Rapidly Deploying Windows 10 Devices Via Modern Deployment Methods

One of the cool things in my job is that I get to see a lot of new devices and over the last few months I’ve been spending quite a bit of time figuring out the best way to deploy these in an educational context. I shared the guest blog around Modern Deployment Methods a few weeks back and I thought in this post I would outline some of my learnings from using some of the new Microsoft Education Solutions.

Devices I’ve Been Testing On:

The main devices I have been testing on are:

What is really pleasing about all of the above “hero” spec devices is that they all run a minimum of 4GB RAM and 64GB SSD storage making them powerful enough for most classroom uses and with new features coming like OneDrive Files on Demand, cloud storage will make them even more useful.

I’ve also had a look at the new Surface Laptop running Windows 10S but have not been able to do any extensive testing or resetting on with this device.

Modern Deployment Tools:

microsoft-tries-expelling-chromebooks-from-schools-with-intune-app-and-low-cost-pcs

Intune for Education dashboard.

Firstly, if you’re interested in setting up the full Microsoft Cloud Education Solutions then you really need to read this blog post first, where I’ve collated the key videos and “how to” articles. I’m going to outline the two key tools that make the deployment of Windows 10 super easy and these are:

Through my testing I’ve been using a few temporary demo tenants (check here to set one up if you’re a partner) and I’ve sometimes used Student Data Sync, and other times not. I have reset my above test devices numerous times using the Recovery Options in Windows 10 – if you’re not confident doing this, then the LaptopMag have created a pretty helpful guide here.

The idea behind the above tools is to take a cloud-first mentality in terms of pushing applications to devices and leveraging AzureAD as the key cloud identity platform.

Sequence For Setup:

This is the key sequence for setup in a simple list format:

  1. Reset Windows 10 to factory (see above) or use a brand new device.
  2. Insert a USB key with the Set Up School PCs App configured on it. This will:
    1. Install the initial provisioning package
    2. Install a selection of pre-selected applications
    3. Join the device to AzureAD of the pre-selected Office 365 Tenant.
    4. Enroll the device into Intune of the pre-selected Office 365 Tenant.
  3. Sign in as an Office365 user (this could be a student, teacher or ICT administrator)
  4. Intune (or Intune for Education) will start to push the remaining required apps and settings to the device immediately.
    1. In my testing I’ve settled on pushing apps to the device rather than to the user to ensure the fastest possible login times for students/staff i.e. once the application has been installed on the device it will be available to all users.
intune-for-education-set-up-pcs-100705444-large

The Set Up School PC App (SUSPC App) start screen.

In my testing, with the above mentioned test devices, I have found that steps 2-3 above typically takes under 5minutes. The initial login for a new user takes around 20-30seconds, and then subsequent logins of the same user is consistently under 4 seconds.

Step 4 above depends on how many applications you wish to push to the device, how fast the wireless network is etc. I am very confident that I could use the above sequence and deploy brand new devices to playing Minecraft:Education Edition on multiple devices in under 15 minutes.

Guides & Resources:

Learning more about the Set Up School PCs App can be done here but if you watch the below video you will see how easy it is:

The SUSPC App makes it super simple and fast to quickly deploy new (or restored Windows 10) devices and have them connected to your cloud first environment. It also means that the user experience for signing into these devices is fast and remains fast over time.

The second component to complete the deployment of apps and settings (sometimes referred to as policy) is using Intune For Education and you should look here for the full guide or watch the 5 minute video below:

As I mentioned in the sequence for setup at stage 4.1 above, I’ve settled on pushing apps directly to the device rather than to individual users, based on my preference that the apps are available to all users immediately when they sign in. This will, of course, vary from school to school based on how many apps they want on the devices (and available storage space) as well as app licensing considerations or suitability. The good news is that Student Data Sync will give you the granular control of which students (or classes, or year levels) you want to push certain apps or settings to.

If you’re after help or support directly from Microsoft around configuring Student Data Sync (SDS) for your school then complete the request form for personalised support HERE.

Conclusion:

These new tools, combined with new education focused devices from hardware partners, showcases just how far Microsoft has come in terms of delivering smarter and more efficient ways for schools to manage their ICT infrastructure. This is, of course, enabled through the power of the cloud and if your school is not leveraging a cloud identity platform like AzureAD it’s definitely time to explore this as an option.

Pleasingly, the above set up makes it easy for schools to have quick and reliable Windows 10 to focus on promoting great teaching and learning outcomes for students and teachers alike. Technology is a great servant to pedagogy, and with modern deployment methods like the above, less time is required to get the ICT equipment up and running, allowing more time for quality teaching and that has to be a good thing.

Using AzureAD Groups To Quickly Populate Microsoft Teams

Microsoft Teams is the new digital classroom platform from Microsoft and I’ve already reviewed the key features recently here, but if you’re unfamiliar with it here is the official overview video:

I have recently been asked by a few secondary schools and tertiary institutes what is the quickest way to populate students into a Team. You can, of course, use the official Student Data Sync tool which will take information from your Student Management System (SMS) and populate the relationship between teachers, students and classes in a very tidy way (full guide available here)

However, if you’re after a super quick way and you’re already using AzureAD Security Groups then it’s a 5 second job to add all your students into a class. Follow the instructions below to learn just how easy it is!

Teams2

You need to start by looking at your existing Groups in the Admin Portal and making sure that you have one that reflects the students/teachers that you want to add to your Team. In the above example this is a mail enabled security group called “Demo Students” with an alias of demos@educationgate.school.nz

Teams1

Next. go to your Team in question and by clicking on the Team name (in the above example, 11 History) you will see in the above example there are only three members of the team: 1 owner and two members.  You will also see the “Add Member” option on the right

Teams3

Once you have clicked “Add Member” will have the chance to add either individual students/teachers by searching for their name directly OR you search for your AzureAD Group name – in this case “demos”. You need to select this and hit “Add”

Teams4

Note that it automatically recognises that there is four members of the group and that it will add each of these members to your Team in one go.

Teams5

Confirmation that all four members from the AzureAD Group “demos” have been added to the team.

This is a real time saver for situations where schools are already using AzureAD to populate Groups with their students/teachers. In these examples, you can add an entire class of students as easily as adding a single student.

UPDATE: A keen reader reminded me that the above method is a one time import of the Members of the AzureAD Group – it will not keep them in sync if the membership changes dynamically (to achieve this, SDS is the better option). So the above is certainly a time saver in situations where you want to do a one off import and are prepared to add/remove additional members manually at a later date.

End Of Support for Dir Sync & Azure AD Sync Approaching

DirSync & Azure AD Sync will reach end of Support on April 13, 2017.

Azure AD will stop accepting connections from DirSync and Azure AD Sync after December 31, 2017. For more information about the DirSync and AAD Sync upgrade, please see the DirSync and Azure AD Sync deprecation documentation. If you have questions or feedback about this change, you can leave the team a comment on the blog linked below or reach on Twitter using the #AzureAD hashtag.

https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/

So now, it’s time to get cracking and move to Azure AD Connect if you’ve not done so already:

AD Connect.png

Azure AD Connect – keeping your identity synchronized in the cloud.