What we do
If you've held off from upgrading to Windows 10, or been frustrated by any bumps in the road you've encountered, we have some good news about a number of exciting updates that have recently appeared on the scene.
There's been a degree of hesitancy around the modern management of Windows 10; you may have heard about some of its limitations with provisioning and managing devices. And if you have taken the plunge and entered the world of Windows 10, no doubt you've been eagerly anticipating new developments to improve management capabilities and user experience. We're really excited about the new features that have sprung up recently which will provide real benefits, saving users time, improving security and providing a slicker experience all round.
The new AutoPilot feature was an unexpected but very welcome surprise update! It's long been needed, allowing organisations to automatically provision corporate owned Windows 10 devices into their Mobile Device Management (MDM) solution.
Windows AutoPilot supports the modern management approach, removing the need for devices to be manually provisioned in-house by IT teams. When a user powers up a device and connects to the internet for the first time, AutoPilot performs an Azure AD Join, automatically enrolling the device into the organisation's MDM solution. This removes the need for IT teams to reimage devices and relieves the burdens typically associated with device imaging. AutoPilot leaves the user ready to go from wherever they are, meaning that devices can be delivered direct to the user, work ready, without having to set foot in the organisation's IT department.
An added bonus of Windows AutoPilot provisioned devices is the option to remove local admin privileges from the user on Azure AD Joined devices - previously local admin privileges were granted to end users during the Azure AD Join process. We think Autopilot has the potential to revolutionise the way organisations deploy devices, speeding the process and allowing users to self-serve, provisioning their own devices. It’s been a missing feature for a while, and we can see it promoting mobility and releasing the IT team to work on more targeted projects.
More information on Windows AutoPilot can be found here.
Intune brings Windows 10 feature update management to the Azure portal
A quick side-note – you might now hear 'Semi-Annual Channel' referred to – this is the new name for Current Branch/Current Branch for Business. More information on the latest changes to the Windows as a Service (WAAS) model can be found here.
The deployment and management of the WAAS lifecycle to MDM managed Windows 10 devices can now be easily managed using Intune from the new Azure AD portal. This allows organisations to align their Semi-Annual Channel Windows 10 devices to update rings, granting IT departments control over the Windows 10 features updates that are deployed to end-user devices. Servicing tools in the Semi-Annual Channel can delay feature updates as well, if required, whilst pilot deployments can be released for testing to a controlled selection of devices.
The ability to easily manage the deployment of feature updates to MDM managed Windows 10 devices via Intune has previously been seen as a major barrier for organisations that want to adopt the modern management approach for their Windows 10 devices, so this is a great step forward.
Windows 10 Enterprise licensing on Cloud Solution Provider channel, targeted at users
Another great new feature that has been missing from Windows 10 is a modern management approach to licensing the operating system. For organisations on the Cloud Solution Provider (CSP) channel, Windows 10 Enterprise licensing can now be applied to end users, similar to the way Office 365 or Enterprise Mobility and Security (EM+S) works. When an end user with a Windows 10 Enterprise license assigned to them logs onto a device running Windows 10 Pro OEM, the device will automatically and seamlessly be upgraded to Enterprise, removing the need for the IT department to reimage the device to upgrade it. This is a great development for organisations that have highly mobile workers, and will save costly time and manpower.
Finally, good news for organisations with macOS users and EM+S. Having previously struggled to manage security and access on macOS devices, a new conditional access feature ensures that macOS devices are compliant with policies such as device encryption and password security before granting access to Azure AD federated services and apps. Although this feature is still in preview, it's great progress and shows that the capabilities for modern management of macOS devices are coming to EM+S.
More information on macOS conditional access within EM+S can be found here.
These new features demonstrate an exciting step forward for Windows 10 and EM+S in promoting agile working without compromising the security of services. Here at Softcat, we understand that the fast paced business world demands high quality user experience, whilst keeping effective and streamlined management and security. We think these great new capabilities show that Windows 10, alongside Office 365 and EM+S, is carefully and concertedly deploying updates with real benefits and we're eagerly anticipating more positive improvements!
If you’re as excited about these new features as we are, get in touch with your Account Manager to see how you can get the best out of these updates.
We would love to hear any comments you have about this article!