First published on CloudBlogs on Jul, 30 2014
When I introduced the “ Managed Everything ” model in this series’ previous post, I emphasized that niche management products (AirWatch or MobileIron, for example) are counterproductive compared to the huge benefits of a single, cohesive management system that can manage everything from mobile devices, to PC’s, to servers. This kind of end-to-end enterprise management is in Microsoft’s DNA, and it’s something we continue to excel at today. I encourage our customers and partners to have high expectations for their management solutions and to fully leverage the infrastructures and solutions they purchase. For example, can your management solution effectively govern both corporate owned PC’s and personally owned mobile devices (which hold a mix of personal and corporate data)? Or, can your management solution proactively protect both corporate apps and corporate data? And, can your management solution actively adapt to new mobile device types, new platform updates, and new operational guidelines – all at a moment’s notice? Taking this even further: Can the infrastructure you’ve deployed also provide malware protection for your organization? If your answer to all four of these questions is a solid “ No ” or a reluctant “Maybe,” then Microsoft has a solution that you are going to love! With things like Group Policy, System Center Configuration Manager (SCCM), System Center Endpoint Protection (SCEP), and the Enterprise Mobility Suite , Microsoft customers can always answer “ Yes! ” The importance of that answer simply can’t be overstated in the high-intensity, high-expectation world of IT. One of the points I have repeatedly made to the SCCM community over the years is that the SCCM infrastructure that most companies have deployed in their enterprises can be used for so many different things . I have spent the majority of my career building enterprise infrastructure solutions – and I deeply understand the costs and complexities of deploying, securing and maintaining these infrastructures. Having seen so many different infrastructures in so many enterprises around the world, my advice is this: Deploy as few of these global infrastructures as possible and leverage the daylights out of the ones that you do deploy. This is one of the reasons why I love the SCCM product so much – it delivers an infrastructure that provides rich and sophisticated PC, device, and server management. Here in Redmond, our Endpoint Protection is built on that same infrastructure, and, with the aforementioned connection to Intune , all of your mobile device management can be done through the SCCM console. When using Intune + SCCM, all the data on your mobile devices are all stored in the SCCM infrastructure.
When I introduced the “ Managed Everything ” model in this series’ previous post, I emphasized that niche management products (AirWatch or MobileIron, for example) are counterproductive compared to the huge benefits of a single, cohesive management system that can manage everything from mobile devices, to PC’s, to servers. This kind of end-to-end enterprise management is in Microsoft’s DNA, and it’s something we continue to excel at today. I encourage our customers and partners to have high expectations for their management solutions and to fully leverage the infrastructures and solutions they purchase. For example, can your management solution effectively govern both corporate owned PC’s and personally owned mobile devices (which hold a mix of personal and corporate data)? Or, can your management solution proactively protect both corporate apps and corporate data? And, can your management solution actively adapt to new mobile device types, new platform updates, and new operational guidelines – all at a moment’s notice? Taking this even further: Can the infrastructure you’ve deployed also provide malware protection for your organization? If your answer to all four of these questions is a solid “ No ” or a reluctant “Maybe,” then Microsoft has a solution that you are going to love! With things like Group Policy, System Center Configuration Manager (SCCM), System Center Endpoint Protection (SCEP), and the Enterprise Mobility Suite , Microsoft customers can always answer “ Yes! ” The importance of that answer simply can’t be overstated in the high-intensity, high-expectation world of IT. One of the points I have repeatedly made to the SCCM community over the years is that the SCCM infrastructure that most companies have deployed in their enterprises can be used for so many different things . I have spent the majority of my career building enterprise infrastructure solutions – and I deeply understand the costs and complexities of deploying, securing and maintaining these infrastructures. Having seen so many different infrastructures in so many enterprises around the world, my advice is this: Deploy as few of these global infrastructures as possible and leverage the daylights out of the ones that you do deploy. This is one of the reasons why I love the SCCM product so much – it delivers an infrastructure that provides rich and sophisticated PC, device, and server management. Here in Redmond, our Endpoint Protection is built on that same infrastructure, and, with the aforementioned connection to Intune , all of your mobile device management can be done through the SCCM console. When using Intune + SCCM, all the data on your mobile devices are all stored in the SCCM infrastructure.
