I seem to be hearing ‘modern management’ more and more, so I wanted to cut through the rhetoric with a simple explanation of what it is, and its role in deploying and managing Windows 10 devices – and to help you decide if it’s worth further investigation for your organisation.
'Modern management’ is the term Microsoft has chosen to describe its suggested approach to managing Windows 10 devices and users.
There’s something mildly offensive about the implication that your current approach to device management isn’t ‘modern’ so please try and forgive that, because both the vision and the execution are actually quite good.
The vision is to make it easier to manage Windows 10 devices, throughout their lifecycle and with a smaller infrastructure footprint. So, less time spent on management and less time spent managing management tools.
How’s this achieved?
Partly by making greater use of existing tools, such as your mobile device management (MDM) solution, partly by making some existing tools redundant, and partly by moving to a more automated, cloud-based approach.
The move to being more automated and cloud-based reflects what’s already happening. In moving to Windows 10 you’ve already bought in to Windows as a service. This automatically updates the operating system, via twice yearly feature updates and smaller, monthly quality updates. If, as is increasingly the norm, you’ve also adopted Office 365, you’ll similarly be benefiting from automatic updates, as well as simplified admin and management, delivered ‘from the cloud’.
So, ‘modern management’ extends this approach to your Windows devices. At the core of this lies Azure Active Directory (Azure AD), Windows Autopilot and an MDM solution, such as Microsoft Intune.
Azure AD is Microsoft’s cloud-based identity and access management service – it helps users sign-in and access applications. If you’re already using Office 365 or Microsoft Azure, you’ll already be using Azure AD. If you’re using on-premise Active Directory, implementation of Azure AD Connect will enable synchronisation with Azure AD.
Windows Autopilot is a cloud service from Microsoft that enables zero-touch deployment of new Windows 10 devices. It can be used to set-up and pre-configure new PCs, as well as to reset, repurpose and recover devices. Instead of maintaining custom images and re-imaging new devices, Autopilot applies your settings and polices to the OEM-optimised version of Windows 10 that’s pre-installed. It can even change the edition of Windows 10 in use – for example, from Pro to Enterprise.
You could therefore have a new device sent directly to the user and, once they’ve connected it to a network and verified their credentials, everything else you’d want doing to that device would happen automatically. This can also include automatic enrolment onto your MDM solution, so it can push apps out to the device.
Which brings us to MDM. You’re probably already managing a variety of iOS, Android and Windows mobiles via an MDM solution, and using Group Policy or Configuration Manager to manage Windows PCs. But now you can use the MDM approach to manage your Windows 10 PCs as well, with Airwatch, Lightspeed, MobileIron or Microsoft Intune.
While there were questions over Intune a few years ago, it has come on in leaps and bounds, and is now suitable for large enterprises. If you’re using Azure AD, you’ve probably already got Intune licenced as part of the Enterprise Mobility + Security (EMS) suite, which offers potential cost savings on your current MDM solution.
As well as removing the need for Group Policy and Configuration Manager, MDM combined with Azure AD also means that you can now manage devices when they’re not connected to the corporate network.
That put simply is ‘modern management’ – there doesn’t seem to be a formal definition of it and I’ve also seen one commentator include Azure Information Protection within it. This, along with Intune and Azure AD, forms the EMS suite and allows you to automatically tighten security on documents and emails through a set of pre-defined rules and conditions.
Hopefully, this tells you enough to know whether ‘modern management’ is worthy of further investigation.
If you’d like to look further at modern management why not speak to one of our subject matter experts (speak to your account manager or contact us) or take a look at our Windows Autopilot and Microsoft Intune Accelerator.