Questions on deploying MDM and controlling user profiles.

%3CLINGO-SUB%20id%3D%22lingo-sub-2838539%22%20slang%3D%22en-US%22%3EQuestions%20on%20deploying%20MDM%20and%20controlling%20user%20profiles.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2838539%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22%22%3EHi%20Community%2C%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3ECustomer%20has%20below%20environment%20and%20goals%20to%20achieve.%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%E2%80%A2%20The%20source%20of%20truth%20where%20users%20accounts%20are%20created%20and%20tagged%20is%20ServiceNow%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%E2%80%A2%20Endpoint%20management%20(Intune%2C%20Autopilots)%20is%20in%20use%20(licensing%20is%20M365%20E5)%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%3CSTRONG%3E%3CSPAN%20class%3D%22%22%3EGoals%3A%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%E2%80%A2%20First%2C%20the%20main%20goal%20is%20to%20manage%20endpoints%20(laptops)%20life%20cycle%20through%20Microsoft%20and%20non-Microsoft%20solutions.%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3Eo%20The%20idea%20is%20to%20have%20the%20ability%20to%20deploy%20laptops%20based%20on%20the%20end-user%20job%20(sales%2C%20finance%2C%20tech%20support)%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3Eo%20Also%2C%20to%20have%20the%20ability%20to%20change%20the%20laptop%20setup%20%2F%20configuration%20%2F%20apps%20if%20the%20end-user%20move%20to%20another%20position%20or%20leave%20the%20company%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%3CSTRONG%3E%3CSPAN%20class%3D%22%22%3EQuestion%3C%2FSPAN%3E%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EWhich%20Microsoft%20solution%20%2F%20design%20and%20best%20practices%20would%20we%20recommend%20to%20archive%20this%20goal%3F%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EAny%20pointers%20would%20be%20of%20great%20help.%20Many%20thanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2838539%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2838956%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20deploying%20MDM%20and%20controlling%20user%20profiles.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2838956%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EGoals%3A%20The%20idea%20is%20to%20have%20the%20ability%20to%20deploy%20laptops%20based%20on%20the%20end-user%20job%20(sales%2C%20finance%2C%20tech%20support)%3CBR%20%2F%3EAnswer%3A%20Autopilot%20with%20group%20tagging%2C%20so%20you%20can%20make%20sure%20you%20apply%20a%20autopilot%20profile%20with%20specific%20apps%20to%20it.%3CBR%20%2F%3E%3CBR%20%2F%3EGoals%20First%2C%20the%20main%20goal%20is%20to%20manage%20endpoints%20(laptops)%20life%20cycle%20through%20Microsoft%20and%20non-Microsoft%20solutions.%3CBR%20%2F%3EAnswer%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fdevice-lifecycle%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Ffundamentals%2Fdevice-lifecycle%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EGoals%3A%20Also%2C%20to%20have%20the%20ability%20to%20change%20the%20laptop%20setup%20%2F%20configuration%20%2F%20apps%20if%20the%20end-user%20move%20to%20another%20position%20or%20leave%20the%20company%3CBR%20%2F%3EAnswer%3A%20When%20you%20made%20sure%20you%20are%20assigning%20apps%2Fpolicies%20to%20specific%20groups%20you%20are%20got%20to%20go%20when%20a%20user%20changes%20position.%20But%20please%20make%20sure%20you%20reset%20the%20device..%20Also%20please%20visit%20my%20blog%20about%20retire%2Fwiping%20devices.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2F2021%2F04%2Fto-retire-or-not-to-wipe%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcall4cloud.nl%2F2021%2F04%2Fto-retire-or-not-to-wipe%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20so%20much%20to%20talk%20about...%20please%20visit%20my%20blog%20to%20get%20some%20ideas%20where%20to%20start%3CBR%20%2F%3E-bitlocker%3CBR%20%2F%3E-adminless%3CBR%20%2F%3E-applocker%3CBR%20%2F%3E-microsoft%20defender%3CBR%20%2F%3Eetc%20etc%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Contributor

Hi Community,

 

Customer has below environment and goals to achieve.

 

• The source of truth where users accounts are created and tagged is ServiceNow

 

• Endpoint management (Intune, Autopilots) is in use (licensing is M365 E5)

 

Goals:

 

• First, the main goal is to manage endpoints (laptops) life cycle through Microsoft and non-Microsoft solutions.

 

o The idea is to have the ability to deploy laptops based on the end-user job (sales, finance, tech support)

 

o Also, to have the ability to change the laptop setup / configuration / apps if the end-user move to another position or leave the company

 

Question:

 

Which Microsoft solution / design and best practices would we recommend to archive this goal?

 

Any pointers would be of great help. Many thanks in advance.

1 Reply
Hi,

Goals: The idea is to have the ability to deploy laptops based on the end-user job (sales, finance, tech support)
Answer: Autopilot with group tagging, so you can make sure you apply a autopilot profile with specific apps to it.

Goals First, the main goal is to manage endpoints (laptops) life cycle through Microsoft and non-Microsoft solutions.
Answer: https://docs.microsoft.com/en-us/mem/intune/fundamentals/device-lifecycle

Goals: Also, to have the ability to change the laptop setup / configuration / apps if the end-user move to another position or leave the company
Answer: When you made sure you are assigning apps/policies to specific groups you are got to go when a user changes position. But please make sure you reset the device.. Also please visit my blog about retire/wiping devices.
https://call4cloud.nl/2021/04/to-retire-or-not-to-wipe/

There is so much to talk about... please visit my blog to get some ideas where to start
-bitlocker
-adminless
-applocker
-microsoft defender
etc etc