This article is contributed. See the original author and article here.
In 2020, the influx of remote workers and the need to secure access for work from home scenarios was a challenge for traditional endpoint management solutions. The traditional solutions we are familiar with just did not meet the demands we were placing on them.
In a previous blog post for 24x7ITConnection I wrote about one of our latest The Current Status episode when we had special guest Simon May, Principle Program Manager, to discuss all things modern management with us. Modern management is the solution that meets the demands of 2020 and beyond.
What is modern management 2020?
The last time I worked with in Intune was setting up a POC to manage mobile devices and applying MAM policies. Boy has it changed… Now fast forward to 2020, Microsoft Endpoint Manager is the modern way to manage our endpoints. It combines services and tools to manage and monitor mobile devices, desktops, laptops, virtual machines, embedded devices, and servers. Examples of endpoints could be specialized devices including retail point of sale devices, ruggedized devices, digital interactive whiteboards, conference room devices, and holographic wearable computers.
So let’s break down what is all included with Microsoft Endpoint Manager (MEM) and understand how you could use each of these components
- Microsoft Intune – Intune is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices. It integrates with other services, including Azure Active Directory (AD), mobile threat defenders, ADMX templates, Win32, and custom LOB apps, and more.
- Configuration Manager- If you are familiar with prior versions of SCCM, starting in version 1910, Configuration Manager became part of Microsoft Endpoint Manager. With real time action on your managed devices Configuration manager can provide deployment of OS and software, apply updates, and compliance settings management on your endpoints whether they are in the cloud or on-premises.
- Co-management – Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services.
- Desktop Analytics – This is a cloud-based service that integrates with Configuration Manager to give you insight and intelligence on your managed endpoints.
- Windows Autopilot – If you are constantly provisioning new devices this is where Autopilot would help you. Windows Autopilot sets up and pre-configures new devices, getting them ready for use. It’s designed to simplify the lifecycle of Windows devices, for both IT Pros and end users.
- Azure Active Directory (AD) – Azure AD is used by Endpoint Manager for the identity of devices, users, groups, and to perform multi-factor authentication (MFA). Azure AD Premium, which may be an added cost, has additional features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and Conditional Access.
- Endpoint Manager admin center – The admin center is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, Conditional Access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).
Wow! that is a bunch of stuff right to keep up with. With so much to learn and know I’m so glad we had Simon to catch us up on it. You can watch the replay of our show on The Current Status YouTube channel. We learned so much from Simon that episode. In addition to breaking down all the new features I listed above he also mentioned the evolution of the product and it’s growth through the years. Such as there are people on the product team that have been working on the product since SMS 2003!
What’s new? Microsoft Tunnel
One of the coolest tidbits of information he told us about was the rapid acceleration of the newest offering called Microsoft Tunnel. With the Pandemic and the influx demand of work from home users there was an immediate need for a secure access to resources. Microsoft Tunnel is a VPN gateway solution for Microsoft Intune that can support up to 64,000 connections. The tunnel allows access to on-premises resources from iOS/iPadOS and Android Enterprise devices using modern authentication and Conditional Access. Microsoft Tunnel is currently in public preview.
Microsoft Tunnel Gateway works by installing to a Docker container that runs on Linux, which can be a virtual or physical server, in the cloud or on-premises. The service can scale according to the needs of your organization. In a future blog post we will go in depth on Microsoft Tunnel, reviewing setup, installation, and configuration requirements. Stay Tuned!
Take it for a test drive…
It is great to see that we have a TON of documentation on Microsoft docs but if you’re really curious to know how it works hands on then you’re in luck, We recently published new modules just focused on Microsoft Endpoint Manager which can be found on Microsoft Learn. I was curious myself and took the Microsoft Endpoint Manager fundamentals learning path which includes:
Introduction to Microsoft Endpoint Manager – This module was an overview of all the services that are included in Microsoft Endpoint manager. It takes about 25 minutes to complete and is the perfect primer for all the other learning modules and gives you the fundamentals of what Microsoft Endpoint Manager is.
Protect your endpoint environment with Microsoft Endpoint Manager – This module focuses on protecting your resources, such as devices, apps, data, whether in the cloud or on-premises. You will learn about protecting devices through device configuration polices but also protecting applications as well using Mobile Application Management.
To get a deeper knowledge and understand the differences between mobile device management (MDM)and App protection management (MAM) you can take the following modules:
Understand app management using Microsoft Endpoint Manager – This module will explain how your organization’s apps can be configured and protected. You’ll also learn more about the data protection framework using app protection policies.
Understand device management using Microsoft Endpoint Manager– This module will focus on the devices and how they can provision and the different enrollment methods.
Once you are done with those modules there is only 3 modules left and the whole learning path is completed. The last 3 modules include:
Understand Conditional Access policies using Microsoft Endpoint Manager– This module reviews with you how to manage devices, apps, and policies based on groups. You will understand the common ways to use Conditional Access, giving users access to resources based on specific polices.
Analyze and resolve compliance issues using Microsoft Endpoint Manager – This module covers such things as tenant status, health dashboards, troubleshooting portals, reports which helps you analyze, troubleshoot, and resolve compliance issues.
Benefits of Microsoft Endpoint Manager – This module does not really go over anything technical but it’s more of the reassurance of what all it can do. You are going to learn all the benefits of the products and your return on investment. It’s a required module to take if you want to finish the whole learning path and get your MSLearn points but if you’re looking for deep technical content this isn’t the module for you.
Overall, the Microsoft Endpoint Manager fundamentals learning path is great one to take to get caught up or learn more about. It takes about 2.5 – 3 hours complete either all at once or broken up into multiple days.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.