As Microsoft continues to move towards the “Windows as a Service” model they recently released Windows 10 as a part of the Cloud Service Provider program which makes Windows 10 available for organizations of any size as a monthly subscription, in addition I considered this another opportunity to increase the adoption of Windows 10. Espcially considering Enterprise features such as Credential Guard and AppLocker are almost becoming mandatory for sufficient protection of Windows with the increased threat landscape.
The biggest disappointment with this license is that it requires an activated Windows 10 Professional License prior to activating, which means it can not be used for a cheaper upgrade to Windows 10. It also doesn’t include Software Assurance which I consider one of the bigger benefits with Enterprise license. Technical documentation can be found here: https://technet.microsoft.com/en-us/itpro/windows/deploy/windows-10-enterprise-e3-overview
Microsoft will likely introduce a new license called “Windows 10 Enterprise E5” which will include Windows Defender ATP, if Software Assurance will be a part of this E5 license is currently unknown.
Considering the deprecation of some Group Policies in Windows 10 Professional prior to the launch of this license it could seem like Microsoft is trying to force organizations to use Enterprise license, sources in Microsoft confirmed this is not the case and Professional will still be usable for business in the future.
In some cases users are unable to uninstall Company Portal application on their Android devices after unenrolling or while troubleshooting enrollment issues.
There are 2 ways this can be resolved:
The easiest way for end user is by having the administrator “Selectively wipe” the the device, this will in most cases resolve the problem as long as the device has established contact with Microsoft Intune.
The other scenario is when the device failed before establishing connection with Microsoft Intune, the user will then have to manually remove Company Portal as a Device Administrator in order to uninstall the app.
Open Settings > Security > Device Administrator > Delete Company Portal from Device Administrators and reinstall the application.
The same instructions will resolve another problem you might encounter during enrollment: “Failed to activate Device Administrator”. This often occurs if a user had problems with the initial enrollment phase.
With Windows 10 ADMX templates finally released I had a thorough search through every setting that was added and I found one of them very useful. Too see the full announcement from Microsoft: http://blogs.technet.com/b/askds/archive/2015/08/07/windows-10-group-policy-admx-templates-now-available-for-download.aspx
The specific setting I found very useful is found here: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\
“Configure pre-boot recovery message and URL” which lets you configure the default message that user get when they receive a Bitlocker Encryption while trying to enter Recovery Mode or sometimes appear when they attach their PC into a docking.
I tested it myself and it work just as described (I added an example text to show how useful it would be to configure it for enterprises):