Everything You Want To Know: The Anatomy of Windows 365

There is no denying how cloud-based solutions have evolved over the decades to become an integral part of most organizations’ operations. Businesses have grown to depend on these services to improve the ease of doing business as well as bolster their cyber security. With Windows 365, Microsoft enables businesses to operate more effectively as well as offer their workforce greater flexibility.

The arrival of Windows 365 coincides with an increasing need in the workplace to offer employees more agility. Organizations can take advantage of virtualization technology to increase their talent pool by hiring the best people from anywhere in the world.

By using services like Windows 365, these individuals can easily communicate and collaborate with team members from across the globe. Given how much there is to gain from Windows 365, I will today be going through everything you may need to know about this platform.

Breaking new ground with Windows 365

In July of 2021, Microsoft announced a brand new service that would enable users to access Cloud PCs from anywhere. Although similar features have been available through virtualization and remote access software, Windows 365 has now become the first official service from Microsoft.

As businesses increasingly embrace the idea of a hybrid work environment, Windows 365 is aiming to be at the forefront of the services that potential clients will be looking into. By streaming Windows 10 or Windows 11 onto almost any device, Microsoft will offer users the ability to take their desktops anywhere.

And Microsoft has assured clients that Cloud PCs will be highly secure thus users will be able to work remotely with greater peace of mind.

Accessing your desktop on the cloud will also be relatively easy because all you need is a modern browser or Microsoft’s Remote Desktop app. So as long as your internet connection is good enough to stream videos then you’ll be able to access your Cloud PC on most devices.

Users will get instant access to their Cloud PCs and can stream Windows sessions with all of their same apps, tools, data, and settings across Macs, iPads, Linux machines, and Android devices.

And according to Wangui McKelvey, a general manager for Microsoft 365, “You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.

Windows 365’s solid foundation

Ideally, any service that you want to invest in needs to have a proven track record. However, given that Windows 365 is still less than a year old there’s not much of a track record to go over.

This is why it’s important to understand the Windows 365 foundation. Because the company that has given us Azure Virtual Desktop (AVD) is the same that is responsible for the Windows 365 Cloud PC.

And if there’s anything that AVD has shown us it is that Microsoft has a good handle on cloud computing services. This is vital for you when considering Windows 365 because Microsoft has built it on its Azure infrastructure.

So you can rest assured that if you go with Windows 365, you’ll be investing in a service founded on a tried and tested platform. Therefore, we can take a look at AVD’s track record and some of what it has been able to offer clients.

Proven cost effectiveness

Azure Virtual Desktop has proven to be a cost-effective alternative to scaling up a traditional virtual desktop environment in your own data center. The reduction in expenses is something that could very well help you to have a better ROI.

AVD has also proven to be invaluable to companies because of how it lets organizations control apps and data while allowing their employees to access those resources on their own devices.

This means that you can offer your workers greater flexibility in how they work while still retaining overall control and keeping security standards high. Although you could get some of these benefits from a traditional VDI environment, the service that you get from Microsoft comes at a better price point with better security.

One of the greatest benefits that you will gain from investing in Windows 365 is that it will allow you to experience Windows 10 or Windows 11 at its very best. That’s in addition to having the full power of Microsoft 365 in your hands. AVD has built a reputation for offering clients a smooth experience when using these Microsoft products. And with Windows 365 being based on AVD, you can expect the experience to be even better.

Selecting an option

Microsoft wants to avail its Windows 365 services to as many organizations as possible. Obviously, that is not going to be a simple task considering the vast differences and needs between smaller companies and large enterprises.

However, Microsoft is determined to cater to the needs of the businesses that require this virtualization service. To that end, Microsoft offers us two different editions – Windows 365 Business and Windows 365 Enterprise.

The former is ideal for smaller organizations while the Enterprise edition aims at larger companies. And the great thing about these options is that they share a lot of the same range of features.

Windows 365 Business

This edition of Windows 365 is going to be targeting smaller businesses that require no more than 300 Cloud PCs. The service allows these companies to get a simple way to purchase, deploy, and manage Cloud PCs.

So if you do sign up for Windows 365 Business, you can easily provide Cloud PCs to any of your users that need them. Doing so allows them to stream their apps, data, content, settings, and storage from the Microsoft cloud.

Windows 365 subscriptions

Purchasing Windows 365 subscriptions can occur through the Windows 365 product site or via the Microsoft 365 admin center. And once you have purchased your subscription, you can assign licenses to users in your organization using the Microsoft 365 admin center. As far as sizing options go, there are fixed-price licenses for the different Cloud PC sizes. During the assigning of licenses to users, you need to choose a size option. The options come with different numbers of CPUs, RAM, and storage to cater to the different work needs. The table below details this information:

* Microsoft is retiring the first option (1vCPU) so clients are encouraged to select the 2vCPU option as the minimum configuration going forward.

