In September, back by popular demand, the Juriba team held a webinar to explore the paths available for organizations migrating to Microsoft Intune and reveal what's involved in the process and the common blockers that organizations face. The webinar was hosted by Juriba’s Co-Founder and CEO Barry Angell, Juriba Product Manager Neil Wheeler, and myself. I wanted to take the opportunity to share the recording with you, summarize the most important takeaways, and give a rundown of what could potentially prove to be a blocker in your migration.
Theory Vs. Reality
Migrating to Microsoft Intune and moving end user devices and applications to the cloud is undoubtedly complex and comes with its challenges, requiring significant planning and project management.
For many organizations who over the years have put blood, sweat, and tears into their existing MECM configuration and are now looking to work with a co-managed or cloud-only estate, the change in processes, technical capabilities, and the impact of getting it wrong and creating an even more complex environment is daunting.
There is also the added challenge of having to deal with a mixture of different packaging formats, operating systems, and end user needs. Building and delivering a successful migration plan involves lots of moving parts and relies heavily on robust and well-thought-through processes that ensure that the day job isn’t impacted, it doesn’t go over budget, and most importantly, won’t compromise any security or compliance requirements.
It's no wonder many are hesitant when approaching this migration as the repercussions of failure are huge, and no surprise that so many organizations struggle to migrate successfully without first encountering several pitfalls and blockers. In the following paragraphs, we will unpick this challenge and help you find the right path.
Top Blockers For Your Microsoft Intune Migration
So, what are the ‘red flags’ that every business really needs to look out for? In our experience, there are several common blockers to migrating to Microsoft Intune.
1. Understanding The Business Case
There is no doubt that despite the promise of Microsoft Intune migration being a straight-forward task, it is undoubtedly always more complex than first thought. For that reason alone, it is imperative that there is not only organizational buy-in in terms of the plan, timings, resource, and budget, but also clarity on who is responsible for the initial and ongoing delivery of the migration project and ownership.
“It’s only once when we started going into the detail of migrating to Microsoft Intune that we found that our business case started to get eroded because of our first assumption that everyone can switch to Intune. With a complex IT legacy estate, it was immediately evident that we would need to utilize a hybrid of MECM and Microsoft Intune, so straight away our business case was at risk and had a much broader remit.” -- Head of End User Computing, Juriba Enterprise Customer
We have seen many business cases stumble at this initial stage as organizations rush into delivery mode, resulting in a higher-than-expected implementation cost and timescale, a place no IT Manager wants to be in. Clarity and planning must be considered not only for the initial migration project but also for the ongoing management and support required.
2. Getting Application Management Right
Deciding what is in and out of scope is critical and highly dependent on having visibility and knowledge of several moving parts. A selection of end users, for example, may have been initially identified as perfect candidates for Microsoft Intune management, with a clear rationale to use Intune to manage their endpoints in a remote worker, cloud-first world. But what happens if they move to a new role not supported by Intune because one of the applications now required can only be supported through MEC?
Immediately, you are creating complexity for your operations team. For them to deliver this application management task in a hybrid operating environment, the processes for packaging and testing the applications have doubled - they now need to test, package, and distribute in both MECM and Microsoft Intune. All of a sudden, the scope encounters a rising number of ‘unknown unknowns’ and starts to expand as it requires skills in both Intune and MECM and policies for devices and applications supported in both management tools.
Added to the mix is the indisputable fact that the number of applications in scope is continually on the rise. The reality today is that there is an application for everything, each one needing management, requiring frequent updates, and regular testing and repackaging. The reality is also that with so many applications, it’s hard to keep up and have visibility and a clear inventory. Many organizations will have applications outside of the Microsoft suite and end user departments needing new applications specific to their function. This certainly isn’t out-of-the-box application management. Needing to know if these applications are suitable and will work in Microsoft Intune through testing has never been more important, especially given that you may come across some applications that will be unsuitable for Intune regardless of how business critical they are.
“Application compatibility is a minefield. You assume a group of users who are perfect for Microsoft Intune (remote workers, never go into an office, connect to predominantly cloud services) but then you learn that they have some applications that won't package to Intune nine times out of ten down to security, or need a substantial amount of repackaging expertise to get it to work.” -- David Cuffy, Application Specialist at Juriba
Constant testing and patching of applications at scale for Microsoft Intune and MECM require a significant amount of time and resources, not to mention managing the policies of how you want Intune to work on a per-application basis. Get this wrong, and the implications are huge, resulting in potential application failures, increased support calls, stalled projects, and increased risk of a security breach.
Agreeing on scope, priorities, a roadmap, and timescales is great, but be prepared to flex as it is likely that it will be more complex than you initially thought.
