Blog | 9-minute Read
What is Microsoft modern management – and how can it help you overcome your MDM challenges?
Published: 29 April 2020
Examining what Microsoft means by modern management and how this new approach could revolutionise the way you manage devices in your organisation.
If you’ve been looking into enterprise mobility and security solutions recently, it’s likely you’ll have come across the term ‘modern device management’ or just ‘modern management’.
This is a relatively new term that Microsoft has begun using to describe how they envision the future of device and user management.
It has, however, stirred up some misunderstanding around what exactly Microsoft mean by this term and how it’s any different to how organisations are currently managing their devices. In this blog, we’ll try to explain what it all means and how adopting a modern approach is to your benefit.
Entra ID: The IAM formerly known as Azure AD
New name, but still leading the way. Everything you need to know about the world’s most popular multi-cloud identity and access management platform.
Download your 34-page e-Guide and discover:
- How organisations are achieving 123% ROI
- How you can reduce data breaches by 45%
- The tools to improve efficiency by 50%
What is modern device management?
The ‘modern’ element Microsoft is referring to here essentially translates to ‘cloud-based’. And ‘modern (device) management’ is simply Microsoft’s recommended overall strategy for managing Windows 10 users and devices utilising the power of cloud technologies.
The aim is that Cloud platforms (such as Azure AD) will work in conjunction with other Microsoft programs such as Autopilot and Intune to automate a lot of the device management process. This means less time is spent managing both the devices and the tools used to govern them.
Modern device management is the practice of combining cloud-based management and security features to empower users to be secure and productive on any device, anywhere.
Under the hood, this means devices will move from being managed via Configuration Manager, Active Directory and Group Policy to being cloud-managed through Intune and joined to Azure Active Directory.
To achieve Microsoft’s vision of modern management, a device must be managed by Intune. The reason being that Intune will allow you to provide comprehensive device management to users, irrespective of whether the device is connected to the corporate network with no need for an agent to be deployed.
But what’s prompted Microsoft to push this new device management approach? Well, let’s examine some of the issues caused by existing ‘traditional’ device management methods.
The top challenges of traditional MDM (aka mobile device management)
We regularly speak to our clients about the challenges and frustrations they have when dealing with mobile device management.
Time and again we see the same five issues crop up:
Reliance on a corporate network
Device management is frequently limited to devices that are visible on a corporate network. You want to manage a device out on the road, connected to the internet directly? Forget about it – unless you’re willing to brave a complex certificate infrastructure or a costly always-on-VPN solution.
I’ve yet to meet an IT admin who enjoys managing user and device certificates for roaming devices.
It’s become a necessity, sure, but it’s a potential burden that has sent shivers down the spines of admins across the globe.
In recent years, an always-on-VPN type service like DirectAccess has helped bridge the gap for managing roaming devices, but given the limited remaining life of
DirectAccess and the continued drive to cloud services, perhaps now is the time to re-evaluate your options.
Higher infrastructure costs (and administrative overhead)
Taking both above points into consideration, it’s no surprise that traditional management can be both technically constraining and costly.
At Kocho, we aim to help our clients free up time typically used for ‘keeping the lights on’ for a service thereby allowing them to invest in more productive areas. An aim made all the easier by a modern cloud-based device management approach.
Problematic content delivery
Most of our clients that operate a traditional management infrastructure using Configuration Manager have made huge investments into content delivery – widely dispersed distribution points scattered throughout the organisation.
This not only carries an infrastructure overhead, often necessitating physical servers in remote locations with large amounts of storage, but also means they must be mindful of bandwidth and delivery schedules.
Operating system deployment
Traditional management is typically coupled with operating system deployment, a practice that is well established and has carried us through operating system releases from Windows XP onwards.
While operating system deployment works well, it is time-consuming and often requires administrator interaction with a device before it can be issued to the user.
In a lot of cases, the user also interacts with IT during the process, which impacts user experience and can mean a delayed deployment.
Are these issues sounding familiar? Let’s look at what advantages Microsoft’s ‘modern’ approach can provide in comparison.
What are the benefits of modern management?
One significant advantage of adopting a modern management approach is that (in most cases) there is no requirement for on-premises infrastructure – all management is performed through cloud services.
Content and management are all delivered securely over the Internet. This enables organisations to drastically simplify their infrastructure and reduce the cost and effort involved with maintaining a traditional management solution.
Modern management also includes the ability to replace operating system deployment with a user-centric approach to device delivery in the form of Windows Autopilot.
Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use.
Autopilot can be used to reset, repurpose and recover devices. This solution allows an IT department to straightforwardly set up many devices with little to no infrastructure to manage.
