Endpoint management | How to find your way to the cloud

Why (at least partly) shift endpoint management to the cloud?

The people in most organizations are no longer sitting in the same predictable spot every day, in the office, in front of a fixed workstation. Rather steadily than slowly, endpoint management is moving up high. Its future, it seems, is in the cloud. Up there, it will operate as a service.

Of course, lifting and shifting an established endpoint management solution towards a new one is a real IT-challenge. And even though working with the newest tools and services is attractive to most IT professionals, there is also a golden rule that tends to linger: “If it isn’t broken, don’t try to fix it.” Many organizations have invested heavily in their Microsoft Endpoint Manager Configuration manager (formerly known as System Center Configuration Manager). Understandably, they do not want to blindly ditch current knowledge and procedures.

But no matter how one looks at, the hybrid workplace and the ever-increasing need for flexibility and mobility of devices require features that a pure on-premise setup simply cannot deliver. Collaboration and productivity services implemented or migrated within Microsoft 365 have proven to be too beneficial to ignore and to really be effective, endpoint management can not stay behind. Or should we say ‘under (the cloud)’?

So how do you modernize without wasting the existing investements? Our advice: the configuration of co-management.

Endpoint device

What is Co-management?

Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It helps you unlock additional cloud-powered capabilities.

Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Microsoft Intune. It lets you cloud-attach your existing investment in Configuration Manager by adding new functionalities. By using co-management, you have the flexibility to use the technology solution that works best for your organization.

When a Windows 10 device has the Configuration Manager client and is enrolled to Intune, you get the benefits of both services. You control which workloads, if any, you switch the authority from Configuration Manager to Intune.

Configuration Manager continues to manage all other workloads, including those workloads that you don’t switch to Intune, and all other features of Configuration Manager that co-management doesn’t support. Below is a visual overview of the combination of Intune and Configuration Manager and how they work together.

Co-management is a valuable feature of Microsoft Endpoint Manager. Microsoft Endpoint Manager is a global endpoint management solution which covers both on premises environments and mobile endpoints. Another important element of Microsoft Endpoint Manager is Microsoft Intune. Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. Intune integrates with Azure Active Directory (Azure AD) to control who has access, and what they can access.
In summary with Intune, you can:

  • Choose to be 100% cloud with Intune, or be co-managed with Configuration Manager and Intune.
  • Set rules and configure settings on personal and organization-owned devices to access data and networks.
  • Deploy and authenticate apps on devices — on-premises and mobile.
  • Protect your company information by controlling the way users access and share information.
  • Be sure devices and apps are compliant with your security requirements.

How to get the best out of co-management?

After enabling co-management you get immediate access to new features within endpoint manager. Below is a summary of the functionality you gain by simply enabling co-Management with Intune or which services are easily migrated. Not in the least, they are instrumental in judiciously dealing with your security.

These rules define requirements for devices, like minimum operating systems or the use of disk encryption. Devices must meet these rules to be considered compliant.

• Conditional Access:
By using Conditional Access policies, you apply the right access controls when needed to keep your organization secure and stay out of your user’s way when not needed.

• Cloud Management:
A wide variety of real-time actions, like remote factory reset or wipe for a stolen device. Crucial whenever you need to take instant actions on devices, no matter where they are.

• Autopilot:
Windows Autopilot simplifies the Windows device lifecycle, for both IT and end users, from initial deployment to end of life.

• Windows Updates
These enable IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.

After you pick this low-hanging fruit, it is possible to migrate the remaining services towards endpoint manager. With heavy usage and complexity in the current Microsoft Endpoint Manager Configuration Manager it is advised to perform a phased approach or to remain in a hybrid setup. New applications and settings can be configured with endpoint manager while existing applications or settings can remain in the on-premises configuration manager.

Want to acquire more knowledge?

Check out our Endpoint Management & Security Workshop. It is a multi-step engagement that Xylos can offer to help a customer get an understanding of the Microsoft Endpoint (Cloud) Management story with focus on insights on their device security posture and move forward to a secure modern management environment.

As a FastTrack Ready Partner, we are approved by Microsoft to provide the FastTrack benefit to your organisation, which includes best practice guidance and deployment support for MEM. Customers with eligible subscriptions can use this service at no additional cost.

More about Microsoft FastTrack

Xylos is authorized by Microsoft as FastTrack Ready Partner (FRP) to deliver the FastTrack Benefit on behalf of Microsoft. There are only 300 Partners Globally acknowledged as FRP (closed set of elite M365 partners).
Microsoft provides the FastTrack service to help customers successfully deploy and drive user adoption of Microsoft 365 solutions. When customers purchase eligible Microsoft 365 licenses, the FastTrack benefit is included at no additional cost for the life of their subscriptions.

Discover more information from Microsoft

What is Co-Management?

Microsoft Endpoint Manager

PowerApps | Display more than 20 items for Managed Metadata fields
How to get the most out of your Microsoft 365?

Community event - 17/10/2023
Back-up & Disaster recovery: Uitdagingen en oplossingen