The Windows 365 Business edition doesn’t have any licensing pre-requirements to purchase and deploy. Also, Microsoft has simplified the provisioning process which will use the default configurations.

After Cloud PC licenses are assigned, provisioning of those Cloud PCs occurs automatically using a standard image. When it comes to Windows updates, the default Windows Update for Business settings configures for users.

And if you have an Intune license, you can edit these settings. Moreover, device management is only going to be limited to the assigning and unassigning of licenses in the Microsoft Admin Center. Although, those that have Intune licenses may get some device management via Microsoft Endpoint Manager.

Users will be able to access their Cloud PCs from windows 365.microsoft.com or alternatively, they can use the Microsoft Remote Desktop app. During usage, users can restart, reset, rename, and troubleshoot their Cloud PCs.

Windows 365 Enterprise

The second option that Microsoft gives clients is for larger organizations that have significantly greater computing needs. Unlike with the Business edition, in this case, users will require licensing for Windows 10 or 11 Enterprise, Microsoft Endpoint Manager, Azure AD P1. The networking situation will see the networking go through a client’s Azure VNet since it’s not part of the license.

As the provisioning process goes on, each business can customize and configure the process to meet their specific needs. It’s the role of your admins to choose the network, configure user permissions, and then assign the policy to an Azure AD group.

With that done you can then provision the Cloud PCs using either standard gallery images or custom images. Microsoft Endpoint Manager can be ideal for managing Windows updates as well as for troubleshooting purposes.

Users can access their Cloud PCs in the same way as Enterprise clients from the Windows 365 website or via the Microsoft Remote Desktop app. Furthermore, users can restart, rename, and troubleshoot their Cloud PCs. And they’ll be assigned a standard user role by default.

However, the admin can change that in the Microsoft Endpoint Manager admin center. Windows 365 Enterprise offers high-end security measures through the use of features such as Conditional Access and integration with Defender for Endpoint.

In addition, for clients with E5 licensing, their Cloud PCs will respond to Defender for Endpoint policies and appear in MDE dashboards.

Cost of service

Regardless of how good a product may be, choosing whether or not to subscribe may ultimately come down to cost. As we’ve already discussed above, Microsoft offers two editions of Windows 365 and both of them have a range of configurations that clients can pick from. This should help all businesses that want Cloud PCs to find something that can fit within their budget.

So small businesses with less than 300 users and massive organizations with countless users can all potentially find a subscription that suits them. The pricing model has fees starting from $20 per user per month for the lowest-end SKU, up to $162 per user per month for the most expensive one. In addition, unlike with the consumption-based pricing model that you get with Azure Virtual Desktop, Windows 365 gives you fixed monthly subscriptions. And if you need to scale up, you have the option of getting a different subscription, as well.

Clients with the Windows 365 Business subscription can get a single virtual core, 2GB of RAM, and 64GB of storage for the starting price of $20.

However, this fee is only available for clients that have Windows Hybrid Benefit. The latter is Microsoft’s Bring-Your-Own license model. It is ideal in helping clients apply existing (or new) licenses toward the cost of a product. If not, then that cost goes up to $24.

But, if your organization requires a lot more, you can pay $158 for eight virtual cores, 32GB of RAM, and 512GB of storage. The same situation regarding Windows Hybrid Benefit applies here and so without it, the fee goes up to $162.

Pricing models

The pricing model is pretty much consistent. And the range of prices remains the same for Windows 365 Enterprise clients. Those that aren’t looking for a lot of computing resources can get a single virtual core with 2GB of RAM and 64GB of storage for the same $20.

However, if your computing needs are a lot greater then you can get the option that offers eight virtual cores, 32GB of RAM, and 512GB of storage for $158 per user per month.

Cloud PC Provisioning

The provisioning process in Windows 365 is an automated one that is going to:

  • create a Cloud PC virtual machine.
  • set it up for the end-user.
  • perform any other necessary tasks to ready the Cloud PC for use.
  • send access information to the user.

Life is easier for admins as they only need to furnish a few configuration details to get the provisioning process going. Once done, Cloud PCs will be automatically provisioned for all users who have a Windows 365 license and matching configuration details.

