Can enrolled Windows 10 devices be configured and what are the capabilities of Relution?


Windows 10 devices are controlled via so-called Configuration Service Providers (CSP). These provide access to certain settings in the Windows system. The CSPs receive configuration guidelines from Relution via an XML-based SyncML format.

All configurations that can be applied to Windows 10 devices are described below.


Antivirus settings management

For Windows 10 devices, the following configurations can be made for Antivirus:

  • Scan settings for type, interval and others
  • File types included in the scan
  • File types excluded in the scan
  • Advanced settings for Windows Defener and others
  • Threat management for all valid threat severity levels
  • Rules for the attack surface reduction (ASR)




App compliance - add required apps


For Windows 10 devices, it is possible to install required apps on devices via a policy. With the configuration “App compliance”, native apps from the Relution App Store as well as public apps directly from the Windows Store can be added.

If the “Auto Install” option is selected for an app, the app is automatically installed on the device. Otherwise, the device is listed as incompatible as long as the app is not installed.

Block and allow lists are not supported by Windows 10.




Configure BitLocker


Hard disks of enrolled Windows 10 devices can be encrypted in Relution via the “Bitlocker” configuration. BitLocker is a security feature from Microsoft that is integrated in certain versions of the Windows operating system. The feature provides for the encryption of system drives, hard disks or removable media. The stored data is protected against theft and unauthorized reading.



Add email configurations for multiple users


With Relution, email accounts can be preconfigured for different users without the need for manual configuration by users directly on the device.



Manage Exchange accounts


With Relution, Exchange accounts can be pre-configured for different users and made available on the device without manual setup. No password entry is required in the Exchange configuration. The personal password must thus be entered directly on the Windows device.



Configure global proxies


A global proxy can be set up either automatically or manually. A global proxy can be used, for example, as a parental control filter, especially in homeschooling, when students also access web content via the private WIFI.



Manage password policies


The password configuration can be used to specify that a password must be used on the device by the user, which is subject to certain conventions that can be defined.



Configuring remote desktop service


In order to use the Remote Desktop functionality on a Windows 10 device, it must be enabled for this purpose. The function can be activated on devices via the configuration “Remote desktop service”. Afterwards, all members of the Remote Desktop user group on the target device have the option to access the device and transfer their screen completely. The functionality is not available for Windows 10 Home devices.



Manage restrictions for devices


Applied restrictions can be used to limit the range of functions of enrolled Windows devices. Settings for the following categories are available for this purpose and can be switched on or off:

  • Adding non-Microsoft accounts
  • App management
  • Camera
  • Connections like Bluetooth, data roaming and VPN
  • Experience and removing the MDM profile on the device
  • Reset system and device to factory settings
  • VPN
  • WIFI




Personalize start menu


The Start menu on a Windows 10 device can be personalized via the “Start menu” configuration. Among other things, the following information can be predefined:

  • Hide most used apps
  • Hide context menu
  • Hide app list
  • Set display size
  • Pin folders like Documents, Downloads or My Documents
  • Hide buttons like Shutdown, Restart or Hibernate
  • Hide user buttons like Lock, Logout or Change account




Manage VPN settings


With the “VPN” configuration, Virtual Private Networks are predefined and made available to the enrolled Windows 10 devices to establish a protected network connection.



Configure Windows Hello


The parameters for PIN assignment can be predefined via the “Windows Hello” configuration by specifying the Azure Active Directory client ID. This is then used for secure access to enrolled Windows 10 devices by specifying the PIN and for biometric authentication via fingerprint and facial recognition. Using these options, logging in to the Windows 10 device becomes easier and more secure, as the PIN is assigned to only one device and is secured for recovery with the stored Microsoft account.



Manage Windows licensing

With the “Windows Licensing” configuration, a license key can be stored on the devices in the XXXXX-XXXXX-XXXXX-XXXXX format for the Windows 10 Education, Enterprise, Pro and Home editions.



Manage Windows updates


The “Windows updates” configuration can be used to define the partially or fully automatic installation of operating system updates with or without user interaction, or to switch it off completely.



Manage WIFI settings


Via the configuration “WIFI” networks are predefined and made available to the enrolled Windows devices.



Install certificates on devices


Via the Windows 10 configuration “Certificate”, uploaded certificates are installed on the device by default according to the applied policy. The certificates are used for the authorized installation of Modern Apps installations such as msix files. It can be defined in which KeyStore or certificate store the certificate should be stored on the device. This can be used to determine whether the certificate is valid for the entire system or only for a user:in.




Can actions be performed directly on enrolled Windows 10 devices with Relution and what are the possibilities?


Enrolled devices can be controlled via actions. With Relution 5, the following actions can be applied to Windows 10 devices:

  • Remove app from device
  • Install app on device (native and public from Relution App Store)
  • Add local user accounts
  • Reset device to factory settings
  • Reboot device
  • Scan device (Windows Defender Scan)
  • Update device information under “Device details





Can Relution be used to distribute apps to enrolled Windows 10 devices?


With Relution, both native apps from the Relution App Store and public apps from the Windows Store can be installed and uninstalled on enrolled Windows 10 devices. Supported app formats are .msix, .msixbundle, .appx and .appxbundle. To install apps on Windows 10 devices and convert formats to MSIX using the Microsoft MSIX Packaging Tool, see insight Windows apps for Windows 10 devices with Relution


How are Windows 10 devices enrolled in Relution?


To enroll a Windows 10 device, a Windows enrollment must be created and performed in Relution. See insight Manage Windows 10 devices with Relution


Will Relution’s Windows 10 support be expanded?


With Relution 5, the management of Windows 10 devices was introduced. The range of functions for configuring, restricting and securing Windows 10 devices as well as installing applications will be continuously expanded from now on.

Mobile Device & App Management with Relution

Free for up to 5 devices & 5 apps forever. No payment information required.