Meraki

Community

Scripted Windows 10 Profile Enrollment?

EricaT
Just browsing
‎Apr 23 2020 7:38 AM
‎Apr 23 2020 7:38 AM

Scripted Windows 10 Profile Enrollment?

We are currently deploying MDM to laptops on our domain and having issues enrolling in the Windows 10 profile.

 

We've gotten the systems manager installed, laptops are checking in, but we would like to deploy the windows 10 profile to the machines. Is there a way to get the profile on there other than going through Windows Settings? We have been using Meraki MDM for phones and have had no problem deploying the Office 365 profile, but it looks like the features for computer deployment are limited.

 

Our users are not admins on their machine so they cannot enroll through the Windows Settings / Access work or School / Enroll only through MDM. Is there a way to script or possibly deploy this through group policy? Also, will it cause any issues using the same email for enrollment, rather than each individual users email address?

Labels:
0 Kudos
5 Replies 5
SoCalRacer
Kind of a big deal
‎Apr 23 2020 7:42 AM
‎Apr 23 2020 7:42 AM

The links below should help. I would recommend using a Powershell script with a Rasphone shortcut on the desktop. 

 

https://www.microsoft.com/en-us/itshowcase/enhancing-remote-access-in-windows-10-with-an-automatic-v...

 

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

https://github.com/gammacapricorni/happy-meraki-client-vpn

T1
Building a reputation
‎Apr 23 2020 4:13 PM
‎Apr 23 2020 4:13 PM

With domain in place why do you enroll Win 10 devices in MDM in the first place? It offers virtually nothing in terms of device configuration, restrictions or reporting. Domain covers everything Meraki can offer and much more.

0 Kudos
In response to T1
AKeeney
Comes here often
‎Apr 24 2020 7:05 AM
‎Apr 24 2020 7:05 AM

My guess would be that since this is for MOBILE device management, she is trying to gain better control over MOBILE devices.  If a laptop walks away there is a possibility that there could be proprietary or NPI still stored on the device.  Having the ability to remote wipe the device would be a HUGE benefit to any organization that is attempting to remain compliant with any recognized security standard.
Meraki dropped the ball with integrating the profile on to Windows 10 machines for users without administrative privileges.  Hopefully someone has had some luck scripting the enrollment procedure.

0 Kudos
In response to AKeeney
T1
Building a reputation
‎Apr 26 2020 11:06 PM
‎Apr 26 2020 11:06 PM

Remote device wipe requires active Internet connection which is unlikely with lost or stolen laptops. Besides, not many laptops have LTE modules in the first place. Reasonable password complexity policy and enforced encryption adds more to security than remote wipe gimmick.

0 Kudos
In response to T1
AKeeney
Comes here often
‎Apr 27 2020 5:08 AM
‎Apr 27 2020 5:08 AM

Well it has become abundantly clear that you don't have an answer for the problem.  And that is ok, neither do we which is why we posted here.  But what isnt ok, is replying with unhelpful comments.  So please, stop wasting our time.  Find some other posts to troll.  For the record the FFIEC (which is what the federal compliance governing body requires us to adhere to) states:

For institution-owned devices, the institution should have the ability to manage the remote devices. The following controls should be implemented:

...

Remotely disable or wipe the device in the event of theft or loss

...

https://ithandbook.ffiec.gov/it-booklets/information-security/ii-information-security-program-manage...

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.