Microsoft Intune: 7 Benefits of Remote Device Controls

Posted on by
Reply

It goes without saying that the year 2020, in particular, placed a new emphasis on the importance of remote work. Although a lot of organizations had already been exploring bring-your-own-device (BYOD) policies, that need is even greater today.

And so it’s not surprising to see technologies like Microsoft Intune take center stage in these discussions. Management of your remote workforce is a task that can get very complex and put your security at risk. This is why we need to look at what Microsoft Intune can offer and how remote device controls benefit you.

What does Microsoft Intune control?

Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It can control:

  • How devices such as laptops, tablets, and mobile phones are used within your organization,
  • The configuration of specific policies to control apps,
  • The use of personal devices for school or work, and enhance security by isolating organization data from personal data.

All these controls and more will improve overall device management and data security by employing strict access controls.

Use and secure multiple devices

One of the major benefits that your employees will get from Microsoft Intune is having a choice of device. They can easily enroll and register devices from a choice of several. And then they can install corporate applications on the chosen devices from the organization’s self-service portal.

The key thing, however, is that your IT team retains control over the devices that have access to the corporate network. Administrators are the people responsible for setting up compliance and enrollment policies. Therefore, your organization can maintain high levels of security and control over all devices, especially those of your remote workforce.

Limit employee access

Sometimes, an employee who needs to check their email may decide to do so from a computer in the hotel lobby, for instance. Scenarios like this can cause huge security issues in your network. To counter this, Microsoft Intune will block any devices that are not under its management from accessing corporate resources.

Remote device controls allow you to keep out any device that does not meet the criteria that administrators have put in place. Conditional access will only be granted to corporate-owned devices, BYOD devices that meet compliance regulations, and devices that follow any other criteria that you set up.

Administer mobile devices

In a world where people are always on the go, your employees may inevitably at some point need to use their mobile devices. And Microsoft Endpoint Manager provides you with several options for administering managed devices. These include:

  • Microsoft Teams: a platform that promotes teamwork by chatting, meeting, and collaborating regardless of location.
  • Quick Assist: a Windows 10 app where two people can share a device over a remote connection.
  • TeamViewer: a third-party program that enhances remote access and support.
  • Remote Control: a feature that helps you to remotely administer devices and provide assistance.

By leveraging these tools, you can have remote device controls that give you a secure platform to administer devices.

Leverage Remote Control

Remote Control is a feature of Microsoft Endpoint Configuration Manager that you can use to remotely administer, provide assistance, or view any workgroup computer and domain-joined computer. This is something that enables IT professionals to connect and interact with a customer user session.

In addition to the remote assistance that IT can offer, the remote control viewer is also available on all operating systems that are supported for the Configuration Manager console. So instead of having to wait on someone to come in person and attend to an issue, IT can provide the necessary assistance remotely.

Enhance remote management

Microsoft has a habit of teaming up with great partners that can vastly improve the user experience for their clients. To assist IT in the remote administration of Intune devices, you can use a partner program known as TeamViewer.

The latter is a fast and secure remote management tool that will help your IT team to proactively monitor client endpoints, remote systems, and networks. This comprehensive set of remote access and support capabilities can simplify life for both IT and end-users. With its easy-to-use interface, TeamViewer helps members to remain connected from various locations.

Manage device actions

We all face challenges with our various devices from time to time. We can forget our passwords, lose devices, have them stolen, etc. With Microsoft Intune, however, you have less to worry about from these potential scenarios. And this is because your admins can remotely run device actions. From the Intune portal, it is possible to restart devices, reset passcodes, locate lost or stolen devices, and more.

Remove devices

Following on from the above point, once a device is stolen, goes missing, is no longer needed, or is being repurposed, you’ll need to remove it from Intune. Users can also use the Intune Company Portal to issue the necessary command to Intune-managed devices. You can choose to:

  • Wipe the device: this action restores the device to factory settings and can remove all data, apps, and settings.
  • Retire the device: this action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management.

Being able to perform these actions remotely helps to ensure that the wrong people don’t get access to corporate data and resources.

Wrap up

Remote device controls offer businesses a great degree of convenience that they previously did not have. The ability to access and manage system interfaces and files serves to create a better experience for both IT and end-users. No longer do users need to wait endlessly for assistance or IT to constantly worry about access and compliance. By using the remote control tools that Microsoft Intune delivers, organizations can improve the efficiency of their remote networks and still maintain high levels of security.

What You Need to Know about Microsoft Endpoint Manager’s Tamper Protection

Posted on by
Reply

With cyber threats being such a huge problem, the last thing your organization needs is vulnerable security. And this can be worsened if malicious actors manage to disable your security.

So with that in mind, Microsoft introduced Tamper Protection to increase your organization’s security by making it significantly harder for cybercriminals to infiltrate your network.

It gives you a better security posture and allows your IT team to ensure greater protection over corporate resources. And so today we’re going to dive into what exactly Microsoft Endpoint Manager Tamper Protection is and what it can do for your organization.

What is Tamper Protection?

Microsoft Endpoint Manager Tamper Protection is a relatively new feature that was created to prevent potential attackers from making changes to the configuration of Microsoft Defender on Windows 10 clients. Therefore, this feature doesn’t allow malicious actors to disable features such as:

  • Real-time protection,
  • Anti-virus protection,
  • Cloud-delivered protection,
  • Removing security intelligence updates.

By blocking these actions, Tamper Protection keeps attackers from getting easy access to your data or installing malware. Without being able to do this, attackers can’t compromise your devices or exploit sensitive information.

Functionality

The key thing that Microsoft Endpoint Manager Tamper Protection does for you is it locks Microsoft Defender Antivirus to keep people from making modifications to your security system. These modifications could otherwise be made through apps and methods like:

  • Configuring settings in Registry Editor on your Windows device
  • Using PowerShell cmdlets to make changes to settings
  • Using group policies to edit or remove security settings

However, Tamper Protection won’t stop you from seeing your security settings or affect how third-party antivirus apps register with the Windows Security app. For organizations using Windows 10 Enterprise E5, it’s the security team that will manage Tamper Protection and so individual users can’t change the setting.

How to enable Tamper Protection

Your IT admins can use Microsoft Intune to turn Tamper Protection on or off for all managed computers using the Microsoft Endpoint Manager (MEM) admin center portal. And to make changes to Microsoft Endpoint Manager Tamper Protection, admins will need to have permissions such as security or global admin. To have access to Tamper Protection, your organization should:

  • Have Intune licenses such as Microsoft 365 E5,
  • Have computers running Windows 10 versions 1709, 1803, 1809, or later,
  • Use Windows security with security intelligence updated to version 1.287.60.0 or later,
  • Have machines using antimalware platform version 4.18.1906.3 and antimalware engine version 1.1.15500.X (or later).

With all the requirements met, follow the steps below to get access:

  • Go to MEM admin center and sign in with the right credentials,
  • Select Devices and choose Configuration Profiles,
  • Create a profile with the characteristics below:

Once you turn on Tamper Access, you won’t have any need to turn it off unless if it affects other validated tools.  

