Tuesday, January 25, 2022

Demystifying Windows 10 in cloud configuration

Must read

Kenneth van Surksumhttps://www.vansurksum.com/
I started my career in 1995 as a System Engineer in the broadcast industry, building and maintaining video editing suites and television studio's and later specializing in Telecine equipment. In 1998 I switched to a first line support function within the Information Technlogy on the dealing room of a large bank, working my way up to a 3rd line support engineer. From this position i started to work on projects, which eventually resulted in projects where I worked across the border. In this period I implemented and designed several deployment solutions for mass rollout of workstations, laptops and servers. Since 2009 I switched to a consultancy function mainly focusing on but not limited to System Center design and implementation projects, besides that I became a Microsoft Certified Trainer (MCT) and currently teach System Center Related Classes (SCCM, SCOM and SCSM). In Januari 2010 I received the Microsoft MVP award with the expertise Setup & Deployment which was extended in 2011 and 2012. In 2013 and 2014 I was awarded the VMware vExpert award. In october 2014 I received the Microsoft MVP award with the expertise System Center Cloud and Datacenter Management (SCCDM).

On February 2, 2021 Microsoft announced “Windows 10 in cloud configuration”, when reading the title I was immediately interested to find out what that meant. Hence, even Mary Jo Foley wrote an article on the subject: Microsoft makes available Windows 10 ‘in cloud’ configuration settings for IT admins

Let’s dive in deeper and see.

Microsoft explains the Windows 10 in cloud configuration as following:

Cloud config is set up within Microsoft Intune, a part of Microsoft Endpoint Manager. It works on new and existing Windows 10 devices running Windows 10 Pro, Pro for Education, Pro for Workstations, Windows 10 Enterprise, and Windows 10 Education, and does not require any new licensing, software, or hardware. It can be used to pre-configure new devices, so they are ready to go when users open them for the first time, or to repurpose existing hardware to extend its lifetime. In addition, Windows 10 devices in cloud  configuration have applications and capabilities specifically chosen by IT, helping to improve worker productivity while simultaneously improving the security posture and device compliance. Users are registered in Azure Active Directory (Azure AD) and devices are enrolled into Microsoft Intune for cloud management.

That looks promising, based on this statement you would expect like a standard setup which can easily be enabled (just like the setup defaults in Azure AD) which allows a customer to quick start their Windows 10 deployment. But another statement in the same blogpost reduced my hopes a little bit:

Today, Windows 10 in cloud config is a recommended set of configuration settings for areas such as Windows Update for Business, Microsoft BitLocker, application deployment, and compliance. Microsoft will continue to innovate through cloud config—adding, removing, and modifying settings as needed—and is creating a guided scenario in Microsoft Intune for even easier configuration. More info on that soon!

You can find more information about Windows 10 in cloud configuration on a dedicated page at the Microsoft website: Windows 10 in cloud configuration on this page you can find a link to a Cloud Configuration overview and setup guide.

The guide, which contains 20 pages walks you through setting up Microsoft Endpoint Manger/Intune by:

  • Creating an Azure AD Group
  • Configure Device Enrollment
  • Deploy a script to configure OneDrive Know Folder Move and remove built-in apps
  • Deploy apps
  • Deploy endpoint security settings
  • Configure Windows Update settings
  • Deploy a compliance policy
  • Additional configuration

While reading the document, I had a lot of doubts comparing the recommended settings to my own best practices I build during implementing many Modern Workplace solutions in the last couple of years. On the other hand, if organizations would use this guide, from the start at their Modern Workplace journey, I do think they would be helped a lot. This might actually be a solution which is acceptable to start with.

Let’s hope that Microsoft will continue to invest in an overall baseline/template which customers can use to start building their Modern Workplace solution. I my opinion this is better than letting them invite the wheel themselves.

So for now, if you are already working on your modern workplace implementation, I don’t think this is very important. You might want to cross check what you have against this set of recommendations and use some of its elements for your own solution. In the future this initiative might become interesting though, how cool would it be if customers can just turn this solution on, just like they can with Security Defaults in Azure AD.

For more information, please read the FAQ section on the article as published on the Windows IT Pro Blog here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-in-cloud-configuration/ba-p/2111313

More articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest articles