Autopilot is designed to simplify all parts of the lifecycle of Windows devices, for both IT and end users, from initial deployment through to end of life.
Leveraging cloud-based services, it can reduce the overall costs for deploying, managing, and retiring devices by reducing the amount of time that IT needs to spend on these processes. It also means less infrastructure to maintain, all while ensuring ease of use for end users.
Users love Autopilot because they can work where, when and how they want without a reduction in functionality or experience.
IT love Autopilot because it provides a common and consistent method to manage and enable users across all their devices, while also delivering the security and protection they require.
So, everybody wins.
Top Tip: Modern managed devices and the Microsoft 365 suite work better together and, when used in conjunction, can enable organisations to improve their overall security posture and significantly reduce risk.
Microsoft’s ‘modern management’ philosophy is evolving at a rapid pace. Just last year, a common piece of feedback from our clients was that they wanted to manage Group Policy settings on devices, but they had to rely on devices ‘checking-in’ to the corporate network to remain compliant.
Today? A huge number of Windows 10 and Office 365 ADMX template settings can be found in Intune and applied ‘over-the-air’ without the need to connect to the corporate network.
And if that still hasn’t swayed you, Microsoft recently released Microsoft Endpoint Manager – a new portal that allows you to deploy a seamless, end-to-end management solution that combines the functionality, data, and intelligent actions of Microsoft Intune with Microsoft System Center Configuration Manager.
Microsoft Endpoint Manager is now the recommended tool for managing both Microsoft Intune and Configuration Manager through a single, unified portal.
How can Intune help you move to this approach?
Modern management is performed using Microsoft Intune. If you’re one of the thousands of organisations that are using Configuration Manager to manage devices, this existing infrastructure can be utilised to help make the transition. Plus, you’ll still be able to provide traditional management capabilities to existing workloads not yet prepared for the move.
To help with that effort, if you are currently licensed for traditional device management with SCCM, then you’re already licensed for Intune and MDM.
New devices could be configured with Autopilot and issued directly to the user […], meaning all they have to do is sign in with their corporate credentials and they’ll get access to the services and data they require. All with no interaction from IT.
Many organisations making the move to modern management opt for a device refresh approach, whereby newly purchased devices are managed in Intune by default.
This will gradually reduce the requirement on your traditional tools until all workloads are modern managed. New devices could be configured with Autopilot and issued directly to the user from a hardware supplier, meaning all they have to do is sign in with their corporate credentials and they’ll get access to the services and data they require. All with no interaction from IT.
Another approach to migrating to modern management is to perform a discovery exercise to define personas or working groups of users.
Identifying personas that have fewer dependencies on on-premises workloads or complex bespoke apps means they are more easily transitioned to modern management.
This approach can mean that, as personas are being migrated, work can be undertaken in the background to continually identify and remediate issues blocking other personas from moving to modern management, such as application publishing or compatibility.
A typical example of this approach is knowledge workers – users that only require access to Office 365 and web apps. These users are typically first to be ready for a migration to modern management.
How does Windows 10 support this approach?
Windows 10 was developed with modern management at its core. It’s designed to be managed anywhere, whether connected to a corporate network or out on the clear internet.
Wherever the device is connected, the device is managed. Support for modern management is baked right into the operating system – so no additional agents are required.
If you’re on Windows 10, then you’re already benefitting from Windows-as-a-Service and its regular security and feature updates. Moving your device management to the
Cloud means that you’ll similarly benefit from any new improvements and updates Microsoft make to Intune and Microsoft Endpoint Manager automatically.
Modern management provides a comprehensive management capability for any device that runs Windows 10, be it a tablet, desktop or laptop.
Hopefully, that’s helped clear up what Microsoft means by modern management. It’s all about making the most of new device management tools such as Intune that take full advantage of the power of the cloud, reinforced by the compatibility and security built into Windows 10.
All of which is driving towards a more integrated and holistic future where you can securely manage the devices in use across your organisation with greater ease at less cost.
However, not every organisation can just cut the cord on their traditional perimeter network and existing management platform, but that’s where Kocho can help.
We help our clients understand and identify workloads and personas in use within their business and design an approach to transition supported workloads to modern device management in a controlled, secure, tried and tested manner.
The Complete Guide to Microsoft Entra ID
Unlock the full power of the world’s most popular multi-cloud identity and access management platform.
Download your 34-page guide and discover:
- How organisations are achieving 123% ROI
- How you can reduce data breaches by 45%
- The tools to improve efficiency by 50%
Sign up for great content and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Tom Waller is a Kocho Architect with over fifteen years’ experience helping clients become greater at enterprise mobility, security, and compliance.
Great secure mobility resources
We’re here to help you on your journey towards becoming greater.
Get in touch to find out how.