Tamper Protection for Configuration Manager

With version 2006 of Configuration Manager, you can leverage tenant attach to manage Tamper Protection settings on:

  • Windows 10,
  • Windows Server 2016, and
  • Windows Server 2019.

Tenant attach allows you to sync your on-premises-only Configuration Manager devices into the MEM admin center. Following this, you can deliver endpoint security configuration policies to on-premises collections and devices. A few simple steps are all you need:

  • Set up tenant attach,
  • Go to the MEM admin center > Endpoint security > Antivirus,
  • Choose Create Policy,
  • You can now deploy the policy to your device collection.

Continuous reviewing

Even with Microsoft Endpoint Manager Tamper Protection enabled, your admins need to have the ability to continually review your security posture. Otherwise, you won’t fully benefit if you cannot see the tamper attempts or report them.

To resolve this challenge, you can subscribe to the Microsoft Defender for Endpoint service. This will provide you with a dashboard that shows you all the security issues that you need to be aware of. These include flagged tamper attempts with all the necessary details to investigate further.

Using third-party security tools

Although Microsoft Endpoint Manager Tamper Protection can work with third-party security tools, some of these can make changes to security settings. By using real-time threat information, Tamper Protection can assess the potential risks of software and suspicious activities. Ideally, your IT admins should update your security intelligence to version 1.287.60.0 or later. And this action will protect the system security settings in the Registry and log any attempts to modify those settings without generating errors.       

What about endpoint management tools?

As for endpoint management tools, you can use them with Microsoft Endpoint Manager Tamper Protection. With limits, of course. Admins retain the possibility of establishing a centralized setting for Tamper Protection using management tools.

However, other tools/platforms cannot change settings that are under the protection of Tamper Protection. For that, admins would require Windows Security to manage those.

If you have a Windows enterprise-class license or computers running Windows 10 Enterprise E5, you need to opt into global Tamper Protection. Below are some unified endpoint management platforms that cannot override Tamper Protection:

  • Microsoft Intune,
  • System Center Configuration Manager,
  • Windows System Image Manager configuration,
  • Group Policy,
  • Any other Windows Management Instrumentation tools and administrative roles.

Wrap up

The key to staying ahead of cybercriminals is a continual upgrading of existing security features. And this is precisely what Microsoft is doing with Tamper Protection. With this feature, you can address one of the potential areas of weakness in your security infrastructure. You can prevent unwanted visitors from disabling critical security features.

Since Microsoft Endpoint Manager Tamper Protection was specifically designed for enterprise environments, it is ideal for enhancing organizational security and making your organization less vulnerable to attack. Class-leading security has become a necessity for all of us and features like this can play a massive role in safeguarding our enterprises.

Microsoft Endpoint Configuration Manager: Latest Improvements to the Product Lifestyle Dashboard

Posted on by
Reply

Information is key for any business to function optimally. That is why there has been such a massive increase in the use of big data during the last decade. But, this information is not only that which you can obtain externally, it’s also information concerning your internal operations. And this is where Microsoft’s Product Lifecycle Dashboard enters the fray.

It simplifies the way your organization functions by providing you with information concerning all the products that you have installed on devices that are managed by Microsoft Endpoint Configuration Manager. This is a fantastic feature that has had some improvements added to it and that is what we’ll be going over below.

Getting started

Microsoft has made a few changes over the years and from version 1806 you’ll now be able to use the Configuration Manager product lifecycle dashboard to view the Microsoft Lifecycle Policy. So what exactly does this ‘dashboard’ do?

The Product Lifecycle Dashboard is a tool that shows you the state of the Microsoft Lifecycle Policy for Microsoft products installed on devices managed with Microsoft Endpoint Configuration Manager.

Not only that, but you also receive data concerning the various Microsoft products in your environment, supportability state, and support end dates. Therefore by using both Asset Intelligence and the Asset Intelligence Synchronization Point, the dashboard can give you a clear overview of the lifecycle of each product.

By using the dashboard, you can easily find out what support is available for each product. With this information in hand, it will allow you to plan accordingly and update all products before their support expires. And then from version 1810, the dashboard also adds information for System Center 2012 Configuration Manager and later.

What are the requirements?

As a product continues to improve, the requirements to use that product will also expectedly change. For you to see data in the product lifecycle dashboard, you need the following:

  • Internet Explorer 9 or later
  • You need to install and configure a service connection point role. And the latter must be online or synchronized regularly if offline.
  • For hyperlink functionality in the dashboard, you need a reporting services point.
  • You need to configure and synchronize the asset intelligence synchronization point.

Using the dashboard

This tool is designed to make it easier for your organization to have access to up-to-date data about the products that you are using. And by leveraging the inventory data that the site collects from managed devices, the dashboard displays information about all current products. However, not all versions are supported. Only Windows Server 2008 and later, Windows XP and later, SQL Server 2008 and later, will have information displayed for OSs and SQL Server. To access the lifecycle dashboard in the Microsoft Endpoint Configuration Manager console:

1) Go to the Assets and Compliance workspace,

2) Expand Asset Intelligence,

3) Select the Product Lifecycle node.

What else do you get?

Clients will find that from the newer version of SCCM 1902, they’ll get information for installed versions of Office 2003 through Office 2016. And this data is available after the site runs the lifecycle summarization task, which is something that occurs every 24 hours. In addition, you can also benefit from using the dashboard even if you don’t have Configuration Manager. You can use Azure Monitor Logs to provide a Dashboard to help with managing the supportability of your environment.

Upgrading products

Taking a simple look at your dashboard will allow you to see any products that need to be updated urgently. When you have several computers to deal with and you need to know which ones need upgrades, all you need to do is click on the hyperlinks found in the Number in environment column and that will show you a report.

And doing this will direct you to the Lifecycle 01A – Computers with a specific software product report. This is a huge improvement when you consider that in the past you had to investigate problem clients individually to find out whether or not an upgrade was needed.

Reports in the product lifecycle set

In addition to the dashboard, you have additional reports that are available as well. These you’ll find in the Microsoft Endpoint Configuration Manager console, where you then go to Monitoring workspace and you expand Reporting. The new reports, which are found under the Asset Intelligence category are as follows:

  • Lifecycle 01A – Computers with a specific software product: You can see a list of computers on which a specified product is detected.
  • Lifecycle 02A – List of machines with expired products in the organization: This report, which you can filter by product name, shows you all the computers which have expired products on them.
  • Lifecycle 03A – List of expired products found in the organization: View details for products in your environment that have expired lifecycle dates.
  • Lifecycle 04A – General Product Lifecycle overview: Here you can see a list of product lifecycles and filter the list by product name and days to expiration.
  • Lifecycle 05A – Product lifecycle dashboard: From version 1810, this report will have similar information as the in-console dashboard. All you have to do is choose a category to view the count of products in your environment as well as the days of support remaining.

