We are pleased to announce that Microsoft will launch a new suite of advanced endpoint management solutions in March 2023 together in one, cost-effective plan. This new plan will help you go further in simplifying endpoint management, protecting your hybrid workforce, and delivering better user experiences across your organization.
Microsoft announced its vision to deliver a bundled suite of advanced endpoint management solutions in April 2022 and started the rollout with Remote Help for Windows. In March 2023 we will introduce a new bundled plan that brings together Remote Help, Microsoft Tunnel for Mobile App Management, Endpoint Privilege Management, advanced endpoint analytics capabilities, and more advanced management capabilities in Microsoft Intune.
Why a suite of advanced solutions for endpoint management
Microsoft is the market share leader in endpoint management, with the most managed devices with mobile device management, the most endpoints managed by mobile application management, and the most Windows devices managed by all technologies. Yet customers' IT and security challenges never stand still, so we are constantly talking to CTOs and CISOs about what challenges they are facing, and what that means for Microsoft's roadmap.
What we have heard from CTOs is that in the past few years the evolving needs of hybrid work and increasing security threats have required them to increasingly stitch together and pay for multiple tools from different vendors. For example, Axonius reported in May 2021 that 72% of organizations reported increased complexity within their IT environment over the past two years. And in June 2022, the Solarwinds IT trends report stated that 54% of respondents had visibility into less than half of their app and infrastructure estate.
CTOs are also starting to tell us that their CFOs are asking them to do more with less as many companies look to tighten their belts. In July, ESG's Technology Perspectives from Cybersecurity Professionals report stated that 46% of organizations are consolidating or plan to consolidate the number of vendors they do business with. According to a Gartner release from September, 75% of organizations are pursuing security vendor consolidation in 2022, up from 29% in 2020.
This is a common pattern: new issues emerge, a point solution arrives that promises to “fix” the problems, and this short-termism is repeated. Often, this cycle results in an ever-increasing number of admin consoles, identity systems or agents running on devices, all of which add complexity, overhead for IT admins and pose risks to the health and performance of endpoints. At some point, consolidation and a “Spring Clean” is needed.
A step-change in Microsoft endpoint management
The capabilities delivered within the new Intune suite will allow organizations to centralize and consolidate the tools they use to manage and protect their digital estate, provide remote assistance, remove the risks of local admin users, support a BYOD device model with secure access for unenrolled mobile devices, improve the health and performance of Windows endpoints and, over time, reduce the complexity and effort of app deployments and updates.
We are excited to share more details about the capabilities of the new suite and when you can expect to start using each capability.
Remote Help for Windows and Android
We launched the initial version of Remote Help for Windows in April, and our March 2023 release will add enhancements to the Windows experience as part of the advanced management suite. For example, you will see ServiceNow integration, to bring in service management incident information into Intune for faster resolution of users' technology issues. There will also be better messaging to easily view reasons for device noncompliance, and the ability for the IT Helpdesk worker to hear audio from the person receiving remote assistance. The release also features enhanced elevation, where interaction with the User Account Control prompt help quickly resolve issues requiring alternate admin credentials, now provides a better blend of security and user experience through just in time elevation requests from helpdesk personnel.
Another major enhancement will come when we launch support for Android, which is especially important in helping admins serve their Frontline Workers remotely. For example, admins will be able to contact (or be contacted by) users with Android devices in their organizations, remotely diagnose the issue, and work with the Android user (who might often work on the frontline) to resolve the issue and get them back to work quickly.
Endpoint Privilege Management
In early 2023, organizations with subscriptions to Microsoft Intune will be able to experience our Microsoft Intune Endpoint Privilege Management solution in public preview. This will help you automate and manage when workers have permission to use admin privilege for specific tasks on both Windows cloud connected and co-managed endpoints. With Endpoint Privilege Management, you will no longer need to make users local admins. Instead, your users can have standard account privileges and be dynamically elevated to admin privilege for specific admin approved tasks, based on your company policies. This helps improve their productivity while enhancing your security posture.
