Scripted Windows 10 Profile Enrollment?

EricaT
Just browsing

Scripted Windows 10 Profile Enrollment?

We are currently deploying MDM to laptops on our domain and having issues enrolling in the Windows 10 profile.

 

We've gotten the systems manager installed, laptops are checking in, but we would like to deploy the windows 10 profile to the machines. Is there a way to get the profile on there other than going through Windows Settings? We have been using Meraki MDM for phones and have had no problem deploying the Office 365 profile, but it looks like the features for computer deployment are limited.

 

Our users are not admins on their machine so they cannot enroll through the Windows Settings / Access work or School / Enroll only through MDM. Is there a way to script or possibly deploy this through group policy? Also, will it cause any issues using the same email for enrollment, rather than each individual users email address?

5 Replies 5
SoCalRacer
Kind of a big deal

T1
Building a reputation

With domain in place why do you enroll Win 10 devices in MDM in the first place? It offers virtually nothing in terms of device configuration, restrictions or reporting. Domain covers everything Meraki can offer and much more.

AKeeney
Comes here often

My guess would be that since this is for MOBILE device management, she is trying to gain better control over MOBILE devices.  If a laptop walks away there is a possibility that there could be proprietary or NPI still stored on the device.  Having the ability to remote wipe the device would be a HUGE benefit to any organization that is attempting to remain compliant with any recognized security standard.
Meraki dropped the ball with integrating the profile on to Windows 10 machines for users without administrative privileges.  Hopefully someone has had some luck scripting the enrollment procedure.

T1
Building a reputation

Remote device wipe requires active Internet connection which is unlikely with lost or stolen laptops. Besides, not many laptops have LTE modules in the first place. Reasonable password complexity policy and enforced encryption adds more to security than remote wipe gimmick.

AKeeney
Comes here often

Well it has become abundantly clear that you don't have an answer for the problem.  And that is ok, neither do we which is why we posted here.  But what isnt ok, is replying with unhelpful comments.  So please, stop wasting our time.  Find some other posts to troll.  For the record the FFIEC (which is what the federal compliance governing body requires us to adhere to) states:

For institution-owned devices, the institution should have the ability to manage the remote devices. The following controls should be implemented:

...

Remotely disable or wipe the device in the event of theft or loss

...

https://ithandbook.ffiec.gov/it-booklets/information-security/ii-information-security-program-manage...

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels