locked
Windows 8, Domains, and Live intergration RRS feed

  • Question

  • With Windows 8 devices steadily increasing in a business environment, I've started looking for ways to manage it. I haven't yet found a whole lot of documentation about the three things in my subject, so I thought I would solicit some opinions here.

    I am interested in integrating, managing, and customizing Windows 8 devices (from desktop to phones) for corporate, controlled, secure, domain use. I've read up on how to link a domain account to a Windows Live account in order to get access to the Store, Skydrive etc. I've also messed around a little bit on a spare domain I own with Windows Live Domain management.

    I had the idea of putting in place a structure that will allow a smooth migration for users as more and more Win8 machines show up for business use. Something that would allow for protection of company data but still using Skydrive, and possibly even using Outlook.Com as the mail email provider for smaller companies.

    So what about this:

    • Set up a custom Live Domain (domains.live.com) using a company-controlled Live Account (not a personal one).
    • Create a User for this domain (called whatever, let's say "AcmeIncUsers"). 
    • Provision Windows 8 devices as usual using a Local account.
    • Corporate Users sign in using domain credentials.
    • "Connect" each domain account with the "AcmeIncUsers" account. (http://windows.microsoft.com/en-us/windows-8/connect-microsoft-domain-account) which allows for the desired syncing.

    Domain administrators will retain control over the AcmeIncUsers account, including colors, Store applications, etc. This (should) allow domain users to make use of the single Skydrive account of AcmeIncUsers to access/transfer non-sensitive files company-wide, and to even allow external clients access via the Public folder (instead of email attachments or FTP). This also allows administrators to deploy Store Apps (including side loaded ones?) to the entire company via one action.

    Security for Skydrive could be accomplished via several methods, but right at the top of the stack for me is to set up BoxCryptor Classic on each machine and use it to securely encrypt anything sent to Skydrive. A "folder" is created on each machine where Users will store all material destined for Skydrive. Boxcryptor encrypts it as it load's into Skydrive.

    Email would not be possible for all, but on a domain you probably have an existing method for that already anyway. Technically you could use the one email address for AcmeIncUsers to send company-wide email.

    A variation of the above could be to create 2, 3 or more Live Accounts depending on some sort or organizational structure at your company. One for the lawyers, one for the secretaries, one for the mailroom. Etc... Then you could manage each group separately. Again, this is really just to make use of colors, Store Apps, skydrive, and other things Windows 8 is able to sync between machines. 

    So, anyone see a pearl of opportunity here?

    Thursday, August 22, 2013 3:14 PM

Answers

All replies

  • Why not just use System Center Configuration Manager?

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Soh.M Sunday, October 6, 2013 3:05 AM
    Friday, August 23, 2013 11:22 PM
  • Scanning the long list of things it can do, I didn't see entries along the lines I mentioned at the top. I did see a whole lot of things I would have no use for at any of the places I work for. And it's not free. Did I mention that's it's overkill? These are small clients with anywhere from 5 to 20 workstations, and most have only 1 server.

    Saturday, August 24, 2013 12:17 AM