olastrom.com

Tag: copilot

  • Master the Copilot button on Copilot+ PCs

    Master the Copilot button on Copilot+ PCs

    As you might know, there is a new category of PCs out there called Copilot+ PCs. These are defined by primarily two things, they have an NPU with over 40 TOPS (trillion operations per second), and they have the Copilot button on the keyboard. Of course they also run Windows 11.

    As per writing this blogpost, we have mainly seen ARM based Copilot+ PCs. But x86 based versions from AMD and Intel is around the corner!

    One thing that has gain a lot of attention is the Copilot button. When the first devices were released this opened the consumer version of Copilot, the Microsoft Copilot app. This app does not work corporate environment, since we don’t get the “correct” version of Copilot. The Copilot we want to use is the Microsoft 365 Copilot where you sign in with your corporate credentials.

    There has been changes

    Since the October patches 2024, Microsoft has altered the behavior of the Copilot button based how you sign into your computer.

    Another change that has happened is that the Copilot in Windows (preview) experience has been removed and is replaced by either Microsoft Copilot app or Microsoft 365 app based on your scenario (see the table below).

    The following table will show you that based on you you authenticated onto you computer, different things will happen.

    ConfigurationCopilot experienceCopilot key invokes
    Copilot not enabled in environmentNeither Copilot in Windows (preview) nor the Microsoft Copilot app are present.Windows Search
    Copilot enabled + do not authenticate with Microsoft EntraCopilot in Windows (preview) is removed and replaced by the Microsoft Copilot app, which is not pinned to the taskbar unless you elect to do so.Microsoft Copilot app
    Copilot enabled + authenticate with Microsoft Entra + new deviceCopilot in Windows (preview) is not present. Microsoft Copilot is accessed through the Microsoft 365 app (after post-setup update).Microsoft Copilot within the Microsoft 365 app (after post-setup update).
    Copilot enabled + authenticate with Microsoft Entra + existing deviceCopilot in Windows (preview) is removed. Existing users with Copilot enabled on their devices will still see the Microsoft Copilot app.IT admins should use policy to remap the Copilot key to the Microsoft 365 app, or prompt users to choose.
    Source: Updated Windows and Microsoft Copilot experience | Microsoft Learn

    In a corporate world, we strive to have the Microsoft 365 app launching when pressing the Copilot button on the keyboard, since that’s where we can use the Microsoft 365 Copilot. So let’s walk though the different scenarios.

    New Copilot+ PCs

    If you are setting up a new Copilot+ PC (or resetting an existing one), there isn’t that much you need to do. As long as you get the October 2024 monthly security update installed, the Copilot button will remap to the Microsoft 365 app if signed in with an Microsoft Entra account and you have Copilot enabled in your environment, and it doesn’t need to be the “fancy” $30 per month version. If you have disabled Copilot, the button will (as the table says) open Windows ´Search instead.

    Existing Copilot+ PCs

    For your existing Copilot+ PCs which were setup prior to the release of the October 2024 monthly security update, you as an admin have to take action since the default value for users would be to launch the Microsoft Copilot app. This can be done in two ways, either prompt the users to make the change them self in Settings or push out a new configuration for the computers using a GPO or Intune CSP policy.

    Setting
    CSP./User/Vendor/MSFT/Policy/Config/WindowsAI/SetCopilotHardwareKey
    Group policyUser Configuration > Administrative Templates > Windows Components > Windows Copilot > Set Copilot Hardware Key
    Source: Updated Windows and Microsoft Copilot experience | Microsoft Learn

    As of the latest service release of Microsoft Intune, you can now also do this usign Setting catalog, which is not yet reflected in the Microsoft documentation.

    Let’s have a look at how we set this up in Microsoft Intune. (UPDATED with settings catalog instructions)

    Navigate to the Microsoft Intune Admin Center and select Devices > Windows > Configuration and create a new policy. Select Windows 10 and later then Settings Catalog. Select it and click “Create“.

    We start by giving the new profile a name which makes sense in our environment. Then click Next.

    Next step is to add the setting by pressing +Add setting. Search for Windows AI and select the “Set Copilot Hardware Key (user)” setting.

    Close the flyout and enter the AUMID for the Microsoft 365 app.

