The Simple Guide To Microsoft's Modern IT Management

By 2020, one out of two US employees will be working remotely, a new study finds. But the same is true for many other countries, e.g., the United Kingdom. While for some, this might seem like a futuristic fairy tale, others are already strategically preparing to manage this Digital Workplace — a conglomerate of (user- and/or company-owned) mobile devices, laptops, PCs and other peripherals in all kinds of connectivity and set-up scenarios. While some parts of this infrastructure will require granular management and rather strict control over devices, other parts can be managed just fine with a light, scenario-based approach.

Microsoft is at the forefront of this Modern/Digital Workplace movement with its Windows-as-a-Service, Office 365, Skype for Business, and many other tools to empower and connect the modern employee. In addition to productivity solutions, the software  giant also offers a suite of tools to manage their Digital Workplace offerings. These all fall under the umbrella "Modern IT Management", which I want to walk you through today. My goal is to peel away the fancy marketing lingo and give you an objective view of these solutions.

Microsoft's Modern IT Management Approach

Before we look into each of the tools in more detail, I want to spend two minutes on the overarching concept: Microsoft's Modern IT Management vision.

Ever since the introduction of Windows-as-a-Service, Microsoft has been urging large organizations to move away from their traditional IT management ways (think System Center Configuration Manager, Group Policies, and Active Directory) and embrace a more simplified, modern management approach using cloud-based device management solutions instead, such as:

• Microsoft Enterprise Mobility + Security (EMS)
  • Microsoft Intune
  • Azure Active Directory
  • Azure Information Protection
• Office 365, and the
• Microsoft Store for Business.

Image Credit: Microsoft, 2018

Why Modern Management?

Anything Microsoft has done in the past (e.g., placing the Windows operating system at the core of your user experience, moving core productivity applications into the cloud) is about making you and your employees more productive, connected, and secure — while broadening their reach across functions and infrastructure levels.

Their "mobile first, cloud first" strategy is all about turning every seat in your organization into a modern, in the cloud (always up-to-date and secure) device that is powered by Windows 10 and Office 365 ProPlus. By embracing the modern management approach, Microsoft hopes to:

• Make deployment and management of hybrid environments easier. Windows AutoPilot allows IT to simplify and personalize the out-of-the-box experience (think: zero-touch deployments) while IT can automatically configure new devices to be compliant with corporate policies utilizing the new EMS tools.
• Improve enterprises' built-in security. One of the biggest drivers for large organizations to adopt Windows 10 and Office 365 faster than any other OS before is the much improved and integrated management, security, and data protection capabilities of the Enterprise Mobility + Security suite.
• Keep your devices always updated.  Windows 10, Office 365, and other key Microsoft technologies such as SCCM and Windows Server have adopted a fast-paced, aligned upgrade schedule which, once a repeatable and industrialized process is in place, will keep the complexity of maintaining an on-premises infrastructure to a minimum.
• Give you telemetry and cloud intelligence insights. By using certain Microsoft tools (see below), you can have access to telemetry and cloud intelligence. This data can be helpful in detecting potential device and application issues early on and making your upgrade process easier.

Or, in other words, Microsoft wants to be part of your Evergreen IT journey!

Modern Management vs. Co-Management

As you research "Modern IT Management" you will also come across a term called "Co-Management" and the distinction between the two concepts can be a bit confusing. Basically, you can view "Modern IT Management" as the end goal, while "Co-Management" is Microsoft's bridge to get you there.

Why do you need a transition period? Enterprises have been very reluctant to change the way they manage their IT infrastructure, and Microsoft became painfully aware of this after receiving much push-back from its large enterprise and education customers, causing customers to skip upgrades and Microsoft to extend the support windows for several Windows 10 versions. 

