Endpoint management is critical to the way that organizations can utilize and safeguard their resources. By using endpoint management solutions, IT teams can identify, monitor, and control the level of access that end users have to corporate resources.
Doing so enables IT professionals to improve the security of corporate data and significantly reduce the risk of security breaches. The importance cannot be overstated especially now when some research suggests that as a direct result of the pandemic there has been a 600% rise in cybercrime.
This is why Microsoft is looking to make changes to its array of endpoint management solutions to better cater to the needs of all organizations.
Microsoft has been working on improvements for endpoint management to strengthen corporate data security and increase efficiency. To that end, the company has just announced that a new suite of advanced endpoint management solutions will be launched in March 2023 together in one, cost-effective plan. This new plan has several benefits that will be offered to clients.
IT is going to be equipped with products that will improve endpoint management and also offer increased security to your hybrid workforce. This is ultimately going to deliver a better overall experience across your organization as well as increased operational efficiency. This new development is something that Microsoft had already talked about earlier this year.
The journey towards a bundled suite of advanced endpoint management solutions began with the rolling out of Remote Help for Windows. By using this service, the process of getting assistance for users on Windows devices is made easier.
Because of the integration with Microsoft Endpoint Manager, remote assistance can be rendered to managed devices. It also integrates with Azure AD ensuring that authentication and compliance information can be provided.
According to the announcement by Microsoft, in addition to Remote Help, this new bundled plan which will be introduced in March 2023 will also bring together Microsoft Tunnel for Mobile App Management, Endpoint Privilege Management, advanced endpoint analytics capabilities, and more advanced management capabilities in Microsoft Intune.
Changes are coming
There was plenty to talk about at the Microsoft Ignite 2022 but one of the key areas would have been undoubtedly to do with Microsoft Endpoint Manager. As you would have noticed by now we are talking about a new Intune suite.
And that is because Microsoft announced that going forward the Microsoft Endpoint Manager brand will be replaced by Microsoft Intune. This change is not one for the future but something that has already been implemented. If you head over to the Microsoft Endpoint Manager landing page, you’ll notice that the name Microsoft Intune has already taken over.
It would appear that as far as endpoint management development is concerned, Microsoft is looking to place greater focus on cloud services. However, it’s worth noting that Intune, Configuration Manager, and the Co-management capability will still be retained. But, Microsoft Intune will be taking over as the main platform with regard to future development. Microsoft said in its announcement:
“Today, we’re announcing that Microsoft Intune will be the name of the growing product family for all things endpoint management at Microsoft…. The name Microsoft Endpoint Manager will no longer be used. Going forward, we’ll refer to cloud management as Microsoft Intune and on-premises management as Microsoft Configuration Manager.”
Embracing the cloud
Although cloud-based services come with plenty of well-known benefits, it’s not everyone who has adopted the cloud approach. This is why Configuration Manager is still available to allow organizations to operate the way they want.
However, Microsoft continues to try and encourage migration to the cloud. And the cloud attach capability is one that is being talked about as something that could help facilitate the transition to the cloud. Most are already familiar with co-management and tenant attach so what exactly is cloud attach?
Cloud attach is a capability that allows for the enabling of both co-management and tenant attach. If your organization uses Configuration Manager, this gives you a way to have even more flexibility in managing endpoints without having to choose between security, compliance, and supporting new work realities.
Explaining the vision
Inevitably, a lot of people will be rightly wondering why Microsoft is moving in this direction. Why the need for a suite of advanced solutions for endpoint management? Well, the answer is pretty simple.
When it comes to endpoint management, Microsoft is the biggest player in the game and so there is a need to continuously improve the services on offer. The countless millions of managed devices that Microsoft is responsible for require solutions that adapt to the changing environment.
As already mentioned above, cybercrime has shot up at alarming levels in recent years so endpoint management solutions need to strive to stay ahead of the threats. Microsoft has received a lot of feedback from CTOs in recent years explaining how the needs of hybrid work are changing and thus organizations are having to combine security solutions from different providers to meet the security needs of their operations. As one would expect, this complicates life for IT staff and potentially adds massive costs to your overall expenditure.
This obviously will not go down well with management and corporate security may end up suffering if the organization fails to meet the skyrocketing costs of the necessary solutions. IT departments may need to cut corners and put in place temporary measures just to try and keep operations running.
Most would probably agree that this is not an ideal scenario and is a very tedious way of operating. So the announcement by Microsoft to introduce a bundled suite of advanced endpoint management solutions comes as welcome news. Clients can get a more comprehensive solution that can do what they currently need multiple products to do.
Enhancing endpoint management
The new Intune suite has been designed to allow organizations to bring together in one place all the tools they need for securing their corporate data as well as managing their endpoints. In addition, this combined service will eliminate the risks of local admin users and give clients access to remote assistance. Not to mention that IT will be thrilled to see an improvement in the health and performance of Windows endpoints. The capabilities that we’ll discuss below will potentially change your IT environment for the better.
- Remote Help for Windows and Android
As I mentioned earlier, the initial version of Remote Help for Windows was launched in April of this year. So what we can expect with the March 2023 release is that it will add enhancements to the Windows experience as part of the advanced management suite. The capabilities you will get include things such as ServiceNow integration that helps to provide service management incident information to Intune so that users’ technology issues can get a swift resolution.
Clients will also benefit from an improved messaging platform that should simplify the process of viewing the reasons for device noncompliance as well as how the IT Helpdesk staff can hear the audio from the users who require remote assistance. Furthermore, there is going to be enhanced elevation that will provide for quicker resolution of issues that require alternate admin credentials because of the interaction with the User Account Control prompt.
