are necessary if Windows is to function correctly. To start, you’ll have to go and open the AppLocker console. Having done that, right-click the appropriate rule type for which you want to generate default rules automatically. You can automatically create executable rules, Windows Installer rules, script rules, and packaged application rules. Lastly, click on Create Default Rules.

Monitoring app usage

After you set your rules and deploy the AppLocker policies, monitoring app usage can help you assess whether policy implementation is per your expectations. To understand what application controls are currently enforced through AppLocker rules, you can:

  • Analyze the AppLocker logs in Event Viewer.
  • Enable the Audit-only AppLocker enforcement setting to ensure that the AppLocker rules are properly configured for your organization.
  • Review AppLocker events with Get-AppLocker File Information.
  • Review AppLocker events with Test-AppLocker Policy Windows PowerShell cmdlet to see whether any of the rules in your rule collections will be blocked on your reference device or the device on which you maintain policies.

Main advantages

Several benefits come with AppLocker that help to make it a more attractive option for any business looking to enhance security and compliance. The first thing is the cost. How much you ask? Well, if you already have the enterprise edition of Windows Server, then there is no extra cost to talk about. Moreover, AppLocker comes as an integrated part of Group Policy, which most Windows Admins are already familiar with. Because of that, this can simplify the AppLocker user experience and make it a seamless one. Also, any AppLocker policy can be imported into Intune as an XML file giving you a similar level of control of apps for MDM-enrolled devices as you would for on-premises, domain-joined devices. And to further save you productive time, Windows internal apps are automatically whitelisted.

Why consider AppLocker?

Even with all the security benefits available, as an organization, you still have to determine whether or not you actually need AppLocker. And for most, the answer will probably be a resounding yes. If your organization needs the ability to verify which apps are allowed to run on your corporate network, then you need AppLocker. Furthermore, if you want to check which users are allowed to use the licensed program, then you probably also need it. To these, you can also add organizations that need to provide audit logs containing the type of apps that clients have been running. And of course, wherever there is a need to prevent overzealous users from running random software, AppLocker can play a significant role.

Wrap up

Only the best technology will do for any organization that seeks to keep cybercriminals away. Attacks are being orchestrated from all around and the degree of sophistication is constantly changing. Therefore, organizations need to take proactive measures to stay ahead of hackers. And platforms such as AppLocker can enable you to do that. By setting up blocks for different types of files and software, you instantly reduce your surface area of attack. It’s time to leverage all available technology to fight back against cybercrime.

7 Microsoft 365 Tools for IT Professional and Admin Training

A lot of people are familiar with Microsoft software and have been using it for years. However, new products as well as updates are constantly being rolled out. As such, it’s important to educate yourself on all the new features that are available in order to optimize the user experience. Microsoft 365 (M365) has plenty of amazing features that can vastly improve how you operate. And there are several training tools available to help fully equip you with the necessary skills to run M365. It’s these tools that we’ll go over below to see just how they can help you.

Video Hub

Poring over countless pages of documents can be a painstaking task for most people. It’s something that can very easily put one off from learning something. Fortunately, Microsoft 365 gives its clients a great alternative. With Video Hub you’ll get to do you learning through watching videos that will provide you with all the expertise you need. This platform contains over 150 technical videos about Microsoft technologies. Also, if you happen to have any questions, there are subject matter experts available to answer those for you. By using Video Hub, you will undoubtedly enhance your learning experience and gain new skills.

Instructor-led courses

To further sharpen your skills, Microsoft also has courses available that are taught by experts. Depending on your preference, you have the choice of taking the course online or in person. Moreover, the courses are taught by Microsoft Certified Trainers so you can be certain that you’ll be receiving a quality education. In addition, the web page comes with a filter so you don’t have to browse over a hundred courses searching for what you need. You get to pick the material that you want to learn and focus on that only. So whether you’re a beginner or advanced, an administrator or a developer, there are courses available for you.

Certification

The tools mentioned above can help you on your journey to get certification. For a lot of people, this is the goal as it will help to improve your prospects. Microsoft certification shows that you are keeping up with recent technological advances as well as the requirements that come with various roles. Similarly to the courses above, the certifications page also has a filter that will point you to the material that you need. Doing these certifications will boost not only your productivity as an individual but your value to your organization as well. Additionally, these certifications have great potential to advance your career and prepare you for future possibilities.

Online providers

Apart from Microsoft, you can also find online service providers that can provide you with the training you need. Having alternative options gives clients a lot more convenience as well as the choice of how they want to proceed with their learning. These courses can help individuals to get an in-depth understanding of the administrative capabilities of Microsoft 365. And the key thing here is to search for courses that are led by Microsoft certified trainers. Otherwise, you may end up receiving training that will not be recognized in the future. 

