Windows 10 Management

Windows 10 Management

Does anyone have experience managing Windows 10 devices via MobiControl in an environment where the devices will not be enrolled in a domain? Specifically what types on controls are available to lock the devices down, manage updates, etc?

 

4 Answers

Order By:   Standard | Newest | Votes
Raymond, Chan | posted this 28 February 2018

From your question, it sounds like you cannot lock or perform some other functions on an enrolled Windows 10 device.   Did you configure your Windows Notification Services (WNS) global settings in the servers tab?  If not, many actions intended to be pushed to the device will not be possible. 

 

If you find applying for WNS bothersome (requires submitting YOUR dummy app to Microsoft WNS portal), you can temporarily leave it out by selecting the "Opt out of WNS" option in  Windows Notification Services (WNS) global settings in the servers tab.  In such case,  since you cannot push commands onto the device (e..g. sending action from web-console interface will not see immediate effect), you might consider setting the "Update schedule" to be much more frequent (say every 2 or 5 minutes, to get MDM policy deployment more responsive) than the default 2 hours.  Then the device agent will try to initiate communication to the server more frequently when it is online, and many MDM policies can still function.  One drawback of this WNS opt-out approach will be network/CPU loading on your deployment server due to this exceptionally frequent scheduled update, especially when there are a lot for such Win10 devices to manage.

 

  • 0
  • 0
Support Staff | posted this 28 February 2018

Hello Ed, 

 

There are 2 options for your Windows 10 Implementation, take a look at both as they different in many ways.  Please note that LDAP is required for the Windows Modern format.  

 

I have linked the helpfile to the corresponding enrollment method for more details.

 

Windows Modern - one difference is it allows you to delpoy profiles to devices but does have a lockdown profile 

 

Windows Classic - a great feature is to be able to apply a lockdown and deploy packaged content to devices

 

Raymond also has some good information but he is correct when he states that increasing the check in frequency will increase CPU usage and may lower performance of your MobiControl Server. 

 

Cheers

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Ed | posted this 28 February 2018

Thank you for the information. It is my understanding that with v14 LDAP was no longer needed to enroll devices.

  • 0
  • 0
Support Staff | posted this 28 February 2018

Yes, you are correct that we have added a new option to Windows Modern enrollment rules in V14 but the legacy option still exists.  

 

Below is a screenshot of the new option where you can select to enroll devices using certificates to specify assignment groups instead of the LDAP group assignments.   

 

Note* you will need to import the certificate(s) in the next step.

 

Windows Modern enrollment options

 

I should have asked this before but what version are you currently using?

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback