If you are a developer planning on using the Microsoft Flight Simulator APIs or whether you run some kind of aviation playground, running Microsoft Flight Simulator is going to be a must which may mean being able to run Microsoft Flight Simulator on a work device.
I’m a big aviation fan and while I don’t fly myself (the PPL is a dream for one day), simulations are the closest I’ll come for now. For anyone interested, the picture on this post is of me flying the Cessna 172 over Farnborough Airport, not too far from us in Basingstoke.
When I tried to install Microsoft Flight Simulator on a PC that was domain-joined as my Arcible work device, I couldn’t even get it installed. To download and install Microsoft Flight Simulator through the Xbox Store requires the new Xbox app for Windows 10. For this app to work, you need to be able to sign-in with your Xbox Live account and that was failing.
This failure, it transpires, is due to organisational policies that we had applied through Group Policy and Microsoft Intune. At Arcible, we follow the National Cyber Security Centre (NCSC) and Microsoft guidance for Windows 10 configuration and security which involves deploying and sometimes customising a set of baseline security policies. If you want to find out more about this yourself, check out https://www.ncsc.gov.uk/collection/mobile-device-guidance/platform-guides/windows-10 and https://www.microsoft.com/en-us/download/details.aspx?id=55319.
In these baselines, many of the gaming and consumer features of Windows 10 are disabled which results in the system services for Xbox being disabled. The Xbox app requires these services to initiate the user sign-in and general functioning of Xbox services.
Creating an override policy to allow Microsoft Flight Simulator on a work device
So how do we fix it so that we can play Microsoft Flight Simulator on a work device? Group Policy is a system of order and inheritance. Objects inherit policies from further up the tree in Active Directory and policies that are closer to the object in question are given priority. In our case at Arcible, the baseline security policies were applied to our top-level End-user Computing Organisational Unit. To allow a specific set of devices to run Microsoft Flight Simulator, we add a new policy that sets the startup mode of the four Xbox services from Disabled to Automatic.
Managing Group Policy and transitioning to modern management
If your organisation is struggling with policy management or needs to implement a better suite of policies that meet best practice guidance like t that from the NCSC, get in touch and we can help you with optimising and setting your Group Policy structure.
If you are more interested in the cloud and moving to modern management, you could look at moving your existing policies from Active Directory into Microsoft Intune using Device Configuration Profiles.
Get in touch with us at Arcible and we can find out more about what you want to achieve and the best way for you to achieve it.