The End User IT landscape has become increasingly complex, with many management tooling options for managing devices, workstations, mobile systems, people, and processes in the Modern Workplace.
One such management tool increasingly on the radar of large enterprises is Microsoft Intune. It is currently leading in the Gartner Magic Quadrant for Unified Endpoint Management and ranked the top solution in top Enterprise Mobility Management (EMM) tools by the people who use it in PeerSpot.
Like many other players in the endpoint management ecosystem, it started primarily focusing on mobile device management (MDM), but development progress has expanded its ability to manage Windows systems. With customers clamoring for cloud based endpoint management, tight integration with Windows 10 and the recent release of Windows 11, Intune can be confirmed as a leading cloud solution of choice for the Modern Workplace.
In the first of our blog series about Microsoft Intune, we explore the reasons behind the rise in popularity of the product and the impact that wide scale adoption will have on device and application management in the future.
Intune Vs. SCCM Vs. Hybrid
Microsoft Intune is a cloud-based service that focuses on Mobile Device Management (MDM) and Mobile Application Management (MAM).
It is part of Microsoft's Enterprise Mobility + Security (EMS) suite and integrates with Azure Active Directory (Azure AD) to control the who and what of access management. It also integrates with Azure Information Protection for data protection, and can be used with the Microsoft 365 suite of products as part of the complete license solution stack.
Microsoft Intune controls how an organization's devices (or BYOD) are used, including mobile phones, tablets, and laptops, and ensures the workforce's corporate resources (data, devices, and apps) are correctly configured, accessed, updated, and most importantly, protected.
Released in 2011, Microsoft Intune launched as a replacement for SCCM. However, in reality, it was more of an MDM platform, and due to the lack of endpoint management controls and features found in on-premise solutions such as SCCM, it meant that adoption has been slow and steady. However, feature and functionality developments (26 releases between Feb-Aug 2020 alone) and tight integration with the Microsoft cloud, OS and productivity tools stack have now made this a compelling proposition.
The continued lack of feature parity, particularly around application management, means that many organizations will operate a Microsoft Intune and SCCM hybrid model. A model that is costly, complex, and crying out to be modernized and be moved to the Cloud.
Device Management In The Cloud
Many organizations' current direction of travel and ambition is to move all device management to the Cloud.
By utilizing Microsoft Intune, all SCCM infrastructure can be removed and the significant cost and complexity associated with managing and maintaining it driven out. In addition, as Microsoft Intune is a cloud-based solution that brings mobile devices and desktops into a single management platform, it makes total device management much more straightforward. It also provides the additional benefit of integrating seamlessly with new or updated Microsoft technologies.
Organizations will also benefit from Microsoft Intune integrating with existing Autopilot technology for off-the-shelf new device provisioning. So, if you buy a new laptop, for example, and it's already registered with Autopilot, the system can automatically push down the right organizational settings and policies for that device. It then works with Microsoft Intune to identify what applications the user profile requires applications get pushed down. This cloud-based solution requires no on-premise IT infrastructure to operate, meaning you can orchestrate an entire end-to-end hardware refresh process from the Cloud.
This simplicity and cost-saving are why Microsoft Intune is so attractive as a solution for the Modern Workplace.
Microsoft Intune Takes The Edge
In addition to cost considerations, every organization has responsibility for protecting and controlling the way users access and share company information, ensuring that devices and applications are compliant and secure. The requirement has been heightened during the pandemic, with a surge of remote workers and the priority to ensure that end users have secure access to the applications they need to do their work from anywhere and on any device. For IT, this can present a challenge as many device platforms and application types may need to be managed and kept secure on both company and end-user devices.
This is where Microsoft Intune comes into play and replaces the traditional method of accessing information, applications, and data via a VPN when working remotely. And, as Microsoft Intune is a cloud-based device management solution, every aspect of the device lifecycle can be performed remotely, without an Admin ever needing to see or touch a device that Intune manages.
Microsoft Intune helps employees continue working effectively regardless of where they are or what device they want to use. The combination of MDM and MAM features in Microsoft Intune is designed to achieve this and control settings, features, access, and security of all devices easily via the Cloud.
The product has many benefits in addition to cost savings and security. It's adaptable and compatible with many devices and software, including iOS, Android, and Windows, and easy to secure new and existing devices seamlessly across different departments and locations at scale. In addition, it gives the organization complete control by providing the ability to control how devices and data are used, tailored to the needs of the business.
Microsoft Intune And Modern Application Management
Modern device management requires modern application management, as an organization needs to determine which applications the end-users require and the required platforms, configuration, and protection to distribute and run them. Managing applications on organizational devices and BYOD is vital to a secure and productive application ecosystem.
Microsoft Intune supports various application types, ranging from store applications to custom in-house applications. Once applications are added to Microsoft Intune, they are deployed and assigned to users and devices using Azure AD. IT Admin can modify the functionality of the applications in deployment, fully aligning them with the organization's compliance and security policies. However, before any application can be configured, assigned, protected, or monitored, it must be added to Microsoft Intune. This requires several considerations to be made.
Firstly, the application itself needs to be packaged or wrapped in the correct format of .intunewin or MSIX to be compatible and work in Microsoft Intune. The migration plan and identification of suitable candidates need serious consideration. Neither is simple when faced with a complex and large application landscape, a myriad of end users, devices, and operating systems, and continuous feature releases and updates.
Watch Video: How To Create An New .intunewin Package for Microsoft Intune Using Juriba's appM
Defining your application strategy when moving to Microsoft Intune is critical, deciding whether to move every one or just specific users and then the onward management. Decisions must be made on which applications to move to Microsoft Intune to ensure that they are repackaged and converted in the correct order for maximum velocity. This requires understanding of the current application inventory coupled with a plan that drives user and device candidacy across multiple different moving workstreams.
Once the Intune trajectory is set, several activities get underway:
- Identifying those apps that can be rationalized
- Assessing suitable app candidates for conversion to the required formats.
- Converting and repackaging the applications.
- Building the device and application migration plan and user comms before deployment takes place.
The task at hand is challenging, and having or utilizing the right tools and processes will be imperative. Utilizing automation can help in the initial planning, onward project management and the repackaging, deploying, and modernizing of the application estate.
So, What's Next?
For most organizations the adoption and migration to Microsoft Intune is no longer an ‘if’ but a ‘when’. Given the dominance of Microsoft’s Modern Workplace Platform, Microsoft Intune and its ever-expanding feature set, is perfectly placed for the journey to enable remote device management.
Despite the initial hesitant take up (Gartner states that less than 5% of businesses have a single console for Endpoint Management and security in place), as the cloud solution matures, widespread adoption is now predicted for the next 18 months. This will be further accelerated by more organizations providing employees with flexible workspaces and the tools to be able to work from anywhere. Cost savings, simplification, and operational efficiency will also continue to drive the move the cloud management.
However, like the adoption of any different technology, successful Microsoft Intune deployment or migration starts with planning, and having the right tools and processes in place.
Want more content on the management tool driving modern workspace? Stay tuned for our next blog, as we turn our attention next to Microsoft Intune in the market and dive deeper into why it is the way - reality vs. the hype.