Because this process is a one-time per user and per license process, a user and license pair can only have a single Cloud PC provisioned for them. The complete process is going to follow the steps below:

  • Starts with the creation of a provisioning policy to manage access to the Cloud PCs. Provisioning policies are key to the entire process as they are responsible for building, configuring, and availing Cloud PCs to end-users. Each policy will require you to provide details regarding the on-premises network connection, the image used to create each Cloud PC, and an Azure AD user group.
  • Assignment of a Windows 365 license to users in the Azure AD user group will begin the provisioning process. And the provisioning of the Cloud PC will be carried out automatically by Windows 365. After provisioning, it will then send the necessary access information to the user. The automation will proceed in 3 phases that will be invisible to the administrator.
  • The last part of the process involves the end-user receiving the necessary access information that will allow them to sign in to the Windows Cloud PC from anywhere.

Windows 365 Architecture

Windows 365 architecture involves a host of solutions and flexibility.

Virtual network connectivity

All Cloud PCs are going to have a virtual network interface card (NIC) in Microsoft Azure. There are two available NIC management options:

  • Bringing an Azure subscription or managing the NIC won’t be necessary for those using Azure AD Join and a Microsoft-hosted network.
  • NICs are created by Windows 365 in your Azure subscription in instances where you bring your own network and use an OPNC.

The configuration of your OPNC will determine how the NICs are attached to an Azure Virtual Network. There are many regions in which Windows 365 is supported and to control which region is used you can:

  • Choose the Microsoft-hosted network as well as an Azure region.
  • Choose an Azure virtual network from your Azure subscription during the creation of the OPNC.

The region selected is what determines where the Cloud PC will be created and hosted. However, with your own virtual network access can be extended between your current Azure regions to other Azure regions supported by Windows 365.

Microsoft Endpoint Manager integration

Management of all Cloud PCs facilitates with MEM. The latter, along with associated Windows components, have various network endpoints. These must be allowed through the Virtual Network. If you don’t use MEM to manage Apple and Android devices, then you can ignore the endpoints.

The system requires you to only grant access to a subset of endpoints based on your MEM tenant location. Microsoft recommends allowing access to an entire region and not just a specific endpoint to allow for the possible relocation of tenants within a region.

Identity services

Windows 365 relies on both Azure AD and on-premises AD DS. With Azure AD you get:

  • User authentication for Windows 365.
  • Device identity services for MEM via Hybrid Azure AD Join or Azure AD Join.

For the configuration of Cloud PCs to use Hybrid Azure AD Join, AD DS offers:

  • On-premises domain join for Cloud PCs.
  • User authentication for RDP connections.

And for the configuration of Cloud PCs to use Azure AD Join, Azure AD gives you:

  • The domain join mechanism for the Cloud PCs.
  • User authentication for RDP connections.

Azure AD

User authentication and authorization for the Windows 365 web portal and Remote Desktop client apps is provided by Azure AD. Azure AD Conditional Access can include:

  • multi-factor authentication
  • sign-in risk management
  • restrictions based on location
  • device compliance controls
  • session limits

Active Directory Domain Services

Microsoft gives you the option of having your Cloud PCs either Hybrid Azure AD Joined or Azure AD Joined. Your Cloud PCs will require domain joining to an AD DS domain if you want to use Hybrid Azure AD Join. And that domain should synchronize with Azure AD. The domain’s domain controllers should be hosted in Azure or on-premises.

If it’s the latter, connectivity should be made from Azure to the on-prem environment. And the type can be either Azure Express Route or site-to-site VPN. The connectivity should be set up to enable communication from the Cloud PCs to the domain controllers, needed by AD.

Hosted on behalf of” architecture

This type of architecture enables Microsoft services to attach hosted Azure services to a customer subscription. Using this type of connectivity model allows a Microsoft service to provide options other than the usual consumption-based services. These include software-as-a-service and user-licensed services.

All Cloud PC connectivity comes from the virtual NIC. Because of “hosted on behalf of” architecture, you have Cloud PCs that exist in the subscription owned by Microsoft. This basically means the costs for running and managing the infrastructure are borne by Microsoft.

Azure Virtual Desktop connectivity

AVD is responsible for the provision of Cloud PC connectivity. Thus, there aren’t going to be any inbound connections directly from the internet to the Cloud PC. Rather, the connections will establish from:

  • The Cloud PC to the AVD endpoints.
  • The Remote Desktop clients to AVD endpoints.

Microsoft recommends the use of Service Tags for AVD to identify these endpoints. By doing so you should be able to ease the configuration of network security controls. It’s also worth noting that configuring your Cloud PCs to make these connections is not a pre-requisite.

The integration of AVD connectivity components into gallery or custom images is seamless with Windows 365. Furthermore, third-party connection brokers aren’t going to be supported on Windows 365 Cloud PCs.

