Intune: Upgrade Windows Pro to Enterprise AUTOMATICALLY!

Do you have a bunch of Windows 10 Pro devices and would like upgrade them to Windows 10 Enterprise? Microsoft 365 (specifically Microsoft Intune) can help you!

Note: For more information please reference Deploy Windows 10 Enterprise licenses. The following is an example on how to do this with Intune (assuming appropriate licenses have been purchased and assigned).

First, create a Microsoft Intune configuration policy. In the Azure Portal navigate to Microsoft Intune -> Device Configuration -> Profiles. Click Create Profile

Next, create a new Windows 10 and later profile, with a type of Edition Upgrade. Click Settings

 

 


Click Edition Upgrade

In the field Edition to upgrade to select Windows 10 Enterprise. In the Product Key field type in the product key (i.e. MAK). Then click OK


Click OK to save the Edition Upgrade. Click OK again then click Create


Next, click Assignments in the Assign to menu select All Users & Devices then click Save

Note: Your assignments may be different per your organization’s requirements. This is only an example. You could also assign only the machines in question, or use a dynamic security group that queries on the device serial number,etc.


On a virtual machine with Windows 10 1803, install Windows 10 Pro:

Note: I’m showing you this, to demonstrate the upgrade. Ideally you would sign in as an Organizational Account in the OOBE when installing Windows. However, if I did that here, you wouldn’t see that I’m coming from Pro 🙂

Notice it’s Windows 10 Pro:

 

Join the machine to Azure AD to receive the Intune policy:

Reboot the machine and sign in with the user’s Azure AD credentials. Once signed in, open System Information and notice that Windows has been upgraded to Enterprise!

This can be verified in the Intune portal under Device Status for the configuration policy that was previously created:

I hope you found this helpful. Questions? Please let me know in the comments below! Enjoy!

Ignite 2018: Matt’s list of recommended sessions

Microsoft Ignite 2018 is right around the corner, September 24 – 28 in Orlando Florida. While there are over 1591 sessions, I wanted to share with you the list of sessions that I will either be attending in-person or watching the on-demand version later when I get home. Please feel free to use this list to help create your personal schedule, or on-demand viewing list later. Also, be sure to follow me on Twitter @SosemanMatt and LinkedIn for updates while at Ignite. Here’s my recommendations from Ignite 2017 Enjoy!

Tip: Every year I spend ~200 hours watching Ignite sessions while running on the treadmill every evening or on an early Saturday morning to ensure I stay up to speed and keep my skills sharp. These sessions are addicting, and fun! They inspire me to go out and learn more, lab up a scenario, and gives me great stories to share with my peers, customers and partners.Click each session to be taken directly to that session’s page on the Microsoft Ignite website.

My Session: BRK3135 – Learn more about security and compliance for Microsoft Teams (Also working the Microsoft Secure Score booth throughout the week, come see me and connect!)

Must See:

THR2303 – How to Shift: Modern Desktop Deployment with Brad Anderson

GS008 – Microsoft security: How the cloud helps us all be more secure

GS006 – Modern teamwork: Transform collaboration and communications with Microsoft 365

GS004 – Simplify your IT management and level up with Microsoft 365

BRK3221 – Combat advanced cyber attacks with Microsoft Cloud App Security

BRK2158 – Elevate the security for all your cloud apps and services with the Microsoft CASB – Cloud App Security

KEY04 – Transform your workplace with Microsoft 365

BRK2295 – Sprint’s Microsoft 365 deployment acceleration strategies

BRK3401 – Azure Active Directory security insights with Conditional Access, Identity Protection, and reporting

BRK2468 – Security for your digital transformation

Office 365

BRK2102 – Better teamwork, together: SharePoint and OneDrive integration with Microsoft Teams

BRK2094 – The future of Yammer: Vision and roadmap

BRK2070 – New in Microsoft 365: Leadership engagement featuring live events

BRK2077 – Workplace Analytics & MyAnalytics: A review of data privacy and GDPR compliance

BRK2160 – The time for Teams: Scenarios to realize the value of Microsoft Teams

BRK2143 – Improving Health Team Collaboration using Microsoft Teams

BRK2140 – Accelerating GDPR compliance with Microsoft 365

BRK3398 – Best practices for a successful Video and Voice deployment on Microsoft Teams

BRK2440 – Citrix and Microsoft: Driving the future of work in the modern workplace, today!

BRK1059 – Enabling Firstline Workers with Microsoft Teams

BRK2393 – Get more done with Planner!

BRK2164 – The best (Outlook driven) day of your life

BRK2004 – The future of threat protection: Become efficient, cost effective, and more secure with Office 365 Threat Intelligence

BRK4002 – Securing your Office 365 environment from advanced phishing campaigns with Office 365 Advanced Threat Protection

Enterprise Mobility + Security

BRK3272 – Authentication and passwords: The good, the bad, and the really ugly!