    AUMID: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub

    If you are not using Copilot and want to disable the button, set the value to 0 instead of the AUMID of the Microsoft 365 app.

    Click though the wizard and assign the profile to an applicable group.

    Review your configuration before creating.

    We have now successfully changed the behavior of the Copilot button on our Copilot+ PCs!

  • Copilot in Windows – How to turn it off using MS Intune

    Copilot in Windows – How to turn it off using MS Intune

    As everyone knows by now, Copilot is coming to Windows. For people in some parts of the world (e.g. USA) this is already a reality. But for us in Europe, we are still waiting for it to be made available.

    I rarely write posts about how to disable things, I’m a fan of giving the power to the end-user to use the new awesome tools made available for them. But Copilot is a massive thing, and for many organizations this is both a legal/policy issue, and a technical readiness issue. We need to be able to provide our users with services in a controlled way.

    Many of the larger organizations I’ve been working with over the years take this approach, enabling new services in a controlled way.

    So, let’s look at how we can control this using Microsoft Intune. In this post, we will not dig into what Copilot for Windows is.

    Creating a policy

    As usual, my focus is on cloud solutions so we will look into how you can do this using Microsoft Intune and not GPOs.

    Today, there is no Settings Catalog, so we need to rely on a Custom policy which we create by heading into the Device blade, choosing Windows > Configuration Profiles and select “+ Create” > “New policy“. Then we select Windows 10 and later as platform, and use Template > Custom as profile type.

    As usual, start of by giving your profile a good name based on your naming convention.

    Now, lets add a custom setting by pressing the “Add” button.

    Add the following information to your custom entry:

    Name: Disable Windows Copilot
Description: 
OMA-URI: ./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot
Data type: Integer
Value: 1

    Should look something like this and then hit save at the bottom of the fly out.

    You have now successfully added a custom CSR setting.

    Hit Next at the bottom of the screen and assign your policy to a user/device group. As always, if you are doing this in production, start with a test group before going for broad deployment.

    For this demo purpose, I’ve added the built in “All users” group.

    Skip the “Applicability rules” and head to “Review + Create” and review your profile before creating it. Once the profile has been created, the waiting game starts for the policy to apply. As usual, you can speed this up by pressing “Sync” on any of your devices that will be targeted.

    When the policy has been applied, the Copilot icon will be removed from the task bar.

    Doing a controlled roll-out

    We have currently removed Copilot for all the users in your environment, but how do we start enabling it again?

    Well, we need to do two things:

    • Create a group for our allowed users/devices
    • Exclude them from the policy we just created

    Since the default value for the Windows Copilot feature is to be enabled, we don’t really need to add a new policy. We can just exclude our targeted users/devices. This also makes broad deployment easy since we can gradually just exclude users/devices until we want to enable it for everyone.

    Please be aware that the change is not instant, the device needs to check-in before the policy is updated (but it’s fast when you do a forced sync).

    Take away

    So, would we disable this for all users and do a controlled roll-out? Well new features are not always easy for end-users to gasp or even understand that they have. People within IT tend to always want the latest and greatest and be early adopters. But “real” end-users are not always like that. We need to make sure that we can get information out to our end-users about this awesome new feature.

    There might also be that we need to do some assessments around the service before we can enable it in our environment, this could be both legal and internal policy that is controlling this.

    But as always, I really encourage you to enable this for your end-users once it’s available in your region. For us in Europe, we will have to wait a bit longer, but looking at the recent announcements around a Copilot-button on all Windows keyboards, I think we can really tell where we are heading with this.

    So please, don’t just disable this for the sake of disabling. And if you do disable it, have a plan to enable it. It will bring awesome value to your end-users (especially if you have Microsoft 365 Copilot licenses).

  • Microsoft Ignite 2023 recap

    Microsoft Ignite 2023 recap

    It’s that time of the year again. Not Christmas. Microsoft Ignite time!

    This year I decided not to go to Seattle, but instead follow it virtually from home. I can say now when Microsoft Ignite is over that I’ve had a severe case of FOMO the last couple of days, by just seeing all the pictures it looked like it was a really awesome event!

    But since MS Ignite is over, it means that it’s time for a recap. What did I find most interesting?

