Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows 10

What is Windows 10 Cloud Configuration

February 2nd, 2021, Microsoft announced ‘Windows 10 in cloud configuration’. ‘Cloud configuration’ is a new recommended device configuration that can be applied to Windows 10 computers using Intune, Microsoft’s Mobile Device Management (MDM) solution, which is part of Microsoft Endpoint Manager (MEM). Organizations can use MEM to apply a standard configuration to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Microsoft says that the configuration is suitable for employees that use their devices for basic productivity and content consumption.

‘Windows 10 in cloud configuration’ is primarily intended for frontline workers, remote workers, and others that use a limited set of applications assigned by IT and cloud storage. Applying the recommended settings helps businesses provide a unified configuration that optimizes the management of Windows 10 devices for the cloud. User accounts are registered in Azure Active Directory (AD) and their devices are secured and remain compliant with the recommended settings.

‘Windows 10 in cloud configuration’ leverages existing technologies to make sure that devices are securely configured. Windows Update for Business makes sure that devices are kept up to date with the latest security patches. And Azure AD is used to secure user identities and provide single sign-on to cloud services. Apps, like Microsoft Teams, Microsoft Edge, and Microsoft 365 Apps can be installed automatically on devices and securely configured.

Devices don’t need to be reset to use Windows 10 in cloud configuration

If you want to apply Windows 10 in cloud configuration to devices, it’s not obligatory to reset the devices first. Microsoft says that while it is not required to wipe existing Windows 10 devices to use cloud-config, it is recommended to make sure all unapproved apps, user accounts, and files are removed from devices for best performance.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Configuring Windows 10 in cloud config

Currently, setting up Windows 10 in cloud-config is a manual process. It involves the following 8 key steps:

  1. Create an Azure AD group
  2. Configure device enrollment
  3. Deploy a script to configure OneDrive Known Folder Move (KFM) and to remove built-in apps
  4. Deploy apps
  5. Deploy endpoint security settings
  6. Configure Windows Update for Business settings
  7. Deploy a compliance policy
  8. Optional configuration settings

You can find a complete guide to setting up Windows 10 in cloud configuration on Microsoft’s website here.

Licensing requirements for Windows 10 in cloud configuration

Organizations will require an EMS E3 license or Microsoft 365 E3/E5 license to use Intune. Additionally, end users must be assigned a Microsoft 365 Apps license to have OneDrive for Business redirect data to cloud-based storage.

Find out more about OneDrive KFM here on Petri.

Windows 10 in cloud configuration simplifies management of remote worker devices

If you are new to Microsoft Intune and looking for guidance and processes to follow to secure remote worker devices, then Microsoft’s recommended baseline security settings for Windows 10 in cloud configuration are an ideal place to start. The overview and setup guide provides precise instructions on how you can use Intune to securely configure Windows 10 endpoints.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: