Misc
Bitlocker recovery key
Bitlocker recovery keys are available through the User Management Portal - Administration -> Intune Device Groups
- Select a group containing the device you need the Bitlocker Recovery Key for.
- Find the device in the device list.
- Click the ‘key’ symbol under the Recovery Key
- Make a note of the Bitlocker Recovery Key in the pop-up or press the Copy button to copy it to the clipboard.
All Bitlocker Recovery Keys associated with a device will be listed in the pop-up. You can identify the correct key using the Bitlocker Key Id on the device.
Local Admin Password Solution
Local Admin Password Solution (LAPS) is available on Hwb managed devices, and has already been enabled in Intune.
To be used, you will need to create a LAPS policy and deploy it to your Windows devices.
Windows LAPS policy with Microsoft Intune | Microsoft Learn
The look-up for LAPS managed passwords is available through the User Management Portal – Administration -> Intune Device Groups. The Intune portal cannot be used.
- Select a group containing the device you need the LAPS password for.
- Find the device in the device list.
- Click the ‘key’ symbol under the Recovery Key
- Make a note of the LAPS password in the pop-up, or press the Copy button to copy it to the clipboard.
Windows licensing
Where possible, Windows devices should be activated using the license they came with. If this is Windows 10/11 Pro or Windows 10/11 Pro Education, the version will be uplifted to Windows 10/11 Enterprise and Windows 10/11 Education respectively when a licensed user logs on.
Older devices, such as ones updated to Windows 10 from earlier version, can be activated via the Hwb KMS. Windows 10/11 LTSB/LTSC are not supported.
Printing
Intune does not natively provide a print management solution.
For simple printing, it is possible to deploy a PowerShell script to map a printer for the device or user using anonymous or unauthenticated access. Printer servers running a Server OS are not supported in Intune, and hence there will be no authentication method available.
Third party printer management solutions can be used with Intune provided they support Azure AD integration and are approved for use.
Currently the following third-party management solutions are approved:
- Canon Uniflow
- Papercut Hive
- Papercut MF
If you require any other solution, you can request this with the Hwb Service Desk.
Hwb will only facilitate user provisioning and authentication to third-party print management solutions. These must be procured and maintained by the local authority, as instances for individual schools will not be supported.
Internet filtering with Websafe
The existing Websafe service can be leveraged on managed devices to provide user-specific filtering using Smoothwall’s Cloud Filter. This involves adding Hwb’s Azure AD as a directory on the Smoothwall server and mapping the user groups to filter groups.
This is only supported with the Edge and Chrome browsers on Windows devices, as well as the Smoothwall Browser on iPads. As such, it is important to prevent users from installing and using any unsupported browser.
For more information on using Websafe with Hwb managed devices, please contact your Websafe support representative.
Hwb web filter groups
By default, web filter groups are created and maintained for all school staff and learner year groups. These are made available in Smoothwall when Hwb is added as a directory and can be mapped against web filter policies to provide different levels of filtering.
Hwb also provide a ‘blocked’ group, managed through the User Management Portal, which can be used to block Internet access for users added to it with an appropriately mapped filter policy in Smoothwall.
Additional groups can be created and managed using the User Management Portal – Local authority dashboard -> Administration -> Web Filter Groups.