Microsoft’s Windows 10 has more granular management controls than any other operating system, but that can make it hard to know where to begin. Many of the tools for deploying, securing and configuring Windows 10 can be downloaded for free, but others need to be licensed.
To get the most of this trove of tools, it’s important to understand which technologies are best suited to your environment. Here are three tips to get you started:
1. Making Mobile Device Management Easy
MDM is a lightweight open standard for managing mobile devices. It’s useful in situations where Windows 10 devices are not joined to a domain or need to have configurations updated on a regular basis, even if the devices are rarely connected to an intranet over a virtual private network or via DirectAccess.
Microsoft Intune and System Center Configuration Manager (SCCM), both of which support MDM, can also manage Android and iOS devices. Mobile Application Management is similar to MDM, but manages compatible applications rather than entire devices. MAM is useful where users might be reluctant to enroll their personal devices and hand over complete control to IT.
2. Configuring a Group Policy for Domain-Joined Devices
Group Policy provides the most comprehensive range of settings and features to configure Windows. Microsoft’s free Security Compliance Manager (SCM) v.4.0 supports security templates that can be used to create Group Policy Objects for the Windows 10 Anniversary Update, and includes Configuration Manager’s desired 2007 packs for managing configuration drift.
Group Policy preferences provide IT with an easy way to configure users’ environments by replacing traditional logon scripts. Preferences can be used to add mapped drives, shared printers, environment variables and other options, and target devices using Windows Management Instrumentation filters.
3. Microsoft Deployment Toolkit Creates Flexibility
MDT is a wizard-based tool for creating custom Windows images that can be installed over the network. Task sequences allow different configuration rules, such as joining a device to a domain or setting a local administrator password, to be run during installation and allows IT to provide appropriate settings for each deployment scenario.
When using SCCM alongside MDT, districts gain extra flexibility with real-time monitoring, the ability to simulate operating system deployment, and dynamic deployment capabilities with MDT rules.