Configure subscriptions and data alerts – Deploy and maintain assets

Configure subscriptions and data alerts

In the Power BI service, you can subscribe yourself and others to individual report pages, dashboards, and paginated reports, which will make Power BI send snapshots of content to your email. When subscribing, you can select the frequency and specific times when you want to receive subscription emails.

Subscribing to content

The process of subscribing to a dashboard, report page, or a paginated report is similar:

Navigate to the content item of interest and select Subscribe.

In the Subscribe to emails menu, select Add new subscription.

Enter the subscription name, addressees, email subject, frequency, time, start and end dates, and other options as needed.

Select Save and close.

You can create several subscriptions to the same content item. Figure 4-18 shows options available when subscribing to a dashboard as an example.

FIGURE 4-18 Subscription options.

When creating a subscription, you can select Run now to receive an email immediately. To disable a subscription without deleting it, switch the toggle next to Run now to Off. To delete a subscription, select Delete in the upper-right corner of the subscription settings. The Manage all subscriptions link takes you to a list of all subscriptions you created in the current workspace. Viewing all subscriptions you created is covered in the next section.

Need More Review? Subscriptions In the Power BI Service

For more details on subscriptions, including considerations and limitations, see “Email subscriptions for Power BI reports and dashboards” at https://docs.microsoft.com/en-us/power-bi/consumer/end-user-subscribe.

Managing your subscriptions

In addition to viewing workspace-specific subscriptions, you can see all subscriptions you created in the following way:

Go to My workspace.

Select Settings in the upper-right corner.

Select Settings > Settings > Subscriptions.

Figure 4-19 shows a sample list of subscriptions to manage.

FIGURE 4-19 List of subscriptions.

While the page says My workspace, it shows subscriptions created across all workspaces. To edit subscriptions, select Edit under Actions. The Overview column shows how many subscriptions to a content item you have.

Promote or certify Power BI content – Deploy and maintain assets

Promote or certify Power BI content

When you create Power BI content and share it, you can increase its visibility for other users by endorsing it. For example, other users can search for an endorsed dataset and build reports from it. When many datasets are available in the organization, it’s useful to know how reliable each dataset is—some may be created for test purposes only, whereas others may be considered a single source of truth in the company. By default, all datasets look the same when you search for datasets, be it from Power BI Desktop or the Power BI service. In this case, it may be a good idea to endorse datasets—let the reports creators know which datasets are high quality and reliable.

You can endorse datasets, dataflows, reports, and apps. There are two ways to endorse Power BI content:

  • Promote Promoted content has a badge that signifies that the content is ready to be used by others. Any contributing member of the workspace where the content resides can promote it. Content promotion facilitates the content being reused across the organization.
  • Certify Content can be certified to show that it’s recommended for use, meaning it is highly reliable and curated. Only people selected by the Power BI tenant admins can certify Power BI content.

Note Endorsing Different Types of Power BI Content

The process of endorsing all content types is the same. For ilustration purposes, next we review how to endorse a dataset.

A dataset can be promoted or certified in the Endorsement and discovery section of the dataset settings in Power BI service, as shown in Figure 4-20.

FIGURE 4-20 Endorsement.

Once you select Promoted or Certified, select Apply to save the changes.

Note Dataset Description

To help users understand what they can use a dataset for, you can add a description in the Endorsement section as well.

If the Certified option is inactive, it means you cannot certify datasets yourself. In this case, you should request dataset certification from those who were selected by your Power BI tenant admins to certify datasets. Those who can certify datasets may not always be members of the workspace that contains the dataset. If that’s the case, the person who can certify a dataset will need to become a contributing member of the workspace.

You can see the Certified and Promoted badges in Figure 4-21.

FIGURE 4-21 Promoted and Certified badges.

Plan a Windows 10 deployment – Deploy and upgrade operating systems

Skill 1.1: Plan a Windows 10 deployment

Windows 10 offers organizations new and exciting methods for deploying the operating system to users. However, traditional on-premises image creation-based deployment methods continue to be supported and are widely used. You can expect that the adoption of the new dynamic deployment methods will gain traction in the modern workplace and will be featured in the MD-101 exam. You must understand when these methods should be implemented over more traditional methods.

