Tag Archives: Intune

Microsoft Is Launching A New Intune Suite

Posted on by
1

Endpoint management is critical to the way that organizations can utilize and safeguard their resources. By using endpoint management solutions, IT teams can identify, monitor, and control the level of access that end users have to corporate resources. And it’s what inspired Microsoft’s new Intune Suite.

Endpoint management solutions enable IT professionals to improve the security of corporate data and significantly reduce the risk of security breaches. The importance cannot be overstated especially now when some research suggests that as a direct result of the pandemic there has been a 600% rise in cybercrime.

This is why Microsoft is looking to make changes to its array of endpoint management solutions to better cater to the needs of all organizations.

Recent developments

Microsoft has been working on improvements for endpoint management to strengthen corporate data security and increase efficiency. To that end, the company has just announced that a new suite of advanced endpoint management solutions will be launched in March 2023 together in one, cost-effective plan. This new plan has several benefits that will be offered to clients.

IT is going to be equipped with products that will improve endpoint management and also offer increased security to your hybrid workforce. This is ultimately going to deliver a better overall experience across your organization as well as increased operational efficiency. This new development is something that Microsoft had already talked about earlier this year.

The journey towards a bundled suite of advanced endpoint management solutions began with the rolling out of Remote Help for Windows. By using this service, the process of getting assistance for users on Windows devices is made easier.

Because of the integration with Microsoft Endpoint Manager, remote assistance can be rendered to managed devices. It also integrates with Azure AD ensuring that authentication and compliance information can be provided.

According to the announcement by Microsoft, in addition to Remote Help, this new bundled plan which will be introduced in March 2023 will also bring together Microsoft Tunnel for Mobile App Management, Endpoint Privilege Management, advanced endpoint analytics capabilities, and more advanced management capabilities in Microsoft Intune.         

Changes are coming

There was plenty to talk about at the Microsoft Ignite 2022 but one of the key areas would have been undoubtedly to do with Microsoft Endpoint Manager. As you would have noticed by now we are talking about a new Intune suite.

And that is because Microsoft announced that going forward the Microsoft Endpoint Manager brand will be replaced by Microsoft Intune. This change is not one for the future but something that has already been implemented. If you head over to the Microsoft Endpoint Manager landing page, you’ll notice that the name Microsoft Intune has already taken over.

It would appear that as far as endpoint management development is concerned, Microsoft is looking to place greater focus on cloud services. However, it’s worth noting that Intune, Configuration Manager, and the Co-management capability will still be retained. But, Microsoft Intune will be taking over as the main platform with regard to future development. Microsoft said in its announcement:

“Today, we’re announcing that Microsoft Intune will be the name of the growing product family for all things endpoint management at Microsoft…. The name Microsoft Endpoint Manager will no longer be used. Going forward, we’ll refer to cloud management as Microsoft Intune and on-premises management as Microsoft Configuration Manager.”    

Embracing the cloud

Although cloud-based services come with plenty of well-known benefits, it’s not everyone who has adopted the cloud approach. This is why Configuration Manager is still available to allow organizations to operate the way they want.

However, Microsoft continues to try and encourage migration to the cloud. And the cloud attach capability is one that is being talked about as something that could help facilitate the transition to the cloud. Most are already familiar with co-management and tenant attach so what exactly is cloud attach?

Cloud attach is a capability that allows for the enabling of both co-management and tenant attach. If your organization uses Configuration Manager, this gives you a way to have even more flexibility in managing endpoints without having to choose between security, compliance, and supporting new work realities.

Explaining the vision   

Inevitably, a lot of people will be rightly wondering why Microsoft is moving in this direction. Why the need for a suite of advanced solutions for endpoint management? Well, the answer is pretty simple.

When it comes to endpoint management, Microsoft is the biggest player in the game and so there is a need to continuously improve the services on offer. The countless millions of managed devices that Microsoft is responsible for require solutions that adapt to the changing environment.

As mentioned above, cybercrime has shot up at alarming levels in recent years. So endpoint management solutions need to strive to stay ahead of the threats. Microsoft received a lot of feedback from CTOs in recent years explaining how the needs of hybrid work are changing. This is leading organizations to combine security solutions from different providers to meet the security needs of their operations. As one would expect, this complicates life for IT staff and potentially adds massive costs to your overall expenditure.