How businesses will benefit

Having a great-sounding service availed to you is one thing, but after looking into what Windows 365 is, you still need to know how exactly this product will help your business. After all, there are plenty of great services out there that just aren’t a good fit for your business. So what are the benefits that Windows brings to an organization?

Remote access with Windows 365

Most people across the globe have probably familiarized themselves with remote work over the last couple of years. Although plenty of businesses saw the need for remote access during the pandemic, the need for it has grown beyond the pandemic scenario.

One of the things that some people may be looking at when considering career opportunities is the availability of remote access. This may just prove to be key in attracting as well as retaining the best people you can find for your organization.

The Windows 365 Cloud PC gives users the ability to carry their desktops with them wherever they may be. Therefore, access to the cloud is going to be simple and hassle-free because users won’t need to be at a workstation in the office to access corporate resources.

Lower hardware costs

If you tell any business that you can potentially help to lower operating costs then most would probably at least want to give you a few moments of their time. And this is what Windows 365 aims to achieve with the Cloud PC. The cost of purchasing high-end computers for the office that can meet the needs of the various users is no small one.

But, when your PC is running in the cloud then the actual device that you need is less important. Microsoft allows users to access their Cloud PCs from most devices including those running macOS, iOS, Android, and Linux.

This means that users don’t necessarily need to invest in new devices. Not only that, but in the long run, you may not need to refresh your hardware as often thus lowering your expenses even further.

Secure hybrid work

As attractive as the possibility of working remotely may be, without top-notch security the option is not viable. Microsoft enhanced security measures by implementing Zero Trust principles. These enable each request to be fully authenticated, authorized, and encrypted before granting access.

Add to that the fact, data is not stored on the physical devices. They’re instead on the cloud and you have even more protection around your data. These measures should help to assuage concerns about the security of remote work as well as the risk of security breaches.

Not to forget as well that Windows 365 clients can benefit from the already existing solutions that are part of Microsoft Endpoint Manager. Microsoft has also made specific security recommendations that I will be addressing below.

Simple to use

Another feature that Microsoft puts forward as a highly attractive one for Windows 365 clients is how easy the service will be to use.

In fact, Microsoft has gone so far as to say that organizations won’t need to hire specialist IT professionals to set up and manage the Cloud PCs. Features such as easy management and instant start-up enable users to have the ability to work traditionally without any prior virtual work experience. This is something that may also help you to lower overall operating costs.

Furthermore, your IT staff can manage, deploy, and configure the PC environment just as they have done all along.

Windows 365 security measures

Continuing on from what I touched on above, there are other security features that are important to know. Microsoft gives Windows 365 certain capabilities straight out of the box. These capabilities will enhance your security. Just as you have with your physical computers, Windows 365 Cloud PCs will come with Microsoft Defender. This helps to ensure that your device is secure from the first-run experience.

Also, the provisioning of the Cloud PCs uses a gallery image to facilitate. To ensure improved security, the image will have the latest updates for Windows 10 through Windows Update for Business. There are some differences worth noting, regarding the security measures for Windows 365 Business and those for Windows 365 Enterprise.

Windows 365 Business

Since Windows 365 Business is a service aimed at smaller organizations, particularly those that may not have IT staff, users on this edition receive local admin rights to their Cloud PCs. So this situation basically replicates what happens with a lot of small businesses whereby users purchase computers and retain local admin rights.

For IT departments that want to use Windows 365 Business for particular cases, they need to follow standard security practices if they intend to make those users standard users on their devices. To use MEM for this approach, you’ll need to follow the guidelines below:

  • The process starts with device configuration to enroll the devices in MEM

               using automatic enrollment.

  • The next step involves the management of the Local Administrators group.

               This works using Azure AD or MEM.

  • In addition, it would be a good idea to have Microsoft Defender Attack

               Surface Reduction (ASR) rules enabled. This would be very useful because

               these rules are in-depth defense mitigations for specific security concerns,

               such as blocking credential stealing from the Windows local security

               authority subsystem.

Windows 365 Enterprise

When it comes to Windows 365 Enterprise you’ll start to see some significant differences. This edition is perfect for organizations that have dedicated IT teams.

This makes things slightly easier for IT, as you have a system molded on the management and security that Microsoft Endpoint Manager provides. All Cloud PCs in Windows 365 Enterprise configure users as standard users by default.

However, admins still have the ability to make exceptions on a per-user basis. Furthermore, all Cloud PCs will enroll in MEM with reporting of Microsoft Defender Antivirus alerts.

