One of the thing that come back often is: do I need admin rights or not ?!. While most of the people will think that this question can only be asked for a user context, it is not true and this apply to device context too.
Since Windows 10 embedded a lot of feature some consumer feature are available in the enterprise space like Xbox services and Homegroup, this article explain how do we block these with UEM.
Since Windows 10 1803, we can change the services start type using CSP. This available for any support MDM managed Windows Desktop, (Pro, Business, Enterprise, Education)
Note : Xbox Game Monitoring service is missing from the list but this service depends on Xbox Live Auth Manager and this one is going to be disabled so the service itself won’t be able to start even if the by default the start is on Manual.
When it comes to Azure AD integration within Workspace ONE UEM. The configuration is quite straight forward, however when we work on complex environment with a lot of different Active Directory, it can become complex as the source Anchor is going to change most of the time from objectGUID to mS-DS-ConsistencyGuid, which is also the best practice from Microsoft. If you are in this case, most likely the mS-DS-ConsistencyGuid won’t equal the objectGUID that why it is important to configure it properly.