1. Setup Autopilot

Windows Autopilot allows for zero-touch provisioning of Windows 10 devices, meaning that a device can be shipped to the user directly from the original equipment manufacturer (OEM) and auto-configured over the air using Microsoft Intune.

Autopilot removes the need of IT to physically touch the device during the provisioning process allowing users to setup a corporate device in the comfort of their own home.

Using Autopilot alongside Intune allows for policies and configurations to be built in Intune and be pushed down to the device over the air, effectively creating a “golden image” out of a standard Windows 10 install from the OEM.

Learn more about Autopilot here.

Or, check our article on zero-touch provisioning.


2. Encrypt devices with Bitlocker

Windows 10 Devices can be encrypted over the air by using a policy pushed down through Intune.

The encryption will be carried out by Bitlocker and the recovery keys are stored securely in Azure AD. This ensures that the data on the device cannot be accessed should the device be lost or stolen. Further, the recovery key is maintained within Intune so you don’t have to worry about losing it.



Intune provides a comprehensive report of encrypted devices which can assist with future audits.



3.  Edition Upgrade

Intune makes it easy to take devices out of S mode or enable additional features available to Windows 10 enterprise by pushing out an edition upgrade policy.

Windows 10 edition can be upgraded silently in most cases without the user even noticing.

Supported edition upgrade paths are documented here.


4.  Keep the device up to date

Device not connected to corporate LAN and can’t reach Windows Server Update Services (WSUS) to receive updates? No problem.

With Intune, updates are downloaded directly from Windows Update by the devices themselves. Devices can be managed and kept up to date to ensure that they are not vulnerable to known exploits.

Update deadline can be configured, and devices forced to update, keeping them up to date and secure. Devices can be set to different update rings to allow for staging or to delay high risk devices until stability has been proven elsewhere



5.  Redirect known folders to OneDrive

OneDrive is a great replacement for a home drive. With Intune it is possible to automatically configure OneDrive and redirect desktop, documents and pictures to OneDrive. Once redirected most of the data users save locally on their machine will be stored in the users OneDrive account. Should the device fail, get lost or be stolen the data will be available in OneDrive.

Should a user get a new laptop all the files that have been synched will automatically come across on the laptop has been setup.

More on OneDrive known folder redirection.


Want some help with Microsoft Intune?

Microsoft Intune is a part of Microsoft Endpoint Manager and provides the cloud infrastructure, the cloud-based mobile device management (MDM), cloud-based mobile application management (MAM), and cloud-based PC management for your company.

Mobile Mentor offers services to implement Zero-Touch Provisioning and an Intune Security Baseline for your company. These services are project based and will deliver you a working environment.

We also offer our Managed Service to let you focus on what matters while we handle the rest.

Learn More about Intune for Windows