Microsoft 365 Business Tech Series Videos – Advanced Windows 10 Management

In late June I was approached to record some short technical overview videos on Microsoft 365 Business, and now that they are recorded and published, it’s time to review them, and provide some additional resources and any important updates since the content was created. This is the eight video in the series, and the focus is on stepping outside of the Microsoft 365 Business Admin Center to manage Windows 10 devices.

[embed]https://www.youtube.com/watch?v=wvb-9dfbJgo&w=560&h=315[/embed]

In the last post I covered the different options that Microsoft 365 Business provides in the Admin Center, which provides a great base for managing Windows 10 devices, but over time you will probably find you encounter a situation that requires something a bit more targeted. The good news here is that we have full Intune under the covers, and easily accessible through the Azure portal.

Picture3

Creating a profile

If you haven't looked at Intune, here are some of the device restriction categories from when the video was created.

[gallery ids="3150,3151" type="rectangular"]

Device Restrictions

One of the things that I always like to stress for people with existing Windows 10 devices managed by Group Policy is that there are some options for Azure Active Directory registration and Intune enrolment.  These are added alongside the traditional policies, so it doesn't have to be a rip and replace approach, and means you start getting some of the benefits that Intune can provide, without having to try to mimic every Group Policy setting in Intune. To see how well your current settings map to Windows 10 and Intune MDM, you can look at the MDM Migration Analysis Tool (MMAT).

Picture4

MMAT on Github

Other options that you have for managing Windows devices when using Intune's MDM capabilities is by using ADMX backed policies. as well as using Intune's ability to execute PowerShell scripts on the device. There is a list of the available ADMX-backed policies here, and the Intune Management Extension allows PowerShell scripts to be executed locally in the user or system context. The device needs to be Azure Active Directory Joined in order for this capability to work, so it's not something can be used with an Active Directory joined device that is registered with AAD and enrolled in Intune.

Capture.JPG

PowerShell configuration

If you haven't used Windows 10 with Intune or another MDM solution previously, my recommendation is to start with the Microsoft 365 Business Admin Center to get an understanding of the policies that are being created. There is a support article explaining the mapping of settings in the Admin Center to Intune, which should assist in getting a better understanding of what is happening under the covers.