Modern Management of Windows 10 devices refers to managing Windows 10 devices through a native MDM agent built in Windows 10. This holds the promise of managing Windows 10 devices in an agentless manner while also offering the possibility of supporting new capabilities such as Windows 10 Autopilot, which are not otherwise possible. ZENworks introduced Modern Management of Windows 10 in ZENworks 2020, albeit in experimental mode as it was only possible to enroll devices using the Windows 10 MDM agent. With ZENworks 2020 Update 2, the support for Modern Management is mainstream, as many more use cases are now supported.
Windows Autopilot
Windows Autopilot is a technology offered by Microsoft which allows seamless deployment and provisioning of Windows 10 Devices. This allows a device vendor to ship a Windows 10 device directly to an end user. During the initial setup by the end user, the device joins the Azure AD, is configured and automatically enrolled into a linked device management solution, without any need for IT staff to physically access the device. With the use of Windows Autopilot, it is possible to skip some initial set up screens and even restrict the creation of the Administrator account on devices. Using Windows Autopilot can bring down the IT cost by reducing the time IT otherwise needs to spend provisioning and configuring a device.
Windows Autopilot is available for Pro, Education and Enterprise flavours of Windows 10. It also requires a Microsoft license, which can be a Microsoft 365 license or Azure AD Premium amongst many others.
In ZENworks 2020 Update 2, the capability to enroll devices via Autopilot and thus manage them via Windows 10 MDM agent is available (Figure 1). To assist administrators in setting things up, there is a Getting Started guide available, which details the various steps needed to configure ZENworks to support Windows Autopilot, which include setting up an Azure MDM application that allows ZENworks to communicate with Azure AD.
Deploy Applications or enforce Settings
ZENworks 2020 Update 2 provides administrators capability to deploy MSI applications on to their devices managed via the Windows 10 MDM agent. This can include devices enrolled through Autopilot or can be devices enrolled through the Windows 10 MDM agent via execution of a provisioning package on the device (Figure 2). Deploying an MSI application is similar to deploying any other application with-in ZENworks. Just create a bundle and assign it to relevant devices. ZENworks does the rest.
A Configuration Service Provider (CSP), is an interface to modify configuration settings on a device and is the primary way through which ZENworks can send commands for execution to Windows 10 MDM agent on the device. ZENworks 2020 Update 2 has a capability through which it is possible to send any CSP specified in an XML form down to the device for execution. This can prove very helpful to enforce settings or policies which havent yet been surfaced in ZENworks.
Unified Management of devices
It is entirely possible to manage a device using both the ZENworks agent and Windows 10 MDM agent (Figure 3). This dual management can also be used to supplement the capabilities available in ZENworks for managing devices via the Windows 10 MDM agent. In fact, a new policy ZENworks Agent Deployment Policy - is now available in ZENworks 2020 Update 2, in which the ZENworks agent can be deployed on any device enrolled through the Windows 10 MDM agent. This can be especially helpful for deploying the ZENworks agent on devices that are enrolled via Windows Autopilot.
Once the ZENworks agent is deployed, it is active alongside the Windows 10 MDM agent on the device, with both the agents communicating with the ZENworks server. However, in spite of there being 2 agents on the device, there is still only one device visible in ZENworks (Figure 4). This helps shield the administrator from the complexities of managing individual agents, while ensuring that they are managing a device instead of individual agents on a device. They can continue to provision resources and settings to devices, while ZENworks takes care of ensuring that things are routed appropriately to individual agents for execution and ensuring a unified management of devices.
ZENworks 2020 Update 2, by the virtue of being able to manage the full lifecycle of a device through Windows 10 MDM, is a significant milestone on our journey of bringing in newer capabilities for managing devices through the Windows 10 MDM.