Windows 10 supports a growing number of MDM policies via it's CSPs, that allows it to be managed like any other mobile device
Some examples are:
- Management of Firewall
- Management of Bitlocker
- Management of Email accounts
- Management of Applications
- Enterprise wipe
- Full wipe
The EnterpriseAppManagement CSP could also be used to push the ZENworks agent after enrollment.
Workflow for enrollment:
- User would go to the zenworks-eup portal and select "Enroll".
- Portal would redirect the user to the Windows 10 "Enroll in device management only" by usind a deep link (ms-device-enrollment:?mode={mode_name})
- User would connect to ZENworks using the Windows 10 built-in MDM client. Windows 10 does automatic discovery of the server by using the "EnterpriseEnrollment.domain.local" DNS
- ZENworks would then push the Windows 10 policies defined by the admin, that could support any number of CSP (or even custom ones)
- ZENworks would additionally push a EnterpriseAppManagement CSP that installs the ZENworks agent (currently EnterpriseAppManagement is limited to MSI; but it is easy to do a MSI wrapper to the current ZENworks agent)
After enrollment the machine would be able to receive both regular bundles, perform regular inventory and process regular polcies but also receive MDM/CSP policies and actions.
ZCC Interface could be modified so that a single object exists for both the MDM and the regular agent devices.
by: Ricardo D. | over a year ago | Windows MDM Management
Comments
This is essential now. I'd be surprised if this wasn't on the ZENworks roadmap.