3. Effective Project Management.
With so much to consider in migrating to Microsoft Intune, one thing is clear – it is a process that is time and resource-hungry and could involve significant one-time costs. This is because not only will the program and BAU costs continually creep up due to an ever-expanding scope and remit, but also because applications historically tend to be the bottleneck in the migration process. Packaging, testing, and coordinating with application owners and end users at scale and on a regular basis is not a simple or quick task and, as highlighted previously, can soon spiral out of scope. If the applications fail, it can lead to stalled projects, resulting in increased costs and frustration in all departments.
This is a position that no IT Manager wants to be in, and this is why locking down project and BAU costs with a contingency is paramount to gaining wider business buy-in and delivering a migration plan that is on budget.
It’s vital to consider and identify early on just exactly what you want to achieve, for whom, by when, and at what cost, and then find the best method, processes, and tools for delivering this. Even then, be prepared for any bumps along the way, as undoubtedly there will be a few.
There Is A Better Way
We are excited to share with you a framework that we have built that moves through the Microsoft Intune migration in 7 steps in a single process using automation.
- Project scope definition: what is in and out of scope, assets, users, applications, etc.
- Inventory: how many applications, devices, and users
- Application analysis: categorization
- Application readiness, conversion, and testing: converting existing applications where applicable
- Automated ring assignment and readiness checks: understanding what is ready for migration
- Global scheduling and automated communication co-ordination: communication with end users
- Automated deployment and reporting: scheduling and automating deployment
“This framework combines the automated capabilities of Dashworks Workplace Automation Platform with AppM application testing and packaging to provide a cohesive single migration process to help every organization remove the complexity of a Microsoft Intune migration”. -- Barry Angell, CEO at Juriba
Microsoft Intune Migration In Action
A recent customer scenario neatly explains how a robust and automated Microsoft Intune migration process can help mitigate some of the identified blockers.
“Project scope is a deal breaker. You may start with what feels like a doable task, but then as you spend time identifying suitable end users and departments who would benefit the most from switching to hybrid or remote, and then look at the applications they use and review if, in fact, they can migrate successfully to Microsoft Intune, suddenly the project involves a lot more discovery, time and budget than initially thought.” -- Head of End User Computing, Juriba Enterprise Customer
Every migration starts with a definition of project scope: what is in and out of scope, assets, users, applications, etc. When starting the migration, Dashworks acts as a powerful data warehouse for the project, allowing users to understand the environment by showing the relationships of devices, applications, and owners fully and clearly.
It provides the template to scope the project, analyzing which devices suitable candidates and are in scope for migration, what is the packaging criteria: categorizing the applications (Intunewin wrapper or MSIX), setting the application prioritization, and communicating with application owners for testing whilst providing the framework to manage device readiness for migration.
“This initial stage establishes a working framework based on set parameters and creates a real-time dashboard to monitor and manage the migration. Users benefit from being able to quickly see what devices are in scope, what is assigned to each ring, and what the current readiness and status is for migration.” -- Neil Wheeler, Juriba Dashworks Product Manager
Once the application packaging and testing have been completed, the Microsoft Intune migration project then resumes in Dashworks, focusing on communication to both the application owner for UAT and the end user for deployment via the self-service portal.
“The first thing I wish that we could have achieved was to take the entire application portfolio and try and convert them all into Microsoft Intune package formats. That would let me know which ones immediately converted without any problems and which ones failed to convert, highlighting the problematic areas. That would have been a useful insight for me.” -- Application Packaging Team, Juriba Mid-Market Customer
Juriba’s platform can quickly identify if and why a device may not be ready for migration due to a failing application and proactively remediate it using AppM for repackaging and automated testing.
“The ability to achieve bulk testing at scale in this instance would have saved an absolute ton of work, but for me, more importantly, gives me the insight of where my problems are and how big a project a program I needed to raise funds for.” -- Intune Migration Project Manager, Juriba Enterprise Customer
Once the application has been uploaded into AppM it can be quickly converted into the correct package format, ready for migration. Once the application has been packaged in a new format, it is tested to make sure it installs correctly in the new build environment done via a real virtual machine – smoke test – check content, check to install, test results, uninstall – all running unattended and in a matter of minutes, with all testing logs recorded.
In Summary
We really are excited about sharing what is essentially an entire end-to-end single migration process and modern framework from the point of starting with our Microsoft Intune migration plans, setting up a project, converting applications (Intunewin, MSIX, publishing straight from the existing MSI), being able to test applications within the platform and being able to determine which assets are ready for migration, communicating with end users and application owners, and ultimately being able to orchestrate the deployment in an automated fashion.
We hope you’ve found this an interesting read on the benefits and limitations of migrating to Microsoft Intune and what's involved throughout the process. Keep an eye out for our Microsoft Intune migration project plan launching soon.