This obviously will not go over well with management. And corporate security may end up suffering if the organization fails to meet the skyrocketing costs of the necessary solutions. IT departments feel pressure to cut corners and put in place temporary measures just to try and keep operations running.

Most would probably agree that this is not an ideal scenario and is a very tedious way of operating. So the announcement by Microsoft to introduce a bundled suite of advanced endpoint management solutions comes as welcome news. Clients can get a more comprehensive solution that can do what they currently need multiple products to do.

Enhancing endpoint management

The new Intune Suite intends to allow organizations to bring together in one place all the tools needed for securing their corporate data as well as managing their endpoints. In addition, this combined service will eliminate the risks of local admin users and give clients access to remote assistance. Not to mention that IT will be thrilled to see an improvement in the health and performance of Windows endpoints. The capabilities that we’ll discuss below will potentially change your IT environment for the better.

Remote Help for Windows and Android       

As I mentioned earlier, the initial version of Remote Help for Windows launched in April of this year. So what we can expect with the March 2023 release is an addition of enhancements to the Windows experience as part of the advanced management suite. The capabilities you get include ServiceNow integration that helps to provide service management incident information to Intune so that users’ technology issues can get a swift resolution.

Clients will also benefit from an improved messaging platform. It intends to simplify the process of viewing the reasons for device noncompliance, as well as how the IT Helpdesk staff hears the audio from the users who require remote assistance. Furthermore, there is enhanced elevation that will provide for quicker resolution. It’s especially helpful with issues that require alternate admin credentials because of the interaction with the User Account Control prompt.

Microsoft will also be looking to introduce support for Android. The addition of this capability will enable admins to serve their Frontline workers remotely with greater ease. This will offer a massive advantage to Android users because they can have any issues resolved a lot quicker. Admins can contact these users (who can also contact admins themselves), remotely diagnose the issue, and collaborate with the user to find a solution to the problem. This allows the user to quickly get back to work.

Endpoint Privilege Management

This is something that beginning in early 2023 Microsoft will be offering in public preview to clients with Microsoft Intune subscriptions. What this service will do is help you to automate and manage when workers have permission to use admin privilege for specific tasks on both Windows cloud-connected and co-managed endpoints.

According to Microsoft, by using Endpoint Privilege Management you’ll be able to give your users standard account privileges without making them local admins. With the use of these standard account privileges, users can be dynamically elevated to admin privilege for specific admin-approved tasks, based on the specific policies of your organization.

The advantage here is twofold. On one end, the organization will have a significant improvement in its security posture. And on the other end, users can become more productive. The objective is to ensure that IT admins have all the necessary tools to furnish employees of the organization with the capability to self-serve should the need arise.

To maintain a high level of security, this needs to follow Zero Trust principles hence the need for least privileged access. Furthermore, Endpoint Privilege Management will allow your organization to define the rules and parameters in Intune. Additionally, it will allow for configuration of a standard user’s permissions to be automatically elevated, be self-managed, or set to require authorization.

This is something that is going to impact operational efficiency massively by enabling users to perform tasks securely. These tasks include actions like adding approved apps, printers, or other peripheral devices. And all of this without the assistance of the IT helpdesk. Intune Endpoint Privilege Management will become generally available as part of the suite of advanced endpoint management solutions. It’s also available as an individual add-on to your Intune Suite subscription.

Microsoft Tunnel for Mobile Application Management

Microsoft Tunnel for Mobile Application Management (MAM) is a great service that is designed to bring convenience to end-users. In an era when employees are often carrying multiple devices to separate the personal from the professional, this feature will allow employees to use just a single device.

The beauty of the service is that there is no enrollment necessary. Corporate data will remain secure without end-users having to hand over control of their personal devices to IT. I’m sure many will like this the most about Microsoft Tunnel. So for organizations, this is going to address several issues.

You can now comfortably implement BYOD policies without worrying about the security of corporate data or user privacy. Switching to a BYOD program is also financially advantageous for organizations, as they no longer need to constantly invest in corporate-owned devices.