This skill covers how to:

Assess infrastructure readiness

Embarking on any new project should be carefully planned so that the delivery can be given every chance of success. This is especially applicable when deploying Windows 10 within an enterprise environment.

There are several tools and services available to help you evaluate, learn, and implement Windows 10. By following best practices and avoiding making deployment mistakes, you can ensure that your users are productive and that the project is delivered on schedule.

Windows 10 is released using a continuous delivery model known as Windows as a Service, with a new version of Windows 10 available every six months. Therefore, the skills you learn in deploying Windows 10 to your users will be reused again, and often.

It is recommended that you choose a group of users and deploy Windows 10 into focused pilot projects. This enables you to test each version of Windows 10 within your organization before rolling out the operating system to larger cohorts of users.

Plan pilot deployments

Each organization is different, and therefore, you must determine which deployment method (or methods) you will use. For example, you may choose to deploy new devices to your remote salesforce using Windows Autopilot and perform an in-place upgrade of your head office computers using the in-place upgrade method, perhaps.

To make effective decisions relating to the deployment method, you should perform testing in a non-production environment, and if you are successful, you should proceed to roll out Windows 10 to a small group of users.

By breaking down your Windows 10 deployment project into multiple stages, you can identify any possible issues and determine solutions where available. This will involve documenting and obtaining feedback from stakeholders at each stage. The first stage of deploying the operating system will be with a pilot deployment.

As part of the pilot, it’s important to determine the following:

  • Production hardware, including PCs, laptops, and tablets, meets the minimum hardware requirements for Windows 10.
  • Peripherals, such as printers, scanners, projectors, and other devices, are compatible with Windows 10.
  • All required device drivers are available.
  • All apps required following the deployment will work on Windows 10.
  • Any existing third-party disk encryption will work with Windows 10 (alternatively replaced with BitLocker Drive Encryption).
  • Your IT support staff has the necessary skills to support Windows 10.

The pilot is essential because it can be useful to ensure compatibility with existing hardware, apps, and infrastructure, and it provides you with an insight to the gains and potential pitfalls that you are likely to encounter during the later stages of the roll-out program. By reviewing and implementing feedback gained during the pilot phase, you can seek to minimize the future impact of any problems encountered.

If you find that your existing IT support staff doesn’t have the necessary skills to support Windows 10, you may use the pilot deployment phase to identify any training needs; doing so gives you time to implement the recommendations before a larger roll-out. You should also consider your non-technical users, who may require information relating to the new operating system so that their day-to-day productivity is not affected by the adoption of the new operating system.

You can also use the pilot to help to determine user readiness for Windows 10 and to identify any training needs—for both users and IT support staff.

Identify hardware requirements for Windows 10 – Deploy and upgrade operating systems
Identify hardware requirements for Windows 10

As part of your planning considerations, you should review the system requirements for installing Windows 10. Windows 10 can run adequately on hardware of a similar specification that supports Windows 8.1. Consequently, most of the computers in use within organizations today are Windows 10–capable. However, to get the best from Windows 10, you might consider installing the operating system on the computers and devices that exceed the minimum specifications described in Table 1-1. A good working specification is an Intel i5 processor or equivalent, 8 GB of memory, and an SSD of sufficient capacity for your users’ needs.

TABLE 1-1 Minimum hardware requirements for Windows 10

ComponentRequirement
ProcessorA 1 GHz or faster processor or System on a Chip (SoC).
Memory1 GB RAM on 32-bit versions and 2 GB for 64-bit versions.
Hard disk space16 GB for 32-bit versions and 32 GB for 64-bit versions.
Graphics cardDirectX 9 or later with a Windows Display Driver Model (WDDM) 1.0 driver.
Display resolution800×600 pixels.
Internet connectionInternet connectivity is required to perform updates and to take advantage of some features.

