Blogabout.Cloud

Back in July Microsoft announced that it is now possible to configure enrolled Windows 10 devices with Administrator templates that are very similar to Windows Group Policies. Since this announcement Microsoft has made further progress introducing administrative templates for Windows, Office and most recently Edge.

Microsoft Endpoint Manager is becoming more common as businesses around the globe adapt, adopt and migrate more of their workloads to the Microsoft Cloud.

Let’s dive into the reasoning for removing Windows 10 Group Policies and adopting Administrative Templates from Microsoft Intune. One of the most valuable things that any business can do is enrol their Windows 10 devices in Microsoft Endpoint Manager as it provides a lot of additional functionality which cannot be deployed using the conventional on-premises infrastructure.

This modern management of Windows 10 allows businesses to apply policies to devices that may not be connected to the corporate LAN but have an internet connection. This provides the protection, configuration and compliance to the end-user device whether they are in or out of network.

I have been working with several customers recently who have seen huge value from moving their group policy objects (GPO) to Administrative Templates. Many of the organisations deployed legacy or out of date group polices to their end-users which are not needed and in some cases cause a security hole within their Windows 10 build.

Adopting Microsoft Endpoint Manager allows businesses to evaluate their GPO structure and condense their requirements. Condensing your GPO’s with administrative templates is just the start of the journey to modern management.

• Do you deploy applications via GPOs?
• Do you deploy registry keys via GPOs?

If you do, these can also be delivered using the power of the Microsoft Cloud and specifically Microsoft Endpoint Manager. I have recently been deploying a large number of core applications to Windows 10 including reg key modifications using a PowerShell script from within the MEM portal. So as soon as the Windows 10 device is enrolled and has an internet connection, all applications and policies are configured with the devices regularly poling for any updates/changes made within the Intune portal.

So isnt time you investigated what Microsoft Endpoint Manager can do for you today?

Regards,
The Author – Blogabout.Cloud

Microsoft has heavily invested in the Android ecosystem and continues to work with Google to provide the best possible platforms for users and enterprises to work hand in hand. Microsoft has ensured their flagship products are available through the Google Play Store as shown below

With Microsoft Intune we have 4 methods of deployment;

Andriod App Protection Policies (APP) Managed

This solution is targeted for BYOD devices that are not enrolled but access corporate data from the approved corporate apps, for example; Outlook, Word and Excel. App Protection Policies are placed on the applications that are accessing corporate data to ensure the security requirements are met.

More information can be found via the following url about App Protection Policies. https://docs.microsoft.com/en-us/intune/apps/app-protection-policy

Android Enterprise Work Profile

This solution is targeted for BYOD devices that are enrolled to define a clear boundary between personal and corporate data. As all corporate data is stored within its own encrypted container whereby settings can be defined to control cross-profile contacts, sharing app push, certificate deployment, resource access configuration. This is the most common approach for handling BYOD devices within businesses around the globe.

More information about enrollment for Work Profile can be found via the following url https://docs.microsoft.com/en-us/intune/enrollment/android-work-profile-enroll

Andriod Enterprise dedicated (kiosk)

This solution is targeted for corporate-owned devices that are designed for a particular task. The easy way to describe this would be;

The Android device(s) are owned by an event management company, they loan out the devices to Exhibitors for lead retrieval. As they only need to access one application the device(s) are locked down to this single app. This solution provides a highly configurable home screen experience with “Managed Home Screen” app and following new capabilities have been launched by Microsoft

• SCEP certificate-based Wi-Fi (November release)

• System app support

• Home screen branding customization

• Wi-Fi and Bluetooth user controls

• Kiosk drop-out code

Android Enterprise Fully Managed

This solution is targeted for corporate-owned devices which will be completely managed by the organization but used by one of their members of staff. This scenario provides a fully secure corporate device that the user is unable to tamper with or modify. The Google Play Store is locked down to only applications approved by the organization, this is my personal preference for only corporate devices.

Coming in 2020: Fully Managed with Work Profile

Expected this year, once more information is available. I will be doing into detail about how to leverage a fully managed with work profile 🙂

Regards,
The Author – Blogabout.Cloud