- Making IT Work
- 0800 8047 256
- information@eacs.com
Optimised IT Support
May 6, 2020
Remote Refresh
May 6, 2020
Remote Device Management
Do you currently have a more dispersed work force than normal?
Have you got more devices to manage, control and keep secure, whilst at the same time ensuring that your infrastructure is kept up to date with patching but your office is closed?
Are current lock-down and social distancing measures having an impact on your ability to manage not only individual devices, but also your infrastructure?
eacs has the skills and experience to help you overcome these challenges Using technologies such as Autopilot, Intune and SCCM you will be able to easily manage all of your devices regardless of their location.
Let’s start off with getting our terminology nailed!
Autopilot: Officially Windows Autopilot
What is Autopilot? Windows Autopilot is simply part of Windows enrolment in Microsoft Intune. Autopilot lets you customise the Out-of-Box Experience (OOBE) to allow an end user to enrol their device simply by signing in for the first time.
Intune: Officially Microsoft Intune
What is In-tune? Microsoft Intune was initially called Windows Intune when it was first launched in 2011. Intune is Microsoft’s cloud-based client management platform. It is more than Mobile Device Management, as it is fully integrated with Azure Active Directory and Microsoft 365 to bring Mobile Application Management and Conditional Access to your end-user devices, whether corporate owned, or personal devices. With Intune, you manage your Microsoft 365 apps and data in the same portal that you manage Windows 10 PCs, as well as Apple and Android mobile devices.
SCCM: System Center Configuration Manager, or shortened to Config Manager. Now also called Endpoint Configuration Manager.
Config Manager is Microsoft’s on-premises, client management platform. This product is almost as old as Windows, having started life as Systems Management Server in 1994! The product we use today is much more closely related to the version released in 2012, which was called System Center Configuration Manager 2012.
So, how do you manage a remote client estate? Well, the answer to that question is easy: Intune!
What if you are not already using Intune?
This is a little more complicated. Both the simplest and the best solution is to implement Intune now. The devices will need to be enrolled in Intune, and this can be achieved even if the devices are not connected to the LAN. Autopilot will work for new devices, and Windows 10 Automatic Enrolment will enrol existing corporate devices and personal devices. But there are a number of requirements to get this to work. Firstly, you need Azure Active Directory Premium. Secondly, you need an Intune subscription for each of your end users. Both these requirements are covered by the Enterprise Mobility and Security Suite (EM+S) E3 subscription.
What if you are already using Config Manager?
It used to be a clunky, time consuming process to manage devices outside the office using Config Manager, as we used a feature known as Internet-based client management. But this has become much easier as more cloud enabled features have become available. The Cloud Management Gateway is a Config Manager cloud service in Azure and extends the management of clients to the internet. However, it is not possible to configure a traditional domain joined client to use a Cloud Management Gateway without connection to the LAN, as the client has no method of obtaining policy updates. But, with Azure AD joined clients, either hybrid or pure cloud client has no method of obtaining policy updates. But, with Azure AD joined clients, either hybrid or pure cloud domain-joined, it is possible to install the Config Manager client using Azure AD and the Cloud Management Gateway as long as the device can authenticate with Azure AD.
What is Co-management?
Co-management is exactly as it sounds, managing devices with both Config Manager and Intune. The concept of co-management is to migrate certain workloads into Intune with a view to transition to a modern, cloud managed client estate. What co-management is not for is the management of your devices when they are not in the office, unless that particular workload has been migrated to Intune. The management of devices both in the office and out of the office is taken care of by the Cloud Management Gateway, which can be used with or without co-management.
But what is Microsoft Endpoint Manager?
Microsoft Endpoint Manager is not actually a new product, but the combination of Microsoft Intune, Microsoft Endpoint Configuration Manager and a new portal called Microsoft Endpoint Manager Admin Center. The underlying technologies are the same, but the integration is now much deeper, with Config Manager having more cloud services. Overtime, the web portal, Microsoft Endpoint Manager Admin Center, will be developed to have more features, both in terms of management and control, and visibility through enhanced reporting and dashboards.
So to summarise—how exactly do you patch your end user devices, now that the workforce is working remotely? The short answer is still Intune!
If you would like to learn more about how Intune can help you transform how you manage and secure your remote workforce then contact eacs today and we will help you begin your Remote Device Management journey. Talk to one of our experts today by calling us on 0800 8047 256 or send an email to information@eacs.com.