Note Evaluate Windows 10 Enterprise

You can access a 90-day evaluation of Windows 10 Enterprise through the Microsoft Evaluation Center. The evaluation is available in the latest released version, in 64-bit and 32-bit versions, and in multiple languages. The Evaluation Center and Windows 10 Enterprise can be downloaded from https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise.

Determine hardware compatibility for Windows 10

After you’ve verified that any new or existing computers on which you intend to install Windows 10 meet the minimum hardware requirements, you must verify that the operating system also supports any existing hardware devices and peripherals.

If you are purchasing new computers preinstalled with Windows 10, take no further action. But if you’re using existing computers, or you want to attach existing hardware peripherals to your new computers, you must verify compatibility of these older computers and peripherals.

If you have only one or two computers and a few peripheral devices to check, the easiest—and probably quickest—solution is to visit the hardware vendor’s website and check for compatibility of these devices and peripherals. You can then download any required drivers for the version of Windows 10 (32-bit or 64-bit) that you may need to install.

Verify Hardware Compatibility for Multiple Devices – Deploy and upgrade operating systems
Verify Hardware Compatibility for Multiple Devices

When you have many computers to install or upgrade to Windows 10, it is not feasible to visit each computer and verify device and peripheral compatibility. In this situation, consider using a tool to help determine compatibility.

If you have a traditional on-premises infrastructure, you can use the Microsoft Assessment and Planning Toolkit (MAP) to assess the computer devices attached to your network. You can use MAP to:

  • Determine feasibility to upgrade scanned devices to Windows 10
  • Determine your organization’s readiness to move to Microsoft Azure, Office 365, or Azure AD
  • Plan for virtualizing workloads to Hyper-V

Note Download Microsoft Assessment and Planning Toolkit

You can download the Microsoft Assessment and Planning Toolkit from the Microsoft website at https://www.microsoft.com/download/confirmation.aspx?id=7826.

Implement Desktop Analytics

Desktop Analytics is a cloud-based service that integrates Configuration Manager with Intune. By using Desktop Analytics, you can:

  • Create inventory
  • Evaluate app compatibility
  • Create pilot groups for deployment
  • Deploy Windows 10

Consider using Desktop Analytics as part of your overall assessment strategy. But first, you must verify that you meet the requirements for Desktop Analytics. To enable and configure Desktop Analytics, you’ll need:

  • An Azure subscription
  • Global admin permissions
  • Configuration Manager version 1902 or later
  • Full administrator role in Configuration Manager
  • Devices running Windows 7 or later
  • Windows Diagnostics data
  • Internet connectivity
  • Licensing considerations:
    • Devices enrolled in Desktop Analytics must have a valid Configuration Manager license.
    • Users of devices require licenses for one of the following: Windows 10 Enterprise E3 or E5, Windows 10 Education A3 or A5, or Windows Virtual Desktop Access E3 or E5.

After ensuring you have all you need to deploy Desktop Analytics, use the following high-level steps to set it up:

  1. Run the on-boarding wizard.
  2. Grant user access.
  3. Set up your workspace.
  4. Confirm the settings.
  5. Connect Configuration Manager.
  6. Enroll devices in Desktop Analytics.

Need More Review? How to Set up Desktop Analytics

To review further details about enabling Desktop Analytics, refer to the Microsoft website at https://docs.microsoft.com/mem/configmgr/desktop-analytics/set-up.

After you’ve set up Desktop Analytics and enrolled your devices in the service, you’re ready to create a deployment plan. A deployment plan enables you to:

  • Determine which devices you should include in pilot deployments
  • Identify compatibility issues
  • Suggest mitigations for detected issues
  • Track your deployment progress

When you create your deployment plan, you must:

  • Specify the Windows 10 versions you want to deploy
  • Specify to which groups of devices you want to deploy Windows 10
  • Define readiness rules
  • Define app importance

Based on Desktop Analytics recommendations, you must:

  • Select pilot devices
  • Determine how to fix issues with apps

Need More Review? How to Create Deployment Plans in Desktop Analytics

To review further details about deployment plans in Desktop Analytics, refer to the Microsoft website at https://docs.microsoft.com/mem/configmgr/desktop-analytics/create-deployment-plans.

