Autopilot 2.0: Microsoft’s Slick New Rollout for Gov & Enterprise!

Microsoft has dropped a fresh upgrade for Windows Autopilot, and it's a game changer, especially for IT admins in government and large enterprises. The new features streamline the onboarding process, improve error handling, and provide support for government clouds like GCC High and DoD. If you're dealing with large-scale deployments, this update just made things smoother and less of a headache.

Key Features You’ll Love:

  1. Improved Out-of-Box Experience (OOBE): You can now see real-time progress as devices are onboarded. This not only gives you peace of mind but also lets you track issues before users get their hands on the device. The new UI is cleaner and provides more insight into the deployment process, which helps IT teams pinpoint problems quickly.
  2. Stronger Error Handling: The update includes enhanced error resiliency, meaning that even if something goes wrong during the setup, the system can handle it better, reducing the number of failed deployments. This saves time and frustration, especially in large environments where downtime can be costly.
  3. Government Cloud Support: For those managing sensitive environments, Autopilot now has extended support for government clouds, including GCC High and DoD. This means that government institutions with high security requirements can now enjoy the benefits of Autopilot without compromising on compliance or control.

thumbnail image 1 captioned A new Windows Autopilot device preparation section is available under Enrollment > Windows. Admins will configure a single Device preparation policy to configure deployment and user experience.Why It Matters:

The latest Autopilot updates are tailored for large-scale deployments, making it easier to manage thousands of devices while ensuring they stay secure and up-to-date. With better visibility into the onboarding process and a stronger focus on error resilience, IT departments can spend less time troubleshooting and more time focusing on strategic tasks.

For government bodies and enterprises that require strict security and compliance, these features are a blessing. The ability to deploy devices into secure environments like GCC High and DoD clouds without extra steps means faster, more efficient rollouts.

What’s the Catch?

While the updates bring a lot of improvements, it’s worth noting that device setup may still take some time, especially with larger batches. But overall, these enhancements mean fewer bumps along the way, less downtime, and a more intuitive deployment process.

Final Thoughts:

This Autopilot update is all about saving time, reducing errors, and providing greater control for IT admins working with large or highly secure environments. If you’re an IT admin in government or enterprise, these changes are worth exploring. Not only will they improve how you manage devices, but they’ll also give you more confidence in the deployment process from start to finish.

For more details, check out the full announcement here.

by Jay Ralph

Welcome

Welcome everyone to the first blog of modern-managed.com! This site has been a long time in the making, having purchased the domain over a year ago, I finally decided that I needed to sit down and write some content for it.

This site will replicate some of the work I did on my own company Cloudable in the blog section, but I wanted to separate out the blog from my commercial consultancy.

Over the coming weeks, months and years, I plan to add lots of helpful content from some co-workers and I that you will hopefully find useful. I will also import all the old articles from the cloudable blog.

by Jay Ralph

Is ADFS now dead?

For those of you keeping an eager eye on cybersecurity, NCSE published some new guidance for securing Office 365 earlier this year. This new guidance includes one significant change from Microsoft, which some may find a little controversial.

Microsoft now recommends that hybrid environments – i.e. those that use Active Directory Domain Services and Azure AD – should prefer native authentication against Azure AD rather than ADFS.

In Microsoft-speak this is ‘Seamless SSO with Password Hash Sync’, configured to use either per-user or Conditional Access MFA.

Password synchronisation with the cloud can feel like a scary thing to do, but in actuality, organisations using Azure AD as their primary authentication source will lower their risk compared with ADFS.

This is because:

  • It’s the hashes of your password hashes that are sent to Azure AD, and not the reusable NTLM hashes commonly discussed in “pass the hash” attacks. This means that the credentials sent to Azure AD can’t be used to authenticate to any of your on-premise infrastructures that rely on Active Directory.
  • We are already relying on Azure AD to make access control decisions regulating who can see which data, hosted in Office 365. So we already need to trust that it’s built and operated securely. Storing password hashes doesn’t change that security requirement.
  • The availability of Office 365 will no longer be affected by any outages or downtime suffered by your on-premise ADFS or Active Directory infrastructure.

For those interested, the new Microsoft guidance can be found here:  It’s a brave new world out there!

by Jay Ralph