So what is Co-Management exactly? The term Co-Management here refers to a hybrid approach to help make the transition to modern management in a controlled, iterative way by using elements of traditional IT management (on-premises Windows Server Active Directory (AD) and System Center Configuration Manager (ConfigMgr)) and Modern IT which is largely based on Microsoft Intune + Azure AD. The transition can be mapped out in four milestones:

1. Adoption of Windows-as-a-Service and Office 365 ProPlus
2. Transition from Windows Server Update Services (WSUS) to the new cloud-based Windows Update for Business service to deploy and manage Windows updates (available to Windows 10 Education, Professional, or Enterprise edition customers)
3. Move from creating, maintaining and deploying corporate images to provisioning desktops automatically using the new Windows AutoPilot 
4. Stop managing configuration policies through Group Policy and switch to utilizing Intune's built-in MDM agent MDM policy

Now that we looked at the basics, let's have a close look at the tools.

Microsoft's Modern Management Tools

While there are many tools that fall under the Modern Management umbrella, I picked out the most important ones in the Microsoft Enterprise Mobility & Security (EMS) and Windows Analytics space. 

Microsoft Enterprise Mobility + Security (EMS)

When speaking of Microsoft's Modern IT Management, first and foremost the Microsoft Enterprise Mobility + Security (EMS) suite with its components Microsoft Intune, Azure Active Directory, and Azure Information Protection comes to mind:

• Microsoft Intune. Microsoft Intune is a cloud-based devices, mobile applications and PCs management solution that allows you to centrally manage your corporate applications, data, and resources from anywhere on almost any device. It is worth noting that if you are planning to use the co-management option, you cannot have a hybrid MDM environment (meaning Intune integrated with Configuration Manager) enabled. Rather, you will have to move all your users to Intune before switching associated Windows 10 devices on for co-management.
• Azure Active Directory, or Azure AD for short, is Microsoft's ID-as-a-Service offering which allows IT to manage user IDs and create intelligence-driven access policies and provides centralized identity and access management. Azure AD is essential to Microsoft's Cloud and Modern IT Management strategy as it is an integral part of Office 365, Azure, and EM&S.
• Azure Information Protection. In addition to Azure AD, Azure Information Protection (AIP) allows you to tighten security on  documents and emails automatically based on pre-defined rules and conditions. It can also be applied manually by users, or a combination of both.

Windows Analytics

Secondly, Microsoft has embedded Windows Analytics capabilities within Windows 10 ever since the Creator's Update. The goal of Windows Analytics is to gather and provide insights into the health and efficiency of your IT infrastructure. As a subset of Microsoft's Operations Management Suite (OMS), a cloud-based service to monitor and automate on-premise and cloud environments, Windows Analytics provides several tools that can be used as stand-alone solutions or together:

• Upgrade Readiness. While Microsoft positions Upgrade Readiness as an end-to-end tool to plan and manage your Windows 10 upgrade process, it should be understood as a useful supplemental tool to gain additional insights on potential app/driver compatibility blockers as well as computer, application, and driver readiness to further identify any compatibility issues and possible known fixes. However, for an enterprise upgrade process, telemetry data just isn't sufficient to make a confident upgrade decision. 
• Update Compliance. Enterprises can use Windows Update Compliance to ensure that all their devices, even remote ones, are updated and in compliance with your anti-malware regulations. It creates an inventory of all Windows devices and overlays it with their Windows diagnostic data, Windows Defender Antivirus data, and other information. 
• Delivery Optimization. Device Optimization, first introduced in 2016 and improved with the most recent update, allows IT to download an update locally and then use the local network to distribute it locally to connected devices — saving bandwidth.
• Device Health. Windows Analytics Device Health uses Windows diagnostics data to identify and remediate common IT issues. It can be used with Upgrade Readiness and Update Compliance,

Conclusion

Microsoft's Modern IT Management vision — while a lot of bits and pieces that in themselves provide advanced capabilities and valuable insights — is still more visionary than practical. The vast majority of large organizations and enterprises are still not willing to completely throw their traditional ways out the window and move their entire IT management infrastructure into the cloud on a subscription-based service. What is missing is an overall framework to pull it all together and automate it in a bigger picture. 

What are your plans and thoughts around Modern IT Management? We would love to hear what you have to say in the comments.