Evaluate and select an appropriate deployment option – Deploy and upgrade operating systems

Evaluate and select an appropriate deployment option

Dynamic provisioning of Windows 10 using modern tools including mobile device management solutions offers organizations new deployment choices. Many of these options were not available when deploying previous versions of Windows using traditional deployment methods. Table 1-2 provides a summary comparison between modern dynamic provisioning and traditional deployment methods, which can also incorporate image creation.

TABLE 1-2 Provisioning methods

Dynamic provisioning methodsTraditional deployment methods
Enrollment into Azure Active Directory and Mobile Device Management (such as Microsoft Intune)On-premises deployment tools using Windows ADK, Windows Deployment Services, Microsoft Deployment Toolkit, or Configuration Manager
Provisioning packages using Windows Configuration DesignerBare-metal install
Subscription ActivationIn-place upgrade
Windows AutopilotWipe-and-load upgrade

The deployment choices available to an organization may be skewed by the existing investment it has made in traditional deployment methods and infrastructure. This may include reliance upon on-premises tools and procedures, such as using Microsoft Deployment Toolkit (MDT) and Endpoint Configuration Manager for Windows 7 and newer versions. These tools continue to be supported and can be used to support on-premises deployment methods, such as bare-metal, refresh, and replace scenarios. You should understand the modern alternatives to the traditional on-premises methods.

Deploying Windows 10 using modern cloud-based deployment and dynamic provisioning methods includes using subscription activation, Windows Autopilot, and Azure Active Directory (Azure AD) join. Ongoing management of Windows 10 is then undertaken using Mobile Device Management (MDM), such as Microsoft Intune.

Dynamic provisioning

You should see a theme throughout this book, which is to recommend an alternative method of provisioning client devices to the traditional approach, which would typically include the following stages:

  • Purchase or re-provision a device.
  • Wipe the device.
  • Replace the preinstalled operating system with a customized image.
  • Join an on-premises Active Directory.
  • Apply Group Policy settings.
  • Manage apps using Configuration Manager or MDT.

With a cloud-based deployment approach, the stages are simplified to the following:

  • Purchase or re-provision a device.
  • Apply a transformation to the preinstalled operating system.
  • Join Azure AD and enroll in MDM.
  • Use MDM to configure the device, enforce compliance with corporate policies, and to add, remove, and configure apps.

There is a significant difference between the two approaches. Dynamic provisioning seeks to avoid the need for on-premises infrastructure and resource intensive reimaging procedures.

Because Windows 10 is updated twice a year to a newer version—with each new version supported for a maximum of 18 months (30 months for Enterprise and Education editions)—maintaining customized deployment images can become a costly process and burdensome for the IT department.

The types of transformations that are currently available using dynamic provisioning include the following:

  • Provisioning packages A provisioning package is created using the Windows Configuration Designer and can be used to send one or more configurations to apps and settings on a device.
  • Subscription Activation Windows 10 Subscription Activation allows you to automatically upgrade devices with Windows 10 Pro to Windows 10 Enterprise without needing to enter a product key or perform a restart.
  • Azure AD join with automatic MDM enrollment A device can be joined to Azure AD and automatically enrolled into the organizational MDM solution by having users enter their work or school account details. Once enrolled, MDM will configure the device to the organization’s policies.
Provisioning packagesProvisioning packages – Deploy and upgrade operating systemsProvisioning packages

Provisioning packages are created using the Windows Configuration Designer, which is included in the Windows Assessment and Deployment Kit (Windows ADK). You can also download the standalone Windows Configuration Designer app from the Microsoft Store.

Note Download Windows ADK

You can download the Windows ADK from the Microsoft website at https://docs.microsoft.com/windows-hardware/get-started/adk-install. Ensure that you download the version of the Windows ADK that matches the version of Windows 10 that you intend to deploy.