Microsoft Learn

Microsoft Learn is an exciting sandbox-based learning platform that enables people to learn about various technologies. By putting everything together in one place, Microsoft makes IT professional and admin training a whole lot simpler. All you need to get started is to set up a Microsoft account if you don’t already have one. It’s a very simple process that just requires you to fill in your details. Another great benefit that you get from this platform is the fun aspect of the learning process. Things such as points and trophies awarded for reaching certain goals serve to add a little fun to the learning process.

Learning paths and modules

Microsoft offers various learning paths and modules that are designed to fully equip you with the knowledge you need. You’ll find close to 300 options available on this particular web page. So this is an area that will provide you with step-by-step guidance to mastering Microsoft products. With some of these having no prerequisites it means that you can select a learning path or module and jump straight in. You’ll need to dedicate a couple of hours to learning the material but you can do it at your convenience. If you’re looking for efficient learning platforms then this is what you need.

YouTube tutorials

In addition to the Video Hub that you get from Microsoft, you’ll find that YouTube is also a rich source of learning material. In fact, Microsoft has the vast majority of M365 videos that can be found on YouTube. The advantage of using this platform is that you get to learn from various individuals. Although some may not be Microsoft certified trainers, they can still provide you with a great learning platform. Sometimes all you need to understand a challenging concept is for someone to explain it in a slightly different way and it’s as if a light has been switched on. Without a doubt, YouTube can be a valuable learning tool, if used with discretion of course.   

Equipping yourself

Technology is moving at a very rapid pace that makes it difficult to keep up with. And because of that pace, it’s not always feasible to physically attend classes or seminars to learn what you need. Fortunately, for Microsoft 365 users they get plenty of tools to provide them with adequate training. These tools allow you to enhance your skills at your own pace and gain Microsoft certification. All of which you can achieve in the comfort of your own home. Whatever you need to learn is potentially just the click of a button away.

New Microsoft Edge based on Chromium – error status: 1603

I recently ran into to an issue deploying the New Microsoft Edge, for some reason it kept failing with Error status 1603 on most of the systems.

The deployment version was version: 87.0.664.47
It kept failing on a lot of systems with build: 1803, I did suspect a missing KB of some kind, but did not find any apparent prerequisites missing.

Tried the same method for the latests version – 87.0.664.60, both downloaded from: https://www.microsoft.com/en-us/edge/business/download and everything seem to be working, now deployed to more then 2000 systems.

CustomAction DoInstall returned actual error code -2147219187 (note this may not be 100% accurate if translation happened inside sandbox)

Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action DoInstall, location: C:\WINDOWS\Installer\MSI9085.tmp, command: /silent /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft Edge&needsAdmin=True&usagestats=0&ap=stable-arch_x64" /installsource enterprisemsi /appargs "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%2C%22msi_product_id%22%3A%2292749E40-069E-3467-BB1F-78BB266190E2%22%2C%22allow_downgrade%22%3Afalse%2C%22do_not_create_desktop_shortcut%22%3Afalse%2C%22do_not_create_taskbar_shortcut%22%3Afalse%7D%7D" 

MSI (s) (10:A8) [13:21:48:649]: Product: Microsoft Edge -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action DoInstall, location: C:\WINDOWS\Installer\MSI9085.tmp, command: /silent /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft Edge&needsAdmin=True&usagestats=0&ap=stable-arch_x64" /installsource enterprisemsi /appargs "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&installerdata=%7B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%2C%22msi_product_id%22%3A%2292749E40-069E-3467-BB1F-78BB266190E2%22%2C%22allow_downgrade%22%3Afalse%2C%22do_not_create_desktop_shortcut%22%3Afalse%2C%22do_not_create_taskbar_shortcut%22%3Afalse%7D%7D" 

MSI (c) (C4:44) [13:21:48:771]: Windows Installer installed the product. Product Name: Microsoft Edge. Product Version: 87.0.664.47. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

Any ideas, other then deploying latest and greatest? Let me know

Deploy Microsoft Edge Chromium Using PowerShell App Deployment Toolkit (PSADT)

The new Microsoft Edge  is based on Chromium and was released on January 15, 2020. It is compatible with all supported versions of Windows. Installing the browser will replace the legacy version of Microsoft Edge on Windows 10.

PowerShell App Deployment Toolkit (PSADT) is a great framework to deploy and manage application deployment – it is free of charge and can be downloaded from https://psappdeploytoolkit.com/

The script is published here on Github

This deployment script example does the following within the PSADT framework:

Pre-Install:
If Microsoft Edge is open, it will prompt the user to close it or delay the deployment 3 times (Comment line 120 if you prefer to just shut it down)
As a Pre-installation task it searches the add/remove program list for any version of Microsoft Edge and uninstalls it.