You’ll also get the ability to onboard into the full Microsoft Defender for Endpoint capabilities. Microsoft makes the following security recommendations for users of Windows 365 Enterprise:

  • Users should stick to standard Windows 10 security practices. This also means restricting access to your Cloud PC using local administrator privileges.
  • You need to deploy Windows 365 security baselines to your Cloud PC from MEM. Furthermore, you should utilize Microsoft Defender to protect your endpoints, especially all Cloud PCs.
  • Taking advantage of Azure AD conditional access is a must. With features such as MFA and user/sign-in risk mitigation, you can significantly reduce the risk of unauthorized access to your Cloud PC.

Communication and collaboration

Windows 365 not only provides a platform that facilitates remote work for your organization but also ensures that team members can work together regardless of location. Clients can take full advantage of the power of Microsoft Teams to ensure that communication in your organization happens smoothly.

By using Teams, your organization can set up your environment in a way that best suits you. And when you are ready to use Microsoft Teams, the users can download the Teams client from https://teams.microsoft.com/downloads. And just like Windows 365 itself, you can install the Teams client on various devices such as Windows, Mac, or Linux PCs as well as on your Android or iOS devices. However, you’ll need to ensure that all these users have the necessary Teams license.

Some of the more important elements in Teams include chat, teams, and channels. With chat, you can have one or more users talking, sharing files, or meeting privately. Teams will enable collaboration on any project at any time. And it can be visible to the entire organization or just the relevant team members. Then, channels can help segment topics, projects, or anything else within teams in a way that suits the way you would like to work.

For businesses

Meetings and conferences are two major things that businesses need to conduct to keep things moving smoothly. By using a Teams or Skype for Business client, individuals can participate in meetings to which they’ve been invited. Even if you happen to have a bad internet connection you can still participate in meetings via audio conferencing. All you need is your regular phone, the conference phone number, and the meeting ID. Although meetings are enabled by default, you can still retain control of the meeting experience.

Smaller businesses with fewer than 300 users can utilize Microsoft 365 Teams Phone with Calling Plan to establish an office phone system. They can do so without having a complex, costly on-premises phone system. The system will include a phone system menu, caller ID, voice mail, and other great features. So all of these features are going to enable the Windows 365 Cloud PC experience to basically simulate the office experience. Those working remotely won’t miss out on collaborating with their colleagues, sharing ideas, and crucially maintaining social connections with others. Without this, working remotely could quickly become a difficult, isolated affair.

Easy administration management

Going through the information that we have on Windows 365, it becomes abundantly clear that there are countless benefits for end-users. But, your IT admins will also want to know if they’ll also see changes when compared to other services. And the reality is, the ease of use principle that Microsoft applies to Windows 365 extends to your IT team as well. From the management perspective, there is plenty to be excited about starting with the fact that there is no need to have headaches about the infrastructure you need to set up to get the Cloud PC experience. Microsoft handles that side of things.

Also, admins won’t need to get certified in anything else or learn new management tools. This is because Windows 365 is designed for all organizations even those without expert IT pros on staff to be able to run it without difficulty. Furthermore, you’ll be happy to know that the way you currently manage your physical devices with Microsoft Endpoint Manager will for the most part be similar to the management of Cloud PCs. A good example of this is that if you navigate to the All Devices list in Microsoft Endpoint Manager, you’ll see both your physical and Cloud PCs listed side by side.

Admin ease

Admins will also find that the deployment process is not complicated at all. For users to get a Cloud PC assigned to them, there are pretty much just two requirements that need to be met. They need to have the necessary license in addition to being part of an Azure AD Group that’s assigned to a provisioning policy. The process starts in the Microsoft Admin Center where you assign licenses similarly to how you would for other Microsoft 365 services. You can have a licensing admin take care of this particular task. After that, you can head over to Active Users and perform the assignment.

With that done, you can now give users Cloud PCs and set them up with Microsoft 365 as well. As soon as a user is added to a group, the Cloud PC provisioning process will be launched and it won’t be long before the Cloud PC is ready for use. And with Windows 365 using a fixed price per user per month model, there’s no extra workload involving tracking, utilization, or keeping idle resources running.

Wrap Up

Windows 365 is a service that has countless different applications that can help businesses, both large and small, to completely change their IT environment. Taking advantage of the Cloud PC can mean potential changes in policy about who and how your organization hires. The ability to give employees remote access without compromising collaboration gives you a far deeper pool of talent to choose from when looking to hire people. The cost of the service is something that can also help your business by reducing expenditure on hardware. Not having to provide employees with brand new high-end computers and reducing hardware refresh rates can go a long way in improving your bottom line. In addition, when you consider how Microsoft has designed Windows 365 to be easy to use then you begin to see a platform that can change the virtualization sector. Undoubtedly, there’s still a lot more to come as the service improves but for now, Windows 365 has certainly offered a lot to be excited about.

