February 2nd, 2021, Microsoft announced ‘Windows 10 in cloud configuration’. ‘Cloud configuration’ is a new recommended device configuration that can be applied to Windows 10 computers using Intune, Microsoft’s Mobile Device Management (MDM) solution, which is part of Microsoft Endpoint Manager (MEM). Organizations can use MEM to apply a standard configuration to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Microsoft says that the configuration is suitable for employees that use their devices for basic productivity and content consumption.
‘Windows 10 in cloud configuration’ is primarily intended for frontline workers, remote workers, and others that use a limited set of applications assigned by IT and cloud storage. Applying the recommended settings helps businesses provide a unified configuration that optimizes the management of Windows 10 devices for the cloud. User accounts are registered in Azure Active Directory (AD) and their devices are secured and remain compliant with the recommended settings.
‘Windows 10 in cloud configuration’ leverages existing technologies to make sure that devices are securely configured. Windows Update for Business makes sure that devices are kept up to date with the latest security patches. And Azure AD is used to secure user identities and provide single sign-on to cloud services. Apps, like Microsoft Teams, Microsoft Edge, and Microsoft 365 Apps can be installed automatically on devices and securely configured.
If you want to apply Windows 10 in cloud configuration to devices, it’s not obligatory to reset the devices first. Microsoft says that while it is not required to wipe existing Windows 10 devices to use cloud-config, it is recommended to make sure all unapproved apps, user accounts, and files are removed from devices for best performance.
Currently, setting up Windows 10 in cloud-config is a manual process. It involves the following 8 key steps:
You can find a complete guide to setting up Windows 10 in cloud configuration on Microsoft’s website here.
Organizations will require an EMS E3 license or Microsoft 365 E3/E5 license to use Intune. Additionally, end users must be assigned a Microsoft 365 Apps license to have OneDrive for Business redirect data to cloud-based storage.
Find out more about OneDrive KFM here on Petri.
If you are new to Microsoft Intune and looking for guidance and processes to follow to secure remote worker devices, then Microsoft’s recommended baseline security settings for Windows 10 in cloud configuration are an ideal place to start. The overview and setup guide provides precise instructions on how you can use Intune to securely configure Windows 10 endpoints.