Provisioning packages use very small configuration files. These are used to modify existing Windows 10 installations and configure their runtime settings.

A provisioning package can perform a variety of functions, such as:

  • Configure the computer name and user accounts.
  • Add the computer to a domain.
  • Upgrade the Windows 10 version, such as Windows 10 Home to Windows 10 Enterprise.
  • Configure the Windows user interface.
  • Add additional files or install apps.
  • Remove installed software.
  • Configure network connectivity settings.
  • Install certificates.
  • Implement security settings.
  • Reset Windows 10.
  • Run PowerShell scripts.

To create a provisioning package, you should complete the installation process of Windows Configuration Designer using either the Windows ADK or the Microsoft Store. Once you have done so, you are ready to create and deploy your provisioning packages. Start by opening Windows Configuration Designer. On the Start page displayed in Figure 1-1, select the option that best describes the type of provisioning that you want to do. If you’re unsure, choose the Advanced Provisioning tile.

Figure 1-1 Creating a new provisioning package

Use the following procedure to create your provisioning package to deploy a universal line of business (LOB) app:

  1. Select the Advanced provisioning tile.
  2. In the New project wizard, on the Enter project details page, enter the name and a meaningful description for your provisioning package. For example, enter Deploy LOB App1 and then select Next.
  3. On the Choose which settings to view and configure page, select All Windows desktop editions and select Next.
  4. On the Import a provisioning package (optional) page, select Finish. (You can use this option to import settings from a previously configured package that mostly, but not entirely, meets your needs.)
  5. On the Available customizations page, in View, select All settings, and then expand Runtime settings, as displayed in Figure 1-2.
  6. On the Available customizations page, in the navigation pane, expand UniversalAppInstall and then select DeviceContextApp.
  7. In the details pane, in the PackageFamilyName text box, enter a name for this collection of apps. For example, enter LOB App1.
  8. Select the PackageFamilyName: LOB App1 node.
  9. In the ApplicationFile text box, select Browse, navigate to the .appx file that represents your app, and select it, as displayed in Figure 1-2.
  10. In the File menu, select Save and note the location of the saved provisioning package file.

Figure 1-2 Available customizations for your provisioning package

You have created a customization for your app, and you are now ready to deploy this customization by applying the provisioning package.

Note Deploy Powershell Scripts from Provisioning Packages

If you want to use PowerShell scripts with provisioning packages, you need to select All Windows Desktop Editions on the Choose Which Settings To View And Configure page within Advanced Provisioning. You can then add command-line files in the Runtime Settings\ProvisioningCommands\DeviceContext area of the available customizations. To view detailed information about using scripts in provisioning packages, visit this Microsoft website at https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-script-to-install-app.

Apply provisioning packages – Deploy and upgrade operating systems
Apply provisioning packages

To apply a provisioning package, you must start by exporting the package. To export your provisioning package, in the Windows Configuration Designer, use the following procedure:

  1. Select the project file from the Recent Projects area of the Start page or select File and locate the project file. (It should use the name of the project and have an .icdproj file extension.)
  2. On the menu bar, select Export > Provisioning package.
  3. In the Build wizard, on the Describe the provisioning package page, the Name box is already complete with the project name. You can now specify the Package Version number and Owner information, such as IT Admin. Complete this information and select Next.
  4. On the Select security details for the provisioning package page, choose whether you want to encrypt or sign your package (or both) and then select Next. (To digitally sign your package, you must have an appropriate digital certificate that users of your package trust.)
  5. On the Select where to save the provisioning package page, specify where you want to store the package and then select Next.
  6. On the Build the provisioning package page, select Build. Your provisioning package is exported to your specified location.
  7. The All done page appears. Make a note of the package details and then select Finish.
  8. You can now apply the package to client devices and run the .ppkg file.

Once you have configured the settings within the Windows Configuration Designer, you export the provisioning package to a .ppkg file. To secure the .ppkg file, you can optionally choose to encrypt the package and digitally sign it. Once signed, only packages that are trusted can be applied on a client computer.