Install:
It then installs the MSI file from the Files directory – MicrosoftEdgeEnterpriseX64.msi
The latests version of Microsoft Edge for Business version can also we downloaded from – https://www.microsoft.com/en-us/edge/business/download

Uninstall:
Uninstalltion is performed using the name from Add/remove programs (same as for the pre-install step) so this will require no changes. (Line 181)

Repair:
If needed repair can be enabled (or updated for other versions)
(Modify line 203 if deploy other versions)

Microsoft Edge follows the Modern Lifecycle policy. Learn more about supported Microsoft Edge releases.

Controlling User App Access With AppLocker

Most organizations could probably gain some benefits from deploying application control policies. This is something that your IT guys could use to make their work easier and improve the overall management of employee devices. AppLocker is a platform that will give admins control over which apps and files users can run including packaged app installers, scripts, executable files, Windows Installer files, DLLs, and packaged apps. Because of its features, AppLocker will help organizations to reduce their admin overhead and the cost of managing computer resources. With that said, let’s go over how AppLocker helps you to control user app access.

Installation

Users that are running the enterprise-level editions of Windows will find that AppLocker is already included. Microsoft allows you to author rules for a single computer or a group of computers. For single computers, you’ll need to use the Local Security Policy Editor (secpol.msc). And for a group of computers, you can use the Group Policy Management Console to author the rules within a Group Policy Object (GPO). However, it’s important to note that you can only configure AppLocker policies on computers running the supported versions and editions of the Windows operating system.

Features of AppLocker

AppLocker offers its clients several great features to help you to manage access control. It allows you to define rules based on file attributes and persisting across app updates. These include publisher name, file name, file version, and product name. You can also assign rules to individual users or security groups as well as create exceptions to rules.

In order to understand the impact of a policy before enforcing it, AppLocker allows you to use audit-only mode to first deploy the policy. Another feature enables the creation of rules on a staging server that you can test before exporting them to your production environment and importing them into a Group Policy Object (GPO). And then by using Windows Powershell cmdlets for AppLocker, you’ll have an easier time creating and managing rules.

Enhancing security

AppLocker works well at addressing the following security scenarios:

  • Application inventory: AppLocker policies can be enforced in an audit-only mode where all application access activity is registered in event logs.
  • Protection against unwanted software: you can exclude from the list of allowed apps any app that you don’t want to run and AppLocker will prevent it from running.
  • Licensing conformance: AppLocker enables you to create rules blocking the running of unlicensed software while limiting licensed software to authorized users.
  • Software standardization: to have a more uniform application deployment, you can set up policies that will only allow supported or approved apps to run on PCs within a business group.
  • Manageability improvement: AppLocker has improved a lot of things from its predecessor Software Restrictions Policies. Among those improvements are audit-only mode deployment, automatic generation of rules from multiple files, and importing and exporting policies.

Apps to control

Each organization determines which apps they want to control based on their specific needs. If you want to control all apps, you’ll note that AppLocker has policies for controlling apps by creating allowed lists of apps by file type. When you want to control specific apps, a list of allowed apps will be created when you create AppLocker rules. Apart from the apps on the exception list, all the apps on that list will be able to run. For controlling apps by business group and user, AppLocker policies can be applied through a GPO to computer objects within an organizational unit.

Allow and deny actions

Because each AppLocker rule collection operates as an allowed list of files, the only files that are allowed to run are the ones that are listed in this collection. This is something that differs from Software Restriction Policies. Also, since AppLocker operates by default as an allowed list, if there is no explicit rule allowing or denying a file from running, AppLocker’s default deny action will block that file. Deny actions are typically less secure because a malicious user can modify a file thereby invalidating the rule. One important thing to remember is that when using the deny action on rules, you need to first create rules allowing the Windows system files to run. Otherwise, a single rule in a rule collection meant to block a malicious file from running will also deny all other files on the computer from running.

Administrator control 

The last thing most organizations would want is any standard user or worse a malicious one modifying their policies. Therefore, AppLocker only allows administrators to modify AppLocker rules to access or add an application. For PCs that are joined to a domain, the administrator can create AppLocker rules that can potentially be merged with domain-level rules as stated in the domain GPO.

Is AppLocker for you?

If you see the need to improve app or data access for your organization then AppLocker is something you should be considering. Also, if your organization has a known and manageable number of applications then you have an additional reason. Ask the question, does your organization have the resources to test policies against the organization’s requirements? Or the resources to involve Help Desk or to build a self-help process for end-user application access issues? If yes to the above, then AppLocker would be a great addition to your organization’s application control policies.

Wrap up

Software that enhances the way an organization controls access to its applications and data can play a significant role in boosting efficiency. AppLocker is one such platform. With all the great features available, it can easily become a fantastic tool for your IT team. Not only does it simplify access control management, but its various actions will also result in greater security. Without a doubt, AppLocker can be a valuable addition to your application control policies.