Wrap up

Every organization needs products that will help them to optimize their time. And as the number of available products increases, the choice of which product to go for becomes harder. Microsoft’s Product Lifecycle Dashboard gives your business many benefits that businesses have needed for a long time.

Reduce the time you spend trying to keep track of all the products you have installed on countless devices with a simple, easy to use dashboard. If you’re looking for a tool that gives you a more efficient way of device management, then the Product Lifecycle Dashboard is one that is certainly worth a look.

Reconsidering Certifications for Digital Transformation

Posted on by
Reply

The way that IT departments have worked for years is by having your IT professionals take up specific responsibilities to cater for. Now, however, as technology continues to evolve, you’ll find the responsibilities overlapping from one role to another. And it’s because of situations like these that we need to be reconsidering certifications across the board.

As a business, you should be looking at what changes you can make. How can you equip your IT team to become more efficient at what they do? Are there any tech companies offering potential solutions to these challenges?

Understanding key concepts

The first thing we need to do is to clear up the confusion surrounding some of these concepts so that we’re on the same page. When we talk of certification, this refers to an independent evaluation of knowledge and/or skills.

Essentially, what this means is assessing an individual to see if they have the necessary skills, and how they got them doesn’t matter. Because of this, an individual that has acquired certain knowledge and skills should be able to get certification without the need to undergo training. And quality certification is demonstrated only when:

  • The identity of the individual can be verified beyond any doubt,
  • The work has been checked to ensure that it was done by the person that submitted it,
  • Taking a prescribed learning path is not necessary to pass the exam,
  • The evaluation process has been proven to be psychometrically sound.

The difference between certification and a certificate is that the latter is what you receive on completion of a training program. Therefore, in this instance, you’ll need to take part in training after which an assessment will be carried out.

Microsoft is making changes

As already mentioned above, the complex nature of the responsibilities facing IT professionals is rapidly increasing. So to better equip your IT teams and have them operate effectively, Microsoft has made some rather significant changes. By now, most people are aware that Microsoft Technology Associate (MTA) certifications and exams are reaching the end of the road.

The reason that Microsoft has given for retiring these is that this change will help students build the technical skills they need to keep pace and succeed in emerging jobs. How? By redesigning the certifications in such a way as to align with industry and hiring trends. The recommendation is for people to start moving to the new certifications in anticipation of the retiring of MTA certifications by June 2022.

The exams listed below are the ones that will be retired:

  • Database Administration Fundamentals
  • HTML5 Application Development Fundamentals
  • Introduction to Programming Using HTML and CSS
  • Introduction to Programming Using Java
  • Introduction to Programming Using JavaScript
  • Introduction to Programming Using Python
  • Mobility and Devices Fundamentals
  • Networking Fundamentals
  • Security Fundamentals
  • Software Development Fundamentals
  • Windows Operating System Fundamentals
  • And Windows Server Administration Fundamentals.

What is an MTA certificate?

An MTA certificate is an entry-level certification for anybody who wants to start a career in the IT industry or is thinking about changing their career to one in the IT industry.

The targets for this certification are beginners, IT generalists, and students lacking technical experience or specialization. The certification is an online-based program where people can learn new material and demonstrate their skills.

The MTA exams, which are part of the MCP program, can help beginners to boost their career progression and function as a springboard to getting advanced certifications such as MCSD, MCSE, and MCSA. 

The way forward

With the above changes coming into place, students and educators alike will be wondering where they go from here. And Microsoft offers us fundamentals certifications as the place to start. The certifications you’ll find are the ones below:

  • Microsoft Certified: Power Platform Fundamentals
  • Microsoft Certified: Azure AI Fundamentals
  • Microsoft Certified: Dynamics 365 Fundamentals Customer Engagement Apps (CRM)
  • Microsoft Certified: Dynamics 365 Fundamentals Finance and Operations Apps (ERP)
  • Microsoft 365 Certified: Fundamentals
  • Microsoft Certified: Azure Fundamentals
  • Microsoft Certified: Azure Data Fundamentals
  • Microsoft Certified: Dynamics 365 Fundamentals
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals

The above certifications should enable students to validate foundation understanding with mixed concepts and applied learning of Microsoft technologies. With these certifications, you can easily proceed to role-based training and certifications across emerging and in-demand career areas. These include but are not limited to Microsoft 365 and Dynamics, Power Platform, and Microsoft Azure.  

Reasons for these changes

The modern business environment and its various problems are making greater demands on IT professionals. Because of this, it’s now very common to find responsibilities completely ignoring traditional role boundaries.

For example, when looking at the roles at Microsoft, you can often find Azure solutions architects performing some of the responsibilities of Azure data engineers, enterprise admins, and Azure admins. And this overlapping of responsibilities is visible in many different roles.

Consequently, if you’re a security administrator, for instance, you also need to be familiar with the responsibilities of enterprise admins, Azure solutions architects, and messaging administrators. Furthermore, roles work with various technologies so you’ll also need to familiarize yourself with a broad range of technologies to operate successfully in these roles.

Transitioning to role-based certifications

From the reasons stated above, it is becoming clearer as time goes on that changes need to be made. The current approach has worked well for decades but now the industry is evolving, and it is doing so at a very fast pace. And according to Microsoft, there has been plenty of feedback from its customers and other partners that have inspired this shift from product-centric certifications.

With role-based certifications, you’ll get a program that covers many different technologies instead of focusing on technologies in general.

Therefore, the new certification program is designed to offer credentials and skills that are tailor-made for jobs and areas of responsibility that are in-demand. So these role-based certifications will validate the skills that technical professionals at beginner, intermediate, and advanced level learn in any of the following job roles:

  • Developer
  • Administrator
  • Solutions Architect
  • Data Engineer
  • Data Scientist
  • AI Engineer
  • DevOps Engineer
  • Security Engineer
  • Functional Consultant

Taking your business forward

All businesses need to put themselves in a position to carry out digital transformation. And you need to be able to do this effectively. But, without the necessary skills to carry out the process, most organizations will face great difficulty when it comes to ensuring their IT infrastructure can meet their business needs.

This is why it’s crucial to reconsider the training of your IT personnel and in particular their certifications. The current way of training your IT personnel is beginning to lag behind and that could have huge repercussions in the future. With the right sets of skills available to you in-house, you can vastly simplify tasks such as digitally transforming your data centers, migrating workloads to the cloud, app development, and data integration.   

New skills development methods

The changes that Microsoft is bringing in should enable the certifications program to remain current. By doing this, it will fully equip IT professionals with the knowledge and skills they need for the latest Microsoft technologies as well as those technologies that Microsoft Certified Professionals use every day.

Leveraging up-to-date certifications from technology vendors is extremely important if your organization is to retain IT professionals with the skill set to build a successful IT organization.

When considering certification programs you’ll need to look at a few things such as whether the skills on offer are evolving with technology, whether the program is relevant to your business’ needs, and whether the program will include performance-based testing among other things.

What does this mean for other certifications?

