Sunday, February 15, 2015

The management and remote access connectivity of Windows 10

Speaker: Michael Niehaus, Senior Product Marketing Manager

In the last few days, I attended Tech.Days Hong Kong 2015.

In this event, I attended 2 Windows 10 sessions which are "Windows 10: Remote Access Connectivity and Windows 10 Management Technologies: What's New". After attending Windows 10 sessions, it seems that Microsoft tends to use more Microsoft Intune and System Center Configuration Manager to manage Windows 10 or later operating systems. I'm going to explain this.

In Windows 10, we can join the Windows 10 device to Azure Active Directory (AAD).

There is no group policy on AAD. To apply the security settings to Windows 10 device which is joined to AAD, administrators can configure Microsoft Intune on the cloud to integrate with Azure Active Directory. When a device is joined to the Azure Active Directory, it will automatically applied the company policies through Microsoft Intune. Many security settings can be through Microsoft Intune to configure it. If there isn't enough option for administrators to configure it, administrators can upload the PowerShell script to Microsoft Intune. The next version of Microsoft Intune supports WMI bridge and PowerShell configuration. administrators can also upload PowerShell script though Microsoft Intune to apply to the device. Honestly, Microsoft Intune for management desktop isn't robust enough to compare with Group Policy but Microsoft will add more options based on market trend.

The next version of System Center Configuration Manager will be integrated with Microsoft Intune. administrators can use one portal to manage mobile and desktop devices

The next version of Microsoft Intune is not only for applying security settings to Windows 10 device but also apply a new feature to Windows 10 device like "Per-application VPN". "Per-application VPN" is a new feature on Windows 10 to control which applications can be connected to the corporate network. For an example, your company only allows Internet Explorer to connect to your corporate web site through VPN. Apply "Per-application VPN" to a Windows 10 device which is enrolled Mobile Device Management (MDM) by Microsoft Intune. The user still can use other browsers like Chrome to access other web sites but the chrome browser cannot access the corporate web site.

In Windows 10, Microsoft works with other VPN vendors like Cisco, F5 and so on to change the configuration method of VPN. Users can be through Windows Store to download and install VPN plug-in from supported vendors. After that, users can set up a VPN connection at "Add a VPN connection" Wizard.

After installing other VPN plus-in from Windows Store, we can select it from "VPN provider". It's easy for us to set up a VPN connection from any vendor.

Eventually, there are some new management solutions in Windows environment. The old management solution like Group Policy will be phased out in the future.

This posting is provided “AS IS” with no warranties, and confers no rights!

No comments:

Post a Comment