News

Endpoint Manager Updated for Windows 10 Cloud Configuration, Microsoft Tunnel

• By Kurt Mackie
• March 26, 2021

Microsoft added several enhancements to Endpoint Manager this month related to Windows 10 in cloud configuration and the forthcoming Microsoft Tunnel product.

Endpoint Manager is used for configuring and managing devices and servers. The March improvements that Microsoft described Thursday are enabled by Microsoft Endpoint Manager service release 2103, issued this month. A list of the improvements are compiled in this "What's New" document.

Windows 10 in Cloud Configuration
Service release 2103 now lets Microsoft Endpoint Manager users deploy Windows 10 devices using the "Windows 10 in cloud configuration" process.

Microsoft had earlier described Windows 10 in cloud configuration as a way to carry out Windows 10 deployments using its simplified recommended settings. This guided scenario "automatically adds the apps, and creates the policies that configures your Windows 10 devices in a cloud configuration," according to Microsoft's "What's New" document.

Windows 10 in cloud configuration, while sounding optimal, isn't for every organization, though. It's designed for organizations that can get away with delivering the same set of apps to all end users, without adding customizations and without having on-premises dependencies. Devices need to be domain-joined using Azure Active Directory, which is Microsoft's cloud-based identity and access management service. Device management happens through Microsoft Intune, the mobile device management solution that's included in Microsoft Endpoint Manager subscriptions.

Even though Windows 10 in cloud configuration is just a bunch of easy-to-apply configuration settings, there are requirements to use it. Organizations will need subscriptions to Microsoft Intune, Azure Active Directory Premium P1, Microsoft Teams, OneDrive for Business and at least the Windows 10 Pro edition.

Microsoft Tunnel Preview Perks
Microsoft Endpoint Manager service release 2103 now delivers new "performance and health metrics" for Microsoft Tunnel users via the "Heath Check Tab" link. It shows "the top four health checks -- CPU, memory, latency, and your Transport Layer Security (TLS) certificate," the announcement explained. IT pros can use that information to carry out troubleshooting tasks, although Microsoft Tunnel is still at the preview stage.

Microsoft Tunnel was first introduced as a public preview release at Microsoft's September Ignite conference. It's used to connect mobile devices to an organization's network resources. It supports virtual private networks, split tunneling and the use of Microsoft's Conditional Access compliance service.

In related news, Microsoft Tunnel is now available in the Microsoft Defender for Endpoint preview version, which is Microsoft's cloud-based security forensics solution (a separate product from Microsoft Endpoint Manager). Microsoft is planning to phase out the older client version of Microsoft Tunnel at some point, the "What's New" document explained. 

To try the Microsoft Tunnel preview in Microsoft Defender for Endpoint, IT pros need to jump through a few hoops, as described in the document:

For this preview, you must opt in to gain access to the preview version of Microsoft Defender for Endpoint, and then migrate supported devices from the standalone Tunnel client app to the preview app. For details, see Migrate to the Microsoft Defender for Endpoint app.