inTune Rollout followed by Staff Surfaces

Posted on: 28 Nov 2018

Our Plan – to have Staff experience the device as if it was their device – ie Full Administrative rights, able to install software, but knowing that if there were issues then the devices would be wiped and reset.

Setting up Azure AD

Followed the guides from Microsoft to create synched copy of AD in the cloud, then used PowerShell to assign licenses to Staff and Students for Office 365, and to Staff for inTune.

Setting up inTune

We followed the guide from Microsoft

Once inTune was set up we used the Default Policies for EDU from Microsoft for testing, liked them, did a small amount of editing and rolled these out. Includes automatic encryption of the device with the BitLocker key stored in Azure AD.

Proxy and Filtering sign in required on surface devices.

Two Admin Local accounts added to all devices, one used by staff with staged roll out walking through connection to O365, once this connection was in place removed the second Admin account. This method results in the AD user account having full administrative rights on the Surface. Didn’t use autoenrollment.

Software provisioning

Office 2016 taken care of out of the box following connection to Azure and the licenses therein Adobe Creative Cloud purchased and rolled out School Licenses that could be added maintained through sharing from cloud for users to connect to if required. Citrix interface if not.

About ISC Digital Strategy Group

The ISC Digital Strategy group is composed of experts with representatives drawn from the ISC member associations and provides independent advice to Senior Management teams on a range of ICT related issues.