deepblue/windows-itpro-docs

Fork 0

mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-07 01:57:21 +00:00

jdeckerMS e4889ac9a8 sync

2016-07-13 14:57:56 -07:00

6.2 KiB

Raw Blame History

title, description, ms.assetid, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author

title

description

ms.assetid

keywords

ms.prod

ms.mktglfcycl

ms.sitesec

ms.pagetype

author

Manage corporate devices (Windows 10)

You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.

62D6710C-E59C-4077-9C7E-CE0A92DFC05D

MDM

device management

w10

manage

library

devices

jdeckerMS

Manage corporate devices

Applies to

Windows 10
Windows 10 Mobile

You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.

There are several options for managing Windows 10 on corporate-owned devices in an enterprise.

Identity and management options

Your employees using devices that are owned by the organization can connect to Active Directory or Azure Active Directory (Azure AD). Windows 10 does not require a personal Microsoft account on devices joined to Azure AD or an on-premises Active Directory domain.

Active Directory join

You can join a device running Windows 10 to an on-premises Active Directory domain after the first-run experience (sometimes called out-of-box experience or OOBE). You can add devices running Windows 10 to your existing Active Directory infrastructure and manage them just as you've always been used to managing PCs running Windows.

Desktop devices running Windows 10 that are joined to an Active Directory domain can be managed using Group Policy and System Center 2012 R2 Configuration Manager. The following table shows the management support for Windows 10 in Configuration Manager.

Product version	Windows 10 support
[Microsoft System Center Configuration Manager 2016](http://go.microsoft.com/fwlink/p/?LinkId=613622)	Client deployment, upgrade, and management with new and existing features
Configuration Manager and Configuration Manager SP1	Deployment, upgrade, and management with existing features
Configuration Manager 2007	Management with existing features

Azure AD join

Devices joined to Azure AD can be managed using Microsoft Intune or other mobile device management (MDM) solutions. MDM infrastructure for Windows 10 is consistent across device types. Configuration capabilities may vary based on device platform.

For flexibility in identity and management, you can combine Active Directory and Azure AD. Learn about integrating Active Directory and Azure Active Directory for a hybrid identity solution.

How setting conflicts are resolved

A device or user might receive policies from multiple sources, such as MDM, Exchange, or provisioning packages. In any policy conflict, the most secure policy value is applied. Policy settings take precedence over settings applied in a provisioning package.

Note Provisioning packages can be applied either during device setup or after setup for runtime configuration. For more information about runtime provisioning packages, see Configure devices without MDM.

When setting values that do not have a security implication conflict, last write wins. When settings are configured from both a provisioning package and another configuration source, the non-provisioning package configuration source has higher priority.

MDM enrollment

Devices running Windows 10 include a built-in agent that can be used by MDM servers to enroll and manage devices. MDM servers do not need to create a separate agent or client to install on devices running Windows 10.

For more information about the MDM protocols, see Mobile device management.