Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Open Search
Tag

Intune

Enable windows hello login with camera on Windows 10 Intune joined machines

Symptom:

If you have a Windows 10 machine with a camera that supports Windows hello login you might see that Windows Hello is disabled by administrator.

windows 10 hello disabled

This is becasue of the Intune Policy in Microsoft Intune.

Implications:

Note, that if you want to enable Windows Hello you will also force the user that uses Azure AD join to enroll with a pin, adding an extra step to the Azure AD join process.

Steps:

Navigate to https://portal.azure.com and log in with admin credentials and select Intune.

intune blade

Select then Device enrollment.

device enrollment

Select then Windows Enrollment

windows enrollment

You should then see Windows Hello for Business, click it.

manage windows hello for business

You may create several policies based on Groups. However there should be a default policy that is assigned to everyone.

default policy

I had the policy disabled. Now click enable.

whfb status

You do not need to change any settings, just Ensure that you allow biometric auth. Then remember to click “Save”enable biometric and click save

That is it. On a Windows 10 Device you can update the policies or log off/on/restart to recieve this new policy.

windows hello enabled

You can also force this policy Down on the Device by syncronizing it:

syncronize with intune

6

Windows 10 Education devices benchmark with Novabench and AS SSD

Here is a comparison chart between a range of Windows 10 Based Education devices.

  • All devices are running Windows 10 1607.
  • They have recently been wiped and waited for windows update to remove all flags in device management
  • Running on battery with more than 60% charge
  • Devices are joined to Intune from OOBE
  • Tests ran 3 times on each device (score is had minor deviations)

The devices range from Pentium to Celeron CPU and from 64 gig to 256 gig SSD. Ram is 4 gig. The results on each device differ marginally each time i run the benchmarking tool.

These devices are all really cheap and start at 1800 NOK before VAT.

Chart (In progress*):

HP X360
HP x360 radiant red		 Lenovo N23
lenovo n23 education edition		 Acer B1 Spin
acer b1 spin education edition		  Lenovo Yoga 11Elenovo yoga 11e edu  HP Stream 11hp stream 11 education  Dell Latitude 3189dell latitude 3189 edu
AS SSD Score  180 1607  153 673
Novabench Score 370  479  333  534
Max price NOK incl. VAT  4081  4081 3500  Not agreed 2500 Not agreed
Specs Intel Celeron – 4/64 Intel Celeron 4/64 Intel Celeron 4/64 Intel Celeron N3450 – 4/128 Intel Celeron N3060 – 4/64  Intel Pentium N4200 – 4/128

What can you learn from this chart? There are difference performance, so having an opinion of what is good enough can save you some extra money when selecting a device. Will the user notice a difference, mabye… or mabye not.

Just keep in mind that a student does not need a super fast disk to write essay’s in word. But he will appreciate the extra power of a better CPU when having a Skype call and editing power point at the same time.

My opinion is that disk speed is the most important aspect of the devices. Even Celeron is good enough.

Here are the individual images from each test:

HP X360

Lenovo Yoga 11E

HP Stream 11

Dell Latitude 3189

Acer B118 Spin

Lenovo N23

0

Surface Pro 4 Windows 10 Education Edition Intune Enrollment

Here is a video of how long time it takes to unbox, clean and setup a Surface Pro 4 with Windows 10 Education and enroll it into Intune.

To enter Surface UEFI press  pwr on and hold volume up. Release pwr button once you see the device turns on. Keep holding the volume up untill you se the UEFI.

Please keep in mind that these test are real life and include some lag typing in email and passwords plus some clicking. This would be a realistic scenario. This even Includes MFA on enrollment.

Here is a summary of the times:

  • Wipe drive and clean to OOBE – 16 min 57 sec
  • OOBE to Windows – 2 mins 34 sec

Tech specs:

  • 8Gig Ram
  • 256 Gig SSD
  • Intel Pentium I5
  • Windows 10 Education 1607
  • Windows Imaging and Configuration Designer (WICD)

Here are the configurations in WICD:

settings clean

Here is the complete video:

Clean install with WICD

OOBE to Windows

Other tests on EDU devices:

HP X360 Education Edition

Lenovo N23 Education Edition

Acer B118 Spin Education Edition

0

Acer B118 Spin Education Edition Intune Enrollment

Here is a video of how long time it takes to unbox and setup a Acer B1 Spin with Windows 10 Education and enroll it into Intune.

To enter Acer UEFI press F2 – Here you can enable the F12 Boot menu which is disabled by default.

Here is a summary of the times:

  • Wipe drive and clean to OOBE – 22 min 52 sec
  • OOBE to Windows – 3 mins 31 sec
  • Switch user – 46 sec

Tech specs:

  • 4 Gig Ram
  • 64 Gig SSD
  • Intel Celeron 1,4 GHZ
  • Windows 10 Education 1607
  • Windows Imaging and Configuration Designer (WICD)

Here are the configurations in WICD:

settings clean

Here is the complete video:

Clean install with WICD

OOBE to Windows

New user switch

Other tests on EDU devices:

HP X360 Education Edition

Lenovo N23 Education Edition

0

*Updated Comparison chart Intune enrollment with Education Devices

Here is the comparison chart for the new Education Devices from HP, Lenovo and Acer.

