Windows 10 provides an enterprise management solution to help manage company security policies and business applications on mobile or off-network devices, while avoiding compromise of the users’ privacy on their personal devices.

Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers do not need to create or download a client to manage Windows 10.

MDM security baseline
With Windows 10, version 1809, Microsoft is also releasing a Microsoft MDM security baseline that functions like the Microsoft GP-based security baseline. You can easily integrate this baseline into any MDM to support user’s operational needs, addressing security concerns for modern cloud-managed devices.

For more details about the MDM policies defined in the MDM security baseline and what Microsoft’s recommended baseline policy values are, see Security baseline (DRAFT) for Windows 10 v1809 and Windows Server 2019

For details about the MDM protocols, see [MS-MDM]: Mobile Device Management Protocol and [MS-MDE2]: Mobile Device Enrollment Protocol Version 2.




Microsoft inbox security technology (not deprecated) such as Bitlocker, Smartscreen, and DeviceGuard (virtual-based security), ExploitGuard, Defender, and Firewall

Restricting remote access to devices

Setting credential requirements for passwords and PINs

Restricting use of legacy technology

Legacy technology policies that offer alternative solutions with modern technology

And many more features that secure one of the most difficult areas of enterprise infrastructure...