Technology Components of Windows Platform as a Service

Owned by Terrence S Miller
Last updated: May 28, 2024 by Liz Reagan Jones
2 min read

This article describes the technology components that comprise Windows Platform as a Service.

Microsoft Endpoint Configuration Manager

Microsoft Endpoint Configuration Manager (MEMCM) formerly known as System Center Configuration Manager (SCCM) is the infrastructure used by ITS to manage Windows client devices. The MEMCM infrastructure is used to deploy operating systems, operating system upgrades, software updates, and applications. In addition, MEMCM supports rich functionality for hardware inventory and hardware and software reporting. The Otto web application provides an interface to MEMCM for Windows Platform as a Service customers to deploy applications and to configure operating system deployments.

Active Directory Group Policy

Active Directory Group Policy is used to to deploy configuration settings to Windows Platform as a Service devices. Group Policy Objects (GPO) linked to the PaaS/Computers/Win10 organizational unit (OU) are managed by ITS and cannot be modified by customers. Customers may create and link GPO’s to the customer unit’s OU. In additional some configurations provided via GPO by ITS can be enabled or disabled via Otto.

Microsoft Bitlocker Administration and Monitoring

Laptop computers are configured to utilize to Bitlocker for system drive encryption. In addition, Bitlocker drive encryption can also be enabled for desktop computers. The Bitlocker recovery key is escrowed to a system called Microsoft Bitlocker Administration and Monitoring (MBAM). In cases where the recovery key is needed, customer unit IT staff can retrieve the key via the MBAM web application.

Local Administrator Password Solution

Each Windows Platform as a Service device is configured with a unique local administrator password. These passwords are periodically changed and stored in Active Directory using Microsoft’s Local Administrator Password Solution (LAPS). Windows Platform as a Service customers can use LAPS tools to retrieve the local administrator password of a device when needed.

Cisco Management Tunnel

The Cisco Management Tunnel is an “always on” Virtual Private Network (VPN) technology that’s used on all Windows Platform as a Service laptop devices. Active Directory and ITS mainstream storage traffic are routed through the VPN tunnel. This allows customers to sign on from off-campus and access network storage locations without starting a VPN client. The Cisco Management Tunnel is configured automatically for laptop computers and it can be enabled for desktop computers.

CrowdStrike Falcon

CrowdStrike Falcon is an anti-malware deployed to all Windows Platform as a Service devices. Malware detections on Windows Platform as a Service devices are monitored by MiWorkspace and ITS Information Assurance staff.

Otto

Otto is a web-based configuration management application that is made available to Windows Platform as a Service IT staff. Customers can use Otto to configure operating system deployments, deploy applications, activate configuration settings, and view system inventory.