Windows Autopilot is coming in Windows 10 version 1709

With Windows Autopilot you can deploy Windows 10 devices with a zero touch experience as configuration profiles can be applied at the hardware vendor, meaning that you can ship the devices directly to your employees! You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business.

Another cool feature that is coming is Autopilot Reset.
Now your admins can use the Autopilot Reset feature to quickly remove personal files, apps, and settings, just like the wipe feature for mobile devices in Intune.

Enforce MFA for users

When you create your administrators, including your global administrator account, it is essential that you use very strong authentication methods.

To check who in your organization has administrative privileges you can verify by using the following Microsoft Azure AD PowerShell command

Get-AzureADDirectoryRole | Where { $_.DisplayName -eq “Company Administrator” } | Get-AzureADDirectoryRoleMember | Ft DisplayName

As long as your users have licenses that include Azure Multi-Factor Authentication, there’s nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis.

The licenses that enable Azure MFA are

  • Azure Multi-Factor Authentication
  • Azure Active Directory Premium
  • Enterprise Mobility + Security

How to enable MFA

Sign in to the Azure portal as an Global Admin

Go to Azure Active Directory -> Users and groups -> All users

Select Multi-Factor Authentication

Find the user you want to enable for Azure MFA.

Check the box next to their name.

On the right, under quick steps, choose Enable or Disable