Questions on deploying MDM and controlling user profiles.

Brass Contributor

Hi Community,

 

Customer has below environment and goals to achieve.

 

• The source of truth where users accounts are created and tagged is ServiceNow

 

• Endpoint management (Intune, Autopilots) is in use (licensing is M365 E5)

 

Goals:

 

• First, the main goal is to manage endpoints (laptops) life cycle through Microsoft and non-Microsoft solutions.

 

o The idea is to have the ability to deploy laptops based on the end-user job (sales, finance, tech support)

 

o Also, to have the ability to change the laptop setup / configuration / apps if the end-user move to another position or leave the company

 

Question:

 

Which Microsoft solution / design and best practices would we recommend to archive this goal?

 

Any pointers would be of great help. Many thanks in advance.

2 Replies
Hi,

Goals: The idea is to have the ability to deploy laptops based on the end-user job (sales, finance, tech support)
Answer: Autopilot with group tagging, so you can make sure you apply a autopilot profile with specific apps to it.

Goals First, the main goal is to manage endpoints (laptops) life cycle through Microsoft and non-Microsoft solutions.
Answer: https://docs.microsoft.com/en-us/mem/intune/fundamentals/device-lifecycle

Goals: Also, to have the ability to change the laptop setup / configuration / apps if the end-user move to another position or leave the company
Answer: When you made sure you are assigning apps/policies to specific groups you are got to go when a user changes position. But please make sure you reset the device.. Also please visit my blog about retire/wiping devices.
https://call4cloud.nl/2021/04/to-retire-or-not-to-wipe/

There is so much to talk about... please visit my blog to get some ideas where to start
-bitlocker
-adminless
-applocker
-microsoft defender
etc etc




Hi Rudy,

Thank you for your response. The customer expectation is something more global including 3rd party solution like ServiceNow to managed the life cycle.

Again, the idea is to have ServiceNow has “the source of truth” and then to deploy laptops based on the customer job (sales, finance, support ..) through Endpoint manager / Intune / autopilot.
Changing job (flagged in ServiceNow) should automatically reconfigure the device for the user.
Leaving the company should automatically clean the device and set it to a “default” profile.

Any pointers in this scenario would be of help.

Many thanks in advance!