0

We are a start-up with 11 employees and growing, and we are 100% cloud-based. We do not have, nor do we want, on-prem anything.

Those 11 employees all have company-owned laptops running Windows 10 64 bit, and all are joined to our Azure AD. But they also have a bunch of software installed by me before I ship the laptop to the user; things like Office 365, Dropbox (with nearly 1 TB of files), backup solutions, virus protection, and some custom stuff.

Today the way things work are I take delivery of a new laptop and I prep it myself by hand; first by reinstalling the OS on to new partitions, logging in as myself, and getting some system-wide stuff set up like the virus scanner.

Then I ship the laptop to the user with a long list of detailed instructions explaining how to get Office 365, Dropbox and everything else installed. I have made them an admin of the laptop, but I'd still like to have control over certain things myself.

This all works, but it's a pain and it's error prone. I'd like to use something like SCCM to build a standard image with everything all installed and set up, so that when I ship the laptop to the user they turn it on, go through a standard (but customized) out-of-box experience, and when it's all done there is nothing left for them to do but start working.

The problem I'm seeing is that SCCM requires an on-prem Active Directory deployment which, as I've said, we don't have and never want.

I'm quite certain my company isn't a Unicorn. There have got to be tons of start-ups out there that want custom OS images and enterprise-level control over the infrastructure without ever having on-prem anything. So there's got to be a way to accomplish all of the following without having on-prem anything ever:

  • Deploy new software
  • Monitor what software is deployed
  • Deploy updates
  • Install new client OSes with specific configurations
  • Monitor drive space and be able to send out alerts
  • Install Dropbox with custom configurations and files already downloaded to image

How can I accomplish all of this without having anything on premise?

John Dibling
  • 283
  • 3
  • 10
  • Sounds like a job for Microsoft Intune - https://docs.microsoft.com/en-us/intune/introduction-intune – joeqwerty Nov 16 '17 at 17:33
  • @joeqwerty: I didn't think so. We're already using Intune as a MDM platform, but it is focused on granting and limiting access to resources based on policies. It has no capabilities that I've been able to identify in building customized Windows 10 images, and I don't think I can enforce system policies through it. – John Dibling Nov 16 '17 at 19:37

1 Answers1

1

Some organizations do not manage images and instead just enforce devices are secure and on supported versions. Implemented with a clean Windows 10 install and the Intune client, for example.

Or, Windows Assessment and Deployment Kit contains the core imaging tools to make and deploy whatever image you want.

Windows Server Update Services manages Windows updates. Not third party, although there might be extensions to add arbitrary installers to WSUS. And you will need infrastructure to run it.

System Center or custom Group Policy will require running your own AD DS.

I suggest you document exactly what you want to accomplish, what needs to be installed and what and policy is required. System Center is a product suite that can do almost anything. Which is great, but if you just need a couple programs and registry keys set could be too much.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34