Microsoft will stop offering MTA licenses for purchase on June 30, 2021 and you’ll have until June 30, 2022 to register and take the exam. So if you pass the exam by the deadline date then you’ll earn the certification.

However, if you need to retake a failed exam after the deadline for purchasing passes, you may not be able to do so unless you have an additional purchased voucher. And for those that are pursuing exams that are retiring, you can still earn your certification provided that you pass the required exam before it expires.

Also, Microsoft won’t allow you to trade in your MTA voucher for another exam so you’ll have to make sure that you make use of it before it expires.

Furthermore, you don’t need to worry about the MTA certification that you already have because they will remain on your certification transcript and will be printable even after the exams retire. Two years after the retirement of the certifications, they will be moved to the Certification History section of your transcript.

Steps to take

Now that you know what role-based certifications are, what steps will you need to take in order to start?

  1. Choose a learning path depending on your current role or the one you aspire to. Then, prepare for the exams with a series of courses through online learning, books, instructor-led training, etc. To check your progress, there are practice tests that you can take to assess your strengths and weaknesses.
  2. Plan for the exam. You’ll need about 3 hours, including 30 minutes for the introduction, instructions, and comments. You can expect 40–60 questions, and, since your job is hands-on, the exams will be, too. The idea is to test you on real-world situations that you will potentially face in your day-to-day activities.

When all is said and done, you should be able to fully demonstrate the knowledge and skills you have that you have learned for you to attain your certification.

Why Microsoft certifications?

A lot of people will understandably not be too thrilled about all these changes that are taking place. So the question they will need answers to is why should they be concerned about Microsoft certifications anyway?

Well, with Microsoft certification, you can easily demonstrate your expertise, prove your skills, and thus place yourself at a great advantage as an IT professional. As a Microsoft certified professional, you can expect to receive higher recognition of your skills due to validation.

Also, 23% of IT professionals that are certified by Microsoft will earn 20% more. And if that’s not enough, up to 49% believe that having cloud certifications will increase your employability. Therefore, if the knowledge and skills alone are not enough to get you to consider Microsoft certifications, then the other potential benefits should.         

For an organization to grow, you need to perform consistently at a high level. And this is what Microsoft’s role-based certifications aim to offer. You need to have IT professionals that will consistently outperform other colleagues across all roles.

As the cliché goes, time is money. So if you can have highly-skilled IT professionals, they can save you plenty of time on tasks such as setting up infrastructure, determining the scope of impact of security issues, and designing and implementing Microsoft 365 services to name a few.

Therefore it’s easy to see how certifications that focus on the broad responsibilities of the various IT roles can be of immense value to your organization.

Wrap up

The success of your organization may very well hinge on the skill and expertise of your IT department. In a fast-paced business environment, you need IT professionals that are capable of leveraging new technologies to boost productivity. And this is what Microsoft role-based certifications are all about.

The goal is to equip your IT professionals with all the knowledge and capabilities required to execute their day-to-day tasks. So rather than having individuals who are great with specific technologies, you can now get a group of people who are experts at performing across a wide range of responsibilities and technologies. 

Top 10 Benefits of Windows Autopilot

Posted on by
Reply

Gaining even the slightest advantage over your competitors can make a massive difference to the success of your business.

With so much technology available, you need to choose the right solutions for the growth of your organization. Windows Autopilot is a collection of technologies that helps you to make better use of your time. It does this by helping you to pre-configure new devices and thus reducing the time to productivity.

So, not only is this going to simplify the operations of your IT department, but it will also empower your employees. Below we’ll go over the top 10 benefits of Windows Autopilot to your business.

1.    Self-deployment

There are few better ways to enhance your productivity than by having new devices ready for business straight off the shelf. Any new Windows 10 devices that have been pre-enrolled in the Windows Autopilot program will be ready to use on arrival with zero-touch and no involvement from your IT team. When a user takes possession of such a device, all they’ll need to do is turn it on, connect to a network, and then wait a little.

2.    No OS re-imaging

This part of setting up new devices is one that has always taken up a significant amount of time. With IT departments having to manually install apps and drivers, manage infrastructure, and set policies, the process took relatively long. But, Windows Autopilot does away with all that. By using a smart and easy pre-configuration, all of this becomes an automatic process. Once you have set up an Autopilot profile in Microsoft Intune, all the Windows devices that you have under that profile will have these settings applied.

3.    Customize OOB experience

To save time, Autopilot allows you to customize the out-of-the-box experience (OOBE) in advance. All you need to do is set your organization’s preferences. And this will simplify things for end-users by eliminating entire sections during setup that previously required manual input. So now they’ll be able to get through the setup process much faster and with a lot less hassle. With this kind of capability, you can ship devices directly to end-users and they’ll be up and running in no time.

4.    Enrollment status

Bypassing IT when setting up devices is something that will understandably concern some people. However, Autopilot has an enrollment status feature to alleviate those concerns. What this feature does is to ensure that a device is fully configured, compliant, and secure before the end-user gains access. That way, IT still gets to assess devices, make sure that they are properly set up, and resolve any errors when issues arise.

5.    Independent of MDM

Can you use Autopilot if your organization doesn’t use Microsoft Endpoint Manager/Microsoft Intune? The answer is yes you can. Any MDM will work with Autopilot but for an optimum experience with all the features then Intune would be best. So for any business that prefers other non-Microsoft technologies, you can still reap the benefits that Autopilot offers. You may be missing out on using this fantastic technology because of some of the misconceptions that people have.

6.    Available for existing devices

This is another area that often requires clarification as some existing devices can qualify. To be specific, users with Windows 1809 and above can also benefit from Windows Autopilot for existing devices. IT people can now facilitate processes like Windows 7 to Windows 10 migration through Autopilot. They can do this by using a ConfigMgr task sequence and then followed by an Autopilot user-driven mode.

7.    Simple redeployment

Occasionally, certain devices will need to be given to new users or repurposed entirely. Autopilot makes wiping a device a simple process that you can do in minutes. And once that is done, you’ll have a device back in OOBE status and ready to be handed over to someone else. This new user will receive the device with the specific configurations that they need already in place. By making resetting devices this easy, Autopilot further empowers IT teams and enhances their productivity.

8.    Avails latest technology

By pre-configuring devices, Autopilot enables end-users to immediately gain access to the latest versions of essential tools. These include Microsoft technologies such as Teams, Word, PowerPoint, Excel, etc. And so without the need to wait on IT, end-users will have all the essential apps they need with all the necessary settings already applied. Furthermore, you no longer need to worry about third-party bloatware that is often a nightmare to deal with. 

9.    No maintenance of images and drivers

Custom images require a significant time investment to create and maintain. And they will need you to wipe every single device that your organization acquires. Undoubtedly, they place a lot of work on the schedules of your IT people. With Autopilot, however, these custom images become unnecessary. All you have to do during provisioning is to get in touch with the manufacturer to get the device ID.

