Microsoft Endpoint Manager: The Intune successor can do that

Endpoint Manager is Microsoft’s UEM offering and is intended to reduce the administrative burden for IT admins. Here’s how it works. […]

Microsoft Endpoint Manager aims to make life easier for IT administrators (c) pixabay.com

Organizations that want to offer their employees flexible working environments – whether on desktops or mobile devices, in the office or in the field – have long depended on an IT department that consolidates the management of hardware into a single console. With this IT goal in mind, Microsoft launched its cloud service Intune in 2011 to meet the new needs of enterprises for Enterprise Mobility Management (EMM). Decided in 2019 Microsoftto connect the Unified Endpoint Management (UEM) platform Intune with its Configuration Manager (ConfigMgr) to Manager, allowing users to access both through a single interface.

Manager makes Intune licensing available to all ConfigMgr customers to manage Windows devices together. In addition to a management interface for ConfigMgr and Intune Endpoint Manager:

  • das Device Management Admin Center (DMAC),
  • Windows Autopilot and
  • Desktop Analytics.

The software offers On-Premises– and cloud management tools for IT admins to deploy, deploy, manage, and secure endpoints (desktop, mobile, or app) across the enterprise. Simply put, Manager is designed to simplify the management of a multitude of devices in a way that protects corporate data and allows employees to get work done using both corporate and personal devices. Endpoint Manager combines MDM (Mobile Device Management) with MAM (Mobile Application Management) functions and, although anchored in the Windows ecosystem, can also manage hardware with other operating systems, including macOS, iOS and Android. Microsoft plans to also use its Endpoint Manager to manage cloud PCs as part of the Windows 365 project to be presented in mid-2021.

The renaming of Intune to Endpoint Manager initially caused confusion due to overlapping tools. However, companies using Endpoint Manager now know that they have a number of functions at their disposal, says Dan Wilson, senior director analyst at Gartner. The combination of Intune and SCCM/ConfigMgr is in a way the answer of Microsoft to the question of whether classic PC management was finally dead. Traditional management tools would continue to play a role in collectively managing PCs that require routine lifecycle tasks like disk imaging and MDM.

When Intune was released, companies were just figuring out how to manage the sudden device onslaught on corporate data and networks – a result of the bring-your-own-device (BYOD) trend that followed the introduction of Apple’s iPhone in 2007. Driven by corporate BYOD programs, hardware management has evolved from a Windows-dominated world to an increasingly diverse world that includes iOS, Android, and Apple devices. As more work processes take place on mobile devices, the momentum of UEM increases as all user-facing devices can be managed from a single console.

Gartner’s Perspective on the Endpoint Management Evolution (c) Gartner

According to Gartner, 50 percent of company-owned Windows 10 PCs will be managed with EMM or UEM tools by 2022. That should help companies increase operational efficiencies. The challenge for many companies will be deciding between a platform like Intune and building a management ecosystem based on software from a variety of third-party providers. According to Gartner, to be successful, a UEM system must not only be integrated with client management tools, but also meet the following objectives:

  • Providing a single console to configure, manage and monitor mobile devices, PCs and IoT assets.
  • Unification of privacy, device configuration, and usage policies.
  • Providing a consolidated view of multi-device users for better end-user support and more detailed workplace analytics.
  • Coordinating the activities of related endpoint technologies such as identity services and infrastructure.

The big difference between MDM and UEM: The latter considers the management of desktop hardware in the same way as that of mobile devices and can manage multiple operating systems. Most UEM software vendors originally came from the MDM and EMM market – and many of them have added Windows management capabilities in recent years. But Chrome OS and macOS platforms are now also supported by many providers.

Client management tool vendors have generally been a little slower to expand, as Wilson notes: “The 2021 UEM market includes more traditional client management vendors adding agentless management to modern PC operating systems and mobile devices to have. Traditional MDM/EMM vendors tend to focus on device-agnostic, secure workspaces and security-focused mobile use cases rather than advancing PC management capabilities.”

The variety of operating systems is becoming increasingly important, according to the Gartner chief analyst, as the increasing prevalence of Chrome OS and Linux places additional demands on UEM. Streamlined macOS support is also important — UEM vendors are working to narrow the feature gap between them and Apple-centric management tools.” Microsoft BlackBerry, IBM, Ivanti and VMware are also among the UEM providers, as a look at Gartners Magic Quadrant 2021 for UEM indicates.

Through the console of Endpoint Manager IT admins can implement a UEM strategy that engages end users across any hardware platform. Rules apply as to who can access which applications and data. On mobile platforms, UEM leverages MDM APIs to enable identity management, Wi-Fi management, operational analytics, and asset management.

At least in theory, UEM also allows IT to manage all devices (smartphones, tablets, laptops, desktops, IoT devices) remotely via a unified console, to be controlled and secured. Some UEM products also enable mobile application management, allowing IT admins to control access to specific business applications—and the content associated with them—without controlling the physical device.

This is how Microsoft visualizes the network of relationships between Endpoint Manager and Intune (c) Microsoft

Intune’s integration with Azure AD and Azure Information Protection allows administrators to classify (and optionally protect) documents and emails by applying access rules and conditions. Intune’s integration with Azure Data Protection allows admins to watermark any image captured with a mobile device, whether it’s corporate-issued or through a mobile device Corporate BYOD Policy has been used.

In order to simplify device management – ​​especially for Windows-based companies – Microsoft added native EMM functionality to Windows 10 via Intune in 2019. In all editions of Windows 10, including those for desktop, mobile, and Internet of Things (IoT) hardware, the client provides an interface through which Intune can manage any Windows 10 device. According to Microsoft Should the administration tools that work in Windows 10 also work in Windows 11?

Intune enables conditional access, including denying access to devices not managed by Intune or compliant with corporate IT policies, management of Office 365 and Office mobile apps, and management of PCs running Windows Vista or newer Windows versions. An open API also allows third parties like SAP to integrate their application access controls with the Intune user interface. Many of the basic application and system deployment functions required for Windows 10 and 11 business laptops and PCs can also be performed from EMM control panels. Endpoint Manager Works with agent-based SCCM to support advanced PC and server management capabilities.

has in recent months Microsoft announced a number of updates to Endpoint Manager, including the feature in the admin center Endpoint-Analytics-Reportings to create. This provides insight into device performance and helps IT proactively troubleshoot policy or hardware issues. In addition, has Microsoft Tunnel Introduced a VPN gateway for Intune that allows Android and iOS devices to remotely connect to on-premises applications and resources. In June 2021, the Android Enterprise support introduced, with which work and private data can be separated on company-owned devices. (FM)

This post is based on an article from our US sister publication Computerworld.

*Matthew is based in the UK and writes on collaboration and enterprise IT for our US sister publication Computerworld.

.

Leave a Comment