Microsoft Intune – New Updates in PowerShell Scripts

Microsoft Intune is one of those brilliant products that has helped to optimize IT infrastructure for many businesses. It’s a platform that can transform your business into a modern workplace. And its capabilities are almost without limit. If you want to upload PowerShell scripts in Intune, there is the Microsoft Intune management extension (IME) that you can use for that. This management extension can enhance Mobile Device Management (MDM) resulting in a simpler move to modern management. With all this done, you can then run these scripts on Windows 10 devices. PowerShell scripts are important in a lot of different use cases and this blog is going to take a look at what this technology can do.

What is PowerShell?

PowerShell is a scripting and automation platform belonging to Microsoft. It’s an amazing product that is both a scripting language as well as an interactive command environment that is built on the .NET framework. Released back in 2006, PowerShell was basically a replacement for Command Prompt as the default method for automation of batch processes and creation of customized system management tools. PowerShell can easily automate laborious admin tasks by combining commands known as cmdlets and creating scripts. Available in all Windows OS starting with Windows 2008R2, PowerShell plays a huge role in helping IT professionals configure systems.

Adopting modern management

Modern workplaces now have plenty of user and business-owned platforms allowing users to work from anywhere. With MDM services like Microsoft Intune, you can manage devices that are running Windows 10. The Windows 10 management client will communicate with Intune to run enterprise management tasks. Windows 10 MDM features will be supplemented by IME. With this in place, you can create PowerShell scripts to run on Windows 10 devices e.g, creating a PowerShell script that does advanced device configurations. Having done this, you can upload the script to Intune and assign the script to an Azure AD group. Then run the script. Moreover, you can monitor the run status of the script from start to finish.

Latest updates from Microsoft

In November 2020, Microsoft announced the general availability of PowerShell 7.1 which is built on the foundation of PowerShell 7.0. The goal was to bring about improvements and fixes to the existing technology. Some of these features, updates, and breaking changes include:

  • PSReadLine 2.1.0, including Predictive IntelliSense
  • PowerShell 7.1 has been published to the Microsoft Store
  • Installer packages have been updated for new operating system versions with support for ARM64
  • 4 new experimental features and 2 experimental features promoted to mainstream
  • A number of breaking changes that improve usability

Using scripts in Intune

Before IME can automatically install, when a PowerShell script or a Win32 app is assigned to the device or user, a few prerequisites should be met:

  • Windows 10 version 1607 or later, Windows 10 version 1709 or later for devices enrolled using bulk auto-enrollment.
  • Devices joined to Azure AD including Hybrid Azure AD-joined which consists of devices that are joined to Azure AD, and are also joined to on-premises Active Directory (AD).
  • Devices enrolled in Intune namely devices enrolled in a group policy, devices that are manually enrolled in Intune, and co-managed devices that use both Configuration Manager and Intune.

Script policy creation

Start by signing in to the Microsoft Endpoint Manager admin center. From there you’ll select Devices then PowerShell scripts then add. Under Basics, you will then have to provide a name and a description for the PowerShell script. Next, you go to Script settings and you’ll have to enter the required properties. After that, you select Scope tags, however, these are optional. And then select Assignments > Select groups to include and an existing list of Azure AD groups will be shown. Lastly, in Review + add, you’ll see a summary of the settings you configured. Select Add to save the script. When you have done so, the policy is deployed to the groups you chose.

Important considerations

If you have scripts that are set to user context with the end-user having admin rights, by default, the PowerShell script runs under the administrator privilege. Also, end-users don’t need to sign in to the device to execute PowerShell scripts. The IME agent checks with Intune once per hour and after every reboot for any new scripts or changes. In the event of a script failing, the agent attempts to retry the script three times for the next 3 consecutive IME agent check-ins. And as far as shared devices are concerned, the PowerShell script runs for every new user that signs in.

PowerShell scripts limitations

Although with Microsoft Intune you can deploy PowerShell scripts to Windows 10 devices, there are a few limitations worth noting. These include: 

  • You won’t get support for running PowerShell scripts on a scheduled basis.
  • Although you can see whether the PowerShell script execution succeeded or failed, the output generated is only available on the endpoint that executes it and is not returned to the MEM Admin Portal.
  • Since executed PowerShell scripts are visible in the Intune Management Extension log file as plain text, credentials can’t be passed securely.
  • The Intune Management Extension agent responsible for executing PowerShell scripts on the endpoints only checks once an hour for new scripts so there is a delay with execution.

Wrap up about Microsoft Intune

Maximizing the time we have is increasingly a massive concern for most organizations. Technological innovation has made it such that we can have more productive time on our hands. PowerShell is a product that is very useful to IT professionals for overall system management. By being able to automate the administration of Windows OS and other applications, organizations can operate more efficiently. The evolution of this platform since its release fourteen years ago has seen it grow from strength to strength. Undoubtedly, this is a product that can easily boost your productivity.        