What’s New with Windows Autopilot for HoloLens 2

Posted on by
Reply
Billedresultat for hololens 2

In early 2020, Microsoft announced that it was going to bring Windows Autopilot to the HoloLens platform. Initially, it was only in private preview on HoloLens 2. However, later on that year, Microsoft made it available for public preview. Windows Autopilot plays a key role in simplifying deployments and reducing the time required to productivity.

As a result, it helps your organization to cut down on costs and enhance efficiency. So if your business needs to introduce new devices, then Autopilot offers you a great solution for that. This announcement from Microsoft expectedly aroused significant interest so we’re going to take a look at what all this could mean for you.

HoloLens 2 overview

HoloLens 2 is the next step in the evolution of Microsoft’s revolutionary mixed reality headset. This device is one that you place over your head and has a visor that goes over your eyes offering users a new way to interact with information.

The technology provides apps and solutions that will enhance communication, learning, collaboration, and much more through the use of mixed reality. The challenge that organizations have had to face is that as this technology has grown in popularity and use, its deployment at scale has become a laborious and costly affair. Hence the need for Windows Autopilot to provide a simpler, more effective, and more streamlined deployment solution.

Device set up

To get started, you’ll need to go through the process of device set up. Fortunately, setting up your devices will only involve a few simple steps. Once a user has started the self-deployment process, Autopilot then proceeds with the following steps:

  • Join the device to Azure AD. However, it’s important to remember that Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join.
  • Enroll the device in Microsoft Endpoint Manager (or another MDM) using Azure AD.
  • Download certificates, apps, device-targeted policies, and networking profiles and then apply them.
  • Provision the device.
  • Present the sign-in screen to the user.

With the public preview, Windows Autopilot for HoloLens devices can be configured using Microsoft Endpoint Manager (MEM) controls. And this applies to all customer tenants. To get started, you’ll have to log into the MEM admin center. Once there, select Devices > Windows > Windows enrollment. And then under Windows Autopilot Deployment Program, select Deployment Profiles > Create profile > HoloLens (preview).

Requirements

To use Windows Autopilot, you’ll need to have Windows Holographic, version 2004 (released May 2020) or newer. However, Microsoft only began shipping devices with this version pre-installed in late September 2020.

Fortunately, though, Microsoft allows you to use the Advanced Recovery Companion (ARC) to re-flash your devices to the latest operating system. Using ARC, you can also check the build version that is currently installed on your devices.

The process is not overly complicated and you can find instructions here. Ideally, it would be best to request from your distributor that they supply you with Autopilot-ready devices.

Tenant Lock for HoloLens 2

This feature allows organizations to permanently bind devices to their Tenants and keep them under management after initial enrollment. With this feature, your device will always be deployed by Autopilot and managed by MEM. Even in the event of OS updates, accidental or intentional resets, or wipes.

If your organization deploys HoloLens 2 devices with Autopilot, you can set up a specific policy. This policy which is deployed post-enrollment enforces:

  • the permanent enforcement of Autopilot deployment,
  • the prevention of local user creation during device setup,
  • mandatory network connection,
  • the prevention of all other escape hatches during device setup, and
  • the prevention of device ownership during the device setup process except for the organization Tenant it is registered to with Windows Autopilot.

Using Autopilot with Wi-Fi connection

Microsoft will also allow you to use Windows Autopilot Deployment for HoloLens 2 with a Wi-Fi connection in addition to the regular Ethernet-based connection. This is something that you can get as part of Insider Preview (Build 19041.1364 or above).

What this means is that you do not need to use ethernet to USB C or Wi-Fi to USB C adapter. Instead, all you simply need to do is to connect the device to your available Wi-Fi internet network and deploy the device with Windows Autopilot.

User experience

After the process of configuring Autopilot for HoloLens 2 is complete, you then move on to the provisioning of the HoloLens devices. The Autopilot experience needs internet access and you have several options to choose from. You can connect your device to a Wi-Fi network in OOBE and then let it detect Autopilot experience automatically.

Alternatively, you can use “USB-C to Ethernet” adapters for wired internet connectivity and let HoloLens 2 complete Autopilot experience automatically. And with the third option, you can connect your device with “USB-C to Wifi” adapters for wireless internet connectivity and let HoloLens 2 complete Autopilot experience automatically.

During the next step in the provisioning process, the device will automatically start OOBE and all that is required of you is to let HoloLens 2 detect network connectivity and leave it to complete OOBE automatically. And when the OOBE process is complete, you can then sign in to the device using your user name and password.

Simplifying deployments

Windows Autopilot has provided countless benefits to a lot of organizations by reducing the complex nature of deployments at scale. This cloud-based platform significantly reduces time to productivity and empowers end-users. And so it only makes sense that HoloLens 2 is now able to leverage the capabilities of this fantastic technology. Organizations cannot afford to spend vast amounts of time dealing with deployment scenarios for which fast, cost-effective solutions are available. From medical institutions to academic ones, HoloLens 2 gives you an amazing new way of interacting with information and Autopilot enhances that experience.

Philips Hue Bridge POE

Posted on by
Reply

IOT, Smart Home, Intelligent home; Meaning a lot of connected devices (and power adapters & cables!)
I have been using the Philips Hue system from the very beginning, recently upgraded to the Philips Hue Bridge 2.1 Square-shape bridge (supports Apple HomeKit)

After my last upgrade to the home infrastructure. with the new and improved UniFi Switch PRO 24 PoE I wanted to get the most out of the switch with POE (Power-Over-Ethernet)

I would have loved to see the Philips Hue Bridge with build-in POE, but unfortunately that was not the case of the 2.1 release. Luckily with a bit of creativeness this can be achieved with the correct equiptment and cables.

The bridge comes with a regular DC barrel plug adapter

Parts list for the items you will need:

Barrel adapter to USB – NOTE: The V2 bridge barrel is 5.5 x 2.5 mm
Direct link: 5.5 x 2.5 mm DC USB
If you buy a barrel adapter to USB, you will be able to use any POE adapter.
Ubiquiti Instant 802.3AF to USB adaptor requires not configuration plug and play!

NOTE: 2 Networking cables will be needed with this solution, 1 for POE, and 1 for the actual device connection.
If you do not want to use 2 ports, go for a POE splitter with barrel adapters (802.3af POE splitter with 5 volts DC)

Amazon.com: 802.3af PoE Splitter with 5 Volts DC Plug | PLUSPOE Power Over Ethernet for 5v Devices Like Foscam, Amcrest, Dropcam and More, 3.5x1.35mm DC Barrel: Kindle Store

The wall mounts used printed on the Ender-5 Pro
– Philips Hue wall mount: https://www.thingiverse.com/thing:2458638
– Ubiquiti Instant wall mount: https://www.thingiverse.com/thing:4497478

Latest Updates for Windows 10 Driver Management

Posted on by
Reply

Microsoft has claimed that the main cause of Windows 10 or hardware failures has been the hardware drivers themselves. And this happens to be an area in which Microsoft has had no control.

In the past, Microsoft has given the driver update authority to the various hardware manufacturers. As a result of that, these manufacturers have retained the ability to directly push drivers to their users through the system update.

