Delivering the Modern IT promise with Windows 10

Part 2: Management enhancements coming to Windows 10 Fall Creators Update

Our goal with Windows 10 has always been to modernize the way IT interacts with Windows devices, adopting simpler and easier approaches that leverage cloud-based services and help employees be more productive with Windows 10, Office 365 ProPlus and Microsoft Enterprise Mobility + Security (EMS).

Today, I am happy to announce the latest innovation that helps enable this vision – Windows AutoPilot, a suite of capabilities powered by cloud-based services, designed to simplify deployment and management of new Windows 10 PC’s along with enhancements to Mobile Device Management and new Device Health features in Windows Analytics.

Self-Service Deployment with Windows AutoPilot

Getting a new PC at work should be a magical experience for an employee. It shows the company cares about making sure employees are productive and successful. Microsoft wants that experience to truly feel rewarding at the same time as we optimize results and cost for the whole company.

Imagine being able to take a new device out of the box and with just a few clicks fully configuring it for productive use – no more images to create and maintain, no infrastructure to manage, and a simple process. Now imagine that any member of the organization can easily setup a new device without needing any IT assistance. For most organizations, this represents a significant departure from how Windows 10 devices are deployed and managed today, but brings with it significant benefits, both from a process perspective and an economic one.  We are announcing today Windows AutoPilot Deployment, a new cloud service that enables IT to customize the Windows 10 out of box setup experience using a cloud configuration, delivering a self-service deployment experience with new Windows 10 devices.

Windows AutoPilot Deployment works seamlessly with existing Azure Active Directory and Intune mobile device management (MDM) services, enabling a new PC to be easily transformed into a business-ready device: joined to Azure Active Directory, enrolled in Intune, transformed to Windows 10 Enterprise, settings applied, Office 365 apps and line-of-business apps installed. Ready to go!

Of course, there is no better way to understand how this process works than to see it in action.

As part of Windows AutoPilot Deployment, we will roll out the Windows AutoPilot Deployment Program to enable OEMs, distributors, and resellers to link devices to an organization. We’re happy to announce Surface will pilot Windows AutoPilot Deployment program with select customers and partners this summer.  We are also working with our OEM partners, distributors, and resellers to roll out support for the Windows AutoPilot Deployment Program and will provide more information about broad availability in coming months.

The Microsoft Store for Business and Microsoft Partner Center will soon provide Windows AutoPilot capabilities so that organizations as well as partners managing IT for organizations can link and configure devices.

We’re just getting started with Windows AutoPilot and several new features will be added in the Windows 10 Fall Creators Update later this year:

  • Windows AutoPilot Reset – a new reset mechanism to reset a fully configured device while maintaining MDM management and AAD connection state and automatically get the device back into a fully configured state.
  • Enhanced Personalization with Windows AutoPilot Deployment – ability to pre-assign a device to a specific employee in the organization via cloud-configuration.
  • Self Service Active Directory domain join – self-service deployment to get new Windows 10 devices into Active Directory domain joined state along with Microsoft Intune enrollment.

Simplified Management

New mobile device management (MDM) and security features we’ve introduced with each Windows 10 update have continued to contribute to our modern IT goal. In the Windows 10 Creators Update that began rolling out in April, we enabled management of key security settings and features, such as BitLocker. We added support for hundreds of the most-used Group Policy settings available directly via MDM through support for ADMX-backed policies. This helps customers with their migration process from Group Policy to MDM.  We also released the MDM Migration Analysis Tool (MMAT) to show organizations what equivalent MDM policies exist for Group Policy settings in use by the organization. In addition, we introduced new dynamic management capabilities to enable settings based on location, network or time.

Now, with the Windows 10 Fall Creators Update, we will continue to focus on management of additional security capabilities. You will be able to deploy and configure Windows Defender Application Guard, as well as configuring security baseline settings (such as account and logon policies), to make it easy to use recommended security settings on MDM-managed enterprise devices. We’ve also added the capability to configure Windows Firewall rules.

To ensure great experiences with Windows AutoPilot scenarios, MDM capabilities in Windows 10 Fall Creators Update will provide the option to show progress during the device provisioning process, to let the employee know what configuration activities are in progress and when the device is ready to go. In addition, the employee can see information on what their organization is managing, in Settings, thereby ensuring transparency.

MDM support for Active Directory domain joined devices is coming to the Windows 10 Fall Creators Update.

MDM support for Active Directory domain joined devices is coming. A device joined to Active Directory domain can be automatically registered in Azure Active Directory and automatically enrolled in Microsoft Intune or another MDM service. We will enable this for both existing devices already joined to Active Directory and new devices deployed into this state through Windows Autopilot Deployment.

The Windows 10 Fall Creators Update will also add new kiosk configuration and management features, supporting new multi-app scenarios and greatly simplified lockdown configurations.

Proactive Insights

With the introduction of Windows Analytics, we have delivered capabilities that organizations can use to make sure they are ready for the latest Windows 10 release through Upgrade Readiness, as well as new Update Compliance features to ensure devices are up to date with the latest quality and feature updates.  Today, I am pleased to announce the latest addition to Windows Analytics: Device Health.

Device Health functionality is designed to ensure employees have the best possible experience with Windows 10.  To achieve that goal, it helps identify issues that could affect a person’s experience, before they may even notice, while also identifying steps needed to resolve those issues proactively.  This reduces helpdesk calls and support costs, saving time and money.

Device Health is the latest addition to Windows Analytics. Device Health helps identify issues that could affect a person’s experience.

New Device Health features will soon be available to preview, with general availability expected later this year.

In the spirit of agile service development, we continue to enhance the capabilities of the Upgrade Readiness and Update Compliance features. In Upgrade Readiness, we made it easier to rationalize apps by bubbling the low risk apps upfront. We added insights for prioritizing app and driver testing to move more devices to ‘Ready’ state quickly.

With these enhancements coming with the Fall Creators Update, along with the security features we announced earlier this week, Microsoft continues to improve the entire lifecycle of the device. From provisioning to ongoing management, to data-driven run-time insights, we want to help partners and enterprises be more efficient, secure and improve employees’ experiences with Windows 10.