View Blog

Jul 2021
20

Not everyone needs to be a power user.  Some employees just need a basic computer to get the job done.  Examples include front line workers, home based users or those who access everything over a web browser.  While these users may only need the very basics, internal IT doesn’t want to skimp on security for them either.  It is for these types of situations that Microsoft began offering Windows 10 in cloud configuration.  Windows 10 Cloud Config simplifies the desktop experience for end users as well as the management experience for admins.   You can use it to configure new devices or reuse existing hardware in order to extend the life of older machines.   Because Windows 10 in cloud config is a Microsoft-recommended device configuration, you also know that it is secure.  Windows 10 Cloud Config is suited for the following types of scenarios:

  • Devices that do not require complex setting configurations
  • Are not dependent on any type of on-premise infrastructure
  • Uses a basic set of apps that are curated by internal IT such as Microsoft Teams and Edge

To be clear, cloud config is not Windows “lite.”  It is the full Windows experience.  You deploy devices with it or assign it to existing devices using Microsoft Endpoint Manager.  From there you manage these machines just like any other MDM enrolled device.  These devices are configured with Windows 10 endpoint security settings and automatically updated through Windows Update for Business.  Admins don’t have to do a thing.  All user data is stored and redirected to OneDrive.  For this reason, Microsoft does not recommend cloud config be used for shared devices.

Cloud config can be deployed to any device running any one of the following operating systems.   

  • Windows 10 Professional
  • Windows 10 Enterprise
  • Windows 10 Education

Cloud config requires the following licenses:

  • Azure Active Directory Premium P1
  • Microsoft Intune
  • Microsoft Teams
  • OneDrive for Business
  • Windows 10 Pro (minimum)

Note that Microsoft recommends Enterprise Mobility + Security E3 and Office 365 E3.

There are two ways to deploy Windows 10 cloud config in Microsoft Endpoint Manager.  The easiest way uses the new guided scenarios feature.  Cloud config is one of the sets of customized steps that admins can use to quickly deploy devices for a given scenario.  You can also configure cloud config manually in order to deploy it using the following steps:

  1. Create an Azure AD group
  2. Configure device enrollment
  3. Deploy a script to configure Known Folder Move and remove built-in apps
  4. Deploy apps
  5. Deploy endpoint security settings
  6. Configure Windows Update settings
  7. Deploy a Windows 10 compliance policy
  8. Additional optional configurations

For this example, we are going to use guided scenario.  You will find it by going to Troubleshooting + support > Guided scenarios.  The first time you access this section you may have to click the “Got it” button as shown below.

Then choose Deploy Windows 10 in cloud configuration by clicking the Start button for that scenario.

The first step involves the naming of the devices during the Windows Autopilot enrollment process.  If you choose not to use the device name template, all devices will use the OEM name.  If you select “Yes” however, you can then create a unique pattern to name the devices.  You can use the %RAND:x% variable to include a string of random characters after Fabrikam.  The X represents the number of random characters allocated.  In the example below we are appending 4 random characters to Fabrikam.

The next step is to select the apps you want to deploy to these devices. Because Cloud Config is about keeping things simple, Microsoft recommends keeping the list of included apps to a minimum so that your cloud config devices are simple to use and manage.  By default, the guided scenario includes Edge and Teams.  As you cannot remove them when using the guided scenario, you must uninstall them at a later time if you don’t want them.  You can then select additional Microsoft 365 optional apps as is shown in the screenshot below.

Next is the Assignment phase in which you will assign the cloud config devices to a group.  Here you can either create a new group or choose an existing group as is shown below.

After you create your group and click “Next” you will be presented with a Summary showing all of your selections.  You can go back to the other tabs, and change any values you added.  Once you verify your settings then click Deploy. 

You can then watch as the resources are being created along with their status.  If there's an error, then the guided scenario isn't deployed, and all changes are reverted.  Once deployed successfully you can use the monitoring and reporting features in the Endpoint Manager.  If you want to remove any of your chosen settings, go to each policy created by the cloud config guided scenario and configure the settings to Not Configured.  Then redeploy the policies. 

In the end, cloud config is just a recommended set of configuration settings for Windows 10 for standardized deployments that are easy to manage.  While it isn’t for everyone, it is an ideal fit for specific user scenarios. 

Comments (0)

No Comments!

leave us a comment

You must be logged in to MDMandGPanswers.com to make a comment.