This article is contributed. See the original author and article here.
Investments in Azure and Microsoft 365 can streamline your transition to the cloud and make it easier to manage endpoints across your organization. Now let’s explore ways to develop and implement effective strategy to make that transition and help you create the “how” and “why” to leverage these solutions in your own environment.
Updating means staying ahead of adversaries and competition with technology innovations to drive security and business results through:
- Better managing the risk of change in a fast-moving technology world with deployment rings keeping Windows up to date with the latest quality updates, feature updates, and security features managed by solutions like expedited updates and Windows Update for Business.
- Optimizing and de-duplicating bandwidth without sacrificing control to quickly deploy critical changes to improve security and productivity using Delivery Optimization.
- Reshaping processes to avoid determinism, embrace statistics, and becoming quality driven via Update Compliance or Desktop Analytics.
- Redefining how your organization manages technology to invest in on-going servicing capabilities not products, and driving the use of processes and not projects.
Extending means driving real cloud value while still benefiting from your existing investments using Microsoft 365 to:
- Stop migrating user data and state, or losing user data trapped on an endpoint, and instead use the endpoints as a local cache for OneDrive, Known Folder Redirection with OneDrive, and State Roaming technologies. Even when using your personal managed devices to access data, OneDrive allows for changes to follow you to your primary Windows device.
- Increase management reach while reducing infrastructure architecture, deployment, and operations cost in with cloud-based and cloud-attached management tools such Microsoft Endpoint Manager, or Microsoft Endpoint Configuration Manager with Tenant Attach and the Cloud Management Gateway.
- Deploy trusted, signed apps and minimize complex infrastructure using Modern Software Distribution & Package Manager technologies such as MSIX and the Windows Package Manager (Winget.)
- Manage and monitor your application portfolio, software, and endpoint health in a perimeter-free world using modern insights such as Endpoint Analytics.
Standardization involves increasing security and manageability while reducing operational costs by sticking with well-known and proven solutions:
- Implementing a well-known and proven secure configuration using Security Baselines.
- Eliminating expensive image engineering to accelerate Autopilot adoption and endpoint deployment using Windows Autopilot enterprise-ready signature images.
- Simplifying endpoint deployment and eliminate depots and build rooms by automatically applying policy and apps with guided scenarios and solutions such as Cloud config.
- Reducing GPO complexity and instead, focusing on user outcomes using a centralized-based cloud policy solution like the Microsoft Endpoint Manager Settings Catalog.
To revitalize means building long-term user satisfaction by standardizing on reliable applications and a dependable, more focused operating system. This involves:
- Deploying a cloud config to users that only need one or two apps in addition to their productivity apps.
- Eliminating constant repackaging with vendor-provided packages and durable customization packages for a better application lifecycle management strategy.
- Separating applications from the operating system and from each other as a security or reliability boundary using App and Guard Containers such as Windows Defender Application Control (WDAC) and MSIX.
- Managing application catalogs like a portal, with tools such as Endpoint Manager’s Software Center & Company Portal to manage security and user experience while directly integrating with distribution platforms with application portfolio management.
- Quickly recovering from reliability or security issues by building capability to rapidly reset and recover with technologies such as device reset.
Securing endpoints from the cloud involves providing the right balance of security and convenience, reducing attack surfaces, and increasing monitorability by:
- Leveraging Microsoft Intelligent Security Graph to detect malicious activities using Endpoint Detection and Response.
- Increasing the effectiveness of security controls by removing local administrative rights and running as standard users.
- Validating and deploying key security controls to enhance protection and detection on endpoints using Advanced Security Features in Windows 10 to provide threat mitigations.
- Providing secure and compatible access to web apps new and old using Web Isolation with App Guard and managed compatibility with IE Mode for Edge.
Ironically, implementing a zero-trust approach simplifies user interactions in a world where identity is the new perimeter by using a single powerful Windows identity across apps and endpoints. We recommend:
- Eliminating password prompts and complex SSO solutions with Centralized Identity and Access Management via Azure Active Directory.
- Going password-less with solutions like Windows Hello for Business.
- Better protecting your sensitive information inside and outside the corporate firewall and suggest user behavior using intelligent Information Protection and data loss prevention software such as Endpoint DLP.
- Creating intelligence-driven access policies for critical apps and systems using signals from identity, endpoints, and more using Azure Active Directory Conditional Access.
- Managing printers through cloud services and empower follow-user printing with Universal Print and reduce on-premises print server dependencies.
As you can see, the “north star” for endpoint management transformation involves a holistic end-to-end solution set that simplifies operations, optimizes user experiences, and increases security using the best of suite culminating in a modern, cloud-managed Windows endpoint. Microsoft 365 provides this holistic solution across the entire framework. We hope these principles help you develop the proper framework for your organization.
Have feedback or a best practice to share? Drop a comment below!
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.