Disable Wi-Fi Sense – Windows 10

Option 1.

Update to registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config

Or via Login Script or during the task sequences in Configuration Manager or MDT (post image install)

reg add HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config /t REG_DWORD /v AutoConnectAllowedOEM /d 0

Option 2.

Modify Unattend.xml to add Microsoft-Windows-WiFiNetworkManager

Set WiFiSenseAllowed to 0

Option 3.

For Windows 10 build 1511 or later

Configure the Group Policy Object Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services under

Computer Configuration\Administrative Templates\Network\WLAN Service\WLAN Settings\.

MDM in Windows 10

Built-In Mobile Device Management capabilities in Windows 10

The MDM capabilities provided in Windows covers the complete lifecycle of the device.

  • Enrollment capabilities to automate the MDM enrollment of the device as part of the Azure Active Directory join process.
  • New controls for configuring and managing the Start menu.
  • New controls over Windows updates, allowing you to control when specific Windows updates are deployed to MDM-managed devices (think “WSUS from the cloud”).
  • New AppLocker and Enterprise Data Protection configuration settings.
  • Integration with the Windows Store and the Business Store Portal (BSP) to enable automated app management.
  • Full device wipe capabilities, even for PCs.

These capabilities are supported on all types of devices, including Windows phone devices, PCs and tablets, and Internet-of-Things (IoT) devices.

MDM in Windows 10

Windows 10 Enterprise with Software Assurance

As I mentioned in a previous post, with the Windows 10 launch, MDOP is now included as an SA benefit, and is no longer a separate add-on.  This post explains Windows 10 Enterprise features with Software Assurance

Windows 10 Enterprise edition includes:

  • Granular UX Control, in which IT is able to customize and lock down the user experience of a Windows device for task-workers, kiosks, IoT/ embedded type functions using device management policies.
  • Pass the Hash Mitigations: The ability to store derived credentials (i.e.: NTLM hashes and Kerberos tickets) and the process that manages them (i.e.: Local Security Authority Subsystem Service (LSASS)), in a Hyper-V protected environment that is called a “Virtual Secure Mode (VSM)”. The VSM provides hardware based isolation and protection of derived credentials and prevents them from being stolen or misused even in the event that the Windows kernel is fully compromised. This capability prevents Pass the Hash (PtH) attacks which enable an attacker to impersonate a user on the network.
  • Device Guard: Device Guard locks down the device such that it can only run trustworthy executable code (e.g.: .exe, .dll) which means that they are signed by a trusted authority.  Device Guard can be used in combination with AppLocker, which is also included in the Enterprise Edition. In this case Applocker can be used to define which apps from a vendor who’s signature has been added to the trust list can be run on a device.

Below graphic shows the benefit of the Enterprise SKU along with Software Assurance.

2015-07-29_22-22-07

Windows 10 Works with Existing Infrastructure

Deploying and managing Windows 10 in your business does not mean upgrading your client management infrastructure.  Use your existing SCCM and Windows Server investments to deploy and manage the new Windows 10, which has now been officially released.  See the matrix below for compatibility information.  Also note, a new version of System Center Configuration Manager is in the works which will offer new capabilities related to Windows 10 features but is not needed to get Windows 10 out to your users today!

2015-07-29_16-13-21

Twitter: @jparekh_tech