PC + Device Management
“ Managed Everything ” obviously implies that there is a lot for us to do – now and in the future. Our leadership presence in the Gartner Magic Quadrant for PC management is still unchallenged, and most enterprise organizations around the world rely on us for the workloads/scenarios that require deep management functionality. What this depth of PC management and device management expertise demonstrates is simple: A “Managed Everything” model doesn’t replace PC’s with devices, it extends the skills and use of the infrastructure you’ve already deployed to provide the best solutions available (for any device) in the IT industry.Taking Command of Your Infrastructure Once and For All
The mechanics of the “Managed Everything” model are really straightforward: It centers on connecting your standard SCCM deployment to Intune . This is something I wrote about in a widely circulated post a few weeks ago, and the power of combining these two things is something I want every IT organization to experience. In a world where we are all constantly being asked to do more and be more efficient, fully leveraging the SCCM infrastructure you’ve already deployed is a huge bonus. Here at Microsoft, we have a few “World View” points that are the foundation of our strategy, as well as the capabilities we are delivering for you. Here are three:- We have a world view that sophisticated/rich PC management will be an on-premises workload far into the future.
- We have a world view that Enterprise Mobile device management should be delivered from the cloud.
- We have a world view that organizations want a single console ( i.e. pane of glass) to manage all their PCs and devices.
Why Your Hybrid Setup Really Matters (I mean, Really )
By combining SCCM and Intune, your hybrid infrastructure immediately becomes incredibly powerful and you have the ability to manage a lot more from the SCCM console. Here are just a few things you can do:- Deploying apps cross platform With SCCM+Intune you can deploy an app to users across different platforms (e.g. iOS, Android and Windows) all from a single console. With this single console you’re using a consistent workflow and UX regardless of the devices you manage, and this means less training and time to support new devices or platform updates. This hybrid setup allows you to simplify and unify your management.
- Setting policy cross platform This hybrid management also allows you to set a single device security policy for all your device types and then push that out to all of them – no matter where they are or how they’re used within your infrastructure.
- Wi-Fi configuration, VPN, certificate management – cross platform Similar to policy controls, with the unified console you no longer have separate wireless LANs based on device platforms – instead you simply set up your Wi-Fi profiles once and then deploy them to all your devices types.
- Inventory cross platform Get a complete and accurate inventory of all your Windows, iOS, and Android devices in a single place. Desktops, laptops, tablets, phones, POS devices – all at a glance within the SCCM database.
The Future of Office Apps
In the very near future, this hybrid pairing of SCCM and Intune will also be able to manage your Office apps. Coming up, new versions of the Office apps will ship natively instrumented to be managed by the Windows Intune app restriction policies. This will allow IT to do things like manage copy/paste between apps, or control where the user can save information to/from an app. There will also be a feature called “Conditional Access” which allows the admin to grant access to O365 (e-mail and OneDrive for Business) or on-prem Exchange/SharePoint only if the device is managed by Windows Intune and meets the policy criteria. For example, you can set a policy that a mobile device can only get corporate e-mail if the device has a power-on password, is encrypted, and is not jail broken. If any of these criteria are not met the flow of e-mail to the device stops and the user’s corporate inbox is emptied except for a single e-mail that informs the user that their device no longer meets the required corporate criteria. Helpfully, that e-mail walks them through bringing the device back into compliance. I used e-mail as an example here, but the conditional access capabilities we’re delivering in Intune can be applied to any corporate app. To see some of this in action, skip ahead to about 21:00 (especially around 22:30) in my recent keynote at Microsoft’s Worldwide Partner Conference. These functionalities are incredibly valuable because they allow your end-users to use the apps they love (Office, for example), and you can implement the necessary controls to ensure they can only access information that meets IT policy. And, of course, the data on the device is protected too. Note: Check out the “Managed Everything” for Small Enterprises post.Published Sep 08, 2018
Version 1.0Brad Anderson
Iron Contributor
Joined September 06, 2018
Security, Compliance, and Identity Blog
Follow this blog board to get notified when there's new activity