Microsoft will also be looking to introduce support for Android. The addition of this capability will enable admins to serve their Frontline workers remotely with greater ease. This will offer a massive advantage to Android users because they can have any issues resolved a lot quicker. Admins can contact these users (who can also contact admins themselves), remotely diagnose the issue, and collaborate with the user to find a solution to the problem allowing the user to quickly get back to work.
- Endpoint Privilege Management
This is something that beginning in early 2023 Microsoft will be offering in public preview to clients with Microsoft Intune subscriptions. What this service will do is help you to automate and manage when workers have permission to use admin privilege for specific tasks on both Windows cloud-connected and co-managed endpoints.
According to Microsoft, by using Endpoint Privilege Management you’ll be able to give your users standard account privileges and no longer make them local admins. With the use of these standard account privileges, users can be dynamically elevated to admin privilege for specific admin-approved tasks, based on the specific policies of your organization.
The advantage here is twofold. On one end, the organization will have a significant improvement in its security posture, and on the other end, users can become more productive. The objective is to ensure that IT admins have all the necessary tools to furnish employees of the organization with the capability to self-serve if and when the need arises.
To maintain a high level of security, this needs to follow Zero Trust principles hence the need for least privileged access. Furthermore, Endpoint Privilege Management is going to allow your organization to define the rules and parameters in Intune to configure a standard user’s permissions to be automatically elevated, be self-managed, or set to require authorization.
This is something that is going to impact operational efficiency massively by enabling users to perform tasks securely. These tasks can include actions such as adding approved apps, printers, or other peripheral devices, and all of this without the assistance of the IT helpdesk. Intune Endpoint Privilege Management will become generally available as part of the suite of advanced endpoint management solutions as well as be available as an individual add-on to your Intune subscription.
- Microsoft Tunnel for Mobile Application Management
Microsoft Tunnel for Mobile Application Management (MAM) is a great service that is designed to bring convenience to end-users. In an era where employees are often carrying multiple devices to separate the personal from the professional, this feature will allow employees to use just a single device.
The beauty of the service is that there is no enrolment necessary but corporate data will remain secure without end-users having to hand over control of their personal devices to IT. I’m sure many will like this the most about Microsoft Tunnel. So for organizations, this is going to address several issues.
You can now comfortably implement BYOD policies without worrying about the security of corporate data or user privacy. Switching to a BYOD program would also be financially advantageous for organizations as they will no longer need to constantly invest in corporate-owned devices.
In addition, unenrolled iOS and Android devices can get secure access to on-prem apps and resources using modern authentication, Single Sign On, and conditional access. This is because of how Microsoft Tunnel for MAM extends the VPN gateway to these devices. So this will enable the users of these unmanaged devices to also get secure access to corporate resources.
Because no device enrollment is needed the currently available capabilities of Microsoft Tunnel will be expanded. A good example of this is how Android apps won’t need integrating with any SDKs other than the MAM SDK which is used to auto-start VPN for apps if desired or retrieve trusted root certs.
- Advanced Endpoint Analytics
Endpoint Analytics aims to enable IT to optimize the user experience and improve productivity by providing insights that can help IT admins be proactive in their tasks. This feature offers both IT staff and end-users a system that can obtain detailed and granular data on the organization’s endpoints and thus how the business is performing.
IT can leverage this data to provide proactive assistance to end-users and thus establish a greater degree of working efficiency. This new suite that Microsoft is bringing to its clients will include several advanced endpoint analytics features that are designed to better equip IT to have a better analytical overview and understanding of how the end-user experience is going. And with these capabilities, the end-user experience can be optimized regardless of where the employee may be working from.
The introduction of improved drill-down capabilities is also going to help admins better cater to the needs of devices under their management. By using these capabilities, it becomes easier for IT to assess any areas that require improvement as well as prioritize targeted actions for specific people in your organization.
The insights that one can get are also invaluable for comparison purposes. For instance, some employees prefer working remotely and so organizations can take advantage of the detailed information they have to compare the experiences of workers in different kinds of situations.
Microsoft has also talked about a new anomaly detection capability that will combine real-time visibility, AI, and machine learning. This capability is built to simplify the life of IT admins by eliminating the need to consistently monitor custom dashboards or complicated alert systems to assess the performance of endpoints in your care.
What anomaly detection will offer them, instead, is a system that delivers an early warning mechanism to proactively learn about user-impacting issues rather than relying on various other channels such as support for these reports. Anomaly detection helps to streamline the process and minimize any loss of productivity.
This platform will enable the automatic identification of issues such as unexpected machine reboots, app crashes, and hardware and peripheral failures. To help IT admins better analyze the issues at hand, the anomalies are categorized based on severity and come with any relevant information. Once the information is available, IT can carry out a thorough analysis of the anomalies and implement the necessary measures.
The new enhancements that Microsoft is introducing are going to make the organizations operate a lot more efficiently. By leveraging automations and proactive remediations, potential issues can be resolved before end-users are even aware that something is going on.
IT and support staff can look forward to plenty of new features in the new advanced endpoint management suite. They will now be able to run customized remediation scripts on individual devices on-demand and in real-time. This is something that will be done within their troubleshooting sessions and can thus offer instant fixes or change the device configuration to ensure devices are always performing optimally.
Going forward more and more organizations are embracing the hybrid workforce model as potentially the way to go. It’s not surprising as several surveys seem to show that plenty of employees want to have the option of working remotely.
So if organizations are going to adopt this model as well as put in place BYOD policies it’s essential to have endpoint management solutions that make this a viable option. And this is just what Microsoft is aiming to do with the new advanced endpoint management solutions suite. This should give IT admins everything they need for effective endpoint management in one place.
No longer will you need to stitch together products from multiple vendors that will cost you dearly. If this new suite of products delivers as promised then organizations will have an invaluable tool to add to their arsenal.