Windows 10

Microsoft Flight Simulator on a Work Device

If you are a developer planning on using the Microsoft Flight Simulator APIs or whether you run some kind of aviation playground, running Microsoft Flight Simulator is going to be a must which may mean being able to run Microsoft Flight Simulator on a work device.

I’m a big aviation fan and while I don’t fly myself (the PPL is a dream for one day), simulations are the closest I’ll come for now. For anyone interested, the picture on this post is of me flying the Cessna 172 over Farnborough Airport, not too far from us in Basingstoke.

When I tried to install Microsoft Flight Simulator on a PC that was domain-joined as my Arcible work device, I couldn’t even get it installed. To download and install Microsoft Flight Simulator through the Xbox Store requires the new Xbox app for Windows 10. For this app to work, you need to be able to sign-in with your Xbox Live account and that was failing.

This failure, it transpires, is due to organisational policies that we had applied through Group Policy and Microsoft Intune. At Arcible, we follow the National Cyber Security Centre (NCSC) and Microsoft guidance for Windows 10 configuration and security which involves deploying and sometimes customising a set of baseline security policies. If you want to find out more about this yourself, check out https://www.ncsc.gov.uk/collection/mobile-device-guidance/platform-guides/windows-10 and https://www.microsoft.com/en-us/download/details.aspx?id=55319.

In these baselines, many of the gaming and consumer features of Windows 10 are disabled which results in the system services for Xbox being disabled. The Xbox app requires these services to initiate the user sign-in and general functioning of Xbox services.

Creating an override policy to allow Microsoft Flight Simulator on a work device

So how do we fix it so that we can play Microsoft Flight Simulator on a work device? Group Policy is a system of order and inheritance. Objects inherit policies from further up the tree in Active Directory and policies that are closer to the object in question are given priority. In our case at Arcible, the baseline security policies were applied to our top-level End-user Computing Organisational Unit. To allow a specific set of devices to run Microsoft Flight Simulator, we add a new policy that sets the startup mode of the four Xbox services from Disabled to Automatic.

Configuring the startup mode of the Xbox services in the Group Policy Management Console

Managing Group Policy and transitioning to modern management

If your organisation is struggling with policy management or needs to implement a better suite of policies that meet best practice guidance like t that from the NCSC, get in touch and we can help you with optimising and setting your Group Policy structure.

If you are more interested in the cloud and moving to modern management, you could look at moving your existing policies from Active Directory into Microsoft Intune using Device Configuration Profiles.

Get in touch with us at Arcible and we can find out more about what you want to achieve and the best way for you to achieve it.

Security Key Login with Hybrid Windows 10 Devices

Technically speaking, this feature has been available for some time if you were prepared to use machines joined to the Windows Insider Programme, as it required a minimum build of Windows 10. Because that build, Build 18945, was exclusive to the Insider Programme, it meant that this feature wasn’t viable for production users because who wants to use preview builds with real users?

With the release of the May 2020 update for Windows 10, however, all the parts are now all there in production form to enable the use of a security key for Windows 10 login on hybrid devices.

Read more…

Simplify Machine Builds with Windows Autopilot

I’ve worked with Microsoft Configuration Manager since the 2007 version. I’ve seen and worked with many things relating to machine builds like creating Task Sequences, Operating System Images and keeping those images up-to-date, patched, and tested. Things have got much better since these early days, however, this is still IT-driven and requires extensive amounts of manual time-intensive testing and work.

By taking advantage of modern Windows 10 devices and management we can use cloud-based technologies to make the process slicker and even enable the serve themselves.

Read more…

Managing Windows 10 Updates using Microsoft Intune

Previously, we wrote about using Azure Update Management to perform Software Updates on Windows Server-based systems but what about Windows 10. In this article, we will explore Managing Windows 10 Updates using Microsoft Intune.

In on-premises environments, we use solutions like Windows Server Updates Services (WSUS), System Center Configuration Manager (SCCM), or Microsoft Endpoint Manager. Yes, you can continue to use SCCM and Endpoint Manager with their Cloud Attach Co-Management features, however, what about if you have a cloud-native environment? What about if you have an environment where users are using non-domain joined devices?

Read more…

The New Microsoft Edge Stable Release

Earlier this month, Microsoft made the new Microsoft Edge Stable release of its new, Chromium engine based, Microsoft Edge browser available. We’ve been using this new browser, at Arcible, in its early forms for quite a while now and with the stable release now available, that means it’s ready for adoption by end-users.

Read more…