Given the number of issues that users have been facing, Microsoft has decided to make some adjustments to their driver update management policy. These updates will likely have a significant impact so let’s take a look and see what this means for us all.

Addressing the issues

In early 2020, Microsoft quietly went about the process of starting to address the driver issues that have been plaguing users. It started with the announcement that there was going to be an introduction of rolling out drivers in phases.

And this would differ from the past where all Windows 10 computers were receiving major and minor updates automatically via Windows Updates that were released on the same day for everyone. The idea with the phase system is to allow the pushing of updates to highly active devices from where Microsoft can then collect diagnostic data that helps to assess compatibility issues.

Also, Microsoft mentioned implementing a new policy where their hardware partners can now ask them to block Windows 10 feature upgrades on a PC running an incompatible driver. The widespread problems that arose from Microsoft being the only one doing the assessing and blocking necessitated this change in approach. By doing all of this, Microsoft can begin the process of resolving the countless headaches that we have been facing.

Driver installation

So to bring an answer to this issue, Microsoft made another announcement to the effect that they would be adjusting the automatic driver installation strategy for Windows 10 20H2 from November 2020.

This update is meant to provide users with a greater degree of control over the driver update and in this way you will have better stability. This new driver management model is going to give hardware manufacturers options, either automatic or manual.

This is what Microsoft has said regarding the adjustments that came in to effect on the 5th of November last year:

1. Automatic driver updates will automatically be installed on your machine either when you plug-in a peripheral device for the first time, or when a device manufacturer publishes a driver to Windows Update. In other words, there will be no change to the plug-and-play scenario when an automatic driver is available on Windows Update.

2. Manual driver updates can be installed manually on your machine if you specifically request them by navigating to Settings > Update & Security > Windows Update > View optional updates.

However, these changes will only affect devices that receive updates directly from Windows Update. So if you’re an IT professional who manages drivers for a business, then these adjustments won’t affect the way you operate.

Manual driver updates

According to Microsoft, the abovementioned adjustments should now enable you to see a clear distinction between automatic and manual updates in Windows Update. With the end goal being to create a total transformation of the management of drivers, something that began earlier in the year with the rolling out of updates in phases.

All this should give users greater control by redefining the servicing of manual drivers for machines running Windows 10, version 2004 and later. Previously, when a user would connect a peripheral device with an optional driver such as a camera to their machine for the first time, there would be an automatic installation of that driver. Instead, with the changes that Microsoft has implemented, you now have control over how you proceed.

Driver distribution

When you submit a driver to Windows Update, the Driver Delivery Options section will present you with two radio buttons: Automatic and Manual. Under the Automatic option, there are two further options:

  • Automatically delivered during Windows Upgrades – under this option, drivers are classified as a Dynamic Update. When upgrading the OS, this is where Windows will automatically preload drivers.
  • Automatically delivered to all applicable systems – when you select this option, the drivers will be downloaded and installed automatically on all applicable systems once they are released.

How to submit a driver to Windows Update

Publishing a driver to Windows Update will require the creation of a hardware submission. Once that is done you can then proceed with the steps given below:

1) Find the hardware submission with the driver that you want to distribute.

2) Head over to Distribution and select New shipping label.

3) Under shipping label, go to Details and enter a name for the shipping label in the space provided. It’s this name that will allow you to search for and organize your shipping labels.

4) In the Properties section you will need to fill in the following fields: Destination, Specify the partner (if any) that is allowed visibility into this request, and Driver Delivery Options.

5) Go to Targeting and choose the driver package that you want to publish.

6) At this point, Select PNPs is now available so you can go ahead and choose the hardware IDs that you want to target.

7) Enter each CHID into the text box and select Add CHID(s) if you would like to add them.

8) You can limit public disclosure of your Shipping Label in the Windows Update Catalog and WSUS Catalog, by checking the Limit Public Disclosure of this Shipping Label information box.

9) If your driver targets Windows 10 in S mode, then you will need to select both boxes.

10) Select Publish to send your request to Windows Update or Save if you don’t want to publish as yet.

Optional installation

The optional updates feature is now available to users that have upgraded to Windows 10 20H2. With this feature, the system will let you know of the availability of device drivers other than the ones that the PC is currently using. If you go to the View optional updates section, you’ll see where it says Driver updates. And if you click on it, it will display a list of all the device drivers that are available for the target PC. Essentially what you get with this feature is the ability to install specific drivers if and when necessary. Otherwise, automatic updates will keep your drivers updated.

To install any of these drivers, simply follow the steps below:

1) Press WinKey + I to launch the Settings app.

2) Go to Update & Security and click on Windows Update.

3) Over on the right side, you’ll see View Optional updates just under the Check for updates button. Click on it.

4) Under the Driver Updates section, you’re going to find a list with all of the available updates for the computer.

5) Check all the boxes corresponding to the device drivers that you want to install. Click Download and install.

Windows 10 October 2020 Update common problems — and the fixes | Windows Central

Windows 10 will then immediately start downloading the chosen driver updates. Once the process is complete, the system will install the updates and prompt the users to Restart Windows.

Should you install optional updates?

As mentioned above, you can install optional device drivers if the need for them arises. For instance, when doing a clean install of Windows 10, some may find it preferable to manually install graphic drivers that you download from Intel and NVIDIA.

However, it’s important to note that Windows will still automatically install all mandatory updates, including security updates and non-optional cumulative updates. Therefore you don’t need to worry about automatic driver updates because this new approach won’t affect them. This is because they will continue to be installed via Windows Update when they are published by the manufacturer or when you connect the device.

So with optional updates, Microsoft has changed the system such that driver updates are no longer forced on you. You can select those that you want and block any that give you problems. Most users will probably be leveraging this functionality for those times when compatibility issues arise.

Potential issues

Microsoft’s new model for driver management aims at resolving the multitude of problems that users have been grappling with. However, this new model is not without its potential issues. As much as it may give users more control, it’s also going to present challenges for peripherals that don’t have automatic drivers readily available.

This is because not everyone may be aware that they need to go to Windows Update and manually download the necessary driver for the hardware to work. Without this, Windows will return a Driver Not Found error that may leave more than a few people stuck.

Since Microsoft is also going to be blocking users from applying OEM or manufacturer drivers if Windows can’t verify software publisher, this will probably lead to a few driver errors when Microsoft is unable to verify the drivers. If verification fails, there are two error messages that you’ll likely see with the first being “Windows can’t verify the publisher of this driver software” and the second “No signature was present in the subject”. Microsoft’s advice in these scenarios is that you contact the manufacturer and ask them to upload the driver with appropriate fixes.

Key differences

Under the View Optional updates link, users get to view the optional updates that they won’t receive automatically. Using this link will replace having to use Windows 10’s Device Manager controls to find optional updates.

With Microsoft making minor adjustments to how Windows 10 drivers arrive for Windows Update service users, it’s important to note that this change is more than just a simple user-interface modification.