    For starters. There was a clear theme this year. AI, AI, Copilot, Copilot and Copilot. 😂

    Oh, and the picture in the top of this post is of course created using AI!

    Windows 365

    There was a bunch of new things released within Windows 365 at Ignite, and Windows 365 actually got time in the main keynotes!

    New Windows app – A preview of a new app to support not only Windows 365 and Cloud PC, but to also give you all your Azure Virtual Desktops, DevBox and published apps in the same place. The cool thing is that it’s also platform independed so we will see the same experiance on all major platforms going forward. You be able to have a “Windows” app on your iPad.

    Windows 365 GPU support – Microsoft announced that GPU support for graphic design work is coming to Windows 365, and this will really be great for a lot of customer scenarios! It will be really interesting to see the pricetag on the GPU SKU, I would kind of guess that you really need to have a good business case and not just have it’s because GPUs are cool…

    Windows 365 AI capabilities – It was also announced that you as an IT admin will be able to get AI based recommendation on sizing the Cloud PCs. This to help improving cost efficiency and user sattisfaction. Preview will be released soon.

    Single-sign on (SSO) and passwordless authentication – SSO and passwordless has for quite some time now been in preview in the Intune portal, but it’s not in general availability. This also applies to approved AVD providers!

    Watermarking, screen capture protection, and tamper protection – in order to increase security and prevent dataloss, these features which have been in public preview for a while are now in general availablity on both Windows 365 and AVD.

    Windows 365 Customer Lockbox – To ensure that Microsoft support engineers can’t access content to do service operations without explicit approval, you can use Customer Lockbox. This is similar to other Customer Lockbox within the Microsoft ecosystem. This is in public preview.

    Windows 365 Customer Managed Keys – I think this is a pretty cool update. You will soon be able to use your own encryption keys for encrypting the Windows 365 Cloud PC disk.

    Windows

    Eventhough Microsoft Build is usually where we see most Windows news, there were a couple during Ignite this year.

    Copilot in Windows – This was actually announced at the event earlier this fall and went in to public preview for selected markets on the 1st of November. During Ignite Microsot announced that it will go into general availablity in December, so let’s cross out fingers Europe is included!

    Windows Autopatch for frontline workers– Windows Autopatch is not new, but Windows Autopatch is now included in the Microsoft 365 F3 subscription to ensure frontline workers are kept up to date.

    Windows Autopilot and Windows Update for Business merging – Microsoft is streamlining the interface to handle updates

    Microsoft Intune

    There were a few big announcements for Microsoft Intune, and I would say the two biggest were around macOS management, Security Copilot in Intune and the Intune Suite.

    MacOS management – Microsoft has for a while now been very loud about their story around macOS and Intune, and we are now starting to see the outcome of this. I wouldn’t say that there were that much news related to Ignite around this, but they were pushing for that Intune is now in the forefront of device management for Mac, which means that you no longer need to have Jamf or such to have extensive macOS management.

    Security Copilot for Intune – As part of the Copilot and Ai journey we are on, Security Copilot will help you dentify annomolies or issues in your environment. It will help you analyze big chunks of data in no time to find security related events. But Security Copilot is more than that, it will also integrate in Microsoft Intune to help you create new policies or figure out how to solve issues that arrises. This will be such a great feature for many admins out there!

    Microsoft Intune suite updates – Microsoft Intune Suite was announced back in March this year and has so far mostly been focues on Endpoint Privilegde Management and Remote Help. Microsoft has now announced three more features that are coming; Enterprise App Management, Advanced Analytics and Cloud PKI. These three additional services will make the Intune Suite bundle even better and are expected to all be available in February of 2024.

    Summary

    To be honest, this years focus at Ignite was Copilot. The word “Copilot” is mentioned 289 times in the book of news. That kind of set the tone for Ignite. Don’t get me wrong, I’m super excited for Copilot but this year was crazy!

    Any how, lot of cool stuff coming out of Ignite this year and I think we will see things moving even faster now around AI since post-Ignite there has been some news around people from OpenAI joining Microsoft… What a time to be alive!

    One thing that I take with me is that next year, I want to go to Seattle and be there in person. My feeds has been filled with Ignite related pictures and the FOMO has been real!