In addition, unenrolled iOS and Android devices get secure access to on-prem apps and resources using modern authentication, Single Sign On, and conditional access. This is because of how Microsoft Tunnel for MAM extends the VPN gateway to these devices. So this will enable the users of these unmanaged devices to also get secure access to corporate resources.

Because no device enrollment is needed the currently available capabilities of Microsoft Tunnel will be expanded. A good example of this is how Android apps won’t need integrating with any SDKs. Other than the MAM SDK, which is used to auto-start VPN for apps, applies if desired or to retrieve trusted root certs.

Advanced Endpoint Analytics

Endpoint Analytics aims to enable IT in optimizing the user experience and improve productivity. Endpoint Analytics provides insights that can help IT admins be proactive in their tasks, as well. This feature offers both IT staff and end-users a system that obtains detailed and granular data on the organization’s endpoints. Additionally, it improves insights into how the business is performing.

IT can leverage this data to provide proactive assistance to end-users. And it establishes a greater degree of working efficiency. This new suite that Microsoft is bringing to its clients will include several advanced endpoint analytics features. These seek to better equip IT to have a better analytical overview and understanding of how the end-user experience is going. And with these capabilities, the end-user experience can be optimized regardless of where the employee may be working from.

How it’s going to help

The introduction of improved drill-down capabilities is also going to help admins better cater to the needs of devices under their management. By using these capabilities, it becomes easier for IT to assess any areas that require improvement. And it will assist to prioritize targeted actions for specific people in your organization.

The insights that one can get are also invaluable for comparison purposes. For instance, some employees prefer working remotely. Organizations can take advantage of the detailed information they have to compare the experiences of workers in different working environments.

Microsoft has also talked about a new anomaly detection capability that will combine real-time visibility, AI, and machine learning. This capability intends to simplify the life of IT admins by eliminating the need to consistently monitor custom dashboards. It also eliminates complicated alert systems to assess the performance of endpoints in your care.

What anomaly detection will offer them, instead, is a system that delivers an early warning mechanism. This allows for proactive learning about user-impacting issues rather than relying on various other channels such as support for these reports. Anomaly detection helps to streamline the process and minimize any loss of productivity.

Additional benefits

This platform will enable the automatic identification of issues, including unexpected machine reboots, app crashes, and hardware and peripheral failures. It helps IT admins better analyze the issues at hand. And the anomalies are categorized based on severity and come with any relevant information. Once the information is available, IT can carry out a thorough analysis of the anomalies and implement the necessary measures.  

The new enhancements that Microsoft is introducing are going to make the organizations operate a lot more efficiently. By leveraging automations and proactive remediations, potential issues can be resolved before end-users are even aware that there’s an issue.

IT and support staff can look forward to plenty of new features in the new advanced endpoint management suite. They will now be able to run customized remediation scripts on individual devices on-demand and in real-time. This is something that happens within their troubleshooting sessions. Additionally, it offers instant fixes or change the device configuration to ensure devices are always performing optimally.       

Wrap Up

Going forward more and more organizations are embracing the hybrid workforce model as potentially the way to go. It’s not surprising as several surveys show that plenty of employees want to have the option of working remotely.

So if organizations are going to adopt this model, as well as put in place BYOD policies, it’s essential to have endpoint management solutions that make this a viable option. And this is just what Microsoft is aiming to do with the new advanced endpoint management solutions suite. This should give IT admins everything they need for effective endpoint management in one place.

No longer will you need to stitch together products from multiple vendors that will cost you dearly. If this new suite of products delivers as promised, then organizations will have an invaluable tool to add to their arsenal.

Why Cloud Management Gateway Is So Important Now

Posted on by
Reply

With the prevailing global situation requiring more and more people to work from home, businesses need to ensure that productivity does not suffer. And to do that, you need to effectively manage remote devices. Hence the need for technology such as the Cloud Management Gateway (CMG).

By utilizing the CMG, your business has an alternative to IBCM that most would consider a significant upgrade. This creates a favorable environment that allows your organization to eliminate the obstacles of having a remote workforce. Needless to say but the CMG can play a massive role in your organization and its importance is certainly worth discussing.

