The Modern Workplace: Windows 10 and Modern Management
By: Pablo Banzato, Sr. Director, Cloud Architectures
The Digital Transformation has a great representation in the Modern Workplace management of Windows 10. Since the release of Windows Autopilot in Intune, the capabilities for a full device management lifecycle based on an IT zero-touch experience and end-user self-service deployment and configuration of Windows 10, Windows device management has increased its capabilities with Intune driven Administrative Template based management policies that represent a full breath alternative to traditional IT management found in On-Premises infrastructures.
Windows 10 includes a new interface to read, set, modify and delete configuration settings called Configuration Service Provider (CSP). This interface executes configuration using over-the-air device management policies applied by Intune as part of the cloud-based capabilities for Windows 10 modern management.
This makes Windows 10 an operating system that can be managed through GPOs, WMI and System Center infrastructure in a traditional Active Directory based deployment, as well as a modern device management solution using Intune and CSP policies. If you are wondering if you can use both, the answer is yes, including settings to dictate which policy wins in the event of conflicting GPO and CSP settings.
Key features and capabilities of Windows 10 in a Modern Management environment include the following:
Deployment and Management
Windows Autopilot is tightly integrated with Azure AD and Intune for a fully automated provisioning process and management enrollment through the out-of-the-box (OOBE) experience. Intune driven software deployment and device configuration brings corporate security and productivity without the need to creating OS images.
Identity and Authentication
Using Azure Active Directory, administrators can choose to configure corporate devices through a fully automated, Intune driven device management where users authenticate to Azure Active Directory through an Azure AD join device relationship.
BYOD capabilities help maintain end-user device ownership while connecting a work account and access corporate resources securely.
Built-in Intelligent Security
Features such as Windows Hello for Business, Windows Defender ATP, Azure AD Conditional Access, Identity Protection, Device Guard and Credential Guard use built-in technology that integrates with all modern management aspects of Windows 10 and Microsoft 365 cloud-based solutions.
Updating and Servicing
Enterprise Mobility and Security capabilities provide for a modern approach to keeping devices up to date in an aligned updating cycle, when increasing security threats requires a shift in the process of how Windows 10 and Office 365 ProPlus are updated without the need for On-Premises software update infrastructure.
A combination of Active Directory and Azure Active Directory device relationship, as well as Intune and System Center Configuration Manager co-management capabilities allow organizations to plan a phased-in approach to modern management without having to choose one over the other without a transition option.