BRK3401 – Azure Active Directory security insights with Conditional Access, Identity Protection, and reporting

BRK3285 – Deep dive into evolution of Windows app management with Intune

BRK3006 – Defend against mobile threats and increase user productivity with Intune-managed Edge browser

BRK2018 – Efficiently manage security with Microsoft

BRK3241 – Enable Azure Active Directory Conditional Access to secure user access while unlocking productivity across Microsoft 365

BRK2157 – Ensure comprehensive identity protection with Microsoft 365

BRK2157 – Ensure comprehensive identity protection with Microsoft 365

BRK3029 – Lessons from the field: protecting corporate data on any device with Microsoft Intune

BRK3103 – Manage and secure iOS and MacOS devices and apps with Microsoft Intune

BRK3117 – SecOps and incident response with Azure Advanced Threat Protection: Protect, detect, and respond

BRK4001 – Secure enterprise productivity with Office 365 threat protection services including EOP, ATP, and Threat Intelligence

Windows 10 Enterprise

BRK3018 – Deploying Windows 10 in the enterprise using traditional and modern techniques

BRK3038 – Windows 10 in S mode: Why you should care and how it works

BRK3039 – Windows 10 and Microsoft Office 365 ProPlus lifecycle and servicing update

BRK3017 – What’s new in Windows 10 mobile device management (MDM)

BRK3211 – Ask the experts: Successfully deploying, servicing, and managing Windows 10

BRK2420 – Beat the Windows 10 deployment clock

BRK3019 – Delivery Optimization deep dive: How to reduce internet bandwidth impact on your network

BRK3014 – Modern deployment with Windows Autopilot and Microsoft 365 (Part 1 of 2)

BRK3015 – Modern deployment with Windows Autopilot and Microsoft 365 (Part 2 of 2)

BRK2002 – Modern desktop deployment and management with Microsoft 365

Microsoft Teams: Share my iPhone/iPad screen in a meeting! (While on the beach…)

You’re in a conference call while at the airport on your iPhone, and the meeting starts to discuss that important PowerPoint slide or document. You say “I’ll have to show you when I get back to my desk”. It would be really nice if you could share it from your iPhone while in the meeting. Well – now you can, with Microsoft Teams!

Teams enables you to share the entire screen of your iOS device when in a Microsoft Teams meeting! Watch the below video to learn more! Enjoy!

Monitor & protect your data in ALL your clouds, NOW!

Think your organization is operating in a secure and compliant manner? After you answer the following questions, you might want to keep reading…

  • How do you ensure your sensitive data is protected across all the clouds in your environment, whether it’s Office 365/G-Suite/Box/SalesForce/etc?
  • Do you have a single pane of glass view of when someone shares a file from one of those clouds to someone outside the organization
  • What about login traffic to those cloud apps?
  • Do you have visibility into your Shadow IT and understand which apps in the environment are storing data overseas or aren’t compliant with an industry regulation such as HIPAA or GDPR?

Watch the following 3 minute video for an overview on Cloud App Security in Microsoft 365 – this is the tool that will make you the hero in your organization and help ensure you operate in a secure and compliant manner! Questions? Leave a comment below!

Technical documentation and how to configure what I show in the video for Cloud App Security can be found here.

Who owns what? The shared responsibility model of cloud and compliance (HIPAA, GDPR, NIST,ISO)

Do you need to meet an industry regulation? Curious what responsibilities Microsoft has as your cloud service provider and what responsibilities you have as a customer when it comes to using Office 365, Azure or Dynamics in compliance with your industry regulation? You may want to look into Microsoft Compliance Manager as a key tool in your compliance journey. Compliance Manager can help to assist in your compliance journey by helping you to understand the shared responsibility model, how each responsibility aligns/maps to the industry regulation, and enabling you with capabilities to then manage your compliance journey. This tool can help you to keep track of risk, verification and documentation as needed

At the time of this writing Compliance Manager can help you with the following:

  • Office 365
    • GDPR
    • ISO 27018:2014
    • HIPAA
    • ISO 27001:2013
    • NIST 800-53
    • NIST 800-171
    • NIST CSF
    • CSA CCM301
  • Azure
    • ISO 27018:2014
    • ISO 27001:2013
    • GDPR
    • UKNHS
  • Dynamics
    • NIST 800-53
    • GDPR
  • Professional Services
    • GDPR

Compliance Manager can be accessed via https://servicetrust.microsoft.com/ComplianceManager for existing Azure, Dynamics, Office 365 customers.

IMPORTANT: For the full technical documentation on Compliance Manager see: Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services and the Frequently Asked Questions can be found here.

Here is an example view of Compliance Manager’s dashboard, where you have visibility into each of your regulations by cloud service:

 

Clicking on any of the regulations will display the shared responsibility model for that regulation From here I can view what are the Microsoft Managed Controls and what are the Customer Managed Controls that I am responsible for.

 

 

Expanding Customer Managed Controls, I can see how each control maps back to the regulation articles (in this example, Access Authorization for HIPAA in Office 365). From here I can read more about actions required of me, enter details on how the control was implemented and how it was tested – including any response. In addition I can see if there are any related controls from other regulations, such as GDPR Lastly, I can assign this control to an owner in my organization to then upload relevant documentation and maintain the implementation date, test date, and test result information.

 

 

Conclusion:

Compliance Manager is a fantastic tool to help manage your compliance compliance journey, and may help to enhance your current processes. If you need to comply with a regulation such as HIPAA or GDPR – please check out Compliance Manager! Enjoy!