IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
BYOD
#
Microsoft
#
MDM
MDM In 2021 – It’s time to switch to modern management
Mon, 8th Mar 2021
FYI, this story is more than a year old
Author image
By Nick Forrester, Senior News Editor
Follow us

Mobile device management (MDM) has existed since the days of Blackberry and the first truly smart enterprise-grade mobile devices. Over the last decade, this tech has matured and expanded to manage iOS, Android, and now Windows 10 and macOS.

MDM has been redefined as ‘modern device management', and Microsoft's Intune is now becoming the clear category leader. It is achieving widespread global adoption as part of Microsoft 365's success, with 35% global MDM market adoption expected in 2021 and over 50% in 2022.

Figure 1 – Intune adoption as percentage of market. Brad Anderson, CVP Microsoft

Modern Device Management on Windows devices is fundamentally different to traditional device management such as SCCM, yet very similar to traditional mobile device management on iOS and Android. 

Microsoft Intune vs traditional Windows management

The fundamental difference between Microsoft Intune and traditional management is the concept of profile-based management. This moves away from image-based management, which has been used all the way back to Windows NT - Configuration Manager, or SCCM as it used to be called, and was designed and released in 1994!

A profile is a cluster of configuration settings that are applied to a device based on group membership via the cloud. Think group policy objects (GPOs). These profiles can be built modularly with multiple profiles assigned to a single person depending on their job profile and app use. Images tend to be based on a single golden image that is standardised across the organisation, requiring manual effort to install additional applications that may be required for specific job functions.

Profiles get applied over the top of the base state of the device and can be reversed without affecting the device itself. With imaging, the hard drive itself is overwritten and cannot be reversed. So, devices can be repurposed remotely, and remotely wiped, without IT overhead.

With Intune, companies can also leverage Windows Update for Business, using a concept called deployment rings based on profile settings. Devices stay up to date based on their deployment cycle, and IT no longer needs to worry about patch management for Windows devices.

All these capabilities have been available on iOS and Android for some years using traditional MDMs. Now Windows 10 devices can be managed like a smartphone. 

Lower device management and licensing costs 

91% of companies lowered their device management costs after switching to Intune according to Brad Anderson at Microsoft Ignite, 2020. They also saw an 18% decrease in device management admin time. IT teams can thus work on innovation instead of keeping the lights on.

Microsoft Intune is included in the Microsoft 365 license, so users can save licensing costs by sunsetting existing MDM solution as Intune supports iOS, iPadOS, macOS, Android, and Windows. 

Faster onboarding and device replacement

Using Microsoft Intune also allows users to leverage Zero Touch Provisioning. Zero Touch Provisioning is a solution that integrates systems like Windows Autopilot, Apple Business Manager, Android Enterprise, and Knox Mobile Enrollment (for Samsung devices).

When procuring a new device for employees, organisations can ship the device directly to the employee and it automatically gets enrolled into Intune. This cuts onboarding from weeks to days. Employees can configure a new device over the air, usually in under 30 minutes.

Figure 2 - Illustration of legacy device provisioning vs zero touch provisioning

Better security for modern Work

With Microsoft Intune, devices are always patched and current, granting visibility of non-compliant devices. Furthermore, combining Intune with Azure Conditional Access allows users to setup risk-based authentication and a zero-trust environment.

BYO devices can also be secured by leveraging Mobile Application Management (MAM) policies, user enrolment - work profile, and Windows Information Protection. This means organisations can protect data on their employees' devices without managing their personal device.

Remote work-friendly device management

Microsoft Intune is a cloud-first technology and moves companies to a ‘post-domain' world. Having visibility of devices from anywhere allows companies to manage devices from anywhere, and provides many remote support capabilities not previously possible.

Let's face it, 2020 has changed employer and employee expectations on remote work. PCs are not in the corporate domain any longer, and device management technology, designed for remote work, is necessary.

How to get started? 

To get your company started with modern device management, consider contacting Mobile Mentor. Check out their services for Microsoft Intune including Intune Security Baseline, Zero Touch Provisioning, Intune for Windows, or their Configuration Manager to Intune Migration Workshop.

Related stories
Trustifi launches innovative phishing detection training for MSPs
Nasuni's new guides assist users with Microsoft Copilot AI integration
Formlabs unveils Form 4 range, revolutionising professional 3D printing
Qualtrics appoints Gurdeep Singh Pall as AI Strategy President
Microsoft, Siemens unite to streamline IoT & digital twin tech
Top stories
Intel reshuffles Asia Pacific leadership to boost business growth
Coalition integrates cyber risk platform with top cloud services providers
Sapia Labs presents 'revolutionary' AI research at SIOP conference
Armis warns of major cyber-attack risk to 2024 global elections
Scality & Ingram Micro partner for market distribution of ARTESCA