Those using the newer version of Windows 10 will get updated drivers only when they search for them using the View optional update command. And they’ll be getting only the drivers that are already on the device without searching for new ones via the Windows Update service.

In Windows 10, version 1909 and earlier, Windows Update automatically distributes manual drivers when:

a) a device has no applicable drivers available in the Driver Store (raising a “driver not found” error), and there is no applicable Automatic driver

b) a device has only a generic driver in the Driver Store, which provides only basic device functionality, and there is no applicable Automatic driver

But for users of Windows 10, version 2004, Windows Update distributes only Automatic drivers for a system’s devices. When Manual drivers are available for devices on the computer, the Windows Update page in the Settings app displays View optional updates.

Time to enhance driver management

The challenges that we have all witnessed in recent years were in dire need of a solution. And a major one at that. The countless incompatibility issues that saw the trashing of Windows 10 were slowly but surely eroding the confidence that users have in the operating system.

Problems such as audio not working, system crashes, slow performance, etc, are significant issues that can severely hinder the productivity of a business. So it’s not really a surprise when we look at all the updates that Microsoft made to its driver management policy in 2020.

Security has improved and the new driver management model is a more stable platform that gives users greater control. And all of this you’ll get without having to worry about key updates being affected. Those are still performed automatically to ensure that your system remains as secure as possible. Undoubtedly, there are still a few bugs to iron out here and there, but the rapidly improving system is certainly enhancing the Windows 10 experience.

Modernize Your Business With Azure Active Directory

Posted on by
Reply

The capabilities of the cloud have literally changed the way organizations view remote work. Because it is designed to simplify access from anywhere, the cloud allows organizations to efficiently manage their remote workforce by handling more typical in-house IT tasks. Azure Active Directory (Azure AD) is one of the key technologies that can improve how your business operates. So what is it and how can it help you?

What is Azure AD?

Plenty of office networks utilize Microsoft’s Active Directory to manage policies and permissions. What Azure AD does is to put that capability on the cloud. In short, it’s a cloud-based directory and identity management system. This infrastructure will enable your employees to sign in and access external resources in Office 365 as well as other SaaS applications. Being entirely cloud-based means that Azure AD can serve as your only directory or use Azure AD Connect to sync up with your on-premises directory.

 Transforming your business

Azure AD gives IT complete control over access to apps and resources. This is because of security protocols such as conditional access and MFA. By using built-in governance controls, IT can also apply automated lifecycle management and privileged access limitations. For end-users, they are going to benefit from faster and easier access to corporate resources using various devices and from just about anywhere. And with support for other virtual tools and operating systems, Azure AD enables you to leverage the technologies that are best for you.

Business security will improve

Azure AD has a wide range of security protocols to safeguard your organization from malicious or accidental issues. These include multi-factor authentication (MFA), privileged identity management (PIM), conditional access, and threat detection. Using MFA and conditional access will give you improved application security and management control. And then you also have advanced threat protection that gives you access to comprehensive reporting that monitors application usage. With this, you can apply enhanced security measures to protect your business.

Improving customer security

Customers need hassle-free solutions with robust security to optimize their experiences. And with Azure AD B2C you get a product that fully delivers. It uses reliable, proactive security measures to ensure world-class protection. Customers will get highly secure access across your web and mobile apps through MFA. Add threat detection to that and customers can have peace of mind knowing that their identities are very secure. Because the platform is based on Microsoft Azure, you’ll also retain the significant potential to scale according to your needs.

Adapting to innovation

Trying to hold on to legacy systems can prove very costly to a business. Not only are they costly to maintain but the complexity of running them is hardly worth it. Technology such as Azure Active Directory offers you incredible benefits for modernizing your infrastructure. With increased security and customer satisfaction, reduced overhead, and more streamlined operations, it’s worth signing up for or at least reading up on these technologies.

Building a Modernizing Infrastructure Using Microsoft Technologies

Posted on by
Reply

If what you have is working great, then why change it? While that may very well be true, every business needs to adapt to the times and modernize if they want to maintain their success. Otherwise, your rivals won’t hesitate to take advantage if they can. Take Nokia for instance.

During the 90s, it dominated the smartphone market and at its peak in late 2007, it had a 50.9% share of the smartphone market. Yet, just 6 years later that number had plummeted to just 3.1%. Other companies came in with new technologies, the market changed, and Nokia has never fully recovered.

Modernizing helps you to expand your capabilities while reducing operational costs. And by leveraging cloud capabilities, you can unlock the limitless potential that can take your business to the next level. Microsoft Technologies provide you with the ideal platform to transform your IT infrastructure. And in this blog, we’ll show you just what these solutions can add to your business.   

Created for evolving businesses

Technology has changed the way businesses operate. The various solutions that are available to us have created new markets as well as exciting ways to serve clients. Whether it’s the scalability that Azure gives you, the flexibility provided by Endpoint Manager, or the security you get with Microsoft Defender ATP. The benefits are plenty. Evolving businesses can put themselves in a position where they reduce their overhead, streamline their operations, and market themselves better. Microsoft has recognized the needs that businesses have regarding effective IT solutions. 

Overview of Microsoft Technologies

The Microsoft Technologies that we’ll be going over consist of brilliant tools that will modernize your IT infrastructure. Rather than being individual entities that operate completely apart, Microsoft has designed these technologies such that they can function together. This will enhance your overall IT management and bring greater efficiency to your organization. The following technologies are going to be the focus of this blog:

1) Azure Active Directory

Microsoft’s cloud-based multi-tenant identity and access management service enables employees to sign in and access services from anywhere. Azure Active Directory (Azure AD) has plenty of features that help modernize your infrastructure, among which:

  • Application management: manages all apps, both cloud and on-premises, using Application Proxy, single sign-on, the MyApps portal, and any SaaS apps.
  • Authentication: manages Azure AD self-service password reset, MFA, smart lockout, and custom banned password list.
  • Conditional access: enforces and maintains control over access to your cloud apps.
  • Device management: controls the access that cloud and on-premises devices get to corporate data.
  • Business-to-business: helps you to maintain control over corporate data by managing guest users and external partners.
  • Reports and monitoring: allows you to receive insights concerning the security and usage patterns in your environment.

Key benefits

The advantage you’ll get from features like single sign-on is that employees won’t need multiple sign-ons for all their apps so password compliance issues are reduced. Simplified collaboration with guest users is possible because Azure AD allows you to invite these users into your directory to assign access. Also, the availability of real-time monitoring in conjunction with MFA and conditional access provides your organization with excellent application security and management control. And if you have productivity solutions that aren’t Microsoft products, you can still use them because Azure AD supports other OS and virtual tools.

