From 1aa6067216afe39d1873ab7e8eb68dfeadf8cf80 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 13 Feb 2019 13:55:31 -0800 Subject: [PATCH] LTSC info --- ...indows-autopilot-requirements-licensing.md | 10 +--- .../windows-autopilot-requirements.md | 12 ++++- .../ltsc/whats-new-windows-10-2019.md | 46 ++++++++++++++++++- 3 files changed, 57 insertions(+), 11 deletions(-) diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md index 686969c4ac..f88d935d8c 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md @@ -17,13 +17,7 @@ ms.author: greg-lindsay Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory; it also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs: -- Windows 10 version 1703 or higher must be used. Supported editions are the following: - - Pro - - Pro Education - - Pro for Workstations - - Enterprise - - Education -- One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality: +- To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required: - [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business) - [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline) - [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx) @@ -32,6 +26,6 @@ Windows Autopilot depends on specific capabilities available in Windows 10 and A - [Intune for Education subscriptions](https://docs.microsoft.com/en-us/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features - [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/en-us/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service) -Additionally, the following are also recommended but not required: +Additionally, the following are also recommended (but not required): - [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services) - [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 52a620b6cd..ae16b100af 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -15,7 +15,17 @@ ms.author: greg-lindsay **Applies to: Windows 10** -Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met: +Windows Autopilot depends on specific capabilities available in Windows 10, Azure Active Directory, and MDM services such as Microsoft Intune. In order to use Windows Autopilot and leverage these capabilities, some requirements must be met. + +- Windows 10 version 1703 (semi-annual channel) or higher is required. +- The following editions are supported: + - Pro + - Pro Education + - Pro for Workstations + - Enterprise + - Education + +- Windows 10 Enterprise 2019 LTSC is also supported. See the following topics for details on licensing, network, and configuration requirements: - [Licensing requirements](windows-autopilot-requirements-licensing.md) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 7fa78b0435..94f4540a5d 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -32,8 +32,9 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use ## Microsoft Intune ->[!NOTE] ->Some features that are described on this page require Microsoft Intune. Currently, information about Microsoft Intune support for LTSC 2019 is pending. +>Microsoft Intune supports LTSC 2019 and later. + + ## Security @@ -188,6 +189,20 @@ This is an update to the [BitLocker CSP](https://docs.microsoft.com/windows/clie This feature will soon be enabled on Olympia Corp as an optional feature. +#### Delivering BitLocker policy to AutoPilot devices during OOBE + +You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. + +For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE. + +To achieve this: + +1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. +2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. + - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users. +3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. + - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts. + ### Identity protection Improvements have been added are to Windows Hello for Business and Credential Guard. @@ -258,6 +273,33 @@ We’ve continued to work on the **Current threats** area in [Virus & threat pr ![Virus & threat protection settings](../images/virus-and-threat-protection.png "Virus & threat protection settings") +## Deployment + +### Windows Autopilot + +[Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) is a deployment tool introduced with Windows 10, version 1709 and is also available for Windows 10 Enterprise 2019 LTSC (and later versions). Windows Autopilot provides a modern device lifecycle management service powered by the cloud to deliver a zero touch experience for deploying Windows 10. + +Windows Autopilot is currently available with Surface, Dell, HP, and Lenovo. Other OEM partners such as Panasonic, and Acer will support Autopilot soon. Check the [Windows IT Pro Blog](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog) or this article for updated information. + +Using Intune, Autopilot now enables locking the device during provisioning during the Windows Out Of Box Experience (OOBE) until policies and settings for the device get provisioned, thereby ensuring that by the time the user gets to the desktop, the device is secured and configured correctly. + +You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see [Manage Windows device deployment with Windows Autopilot Deployment](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). + +#### Windows Autopilot self-deploying mode + +Windows Autopilot self-deploying mode enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured automatically by Windows Autopilot. + +This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. + +You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. + +To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying). + + +#### Autopilot Reset + +IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). + ## Sign-in ### Faster sign-in to a Windows 10 shared pc