This topic shows how to add S mode to a supported Windows desktop edition. The following information only applies to Windows 10, version 1803 or later.
Overview
Beginning with Windows 10, version 1803, you can enable S mode on supported editions. This is a change from previous versions of Windows where Windows 10 S was its own edition with its own base media. To enable S mode, you'll create an unattend file, and then use DISM to apply the unattend file to a mounted Windows image.
To enable S mode in a Windows image, use an Unattend file that has a setting in Pass 2 - offlineServicing, and use DISM to apply it to our mounted Windows image.
Mount your Windows image.
Use Windows SIM to create or modify an unattend file.
Add the amd64_Microsoft_Windows_CodeIntegrity component to Pass 2 offline Servicing.
Set amd64_Microsoft_Windows_CodeIntegrity\SkuPolicyRequired to 1. The offline servicing pass in your unattend.xml file should look like this:
Only Pass 2 - offline Servicing is processed when an unattend file is applied with DISM.
S mode is now applied to the Windows image. When the PC boots, the Code Integrity policy will be enforced on your Windows installation. If you're going to boot the PC into Audit Mode, you'll have to enable manufacturing mode. Enable manufacturing mode describes how to do that.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.