2) Windows Autopilot

Windows Autopilot is Microsoft’s solution for transforming the provisioning of devices into an automated and friendly process. It aims to eliminate the countless, painful hours spent manually setting up devices. Undoubtedly, this is a product that will be a big hit with IT teams and it should please most employees as well. Its features include:

  • User-driven mode: provides a simple do-it-yourself approach to setting up new devices. This enables end-users to quickly get up and running without needing IT.
  • Self-deploying mode: allows you to deploy a Windows 10 device as a kiosk, digital signage device, or a shared device with minimal user interaction.
  • Support for existing devices: makes the process of deploying the latest version of Windows 10 to your existing devices quick and painless. In addition, whatever apps you need will be installed automatically and you’ll get your work profile synched as well.
  • Pre-provisioned deployment: partners and IT can pre-provision Windows 10 devices and have them business-ready for companies and their end-users.
  • Windows Autopilot reset: allows you to easily repurpose a device by wiping personal files, apps, and settings then restoring the device’s original settings.
  • Enrollment Status Page (ESP): the ESP tracks the setting up of the device to ensure that the device is fully configured correctly before the end-user can gain access.

Key benefits

As the saying goes, time is money. Hence the importance of the customized out-of-the-box experience (OOBE). It gets devices set up according to an organization’s preferences so that when the end-user receives it, they can immediately start using it. And they’ll have all the collaboration and productivity apps they need already installed. You’ll also gain time by not having to do any OS re-imaging because it’s done automatically. All of this will help to create an environment that empowers the user thereby increasing productivity rather than the restrictive nature of legacy IT.

3) Microsoft Endpoint Manager

Announced at Ignite 2019, Microsoft Endpoint Manager (MEM) is a brilliant development that merges ConfigMgr and Intune into a unified management platform. And you’ll get a lot of services with the product including co-management, Desktop Analytics, and the above-mentioned Windows Autopilot. MEM plays a key role in demonstrating the integration of Microsoft Technologies. Moreover, clients who already have Microsoft 365 licensing can benefit from the majority of the technologies that are within Microsoft Endpoint Manager.

What can MEM do for you?

According to Brad Anderson, Microsoft corporate vice president for Microsoft 365, MEM came about as a way to resolve the confusion surrounding modern management. It offered simplicity. And this simplicity should ease the way of doing business. For clients with ConfigMgr licenses, they automatically get Intune licenses thus enabling them to co-manage their devices.

With up to 190 million devices currently under ConfigMgr or Intune management, IT will get incredible insights that you can use for problem-solving and device deployment. MEM allows you to utilize the cloud where all data is stored in Azure thus eliminating data centers. This gives you the mobility advantages of the cloud as well as the security of Azure. However, some organizations prefer mixed environments so you can still use the cloud while retaining your on-premises infrastructure.

4) MSIX

The endless packaging and repackaging of applications has been the source of constant headaches over the years. Whenever you’d purchase new software, the problems would begin. Someone had to come up with a solution, and thus MSIX came to the fore.

MSIX is a universal package format designed for Windows 10 apps and has support for desktop, mobile, and all other Windows 10 devices. It’s an improvement on AppX and aims to resolve app packaging issues. The UWP features, app customization, and support for all Windows applications make MSIX a massive improvement on the currently available installers. Key features include:

  • Reliability: MSIX can just about guarantee installs with a success rate standing at a very impressive 99.96%.
  • Network bandwidth optimization: MSIX only downloads the 64k block and this allows for a reduction in impact to network bandwidth. It does this by leveraging the AppxBlockMap.xml file that’s in the MSIX app package.  
  • Disk space optimizations: MSIX doesn’t duplicate files across apps and Windows will manage the shared files across apps. Because apps remain independent, updates won’t affect other apps that share the file.

What you stand to gain

Microsoft has created a product that gives you the advantages of both MSI and AppX while eliminating their limitations. And it doesn’t just work on Windows only. You can use it on Linux, OSX, iOS, and Android. MSIX enables you to take a huge step towards modern management. Instead of the previous uncertainties, it offers you safety, reliability, and predictability of deployment. Security is enhanced as well with Windows giving you integrity for apps through tamper protection and policy controls.

5) Microsoft Defender ATP

As amazing as the above technologies are, you cannot successfully modernize your IT infrastructure without effective cybersecurity. In fact, all your efforts would probably be futile. But, with Microsoft Defender Advanced Threat Protection (MDATP), you get an enterprise endpoint security platform that enables your enterprise networks to prevent, detect, investigate, and remediate advanced threats.

Main capabilities

  • Endpoint behavioral sensors: these are sensors that are embedded in Windows 10 that collect and process behavioral signals from the OS. This data is then sent to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
  • Threat and vulnerability management: MDATP has an overview of all the software on a device and can detect security vulnerabilities. It can then provide security recommendations for remediating endpoint vulnerabilities and misconfigurations.
  • Attack surface reduction: this capability enables you to put in place controls that reduce areas that are vulnerable to cyberattacks. With proper configuration settings and application of exploit mitigation techniques, this capability will resist attacks and exploitation.
  • Next-generation protection: MDATP offers you next-generation protection to catch all types of emerging threats.
  • Endpoint detection and response (EDR): EDR is designed to target advanced threats that make it past the first two security pillars.
  • Automated investigation and remediation: these capabilities help to create a reduction in the volume of alerts in minutes at scale.  
  • Microsoft secure score for devices: this tool will help you to carry out an assessment of the security status of your enterprise network and identify unprotected systems. After which, you can apply recommended actions to improve the overall security of your organization.

6) Windows Virtual Desktop

The advances that are happening in the field of technology not only enhance the modern workplace but can also completely change it. And with the internet creating “one global village”, the popularity of remote work has grown significantly. But for this to work, you need effective solutions. Enter Windows Virtual Desktop (WVD).

WVD is a desktop and app virtualization service that leverages the power of Microsoft Azure and runs on the cloud. So it can deliver a virtual desktop as well as remote apps to any device. Depending on your needs, you can configure WVD to run Windows 10 Enterprise, Windows 7 Enterprise, or Windows Server 2012 R2, 2016, 2019.

Benefits to your organization:

  • WVD gives you the ability to deliver Windows 10 desktops on any device, anywhere. By extension, you’ll give your employees an optimum virtual experience.
  • Cybersecurity is crucial and WVD has in-built intelligent security that is fully capable of proactive threat detection and remediation. Security protocols such as Azure Firewall, Azure Security Center, Azure Sentinel, and Microsoft Defender ATP ensure that corporate data is highly secure.
  • Your organization can become more efficient and productive because deployment and scaling can be carried out easily and quickly.
  • Utilizing the modern cloud-based virtual desktop infrastructure (VDI) is a great way to save costs. You’ll only pay for what you use.
  • Another way in which you’ll save costs is licensing. WVD is a free service so it comes with your Microsoft 365 or Windows per-user license.

Maximizing potential

By now most organizations are starting to appreciate just how legacy technology can hold them back. Instead of holding on to what has worked in the past, it’s important to know that technology can expire. Therefore, transformation is a must. Modern infrastructure will help you to reduce your costs, improve your cybersecurity, and provide easy and convenient access to corporate resources from anywhere. Microsoft has a vast array of technologies that can take your organization to the next level. The powerful and flexible hybrid-cloud architecture is something that we can all benefit from.