7 Ways Microsoft 365 Can Help Manage Your Organizational Governance

These days, you will find cloud services offering some pretty amazing features. Platforms like Microsoft 365 (M365) have been developing their functionalities at a very fast pace. With all of those changes, businesses can expect to benefit as well. And they do. The advances in cloud technology have had a significant impact on things like corporate data security and remote work. Moreover, the round the clock support you get from Microsoft experts allows you to swiftly deal with any issues. Even more importantly, M365 helps you manage your organizational governance and that’s something we want to take a closer look at in this conversation.

Governance in Microsoft 365

Under Microsoft 365, the key thing is the protection of essential data assets while minimizing risk. There are a few crucial areas that need consideration. Firstly, there is operational assurance. This is mainly an IT task responsible for the operation and performance of the platform. Next, we talk about information assurance. For this, you need to know the regulatory requirements as well as the goals of the business because it involves the management of information throughout the lifecycle. Lastly, we’ll talk about outcome assurance. This part is concerned with providing the necessary guidance to enable an organization to obtain favorable outcomes.  

Preparing your business

Cloud services are constantly evolving and that means businesses need to adequately prepare. These continuous changes can have positive or negative effects depending on your governance policies. It’s important to have policies that best suit your IT team to ensure maximum productivity. Although leveraging the power of the cloud has numerous benefits, your IT team still needs to maintain a framework that guarantees data security. All of this requires the company to set up informed governance policies that are regularly updated as and when necessary.    

Service offering

When it comes to IT governance for M365, all the services you get with M365 including Office 365 and Enterprise Mobility + Security are considered. Businesses will need to assess aspects such as user lifecycles and legal data requirements for the governance framework. It’s important to note that employee recruitment or retirement can upset your governance processes because user and data lifecycle concepts are designed and applied in an expanded form. Given that there will be other employees that need greater access and security, you need to establish protocols for these groups. This will help to maintain corporate data security while granting secure access to those that need it.  

Great communication platforms with Microsoft 365

Most people will agree that good communication is an absolute necessity for any business to operate properly. Again, this is something Microsoft 365 fully understands. You can have the best business strategies but without good communication channels, your business will struggle. To facilitate great communication, M365 clients can get in touch via Skype, voice calls, and video calls. Yammer and other business platforms are also available when it comes to organizing projects. As well as giving users fantastic options for communication, these platforms are highly secure. So management can rest easy knowing that they can easily relay information and organize projects without worrying about security.  

Improve service delivery with Microsoft 365

Online platforms have changed the way that clients can interact with businesses. In addition, these platforms also enable businesses to market themselves better to potential clients. With the amount of information available online, decision-making is a lot easier. For instance, through the use of Outlook’s CRM capabilities, you can track your clients and establish business relationships. You also have Microsoft 365 Business that you can use to create mailing lists and manage your marketing emails. Clients get increased convenience because of Bookings which allows them to make appointments anytime, anywhere. Because of the popularity of social media and its significant reach, Microsoft 365 Business also helps you to manage these platforms. It does this by updating the information on your social media platforms and making communication with clients easier.              

Microsoft information governance

Information governance has a massive role to play in how effectively an organization operates. With information being a very valuable asset, you cannot afford to compromise your data management. You need to start by understanding the type of information that is governed, something that is done with retention labels which drive the automated lifecycle management of all data. After this, you can configure the labels in a few different ways. You can publish the labels, use MIG/ADG to auto-apply labels, or apply pre-applied labels in bulk. Information governance gives you a system for comprehensive data management on a secure platform.

Effective device management

In these times when plenty of people are working from home, managing employees’ devices is essential to overall organizational governance. Not only is this important to maintain productivity levels, but it’s also necessary for data security. By joining Azure AD and enrolling in Microsoft Endpoint Manager (MEM), users will encrypt their devices and obtain certificates enabling them to access VPNs, Wi-Fi, etc. Furthermore, this will keep employees’ devices up to date, secure, and compliant with all your policies. MEM is a great tool for any business looking to organize their workforce when working remotely without compromising data security.

Simplifying management

Good management is often what makes the difference between successful businesses and struggling ones. Likewise, good technology can have a similar effect on your business. Which is why it’s not a bad idea to check out Microsoft 365. It’s a package deal that has some of Microsoft’s best products, not least of which is the hugely popular Office 365. The tools you get in this package will not only help but improve your organizational governance. Easier communication, advanced security, and 24/7 support help to make your business run efficiently. So if you want to simplify management for your organization, M365 is a great place to start.

