Tag Archives: Windows 10

Windows AutoPilot prerequisite

Before you can start using Windows AutoPilot, there are some pre-requirements that must be configured.

Firstly of all I suggest that you create a security group, that includes all the users who will be AutoPiloted by Intune – make sure that your users have the right license.

Head to the Azure Portal and login as a global admin and follow these steps:

  • Go to Azure Active Directory -> Devices -> Device settings
  • Here you must configure which user that may Azure AD join a Windows 10 device – use the same user group as the one who includes your AutoPilot users
  • You can also add another local administrator for your AutoPilot computers, if needed
  • When ready, click Save
  • Go back to Azure Active Directory -> Mobility (MDM and MAM)
  • Click Microsoft Intune
  • Select which users (group or all) that may enroll their device into Intune. Leave everything else as default
  • Click Save
  • Go back to Azure Active Directory -> Company branding
  • Company branding is a must for AutoPilot to work properly. So, if not already in place, please make your company branding by clicking the Configure button
  • When done, click Save
  • Go back to Azure Active Directory -> Properties
  • Please make sure that all the information is correct, as it will be displayed on the devices during the Windows AutoPilot enrollment process

Windows 10 Security Baseline in Intune

Now that Microsoft Intune 1901 are released, the MDM security baseline are spotted!

This was a huge topic during Ignite 2018, and I’m pretty sure that you have been waiting for this like everybody else 🙂
Now it’s time to compare security baseline in Intune with the one from NCSC.

What are security baselines?

Every organization faces security threats. However, the types of security threats that are of most concern to one organization can be completely different from another organization. For example, an e-commerce company may focus on protecting its Internet-facing web apps, while a hospital may focus on protecting confidential patient information. The one thing that all organizations have in common is a need to keep their apps and devices secure. These devices must be compliant with the security standards (or security baselines) defined by the organization.

A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers

Now let’s configure some security baseline within Intune

Head to the Azure Portal, login as a global admin and follow these steps:

  • Go to Intune -> Security Baseline (Preview)
  • Click MDM Security Baseline for October 2018 (This security baseline is for Windows 10 1809)
  • Click Create profile
  • Enter a name etc. Windows Security Baseline – October 2018
  • Click to expand settings

From here you can expand all the category and see/set the settings as you want it.