How to Manage Windows 10 in your organization

Windows 10 offers the flexibility to respond to the world of a work anywhere with any device work style and can easily be deployed in mixed environments where employees use their own device, working part-time or while performing tasks outside the office. Windows 10 provides productivity enhancements and cost reductions, all while maintaining your Company’s standards for security and manageability. The operating system offers a variety of management options to support various work environments, as summarized below.   

Microsoft provides legacy support for manageability and security through Group Policy, Active Directory, and System Center Configuration Manager. And to deliver a cloud-first, mobile-first approach to simplified modern management, Microsoft uses Enterprise Mobility + Security (EMS). 

Windows 10 Deployment
With Windows 10, Companies can continue to use traditional Operating System deployment through imaging, or manage out of the box by leveraging provisioning.  To transform new devices into fully-managed, configured devices, IT departments can:

• Use Microsoft AutoPilot and InTune to dynamically provision from the OEM.
• Use Windows Configuration Designer to create self-contained provisioning packages.
• Use System Centre Configuration Manager or Microsoft Deployment to deploy custom images.

Identity & Authentication 
Windows 10, in conjunction with Azure Active Directory can be used for cloud-based identity, authentication and management.  Users can bring and self-provision their devices. For corporate devices, Azure Active Directory Join with Intune Modern Device Management enrollment allows users to bring devices into a corporate-managed state in a single step, all within the Cloud. 

Azure Active Directory Join is also great for temp staff, consultants, contractors and part-time employees. These accounts can be kept separate from the on-premises Active Directory domain, yet still provide the access needed for corporate resources. Most organizations would use a hybrid approach meaning that in certain use cases Azure AD Join would be beneficial for the corporate devices as well.

Settings & Configuration 
Your configuration requirements are defined by multiple factors including: 

• Level of management needed
• Devices and data managed
• Identity requirements 

These factors must be balanced with the employees' needs to access corporate email and documents from their personal devices.  With Windows 10, companies can create a consistent set of configurations across PCs, tablets, and phones through the common Modern Device Management layer. 

Modern Device Management 
Modern Device Management allows you to configure settings that achieve your administrative intent without exposing every possible setting. Modern Device Management enables you to: 

• Apply broad privacy settings
• Implement standard security measures
• Apply broad application management settings
• Target Internet-connected devices to manage policies 

Updating and Servicing 
With Windows as a Service, IT departments no longer need to perform complex project with every new release of Windows.  With Windows 10, all devices receive the latest features and upgrades through simple, automatic patching processes.  Modern Device Management with Intune and OMS provides tools for applying Windows updates to client computers in your organization and reporting compliance.  Configuration Manager allows more hands-on management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.  

Releases will come fast, so an operational model that supports the Windows 10 servicing channel will be crucial.  Join AMTRA in Calgary, Regina or Vancouver to hear Emile Cabot speak at our TECH TALK | Enabling Productivity with Modern Device Management.