On February 2, 2021 Microsoft announced “Windows 10 in cloud configuration”, when reading the title I was immediately interested to find out what that meant. Hence, even Mary Jo Foley wrote an article on the subject: Microsoft makes available Windows 10 ‘in cloud’ configuration settings for IT admins
Let’s dive in deeper and see.
Microsoft explains the Windows 10 in cloud configuration as following:
Cloud config is set up within Microsoft Intune, a part of Microsoft Endpoint Manager. It works on new and existing Windows 10 devices running Windows 10 Pro, Pro for Education, Pro for Workstations, Windows 10 Enterprise, and Windows 10 Education, and does not require any new licensing, software, or hardware. It can be used to pre-configure new devices, so they are ready to go when users open them for the first time, or to repurpose existing hardware to extend its lifetime. In addition, Windows 10 devices in cloud configuration have applications and capabilities specifically chosen by IT, helping to improve worker productivity while simultaneously improving the security posture and device compliance. Users are registered in Azure Active Directory (Azure AD) and devices are enrolled into Microsoft Intune for cloud management.
That looks promising, based on this statement you would expect like a standard setup which can easily be enabled (just like the setup defaults in Azure AD) which allows a customer to quick start their Windows 10 deployment. But another statement in the same blogpost reduced my hopes a little bit:
Today, Windows 10 in cloud config is a recommended set of configuration settings for areas such as Windows Update for Business, Microsoft BitLocker, application deployment, and compliance. Microsoft will continue to innovate through cloud config—adding, removing, and modifying settings as needed—and is creating a guided scenario in Microsoft Intune for even easier configuration. More info on that soon!
So, what is this recommended set of Configuration settings?
You can find more information about Windows 10 in cloud configuration on a dedicated page at the Microsoft website: Windows 10 in cloud configuration on this page you can find a link to a Cloud Configuration overview and setup guide.
The guide, which contains 20 pages walks you through setting up Microsoft Endpoint Manger/Intune by:
- Creating an Azure AD Group
- Configure Device Enrollment
- Deploy a script to configure OneDrive Know Folder Move and remove built-in apps
- Deploy apps
- Deploy endpoint security settings
- Configure Windows Update settings
- Deploy a compliance policy
- Additional configuration
Conclusion
While reading the document, I had a lot of doubts comparing the recommended settings to my own best practices I build during implementing many Modern Workplace solutions in the last couple of years. On the other hand, if organizations would use this guide, from the start at their Modern Workplace journey, I do think they would be helped a lot. This might actually be a solution which is acceptable to start with.
Let’s hope that Microsoft will continue to invest in an overall baseline/template which customers can use to start building their Modern Workplace solution. I my opinion this is better than letting them invent the wheel themselves.
So for now, if you are already working on your modern workplace implementation, I don’t think this is very important. You might want to cross check what you have against this set of recommendations and use some of its elements for your own solution. In the future this initiative might become interesting though, how cool would it be if customers can just turn this solution on, just like they can with Security Defaults in Azure AD.
For more information, please read the FAQ section on the article as published on the Windows IT Pro Blog here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-in-cloud-configuration/ba-p/2111313