Evaluate and select an appropriate deployment option – Deploy and upgrade operating systems
Evaluate and select an appropriate deployment option
Dynamic provisioning of Windows 10 using modern tools including mobile device management solutions offers organizations new deployment choices. Many of these options were not available when deploying previous versions of Windows using traditional deployment methods. Table 1-2 provides a summary comparison between modern dynamic provisioning and traditional deployment methods, which can also incorporate image creation.
TABLE 1-2 Provisioning methods
Dynamic provisioning methods | Traditional deployment methods |
Enrollment into Azure Active Directory and Mobile Device Management (such as Microsoft Intune) | On-premises deployment tools using Windows ADK, Windows Deployment Services, Microsoft Deployment Toolkit, or Configuration Manager |
Provisioning packages using Windows Configuration Designer | Bare-metal install |
Subscription Activation | In-place upgrade |
Windows Autopilot | Wipe-and-load upgrade |
The deployment choices available to an organization may be skewed by the existing investment it has made in traditional deployment methods and infrastructure. This may include reliance upon on-premises tools and procedures, such as using Microsoft Deployment Toolkit (MDT) and Endpoint Configuration Manager for Windows 7 and newer versions. These tools continue to be supported and can be used to support on-premises deployment methods, such as bare-metal, refresh, and replace scenarios. You should understand the modern alternatives to the traditional on-premises methods.
Deploying Windows 10 using modern cloud-based deployment and dynamic provisioning methods includes using subscription activation, Windows Autopilot, and Azure Active Directory (Azure AD) join. Ongoing management of Windows 10 is then undertaken using Mobile Device Management (MDM), such as Microsoft Intune.
Dynamic provisioning
You should see a theme throughout this book, which is to recommend an alternative method of provisioning client devices to the traditional approach, which would typically include the following stages:
- Purchase or re-provision a device.
- Wipe the device.
- Replace the preinstalled operating system with a customized image.
- Join an on-premises Active Directory.
- Apply Group Policy settings.
- Manage apps using Configuration Manager or MDT.
With a cloud-based deployment approach, the stages are simplified to the following:
- Purchase or re-provision a device.
- Apply a transformation to the preinstalled operating system.
- Join Azure AD and enroll in MDM.
- Use MDM to configure the device, enforce compliance with corporate policies, and to add, remove, and configure apps.
There is a significant difference between the two approaches. Dynamic provisioning seeks to avoid the need for on-premises infrastructure and resource intensive reimaging procedures.
Because Windows 10 is updated twice a year to a newer version—with each new version supported for a maximum of 18 months (30 months for Enterprise and Education editions)—maintaining customized deployment images can become a costly process and burdensome for the IT department.
The types of transformations that are currently available using dynamic provisioning include the following:
- Provisioning packages A provisioning package is created using the Windows Configuration Designer and can be used to send one or more configurations to apps and settings on a device.
- Subscription Activation Windows 10 Subscription Activation allows you to automatically upgrade devices with Windows 10 Pro to Windows 10 Enterprise without needing to enter a product key or perform a restart.
- Azure AD join with automatic MDM enrollment A device can be joined to Azure AD and automatically enrolled into the organizational MDM solution by having users enter their work or school account details. Once enrolled, MDM will configure the device to the organization’s policies.