Modern Device Management

IT Services is in process of adopting a comprehensive approach to managing all computers and mobile devices within an organization using best practices and latest technologies. The cornerstones of this new approach are Azure Active Directory and Intune. Combined, these new solutions will gradually replace the legacy on premise Active Directory.

Active Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is an umbrella title for a broad range of directory-based identity-related services. Active Directory Domain Services is the cornerstone of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. When a computer is joined to the Active Directory Domain, a computer account is created in the AD database that is used to authenticate the computer to the domain controller every time it boots up. This establishes a trust between the computer and AD Domain.

Azure Active Directory (AAD) is a cloud-based identity and access management solution that also provides a foundation for device management solution called Intune. During the transition period, both directories are co-existing and are working together in our hybrid AD environment.

University Owned Devices

All University-owned computers running Windows 10 will be joined to Azure Active Directory and auto-enrolled in Intune. This allows I.T. Services to:

  • provide single-sign on (SSO) to cloud based applications such as Office 365 Portal apps
  • implement and enforce security policies, such as ensuring that virus and malware protection is installed, running and up-to-date
  • deploy University applications, such as the latest version of Office 365 Pro Plus suite
  • secure and protect University corporate data that gets stored on those devices (example: hard drive encryption)
  • remotely wipe University corporate data from the device in the event it gets lost or stolen

All new computers purchased form one of our preferred vendors will be automatically joined to Azure AD and enrolled in Intune. For more information, please see:

The existing computers that have Windows 10 installed will be gradually joined to Azure AD and enrolled in Intune. For more information, please see:

For additional information on Windows 10, please see:

All University-owned computers running Windows 7 should be joined to on-premise Active Directory Domain (UWINAD). This allows I.T. Services to:

  • implement and enforce security policies, such as recently adopted Password Management Policy (example: enforce password complexity rules)
  • deploy printers and restrict who can print to those printers
  • provide single-sign on (SSO) to installed applications such as Outlook, Skype, Office 2016, OneDrive Sync
  • assist with upgrading these devices to Windows 10

For more information, please see Joining Windows 7 computer to AD Domain

By January 2020, all Windows 7 computers will be upgraded to Window 10. For more information please see:

Privately Owned Devices

All privately-owned computers running Windows 10 that that are being used to access University corporate data will be registered with Azure active Directory either automatically (for example when Office 365 is installed using portal.office.com), or manually through Windows 10 Settings (Join Work). This allows I.T. Services to:

  • secure and protect University corporate data that gets stored on those devices (example: hard drive encryption, device password)
  • wipe University corporate data from the device in the event it gets lost or stolen, or when device's owner is no longer affiliated with University of Windsor
  • provide single-sign on (SSO) to cloud based applications such as Office 365 Portal apps
  • provide a foundation and framework for other device management solutions such as Microsoft Intune which in turn provide other benefits such as UWindsor App Store that replaces SoftwareDepot

For more information, please see:

 

100% helpful - 1 review

Details

Article ID: 58317
Created
Thu 7/26/18 7:16 PM
Modified
Thu 4/25/19 4:50 PM