Windows 10/11 devices are controlled via so-called Configuration Service Providers (CSP). These provide access to certain settings in the Windows system. The CSPs receive configuration guidelines from Relution via an XML-based SyncML format.
All configurations that can be applied to Windows 10/11 devices are described below.
For Windows 10/11 devices, the following configurations can be made for Antivirus:
For Windows 10/11 devices, it is possible to install required apps on devices via a policy. With the configuration “App compliance”, native apps from the Relution App Store as well as public apps directly from the Windows Store can be added.
If the “Auto Install” option is selected for an app, the app is automatically installed on the device. Otherwise, the device is listed as incompatible as long as the app is not installed.
Block and allow lists are not supported by Windows 10/11.
Hard disks of enrolled Windows 10/11 devices can be encrypted in Relution via the “Bitlocker” configuration. BitLocker is a security feature from Microsoft that is integrated in certain versions of the Windows operating system. The feature provides for the encryption of system drives, hard disks or removable media. The stored data is protected against theft and unauthorized reading.
With Relution, email accounts can be preconfigured for different users without the need for manual configuration by users directly on the device.
With Relution, Exchange accounts can be pre-configured for different users and made available on the device without manual setup. No password entry is required in the Exchange configuration. The personal password must thus be entered directly on the Windows device.
As an alternative to manually storing an Exchange host, a Secure Mail Gateway can also be used. In the Relution settings, the Windows operating system can be selected under permissions for enrolled devices, and certain Windows versions can be excluded.
The globally configured Secure Mail Gateway can then be activated in the Exchange configuration.
A global proxy can be set up either automatically or manually. A global proxy can be used, for example, as a parental control filter, especially in homeschooling, when students also access web content via the private WIFI.
A background image can be defined for the desktop and lock screen, and a color text can be added to the background image. This feature is available for the Windows 10/11 Enterprise and Education editions.
The password configuration can be used to specify that a password must be used on the device by the user, which is subject to certain conventions that can be defined.
In order to use the Remote Desktop functionality on a Windows 10/11 device, it must be enabled for this purpose. The function can be activated on devices via the configuration “Remote desktop service”. Afterwards, all members of the Remote Desktop user group on the target device have the option to access the device and transfer their screen completely. The functionality is not available for Windows 10/11 Home devices.
Applied restrictions can be used to limit the range of functions of enrolled Windows devices. Settings for the following categories are available for this purpose and can be switched on or off:
The Start menu on a Windows 10/11 device can be personalized via the “Start menu” configuration. Among other things, the following information can be predefined:
With the “VPN” configuration, Virtual Private Networks are predefined and made available to the enrolled Windows 10/11 devices to establish a protected network connection.
To protect the computer and data traffic and to prevent attacks from outside, settings for the Windows Firewall can be preconfigured.
The parameters for PIN assignment can be predefined via the “Windows Hello” configuration by specifying the Azure Active Directory client ID. This is then used for secure access to enrolled Windows 10/11 devices by specifying the PIN and for biometric authentication via fingerprint and facial recognition. Using these options, logging in to the Windows 10/11 device becomes easier and more secure, as the PIN is assigned to only one device and is secured for recovery with the stored Microsoft account.
With the “Windows Licensing” configuration, a license key can be stored on the devices in the XXXXX-XXXXX-XXXXX-XXXXX format for the Windows 10/11 Education, Enterprise, Pro and Home editions.
The “Windows updates” configuration can be used to define the partially or fully automatic installation of operating system updates with or without user interaction, or to switch it off completely.
Via the configuration “WIFI” networks are predefined and made available to the enrolled Windows devices.
Via the Windows 10/11 configuration “Certificate”, uploaded certificates are installed on the device by default according to the applied policy. The certificates are used for the authorized installation of Modern Apps installations such as msix files. It can be defined in which KeyStore or certificate store the certificate should be stored on the device. This can be used to determine whether the certificate is valid for the entire system or only for a user:in.
Enrolled devices can be controlled via actions. With Relution 5, the following actions can be applied to Windows 10/11 devices:
With Relution, both native apps from the Relution App Store and public apps from the Windows Store can be installed and uninstalled on enrolled Windows 10/11 devices. Supported app formats are .msix, .msixbundle, .appx and .appxbundle. To install apps on Windows 10/11 devices and convert formats to MSIX using the Microsoft MSIX Packaging Tool, see insight Windows apps for Windows 10/11 devices with Relution
To enroll a Windows 10/11 device, a Windows enrollment must be created and performed in Relution. See insight Manage Windows 10/11 devices with Relution
With Relution 5, the management of Windows 10/11 devices was introduced. The range of functions for configuring, restricting and securing Windows 10/11 devices as well as installing applications will be continuously expanded from now on.