What You Can Learn From Microsoft Endpoint Manager Analytics

The importance of data analysis has been steadily growing in the last couple of decades. And as technology has continued to evolve, the tools that we have available to us have significantly improved. These tools help businesses get a clearer view of their operations. One of the more recent offerings is Microsoft Endpoint Manager Analytics (MEMA). With this product, Microsoft is aiming to help organizations measure and improve their productivity. These days, businesses are placing significant emphasis on the degree of productivity of their employees. Therefore it’s important to have a way to actually see this and that’s what we’ll be going over below.

What is Microsoft Endpoint Manager Analytics?

Endpoint Analytics is essentially a new feature that Microsoft has added to Microsoft Productivity Score. What it does is to provide you with information on how the organization is operating as well as the experiences that your users are receiving. Moreover, it can pinpoint policies or hardware issues that are slowing down devices and then make any necessary changes without causing needless disruptions. Therefore, Endpoint Analytics can provide insights that are normally unavailable to IT because of a lack of visibility into the end-user experience. And it can offer this service at a better cost as compared to the costly support channel that you would otherwise use.

Getting started with Microsoft Endpoint Manager

Once you’ve met all the requirements, the actual process of enrolling a device is pretty straightforward. For Intune-managed devices, you need to go to the Onboard in the Endpoint Analytics portal. When you’re enrolling devices that are managed by Configuration Manager, there are a few steps to follow. Firstly, you have to go and enable Endpoint Analytics data collection in Configuration Manager. Next, you’ll need to enable data upload from Configuration Manager. And the last step involves onboarding in the Endpoint Analytics portal. You will see the connector status light up in Microsoft Endpoint Manager once you have successfully enabled.

Startup performance

This is an area that can be of great concern when it comes to causing delays to your employees. By measuring time to productivity, you can easily see where users are losing time. Endpoint Analytics will help your organization by identifying lengthy boot and sign-in times and then resolving them. In addition, you’ll get a couple of recommended actions that you can take to improve startup times. Having this data at hand enables you to evaluate your startup performance. You can then use this data and compare it to other organizations thus getting a better view of how you’re doing as a business. 

Software optimization with Microsoft Endpoint Manager

A lot of the time, increasing productivity only requires you to optimize your current software. MEMA plays a key role by providing you with information for improving user experience by optimizing your operating system as well as the versions of Microsoft software that you are already using. You’ll get to benefit from insights for various deployment and management services. Among these are Windows Autopilot, Microsoft Intune, Configuration Manager, Windows 10, and Azure Active Directory. Although you may already be using these platforms, analytics gives you data that helps you to get the most out of them.

Swift problem resolution

In the past, one of the major causes of delays has been users having to wait for IT to resolve problems. However, Endpoint Analytics provides proactive remediation scripting. Simply put, this great feature will resolve common support issues on any of your endpoints. Not only that, but it will fix these problems before users even know there’s an issue. There are built-in scripts that you can use for common issues. But, there is also the possibility of authoring your own scripts based on what issues your users frequently encounter.

Licensing requirements for Microsoft Endpoint Manager

A valid Microsoft Endpoint Manager license is necessary to enroll devices in Endpoint Analytics. In addition, for proactive remediations, one of the following licenses for managed devices will be required:

  • Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows Virtual Desktop Access E3 or E5

Requirements for Intune devices

Devices under co-management or enrolled in Intune running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education. Windows 10 Home isn’t supported. Only devices with Windows 10 Enterprise, Education, or Pro version 1903 or later will get startup performance insights. It’s also important to note that workplace joined or Azure AD registered devices won’t be supported. Lastly, you need to ensure that the Connected User Experiences and Telemetry service are running.

Configuration Manager requirements

For devices that are under the management of Configuration Manager, you’re going to need a minimum of Configuration Manager version 2002 with KB4560496 – Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later. Also, the Configuration Manager clients need to be upgraded to version 2002 or later. And then you should ensure that the Microsoft Endpoint Manager tenant is attached. Another thing to remember is that enrolled devices that meet the Intune requirements will send required functional data directly to Microsoft public cloud.

Enhance your productivity

Common issues that trouble most organizations should not have to persist indefinitely. Time is a priceless commodity and your business needs to strive to fully enhance productivity. Hence the importance of software such as Microsoft Endpoint Manager Analytics. Its ability to furnish you with a comprehensive overview of how your organization is operating has the potential to make it key to your business strategies. Evaluating the problem areas affecting your users and resolving them without disruption will immediately improve workflow. Although Endpoint Analytics is still very much a new product, it’s certainly one that looks like most businesses could need.