Más contenido relacionado

Similar a 2023-03 - Workplace Ninja - Migrating to a modern device management.pptx(20)


2023-03 - Workplace Ninja - Migrating to a modern device management.pptx

  1. Devices management, then and now The journey to a modern device management solution
  2. Thank you Sponsors
  3. About me Role Solution Architect at AC3 From France Blog Contact met/ Hobbies Lego and watches collector Certifications Microsoft MVP Enterprise Mobility and M365 Apps & Services Various certifications
  4. Agenda What is ‘modern’ device management? Definition of a modern device management solution Device management, then and now Little history of device management Migration options Journey to move to a modern device management solution Migration journey Plan your journey to modern device management Experience Dos and Don'ts
  5. What is modern device management 5
  6. What is ‘modern’ device management? • Referring to essentially translates to ‘cloud-based’ • ‘modern (device) management’ is Microsoft’s recommended overall strategy for managing Windows 10 users and devices utilising the power of cloud technologies • Cloud platforms will work in conjunction with other Microsoft programs such as Autopilot and Intune to automate a lot of the device management process • Less time is spent managing both the devices and the tools used to govern them • Under the hood, devices will move from being managed via Configuration Manager, Active Directory and Group Policy to being cloud-managed through Intune and joined to Azure Active Directory
  7. Challenges of traditional MDM • Reliance on a corporate network • Complex infrastructure • Higher infrastructure costs • Problematic content delivery • OS deployment
  8. Benefits of modern MDM • No on-premises requirements • Content delivery and management delivered securely over Internet • User centric OS deployment • Reduce costs and administrative overhead • Allows secure BYOD • Modern device management helps in digital transformation • Accelerate • Improve • Streamline
  9. Components of ‘modern’ device management • Windows 10 or later • Deployment and provisioning to deliver devices to end-users ready to use • Windows Imaging • Configuration Manager • Autopilot • Intune • Identity and authentication • Azure AD / Hybrid joined devices • Conditional Access • Configuration and updates management • MDM policies • Windows Update for Business • Telemetry • …
  10. Device management: then and now
  11. A brief history of device management 1994 2012 • SMS 1.0 • MS-DOS • For Workgroups • NT 3.5 • SCCM 2012 1999 • SMS 2.0 • Y2K remediation • Active Directory 2003 • SMS 2003 • Advanced Client (MP) 2007 • SCCM 2007 2011 • Windows Intune • service portal on top of the Microsoft Malware protection engine
  12. A brief history of device management 2015 • SCCM CB 2019 • MECM CB • Co- management 2013 202x • Unified endpoint management • Single place to manage PC and smartphone • Use of AAD • Tenant attach • Support for Linux • Support for Google Chrome 2014 • Intune • Mobile application support • Email profile 2015 • Support for MacOS 2019 • MEM • Co-management
  13. Migration options
  14. Migration Options • From scratch • If you have no management solution, third party solution or don’t use SCCM • Co-management • If you have SCCM • SCCM cloud attach • SCCM cloud management gateway • Gradually migrate management workloads • M365 Basic Mobility & Security • If you don’t have Intune but use the M365 Basic Mobility and Security feature (M365 MDM) • Migration evaluation – evaluate and create configuration profiles • For all create device configuration, compliance profiles and applications
  16. Migration Journey
  17. Migration Journey Start Finish 02 01 Assess source environment Migration strategy 03 Target preparation 04 Pilot 05 Migration 06 Decommission On-Premises management Co-management Cloud native management
  18. Preparation steps • Identity and access management • Identity management (cloud vs AD) • Conditional Access • Review existing configuration policies • Group Policies • SCCM policies • Devices • Supported OS (Windows 1x, macOS, iOS, Android, Linux*, Chrome OS**) • What do you need * **
  19. Preparation steps • Applications • Utilisation • Version • Source (MSI, exe, script…) • Windows Update • Intune tenant • Licenses • Configuration Profiles • Current management solution(s)
  20. Experience
  21. Experience • Brand your tenant (see Add company branding to your organization's sign-in page (preview) for new options) • It is not just a device management migration • Don’t replicate your legacy • Don’t over complicate • Limit number of profiles • Use appropriate profiles (configuration, endpoint security…) • Limit use of custom profile (CSP) • Disconnect from Active Directory • Cloud based device (AAD Joined) • Automatic provisioning • Autopilot • Apple ADE • Google Zero Touch • Samsung KME • Android Enterprise enrollment
  22. Experience • Use modern capabilities • Conditional Access • Azure AD Joined Device Local Administrator, with PIM • Administrative Units • Dynamic groups • App Configuration portal ( • Enforce minimum OS version • Modern applications (SaaS) • Application Protection policies • It is an ongoing process
  23. Thank You

Notas del editor

  1. Aria
  2. Aria
  3. Reliance on a corporate network Device management is frequently limited to devices that are visible on a corporate network.  Complex infrastructure Higher infrastructure costs Traditional management can be both technically constraining and costly Problematic content delivery Huge investments into content delivery – widely dispersed distribution points scattered throughout the organisation. OS deployment Time-consuming and often requires administrator interaction with a device before it can be issued to the user.
  4. Accelerate digital transformation. Integrating digital technology with business strategy by changing business models, requires thinking on your feet and pivoting quickly when a new idea, market, or competitor presents itself. Through solid machine identification and appropriate context management, MDM can enable an organization to secure a device or deploy guidelines as strategy demands or modelling dictates. Improve innovation. In many organizations, the company’s first asset a new team member gets is a corporate-owned device. Making the setup experience stress-free to become more agile can undoubtedly help the organizations’ agility in onboarding and retaining talent. In addition, device choice, BYOD (Bring Your Own Device) initiatives and self-service programs demonstrate to all your staff that you understand how important IT is to them. Streamline processes. Security and monitoring allow leaders to embrace relevant data about hard and soft assets instantly, whilst MDM can ensure device compliance before the following valuable idea surfaces. Technologies such as Microsoft’s Conditional Access and Managed Apple ID allow IT to seamlessly separate work and personal data. Tools like Managed Pasteboard and Account Driven Enrollment can help ensure that corporate data doesn’t end up in the wrong app, and allow talent to work from anywhere, securely for themselves and the business. All these settings enable more essential data and content protection within managed apps by restricting data from flowing to non-managed apps and vice versa.