The outlook for technology leaders today is constantly changing, as evidenced by the recent changes in hybrid work. As such, more of our customers are looking for a cloud-based device management solution that helps them build resilience in the face of constant change.
In the past 18 months, we have seen a threefold growth in Windows devices managed in the cloud, and a nearly fourfold growth in the adoption of cloud-based updates. Some customers are all-in on cloud; others are taking a more incremental approach for devices managed in Configuration Manager via cloud attach.
Wherever our customers are on their journey, they recognize the value of cloud-based endpoint management to securely empower a flexible workforce with diverse endpoints. In this blog, I will dig into the principles behind the recent shift to the cloud and share some practical examples of the value that a shift to the cloud unlocks.
Why manage your devices in the cloud
Customers typically start their cloud journey by joining devices to Azure Active Directory and enabling cloud attach in Configuration Manager. This helps them by making the first step straightforward on the journey from being completely on-premises to completely cloud managed. Cloud attach is a simple process that enables all Configuration Manager devices to be accessible and manageable in the Microsoft Endpoint Manager admin portal.
When I talk to customers about why they’re considering cloud-based device management over their existing on-premises solution, we often talk about three advantages:
- The business operations resilience provided by the cloud
- The agility to iterate your approach more easily as you modernize
- The benefits of cloud scale, as demonstrated by endpoint analytics
In the past two years, the cloud became central to maintaining business operations in unprecedented times. As businesses increasingly enable a hybrid workforce, a cloud-based device management strategy becomes imperative. Reducing reliance on on-premises infrastructure by adopting a cloud-native approach streamlines IT operations and provides a better user experience.
Second, the cloud gives you more agility; it allows you to iterate more effectively. The cloud means you can iterate as you modernize, making the path ahead simpler. Central to this is the ability to manage your endpoints from a single pane of glass, something not possible if you are using separate approaches for on-premises and cloud devices. Using cloud attach, you can manage all endpoints from a single console and simplify the admin experience significantly.
Finally, with cloud scalability, more data can get captured and analyzed, which means better analytics. It makes it easier to learn from others, as you benefit from the insights, we draw from larger data sets of millions of endpoints. Endpoint analytics is a significant pillar of our innovation roadmap for Microsoft Endpoint Manager as it provides insights and recommended actions for endpoints managed natively in the cloud or that are cloud attached.
Scenarios showing the advantages of being cloud attached
When you cloud-attach existing on-premises services with Microsoft Endpoint Manager, you increase your endpoint management capabilities.
Four scenarios underscore the advantages of using cloud attach:
- Windows Autopilot into co-management
- Remote Help
- Deploy enterprise-wide updates
- Scope tags
Improve the user onboarding experience with Windows Autopilot into co-management
We are thrilled to announce that Windows Autopilot into co-management will be generally available in April. This provides a simplified user onboarding experience and reduces the time, resources, and complexity associated with deploying, managing, and retiring devices. The user experience is easy from the first device boot, meaning faster time to productivity. Organizations no longer need to maintain custom images and drivers for every model of device in use. Instead, it transforms the existing Windows installation into a state which is business ready. Using co-management and Windows Autopilot together means that all new devices entering a network will end up in the same state of management. Devices will be enrolled in Intune and also have a Configuration Manager client on the device.
Assist remote users more easily with Remote Help
Remote help is a new cloud-based service, designed with role-based access controls that enables IT and help desk staff to remotely assist users using a secure connection. It needs no additional integration: it is built into the Microsoft Endpoint Manager admin console and available to devices that are managed in the cloud.
There are multiple benefits. For example, suppose a user is having issues installing an application from the company portal. With cloud-based management, the helpdesk staff can remotely connect to the user’s device in a secure and trusted way. Alternately, suppose a user’s application comes from Configuration Manager through cloud attach. In this instance, the helpdesk operator can perform local troubleshooting tasks on the user's system including examining the Windows event logs, Configuration Manager client agent logs, and application installation logs to help determine a root cause for an application failing to install properly.
Deploy enterprise-wide updates more quickly
One of the most significant advantages of cloud-based updates is the ability to receive updates wherever you are, as long as your devices are connected to the Internet. Keeping devices up to date is vital to the security of the devices in your organization and can help improve productivity across the organization by delivering new capabilities sooner.
To learn more about more about Windows updates and cloud-based device management, watch this Microsoft Mechanics video:
Filter using scope tags
The final scenario to highlight the benefits of being cloud-attached is the use of scope tags. Scope tags determine which objects admins can see. For example, if an admin is only allowed to see and manage the profiles and policies that apply to devices in their city or region, a scope tag can enable that. For co-managed endpoints, you can better segment your devices using granular filters with scope tags. If your devices are tenant attached, they get assigned a default scope tag unlike co-managed devices. You can restrict the ability of an administrator like a helpdesk operator to view tenant-attached devices by creating or using a custom role in Endpoint Manager that does not have default listed for its scope tags.
How to learn more
This blog has highlighted how customers are taking advantage of cloud power to enhance user experiences, simplify IT operations, and protect devices. We continue to make significant investments in cloud-based management of devices. More drivers and firmware will be released this year, as well as significant advancements in intelligence-driven readiness assessments.
If you are managing endpoints using Configuration Manager today and are increasingly needing to protect and manage hybrid worker devices, I encourage you to read about Microsoft’s cloud-based updates and contact us if you would like a fuller discussion.
Learn more about cloud-based device management and Microsoft Endpoint Manager:
- Microsoft Mechanics video
- Interactive guide to cloud attach
- Remote help: enterprise-grade assistance tool now available
- Remote Help interactive guide
Return to the Microsoft Endpoint Manager blog home. Join the conversation on Twitter at @MSIntune and LinkedIn.