This year more than ever it’s important to be able to secure and remote manage your endpoints with security breaches of all kinds occurring in astronomically quantities. Microsoft Endpoint Manager for Modern Management of devices is a great option for enterprises. While I have experience with a previous version of this product when it was known as Microsoft Intune a few years back, my current experiences as a Microsoft Cloud Advocate have had me hard focused on Azure. However, with the pandemic and influx of remote workers, the need to manage and secure remote workers and their devices, got me intrigued on what this space was doing to keep up with the demand. In this post we will take a look at my past experiences, then discover some updates thoughts from my research and a recent The Current Status podcast done on this topic and wrap things up with some additional insights for consideration.
My early experiences
My first exposure to the Microsoft Endpoint Manager offering was in 2018 when it was previously called Microsoft Intune. At the time I ran a proof of concept for a large enterprise that I was working at during that time. The deployment involved using Microsoft Intune to manage mobile devices and applying MAM (Mobile Application Management) policies. Back then the product was about 95% acceptable to rollout in my environment. It still had lingering “issues” and missing features such as shared mailbox access in Outlook mobile and administrative control polices on unmanaged devices. Now fast forward to 2020 and all that has changed.
Today with Microsoft Endpoint Manager
Today, the product has evolved into a gold star product for managing all your enterprise devices. This really became obvious to me when I started to research the solution further and found lots of documentation which was getting to be confusing. Instead of digger through everything in our docs site the Current Status team thought it would be easier to just interview someone from the Microsoft product team, like Simon May. This way we could get a good overview of what has changed, what’s hot and then decide which MSIgnite sessions we want to watch for even deeper context. Insert Simon May, Principle Program Manager at Microsoft, to bring us up to date.
The Current Status Episode 63
The Current Status had our live streaming on October 1, 2020 with Simon May as our guest for 30 minutes to bring us up to speed. Without sharing all the details of the episode, which you can watch in replay here, Simon broke down all the new features as well as some use cases during this pandemic. He also mentioned something called Microsoft Tunnel, a VPN like solution that was accelerated during pandemic. Simon also talked briefly about the people behind the product. There are people working on this product that also shipped SMS 2003! What this means for customers and users is that the people behind the code know this product and have gone through the pains and all the transformations. They have heard the customers complaints, wishes, and wants. With this knowledge it has helped them to evolve the product, which is now managing over 200 million devices!
What’s included with Microsoft Endpoint Manager
So, what’s included in this solution that you need to know about? Here is the breakdown of the services included with Microsoft Endpoint Manager :
- Microsoft Intune: Intune is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices.
- Configuration Manager: Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender ATP, and other cloud services.
- Co-management: Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups.
- Desktop Analytics: Desktop Analytics is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients.
- Windows Autopilot: Windows Autopilot sets up and pre-configures new devices, getting them ready for use. It’s designed to simplify the lifecycle of Windows devices, for both IT and end users, from initial deployment through end of life.
- Azure Active Directory (AD): Azure AD is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure AD Premium, which may be an additional cost, has additional features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access.
- Endpoint Manager admin center: The admin center is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).
Also check out the image below which depicts the platform architecture.
Getting Started!
If you are just getting started with Modern Management check out the latest Microsoft Learn courses to help you get a jump start. These are all self-paced FREE learning courses for you to take advantage of.
Introduction to Microsoft Endpoint Manager
Microsoft Endpoint Manager fundamentals
Simplify device management with Microsoft Endpoint Manager
Manage devices by using Microsoft Intune
Understand device management using Microsoft Endpoint Manager