We want to provide IT admins with the tools they need to enable people in their organization to self-serve when the need arises. We want to do this within the principles of a Zero Trust architecture, which means using the least privileged access.
Endpoint Privilege Management will give you the ability to set rules and parameters in Intune to configure a standard user's permissions to be automatically elevated, be self-managed or set to require authorization – all so they can securely perform tasks such as adding approved apps, printers, or other peripheral devices without needing to contact your IT helpdesk, saving you time and money.
Intune Endpoint Privilege Management will become generally available as part of the suite of advanced endpoint management solutions as well as be available as an individual add-on to your Intune subscription.
Microsoft Tunnel for Mobile Application Management
Microsoft Tunnel for MAM provides convenience for end users, who can use one device for work and personal use (rather than carrying two devices). It does not require device enrollment, meaning corporate data can still be protected without the need for end-users to give IT control over their personal device should they not want to. From a company perspective, this allows companies to adopt a BYOD program, instead of purchasing corporate-owned devices for all employees, as they can be confident that user privacy and corporate data will be protected on BYOD devices.
Microsoft Tunnel for MAM further extends our VPN gateway to unenrolled iOS and Android devices for secure access to on-prem apps and resources using modern authentication, Single Sign On and conditional access. Employees will be able to securely access resources on their unmanaged iOS and Android BYOD devices. This new functionality will not require device enrollment and thus expands on our existing Microsoft Tunnel capabilities that are available today for devices managed by Intune.
For example, on Android, the apps do not need to be integrated with any SDKs other than the MAM SDK which is used to auto-start VPN for apps if desired or retrieve trusted root certs. Most customers are already using the MAM SDK for data protection so there may be no new dev work required to connect to on-premises resources through Tunnel. Users can simply go to Microsoft Edge and sign in with their organizational account. The VPN auto-starts and they are seamlessly connected to an intranet site. Edge only connects to the VPN when signed in with an organization account to protect privacy as well as use APP policies for data protection. An SDK will be required to provide seamless per-app VPN capabilities on iOS too, including support for Microsoft Edge.
Microsoft Tunnel for Mobile Application Management (MAM) for iOS and Android will be available early in 2023 and part of new suite in March.
Advanced endpoint analytics
Endpoint analytics provides a new level of intelligence and automation to empower IT admins, helpdesks, and end-users to transform their futures, by scientifically analyzing the health and performance of your company's endpoints and driving improvement actions through automation and orchestration.
The new suite of advanced management solutions will include several advanced endpoint analytics features to help IT admins further understand, anticipate, and improve the technology experiences of their workers no matter where they work.
In addition to a bird-eye view of the organization, admins can now explore and address the needs of specific groups of devices they manage with improved drill-down capabilities. These capabilities make it easier for IT administrators to identify opportunities for improvement and prioritize targeted actions for specific people in your organization. Additionally, you can understand how the quality of the experience compares between groups of users, like how hybrid or remote workers' experience is different than employees that have returned to their offices.
Real time visibility, AI and machine learning, and automation come together in the new anomaly detection capability. With anomaly detection, admins no longer need to monitor custom dashboards, or manage complicated alert systems to ensure devices as working as expected. Instead, they can rely on an early warning mechanism to proactively learn about user impacting issues before they are reported through other channels like support. This helps minimize loss of productivity due to misbehaving devices, apps, or infrastructure. Anomaly detection will automatically identify anomalies such as unexpected machine reboots, app crashes, and hardware and peripheral failures. These anomalies are categorized based on severity and include relevant information, allowing admins to further drill down and investigate the issue on impacted devices in real time.
