Blog | 6-minute read
Why it's time for identity-first unified device management
Tom Waller
Architect
Published: 09 May 2025
Fragmented device management developed out of necessity over time. But it’s probably holding your business back. Creating user frustrations, productivity blockers, and big security risks. Let’s embrace the future and unlock new potential.
Most organisations don’t choose to manage devices in a fragmented way.
It just sort of happens; often shaped by decisions that were right at the time. Steps to modernisation that have happened incrementally as a response to business changes rather than a clearly defined strategy.
Over time device management becomes a patchwork quilt of processes and tools. Legacy systems like SCCM remain in place for traditional desktop environments, while mobile devices are often handled through separate platforms. Cloud-native tools like Microsoft Intune are sometimes added in parallel, rather than integrated as part of a unified approach.
And while this typically grows out of necessity, it also presents challenges for security, efficiency, and user experience. Fragmentation leads to inconsistent policies, duplicate effort, and reduced visibility and control across the device estate.
Which in turn creates risk.
Cultures have changed, technology has matured, and expectations have increased. Which is why the time has come to challenge the fragmented, device-driven ways of the past. And to explore the opportunities presented by a modern, unified, and identity-first strategy.
Modernising endpoint strategies reduced costs by $600,000 while improved productivity saved $16 million across the organisation.
The cultural shift towards user-centric strategies
Let’s start with the obvious: smartphones, tablets, and high-performance laptops are no longer just personal gadgets. They’re a central part of how we live and work.
We all know this. But how often do organisations truly factor that shift into how they manage workplace devices?
Yet when they’re given high-quality devices they actually want to use, they tend to take better care of them. Reducing support needs, extending device lifecycles, and lowering the total cost of ownership (TCO).
But these benefits will only be able to scale if you unify the way you manage these devices. That’s the secret ingredient to normalising:
- Consistent digital experiences
- Fewer workarounds
- Reduced friction
User experience directly impacts productivity
Fragmented systems and clunky policies create delays, errors, and resistance to change. Self-service, a standard when we use our personal devices, further improves the experience and, by consequence, efficiency across teams. Do we really want IT acting upon every password reset or device enrolment, while the end users sit twiddling their thumbs until it’s done?
Work happens across phones, laptops, and browsers. If policies and tools don’t align, users lose momentum or revert to manual fixes. Unified endpoint management ensures continuity.
So work moves with users, not against them.
Why fragmented device management persists longer than it should
We know organisations have resisted moving to unified endpoint management (UEM), even when the benefits have been highlighted. And yes, the reasons at the time had some validity.
Cloud platforms were still maturing. Legacy systems were deeply embedded. And change brought perceived risk.
But things have changed, technology has evolved, and those historical blockers aren’t the showstoppers they might once have been. For example:
Legacy dependency on ConfigMgr (SCCM)
Intune now integrates with ConfigMgr in co-management scenarios, allowing gradual transitions without disruption. And with Microsoft offering tools for content migration and policy alignment, full cloud management is no longer a leap of faith.
Traditional app packaging and deployment
Intune supports complex app delivery needs, including Win32 apps, line-of-business deployments, and advanced packaging scenarios. You don’t have to leave critical apps behind to move forward.
Siloed teams and separate tooling
Microsoft’s unified platform connects the dots across identity, device, and threat management. Entra ID, Intune, and Defender work as one. Enabling cross-team visibility, shared policy enforcement, and simplified operations.
Compliance and audit concerns
Microsoft’s cloud-native tools are built with enterprise compliance in mind, supporting ISO, NIST, Cyber Essentials, and industry-specific requirements. With real-time insights and policy-based controls, visibility is actually improved.
Perceptions of Intune as ‘mobile-only’
That label no longer fits. Intune has matured into a full-scale endpoint management platform that’s trusted by enterprises to manage everything from BYOD smartphones to domain-joined Windows workstations and multiple operating systems.
Modern endpoint management starts with identities not devices
It’s easy to think endpoint management starts with the device. But in today’s anywhere-work world, that assumption is holding organisations back.
The real foundation isn’t the hardware; it’s the user and their identity.
Why? Because devices move. Networks change. But identity is constant. And if you can verify the user and the device together, every time they request access, you shift from passive control to active trust.
That’s the core of identity-driven endpoint management. It flips the old model on its head:
- Instead of assuming trust based on device ownership or network location, it validates every interaction using real-time signals.
- Instead of relying on firewalls and internal domains, it uses Conditional Access to enforce policy at the point of access. Anywhere in the world.
- Instead of juggling multiple disconnected tools, it unifies security and management across the Microsoft ecosystem: from Entra ID and Intune to Defender for Endpoint and Microsoft Defender XDR.
So, what’s the business case?
It’s a strategic shift from managing endpoints to managing trust. And it’s how you deliver security, scale, and simplicity in a hybrid world.
Final thoughts
Fragmented device management is often the result of reasonable decisions made at different points in time.
But cloud maturity, user expectations, and security requirements have evolved. Supported by integrated tools such as those within Microsoft’s cloud-stack, organisations can embrace a unified, identity-first approach, and move beyond short-term fixes and legacy constraints.
It delivers consistent policy enforcement, stronger protection, and a smoother experience for users across every device and location. By rethinking how endpoints are managed, organisations can reduce cost, improve agility, and create the conditions for long-term success in a hybrid, cloud-connected world.
At Kocho, we help organisations make that shift with clarity, confidence, and control.
Get in touch to find out how we can help.
Key takeaways
Every organisation reaches fragmentation in its own way but suffers similar consequences from it.
Legacy tools and team silos are common blockers to unified device management adoption.
User experience is a key driver for productivity, satisfaction, and long-term cost savings.
Modern endpoint management starts with identity not hardware or network.
Microsoft’s ecosystem enables real-time trust decisions through integrated tools like Intune and Entra ID.
A unified approach improves security posture, operational efficiency, and the overall value IT delivers.
Next steps
If you liked this blog, please share it with your social network.
Great emails start here
Sign up for free resources and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
