The modern school with Microsoft Surface

Microsoft Device as a Service

Device as a Service mitigates the costs and risks associated with refreshing a fleet of personal hardware devices, by taking them and bundling them up with a variety of software, accessories and services, all for a simple, monthly subscription fee.

Talk to an expert

Microsoft_SUR20_Go2_Contextual_0863_RGB-Homeschooling

Your checklist for Microsoft Surface-as-a-Service with CompNow?

Click on the below icons to learn more.
Network Licensing Identity Enrolment Tenant Management Warranty

Please enter your required devices and services, this will generate a estimated cost and then simply click the Request a Quote button to send this to us so we can supply a formal quote to your organisation.

Finance to approved customers. Terms & conditions apply. Computers Now Pty Ltd ABN 48 592 886 118 – E&OE

SUR20_Laptop3_Contextual_COMMERCIAL_08936_Square

We know a Microsoft Surface DaaS solution delivers results

  • tick-circle
    Focused on productivity in the workplace, not hardware

    Other companies are pushing solutions from hardware to software, instead, there is a focus on end-user productivity and collaboration (software to hardware).

  • tick-circle
    One integrated and seamless Microsoft experience

    Surface hardware combines with Microsoft software solutions into a single offering that works seamlessly together, making it easier to train, manage, and support end-users.

  • tick-circle
    Central point of value delivered across the value chain

    Microsoft delivers value across the entire value chain by using deep knowledge and expertise to deliver flexible solutions that can be tailored to clients’ needs, all in one relationship.

  • tick-circle
    Flexible Financing

    Shift your IT expenditure to a consumption model - from capex to opex with our flexible finance offering.

Microsoft Intune

Intune is a cloud-based service in the enterprise mobility management (EMM) space, aimed at enabling mobile device and PC management in the areas of configuration, security and compliance.

Management of IT systems begins with user identity and Intune allows institutions to use Microsoft Azure Active Directory as the basis for an identity and access management system. This removes the traditional limitations of controlling data access to individual devices and allows users to access their information and applications no matter what device they are using.

Talk to an expert
  • tick-circle
    Single Sign On (SSO)
  • tick-circle
    Multi Factor Authentication (MFA)
  • tick-circle
    Conditional Application Access (if it contains corporate data)
  • tick-circle
    Isolation of corporate data from personal data
  • tick-circle
    Ability to wipe corporate data from a mobile application
  • tick-circle
    Rights management support
Microsoft-Zero-Touch-Deployment
Microsoft-Autopilot

Windows Autopilot

Autopilot enables you to provision new Windows devices so that they are ready for use as soon as they are out of the box and connected to a network – this is known as User-driven Provisioning. End users can be up and running with a standard set of common applications from the moment they turn on their new Windows device.

It’s as simple as placing an order with CompNow and explaining your specific configurations. Then once the end user unpacks their new device and connects it to the internet, the self service installation is triggered and the Autopilot profile assigned to the device is downloaded along with your specified applications and required configuration, making the device ready for use. No hold ups or over heads and additional security.

Talk to an expert

CHECK YOUR NETWORK READINESS

Bandwidth

    • Check bandwidth for readiness regarding on-day deployment
    • Deployment optimization is available (multicast)
    • On Surface, Office image is included, saving significant download
    • WhiteGlove pre-positioning (with tools targeted at device and not user)

Firewall readiness

    • Ensure Domain Name Services (DNS) name resolution for internet DNS
      names
    • Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)

Windows Activation

    • Must be able to reach activation server
    • Run SLUI command to check connectivity

AAD connectivity

    • Check access to AAD servers

Intune Enrolment

    • Check bandwidth and network requirements here
    • Check out other required domains and IP here

Network time protocol access

    • Ensure that UDP port 123 to time.windows.com is accessible

Network Connection Status indicator

    • www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP

Check Microsoft Store/Store for business access

Check Certificate revocation lists

    • See Office 365 URLs and IP address ranges and Office 365 Certificate Chains.

TPM enablement

    • For each firmware TPM provider, make sure that the appropriate URL is
      accessible so that certificates can be successfully requested.

CHECK YOUR LICENSE READINESS

OS

  • Must be Windows Professional 1809 or higher on candidate device
  • On Surface, all commercial devices automatically qualify and have a
    signature image – no imaging (for example, StF) required again

M365

  • Microsoft 365 Business Premium subscription
  • Microsoft 365 F1 or F3 subscription
  • Microsoft 365 Academic A1, A3, or A5 subscription
  • Microsoft 365 Enterprise E3 or E5 subscription, which include all Windows 10
  • Microsoft 365, and EM+S features (Azure AD and Intune).

Security & Azure

  • Enterprise Mobility + Security E3 or E5 subscription, which include all needed
    Azure AD and Intune features.
  • Intune for Education subscription, which include all needed Azure AD and
    Intune features.
  • Azure Active Directory Premium P1 or P2 and Microsoft Intune subscription
    (or an alternative MDM service)

CHECK YOUR IDENTITY READINESS

Identity (People)

  • User identities stored in Azure AD (Primary), or
  • Azure AD Sync established for Hybrid

Identity (Device)

  • Device identifiers available for upload
    • 4K Hardware hash (customer & partner)
    • Tuple (Partner)
    • PKID (Partner)
  • On Surface, PKID is printed on the outside of the shipping box and 4K HH
    available via reseller

CHECK YOUR ENROLMENT READINESS

Hardware profiles setup

  • Device-focused software, scripts via Intune
  • Software download via company portal / Store for business
  • Policies
  • Other setup

User profiles setup and assigned

  • Create user profile contents
    • Scope tags
    • Policies
    • User account types
    • Install software from Store for business or
      Endpoint manager

Enrolment

  • Autopilot assignment
  • For Surface DFCI enrolment* to take advantage
    of deeper firmware integration for management
    and assigning of certificate-based firmware
    protection

CHECK YOUR TENANT READINESS

Tenant considerations

  • Single versus multi tenant
  • Licensing setup

Span of control

  • Is it granular enough
  • Do scope tags limit control enough

Admin setup

  • Global admin vs User admins

OPTIMISE YOUR MANAGEMENT

Uptime and maintenance

  • AV management and uptime
  • On Surface, enable seamless firmware updates via WuFB
  • On Surface, enable DFCI integration of firmware settings into Intune*

Other security

  • Apply policies
  • Enable TPM, BitLocker and Windows Hello
  • Enable Microsoft software features (A5, Defender)
  • On Surface, all Windows security is on by default

OPTIMISE YOUR WARRANTY, UPTIME AND END OF LIFE

Swap preparation

  • For some swap out devices, some image preparation may be required
  • On Surface, Signature image means no additional preparation required
  • For Hot swap program, develop a process for deployment of swap devices and replenishment

Implement repair process

  • When repairing some components of a device (storage, MAC, UUID), the 4K Hash changes
  • For a repaired device, IT needs a process to de-register the serial number, re-harvest the new hash and redeploy
  • On Surface, Identity changes with the Surface swap warranty, no further action required

End of life (decommission from organisation)

  • On Surface, because the base OS has been activated properly, an autopilot reset/device recovery will enable easy fall-back to the original license
  • On other imaged devices, you may need to retrieve license key – depending on deployment process