Requirements

Before you can use the Cloud Management Gateway you need to meet the following requirements:

  • An Azure subscription to host the CMG,
  • You need a Full administrator or Infrastructure administrator user account in Configuration Manager,
  • During the initial creation of certain components, the participation of an Azure admin is needed,
  • You need at least one on-premises Windows server to host the CMG connection point,
  • A server authentication certificate for the CMG,
  • There needs to be an integration of the site with Azure AD to deploy the service with Azure Resource Manager,
  • Depending on your client OS version and authentication model, other certificates may be required,
  • Clients are required to use IPv4.

When is it useful?

There are several scenarios where the CMG could come in handy and they include the following:

  • For management of traditional Windows 10 clients using modern identity which can either be hybrid or pure cloud domain-joined with Azure AD.
  • For management of traditional Windows clients with Active Directory domain-joined identity. The clients included are Windows 8.1 and Windows 10.
  • For installation of the Configuration Manager client on Windows 10 devices over the internet.
  • For new device provisioning with co-management.

Benefits to your business

CMG enables your Enterprise admins to perform several actions. Among the things they can do, they can manage the following over the internet:

  • Push software updates and enable endpoint protection,
  • Inventory and client status,
  • Compliance settings,
  • Software distribution,
  • Windows 10 in-place upgrades,
  • Manage branch office devices over less expensive internet instead of across expensive WAN or VPN connections.

Eliminates complications

Although Internet-based client management (IBCM) has been around for years, a lot of users tend to find it complicated. CMG aims to be a simpler solution. It is an Azure-hosted service that manages internet-based clients through a new role called the cloud management gateway connector point.

By adding the CMG to your environment, you’ll get an intermediary cloud solution. And this can be your bridge to a full cloud management solution of your Windows 10 devices through Microsoft Intune.

Also, your organization doesn’t need to expose on-premises infrastructure to the internet and neither will you require additional infrastructure. So by using the CMG, you get rid of a lot of what users don’t like about IBCM.

Manage internet clients

Cloud Management Gateway helps you to easily and effectively manage clients that are on the internet. Often, there are going to be events in your environment that will require a swift response.

However, previously this was problematic for clients that would not be currently on-premises. By leveraging the CMG, you can manage clients all over the world as long as they have an internet connection.

Furthermore, it doesn’t require you to buy any additional IT infrastructure. So unlike IBCM that would need additional hardware that you need to maintain, for the CMG you just need to have Azure.

Strengthen your security

The moment you have systems that are not directly connected to your IT infrastructure, your data security is at an increased risk. This is particularly evident with remote work.

Although a lot of businesses have responded by using VPNs, you cannot adequately protect workstations through VPN channels. Hence the importance of the Cloud Management Gateway.

With it, you can better manage devices connected to the Internet and thus improve your corporate security posture. This is further enhanced by the fact that you can leverage Microsoft Azure services so that there is no need to expose your infrastructure to the internet.

Cost management

Whenever you use cloud services, you will incur costs associated with your usage. And the Cloud Management Gateway is no exception. Fortunately for clients, Microsoft intends to help you to keep those costs under control. You can do this through client settings, for instance, where you can determine which clients can access the CMG.

Another feature you can leverage is virtual machine configuration. The latter enables you to choose between 1 and 16 virtual machines per instance of Cloud Management Gateway. Also, if you want to, you can stop the CMG so that it’s no longer serving clients.

Therefore, to optimize user experience for all clients, the CMG helps to reduce the unavoidable costs that come with cloud services.

Constantly evolving

Another reason why the CMG is so important is how the technology is constantly evolving. There has been a lot of innovation taking place such as the ability to automatically do a client install through the CMG.

This is a great option to have because it eliminates the need for the client to be on the intranet. In addition, the platform is adaptable to your organization’s needs. So it can handle several scenarios such as:

  • Traditional PC management (Windows 7, 8.1, 10),
  • Modern PC management (Windows 10 with modern identity),
  • Internet client installs.

Wrap up

Every organization should be looking for ways to make the most of its IT investments. Thus from the information available, we can see that every environment that uses ConfigMgr can benefit from using the Cloud Management Gateway. And you can leverage the CMG for clients all across the globe. The convenience that this provides you cannot be overstated. As the world changes and technology evolves, we need platforms that can help organizations to become more efficient and enhance productivity.