Start Modern Management with Intune or Endpoint Manager
1. Why 100% Cloud with modern management?
- Less complexity
- Built-in automation
- New configurations & policies
- higher security standards
- Easier to implement
- self-service capabilities
To achieve more for your organization, it is important to give control to people. for example, to roll out devices more easily. That's why you choose one modern system. (right)
2. Move to Intune and Autopilot
- Why autopilot -> Read more here
- Golden-image story has become impractical since the huge needs for updates to software.
- Migrate your GPO to Intune CSP Policies. GPOs have little verifiability or effectiveness. You're not 100% sure if they work until you test them. This technology has been around since 2000 and is in need of replacement. Ideally, you start with new simple GPOs but in Intune. (CSP)
- CSP policies/Intune works location-independently. Many people work from home or remotely.
- Give user the power to install their own tools & applications but along the bottom maintain the needs so you can respond accordingly. For example. 10 users install software X. Then provide a CSP policy or Intune package that will automatically update this software.
- New opportunities of modern management are huge!
3. Microsoft Windows update in waves and delivery optimization
- Compliance policies to have easy overviews of the state of affairs.
- Delivery optimization to save network bandwidth. devices will take updates from each other.
4. Hybrid Identity with password write-back
- Activate Self-Service Password Management. This allows you to allow users-provided MFA activation and your Security -standard setup allows users to reset their own password via Office 365.
5. Onedrive Known Folder Move (KFM).
There are two benefits of moving or redirecting familiar Windows folders (Desktop, Documents, Images, Screenshots and Camera Roll) to OneDrive for Business.
- Users can continue to use the folders they know. They don't have to change their daily work habits to store files in OneDrive.
- Storing files in OneDrive backs up users' data in the cloud and allows them to access their files from any device.
This has tremendous value. Users can find their documents on their phones because of the automated movement. When workstations crash, the data is still there .
6. Microsoft Defender Advanced threat protection
Manage all devices with Microsoft Defender Advanced Threat Protection or MDATP.
- Microsoft is leading! microsoft-security-leader-5-gartner-magic-quadrants/
- Multilayered protection: Microsoft Defender ATP provides multilayered protection.
- Threat analysis: contextual threat reports provide SecOps with real-time insight into how threats affect their organizations
- A new approach to threat and vulnerability management: real-time detection, prioritization based on business context and dynamic landscape of threats and built-in remediation process accelerate mitigation of vulnerabilities and misconfiguration
- Built-in cloud-powered security: real-time threat detection and protection with built-in advanced features protect against large-scale and targeted attacks such as phishing and malware campaigns
- Automated security, SecureScore and +10 more other features!
7. Enterprise state roaming (ESR).
With Windows 10 Azure AD-users the ability to securely sync their user settings and application settings to the cloud. Enterprise State Roaming provides users with a unified experience on their Windows devices in that same way.
- Separation of business and personal data - Organizations are in control of their data and there is no mixing of business data in a consumer cloud account or consumer data in a business cloud account.
- Enhanced security - Data is automatically decrypted before it leaves the user's Windows 10 device using Azure Rights Management (Azure RMS), and data remains in encrypted at rest in the cloud. All content remains encrypted at rest in the cloud except for namespaces, such as settings names and Windows app names.
- Better management and control - Provides control and visibility over who syncs settings across your organization and on which devices through the Azure AD-portal integration.
- Even in addition to KFM! Even better for data loss, etc ...
8. Future opportunities?
- Graph API for automation
- Security operations - advanced hunting
- Proactive services - a thousand scenarios possible ...
- Automation in processes with Power Automate!
- Deep integration with third-party applications.
- graph API integrability.
Are you ready?
Create a demo environment in 60 minutes via this blog.