Microsoft has released a handy guide called
Windows 10 in cloud configuration
that walks you through a recommended best practice configuration of you Windows 10 devices using Endpoint Manager. what they are now doing, as highlighted by my video, is begin to roll this into a wizard inside the Endpoint Manager portal, allowing you to quickly and easily create and apply policies to protection your Windows 10 machines.
I believe this in only the beginning of what Microsoft plans to roll out and I expect to see lots more configuration coming very soon, not only for Windows 10 but also iOS and Android.
Watch this space.
The modern way to manage and configured devices in the Microsoft Cloud is to use Intune to handle device enrolment and configuration. This can become complex quickly when you at look configuring across the different operating systems (iOS, Android, Windows, MacOS, etc) and the different policies (endpoint, compliance, restrictions, etc) because there are so many possible variations. If you then layer on a variety of users and their requirements, being consistent across the organisation can be a challenge.
Luckily, Intune now gives us something called Policy Sets which you can find in the Microsoft Endpoint Manager admin center as shown above.
As the opening screen, shown above, notes – Policy sets are basically a way to group a set of individual policy configurations together and have them applied as a group. Handy eh?
Basically, you follow through the wizard and select the policies you wish to group together and then users you wish that to apply to. You save that as an individual Policy set, of which you can create as many different ones as you like.
Once you create the policy it will be applied exactly the same as if you did each policy individually, but now you can do all that together via a single setting! You can go back in at anytime and edit the Policy sets you created.
Device manager Policy Sets allow you to easily group a variety of individual Intune policies together and apply them together to a group of users quickly and easily. This should save you lots of time over creating an individual enrolment policy and applying, then an individual compliance policy and applying, then an individual endpoint protection policy individually and so on.
I have been using Azure Log Analytics solutions for a while now to do things like report on client machine changes, updates, inventory, security and so on. However, I wanted to change my workspace for these clients from one Azure tenant to another.
I was thinking that I’d have to do into the registry and change the workspace id and key but when I searched the registry there were far too many entries. Turns out you don’t need to do that at all! All you need to do is got to the control panel and find the Microsoft Monitoring Agent as shown above.
When you run that you’ll see any workspaces you are current joined to. You can Edit or Remove what is there.
Then you you can add a new workspace as shown above.
All you then need to is plug in the new Workspace ID and Key from new workspace and you are away.
I also discovered that you can configure the agent to report to multiple workspaces, even in different tenants if you want. That makes things really easy.
How easy is that?