UPDATED: Lenovo Yoga and Dell Latitude

This should illustrate how long time it takes for a student to setup his PC. On Wipe drive i used WICD, On Intune Enrollment I typed the email and waited for MFA. The actual clean logon without user intervention is much faster. On the new user switch, the device was not prepared with Setup My School PC for true multi user. The time it takes is for Windows to prepare a loaner PC or allow a student to borrow another PC in a 1-1 scenario

Chart:

HP X360

 Lenovo N23

 Acer B118 Spin

  Surface Pro 4surface pro 4 education Lenovo Yoga 11elenovo yoga 11e edu  Dell Latitude 3189dell latitude 3189 edu
Wipe drive and clean to OOBE  21 min 21 sec  26 min 21 sec  22 min 52 sec  16 min 57 sec  19 min 14 sec  21 min 58 sec
OOBE to Windows  4 min 7 sec  4 min 46 sec  3 min 31 sec  2 min 34 sec  4 min 46 sec  3 min 58 sec
Switch to new user  34 sec  56 sec  46 sec  34 sec 35 sec
Specs Intel Pentium 4/128 Intel Celeron 4/64 Intel Celeron 4/64  Intel Core i5 8/256  Intel Pentium 4/128  Intel Celeron 4/128

Note that during the OOBE and user switching i actually typed in information, hence the benchmark is subject to my typing speed.

Here are the individual tests:

HP x360 EE

Lenovo N23

Acer B118 Spin

Surface Pro 4

0

Lenovo N23 Education Edition Intune Enrollment

Here is a video of how long time it takes to unbox and setup a Lenovo N23 Education Edition with Windows 10 Education and enroll it into Intune.

To access the UEFI Boot menu Press F12 during boot

Here is a summary of the times:

  • Wipe drive and clean to OOBE – 26 mins 21sec
  • OOBE to Windows – 4 mins 46 sec
  • Switch to a new user (first time logon) – 56 sec

Tech specs:

  • 4 Gig Ram
  • 64 Gig SSD
  • Intel Celeron 1,4 GHZ
  • Windows 10 Education 1607
  • Windows Imaging and Configuration Designer (WICD)

Here are the configurations in WICD:

settings clean

Here is the videos:

Clean install

Intune Enrollment

New user switch

Other tests on EDU devices:

HP X360 Education Edition

Acer B118 Spin

0

HP X360 Education Edition Intune Enrollment

Here is a video of how long time it takes to unbox and setup a HP X360 ProBook G1 EE with Windows 10 Education and enroll it into Intune. You do not have to clean this device. It comes with a clean Win 10 Pro EDU image and is ready for the classroom.

If you have to clean the device using WICD/USB then Boot selection / Boot menu is the F9 key

HP ProBook X360 G1 Education Edition UEFI  / BIOS menu is the Esc key.

 

Here is a summary of the times:

  • Wipe drive and clean to OOBE – 21 mins 21 sec
  • OOBE to Windows – 4 mins 7 sec
  • Switch to a new user – 34 sec

Tech specs:

  • 4 Gig Ram
  • 128 Gig SSD
  • Intel Pentium 1,4 GHZ
  • Windows 10 Education 1607
  • Windows Imaging and Configuration Designer (WICD)

Here are the configurations in WICD:

settings clean

Here is the videos:

Clean install

Intune Enrollment

New user switch

 Other tests on EDU devices:

Acer Switch B1

Lenovo N23

0

Intune Education first look

intune-portal-first-logon-svensk

Remember to get Intune Education to work properly you need to enable School Data Sync (SDS). You do that here: http://sds.microsoft.com

Lumagate has also created a how to get SDS up and running with Microsoft Classroom here: http://lp.lumagate.com/microsoft-classroom

Device enrollment admins per school

Great news you can now specify enrollment admins for different shools. No more global admins. Your IKT kontaktlærer  (IT staff) can manage his/her school. It is not live yet but comming in April.

device-enrollment-admins

Here is the new Wizard to set up your school:

Sway: https://sway.com/ZjI1IgWq6lwRErJh

This slideshow requires JavaScript.

 

 

0

Enable Bitlocker Check in Intune MDM

When joining a Windows 10 device to Azure AD which supports “InstantGo” or “Connected standby” e.g. Surface. Microsoft Automatically enables bitlocker.

For all other devices you need to manually enable bitlocker on your drive.

As an IT admin you can create a Compliance Policy that checks if Bitlocker has been enabled. Here is how:

  1. Log in to http://manage.microsoft.com
  2. Click Policies and Compliance Policy
  3. Click Add
  4. Name: Bitlocker Check
  5. Description: Checks if bitlocker is enabled
  6. Under device health enable Windows Device Health Attestation.
  7. Deploy the policy to your target users or groups
  8. Check for compliance.

windows-device-health-attestation-bitlocker

0

Blog at WordPress.com.

Up ↑

%d bloggers like this: