Nov 14 2018 10:11 AM
Hi all
Forgive me for asking a noddy question, as I'm not a skilled admin. I run a small business and have hired my first employee. I'm using M365 with standard policy settings applied. In truth, I haven't learned all the bells and whistles yet, but I like the ability to remote lock and wipe, apply information protection etc.
When setting up Win 10 for my new employee, I'm being asked to authenticate with a mobile (which I've yet to provide to the employee), to set a PIN number and then set a password for Bitlocker (as I like to apply FDE on laptops).
Is there a way I can link his laptop to my 365 environment, download office for him and set up files shares but then require him to set up the end factor for authentication, his preferred PIN and his preferred password for Bitlocker?
At present I'd be setting it all up with a PIN and passwords I choose and then getting him to change them later. I'm assuming there must be a more elegant way to handle this using M365 tools that I've not mastered yet?
Thanks for your help in advance!
Sean
Nov 14 2018 10:19 AM
Hi Sean,
Yes! You simply need to enroll the device in Microsoft 365 Business. Please check out my training deck, Deploy and manage Windows 10 in this post here.
The first step is to make sure you complete the configuration wizard and get the policies turned on. Next, you'll want to join your device to Azure AD.
If it's a new device, you simply sign in with your Microsoft 365 Business credential to attach it to your tenant during the Out Of Box Experience. It will inherit the policies you created.
If it's an existing device, you would attach it to your Microsoft 365 Business tenant via the 'Set up a work or school account' action in Settings on your laptop. It looks like the image below. Be sure to select 'Join this Device to Azure Active Directory' as highlighted in red.
Hope this helps!
David
Nov 14 2018 11:39 AM
Hi David
Thanks for the speedy reply and the links - there's some great information in there.
From what I'm seeing, my new employee effectively self provisions. They provide their M365 U/N and P/W which links the device to Azure AD - which in turn applies the policies. These can be set to oblige them to download O365 and implement Bitlocker, so once the user logged in these are 'pushed'.
Assuming that's right - is there the option for me to do all of this for him in advance - by which I mean, be able to download Office for him, set it up, download the Teams App, set it up, and confirm everything is good before his start date or do I have to give him a new laptop with Win 10 and let him sort it from the point of OOBE onwards?
Apologies if I missed this somewhere in the slides.
Thanks again
Sean
Nov 14 2018 01:09 PM