You can deploy the provisioning package to users by any method, such as email, physical media, or by sharing the file using OneDrive for Business. The settings are applied to the target device by one of the following methods:

  • Running the .ppkg file
  • Adding the provisioning package using the Settings app
  • Using the Add-ProvisioningPackage Windows PowerShell cmdlet

Provisioning packages can be applied to a device during the first-run experience when a device is first turned on by using a USB drive containing the provisioning package or after the Out-Of-Box Experience (OOBE) has been completed.

Need More Review? Provisioning Packages for Windows 10

To review further details about provisioning packages, refer to the Microsoft website at https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages.

Manage and troubleshoot provisioning packages – Deploy and upgrade operating systems
Manage and troubleshoot provisioning packages

You have already seen how using provisioning packages as part of your dynamic provisioning of Windows 10 can simplify your deployment processes.

The Windows Configuration Designer tool can be installed from the Microsoft Store as an app, which allows it to be regularly updated. Alternatively, you can install the Windows Configuration Designer tool as part of the Windows ADK.

The WCD interface is simple, and common tasks are offered using the available wizards, which can be used to create a provisioning package that can be used in the following environments:

  • Provision desktop devices Provides the typical settings for Windows 10 desktop devices.
  • Provision Windows mobile devices Provides the typical settings for Windows 10 mobile devices.
  • Provision HoloLens devices Provides the typical settings for Windows 10 Holographic devices, such as HoloLens headsets.
  • Provision Surface Hub devices Provides the typical settings for Surface Hub devices.
  • Provision kiosk devices Provides the typical settings for a device that will run a single app.
  • Advanced provisioning Enables you to view and configure all available settings. Choose this option if you are unsure which specific package type to use.

Most provisioning packages will be aimed at provisioning Windows 10 desktop devices and will use the advanced configuration option because this allows the greatest customization.

Provisioning packages offer administrators a quick and simplified mechanism to securely configure devices. Once created, the settings within a .ppkg file can be viewed using the WCD and edited using the built-in wizards or by using the advanced editor. When provisioning packages that need to be deployed to remote devices, they can be protected using encryption and signed.

Several usage scenarios for provisioning packages are shown in Table 1-3.

TABLE 1-3 Usage scenarios for provisioning packages

ScenarioPhaseDescription
New devices with Windows 10 need to have apps deployed to the devices.New deviceProvisioning packages can be used to deploy apps to devices.
Existing Windows 10 Pro devices need to be upgraded to Windows 10 Enterprise.UpgradeProvisioning packages can be used to change the Windows edition by deploying product keys or licenses using the Edition Upgrade settings.
You must update device drivers on Windows 10 devices.MaintainProvisioning packages can be used to deploy device drivers to devices.

When using provisioning packages, you may need to troubleshoot them if devices are not configured as expected.

There are several areas on which you can focus your attention when troubleshooting provisioning packages, as follows:

  • Configuration errors and missing customizations
  • Expired Azure AD Token
  • Export errors including encryption and signing issues
  • User issues
  • Advanced troubleshooting

If you have deployed the .ppkg file to multiple devices, and they have all failed to process the required changes, then you should first inspect the provisioning package. Locate the project file (with the .icdproj file extension) and open it using the WCD. You should then inspect the settings and confirm that they match your expectations and the design specification or change documentation for the provisioning package.

If you use the configuration wizard to configure automatic enrollment into Azure AD, as shown in Figure 1-3, you should ensure that the Bulk Token embedded inside the provisioning package has not expired. By default, this token is set to expire one month after creation, although you can manually set the token expiry date to 180 days after the creation date. If the package is used after the Bulk AAD Token has expired, the package will fail to install. You will need to edit the package, apply for a new Bulk AAD Token, and re-export the package.

Figure 1-3 Performing bulk Azure AD join by using a provisioning package

After the customization settings have been verified as correct, you should export the package again. Increment the version number to avoid confusion with the previous version of the package. Packages with the same versioning number will not be applied to the same target device twice.

If issues are suspected with either the encryption or signing of the package, you can export without these enhancements and re-deploy to your test machine to determine whether the issue remains.

For users, devices can be configured by placing the provisioning package on a USB drive and inserting it during the initial OOBE setup phase. Windows Setup should automatically recognize the drive and ask the user if he or she wants to install the provisioning package. If the package is not recognized, check that the file is in the root directory of the USB drive.

There are several tools that you can use to perform advanced troubleshooting for provisioning packages on user devices, including the following:

  • Windows Mobile devices The Field Medic app, which is available from the Microsoft Store, can create and export reports.
  • Desktop devices The Windows Performance Recorder, which is contained in the Windows Performance Toolkit, offers advanced Event Tracing for Windows. The system events recorded by this tool can be analyzed by using Windows Performance Analyzer, which is available from the Microsoft Store.
Windows 10 Subscription Activation – Deploy and upgrade operating systems
Windows 10 Subscription Activation

Windows 10 requires activation to unlock all the features of the operating system and to comply with the licensing requirements.

Once activated, Windows 10 devices can:

  • Receive updates
  • Access all Window 10 features
  • Access support

There are several types of activation that register the installation of Windows on a device with a standalone or corporate Windows 10 product key.

The three main methods of activation are as follows:

  • Retail
  • OEM
  • Microsoft Volume Licensing (volume activation)

Note More about Retail and OEM Activation

Both retail and OEM activation are outside the scope of this book and are part of the MD-100 Windows 10 exam. (See Exam Ref MD-100 Windows 10, published by Microsoft Press.)

Organizations with Enterprise Agreements (EA) can use volume activation methods. These provide tools and services that allow activation to be automated and deployed at scale. These tools and services include the following:

  • Active Directory–based activation This is an automated service that, once installed, uses Active Directory Directory Services (AD DS) to store activation objects. This simplifies the maintenance of volume activation services for an enterprise. Activation requests are processed automatically as devices authenticate to the Active Directory domain.
  • Key Management Service (KMS) This is an automated service that is hosted on a computer within your domain-based network. All volume editions of Windows 10 periodically connect to the KMS host to request activation.
  • Multiple activation key (MAK) Enterprises purchase product keys that allow a specific number of Windows 10 devices to be activated using the Microsoft activation servers on the internet.

All the preceding enterprise activation methods utilize services found within traditional on-premises, domain-based environments. An alternative method of activation is required to meet the needs of devices that are registered to cloud-based authentication and identity services, such as Azure Active Directory.

Subscription Activation allows your organization’s Azure AD tenant to be associated with an existing Enterprise Agreement; all valid devices that are connected to that tenant will be automatically activated.

Eligible licenses that can use Subscription Activation include the following:

  • Windows 10 Enterprise E3 or E5 licenses obtained as part of an Enterprise Agreement
  • Devices containing a firmware-embedded activation key
  • Windows 10 Enterprise E3 in CSP (Cloud Solution Provider), which is offered as a subscription for small- and medium-sized organizations, from one to hundreds of users

Note Firmware-Embedded Activation Key

Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key. You can read more information about firmware-embedded activation key licensing on the Microsoft website at https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses.

Organizations must meet the following requirements to implement Subscription Activation:

  • Enterprise Agreement or a Microsoft Products and Services Agreement (MPSA) associated with the organization’s Azure AD tenant.
  • Windows 10 Pro or Windows 10 Enterprise is installed on the devices you want to upgrade.
  • Azure AD for identity management.
  • All devices are either Azure AD–joined or are members of an AD DS domain that is synchronized to Azure AD using Azure AD Connect.

If all the requirements are met, when a licensed user signs in using their Azure AD credentials using a device, the operating system switches from Windows 10 Pro to Windows 10 Enterprise and all Windows 10 Enterprise features are then available. This process takes place without entering a product key and without requiring that users restart their computers.

Exam Tip

Devices that have been upgraded using Subscription Activation must be able to connect to the Azure AD tenant at least every 90 days to remain licensed. If the Azure AD tenant expires or the user license is unassigned, then the device will revert to Windows 10 Pro.