Automation is key to resolving issues faster. Proactive remediations in Endpoint analytics helps you fix common support issues before end-users realize there's a problem. With the new capabilities coming with the advanced endpoint management suite, IT admins and helpdesk operators will be able to run customized remediation scripts on individual devices on-demand and in real time within their troubleshooting sessions to deliver instant fixes or modify the device configuration to ensure devices are always performing optimally.
Further value and looking forward
The new suite of advanced solutions will include more capabilities at launch. For example, increasingly organizations are relying on purpose-built specialty devices to address business needs, not just PCs and smartphones. Managing and protecting all devices in an organization is a vital principle in achieving Zero Trust. Specialty devices are getting smarter – think of virtual reality headsets used in training or large smart screen devices in meeting rooms. Specialty devices increasingly contain or have access to company information, meaning they must be protected. When the new suite is available, organizations will be able to manage, configure and protect these specialty devices. For example, we recently announced that RealWear is the first of our specialty devices that runs on the new Android Open-Source Platform from Microsoft. For organizations that have frontline workers, Intune will provide them with the flexibility to deploy the right device for the job while helping to protect organizational data with app and conditional access policies.
In addition, we will help organizations simplify how they deploy apps, while automatically reducing the risk that those apps are out of date. We'll do that through two new capabilities. First, organizations spend thousands of hours every year packaging apps to get them ready for deployment. Intune will provide a comprehensive catalog of apps in its premium plan so organizations will no longer have to spend the time packaging apps for deployment. Second, we will help organizations keep apps up to date. Vulnerability management solutions take a reactive approach to making sure apps are up to date. The new plan introduce a proactive solution that will help you keep your third-party apps up to date in an automated fashion. With Microsoft Defender and Azure AD (now part of Microsoft Entra) integration, Microsoft can identify endpoint vulnerabilities on the device and empower IT to set policies through Intune to automatically update and patch third party apps.
And following the initial release, we will continue to add more to the suite. We plan to introduce the Mobile Application Management capability to support multiple company, managed accounts on a single device. This will be particularly useful to all those in professional services (such as lawyers, bankers, accountants, or consultants) who are client facing but also need to manage teams internally. With multiple managed accounts, workers will be able to use one device across multiple organizations, enabling flexibility and data protection regardless of the account.
Other functionality such as advanced cloud certificate management is on the roadmap, which will further simplify IT workloads and drive more integrated security.
You will be able to learn about new premium add-on capabilities through the Endpoint Manager admin center. This hub of information will also show what licenses you've applied to your tenant and offers Global and Billing admins easy access to the Microsoft 365 admin center so they can start a trial or manage the user licenses for these add-ons and when ready, the new suite of advanced endpoint management solutions.
Launch details
We will offer this new cost-effective, premium plan to subscribers of Microsoft 365 E3 and E5 or any plan which today includes licenses for Microsoft Intune.
The individual solutions will continue to be available as standalone add-ons, but the new plan will be available for less than the sum of all the add-ons; meaning you can do even more for less.
This bundle of advanced capabilities will help solve a headache for IT teams who for too long have juggled the sprawl of multiple point solutions, along with the security risks and user experience degradation from multiple agents from multiple, non-integrated solution vendors. March 2023 will mark the start of a step-change in Microsoft's endpoint management offer; we encourage you to start planning for it today.
Getting your team ready for March 2023
The new advanced endpoint management plan will help you reduce total cost of ownership by eliminating the need for multiple point solutions and costly integration projects, as well as get the benefits of increased security and better user experiences. To take advantage of the general availability in March 2023, we recommend taking the following next steps today:
- Talk to your account team or Microsoft partner for more information about how to assess your organization's need for Remote Help, Endpoint Privilege Management, advanced endpoint analytics and the rest of the suite.
- Watch our breakout session, Strengthen security and cut costs with an endpoint management you can count on, at Microsoft Ignite and visit aka.ms/IntuneAtIgnite for the full Microsoft Intune lineup.
- Attend the Microsoft Technical Takeoff: Windows and Intune, October 24-27, 2022 on the Tech Community.