What's new in Microsoft Endpoint Manager - part 1

[anyweb]

Introduction

These are my notes from a session shown today @ Microsoft Ignite 2020, the session was hosted by Steve Dispensa (Director of Program Management at Microsoft Endpoint Manager) and Ramya Chitrakar (Director of Engineering at Microsoft Endpoint Manager).

For the last couple of years at Ignite I blog my notes for sessions I'm interested in as I always find it nice to later refer to this reading material and punctuate it with content I've covered, and sometimes the videos just flow by too fast and you miss out on important points. Where appropriate I'll link to content that I've covered that is referred to in the video.

This is part 1 of a two part series:

•     What's new in Microsoft Endpoint Manager - part 1 (this part)
•     What's new in Microsoft Endpoint Manager - part 2

Agenda

• MEM and the new normal
• What's new in Microsoft Endpoint Manager
• Demos
• Takeaways and next steps

MEM and the new normal

A year ago we all started our day in the usual way, grabbing coffee, going to the office, and interacting directly with our fellow colleagues but Covid 19 changed that very quickly as businesses shut their doors all around the world. I know this myself as I've been working from home since mid-March this year and as a direct result of that I upgraded my home office to make the work environment more appealing.

Now many of us are working from home either full time or most of the time, and that involves changes in how we access and use company resources. We are working across more devices, more scenarios and often without the traditional safety net of onsite support or help desks that you can visit directly for assistance.

This rapid change has guaranteed one thing, all businesses must have a remote working plan that lets employees work with 100% productivity from home.

"Businesses need users to be fully effective when working remotely and need to be able to switch between remote work and office work without missing a beat"

Last year at Ignite Microsoft released Microsoft Endpoint Manager, the integrated solution between all the endpoints in your estate.

MEM brings together Intune (intelligent cloud) for all of your cloud attached endpoints, Configuration Manager (Intelligent Edge) for all your on-premises endpoints and other endpoint management tools suchs as Windows Autopilot, Desktop Analytics and Proactive Remediations to bring the power of the cloud to your whole enterprise. Microsoft have seen exponential growth in cloud attachment in the last year.

"Massive customer adoption"

MEM brings together the most comprehensive set of endpoint management capabilities in the industry. Starting with security it integrates with the most sophisticated solutions in the market and lets you establish baselines and implement policy for your users and devices. Risk based controls like Conditional Access lets you make sure that your endpoints are secure and compliant before gaining access to sensitive company resources.

Unified management has deep integration with Microsoft 365 apps and the new Microsoft Edge. Zero touch provisioning works across different platforms to deliver unprecedented efficiency for IT Pros. And of course there is advanced analytics with Desktop Analytics, Log Analytics, real time advanced threat detection and more, and of course it's all deeply integrated with Microsoft 365 and can utilize RBAC (role based access control), Microsoft Graph (to automate tasks), PowerShell, auditing and cloud content optimization.

So how does it all fit together ?

"Tenant attach"

Microsoft's goal is to bring the power of the cloud to your whole enterprise. Microsoft released tenant attach which allows you to have an easy and low risk path to cloud attached Configuration Manager to start gaining cloud benefits. I blogged about tenant attach when it was first released in Endpoint Manager technical preview below:

• Enabling tenant attach
• Utilizing tenant attach

Organizations can also use co-management to manage Windows 10 using both Config Manager and Intune at the same time, this capability is unique in the industry. New customers can go directly to the cloud with Intune or migrate over time with co-management of Config Manager and Intune.

Below you can see the increase in numbers of Windows 10 devices managed in the cloud (Intune) in the last year.

The target for next year is 35% managed by Intune and by 2022 they are forecasting 50% of Windows 10 devices will be cloud attached.

Nobody had it easy through this crisis, but customers that had modern management definitely had a smoother run. The pandemic drove permanent changes in the way modern workplaces worked, customers deployed CMG's, VPN usage went crazy.

At this point however most customers have made it through the initial problems and are focusing on  rebuilding for the future. So let's focus on the new capabilities in Microsoft Endpoint Manager.

What's new

MEM will support virtual endpoints so you can support Windows Virtual Desktop and later this year, third party VDI right alongside your physical pc's. They will preview this capability later in the year.

Customers want to manage all their endpoints with MEM and Microsoft have a first class management experience of MacOS. New capabilities there as well including the ability to deploy scripts to devices, new enrollment experiences that utilize Single Sign-on improvements across applications and new managed life-cycle features.

Shared iPad for Business support. Will let customers deploy shared iPads to users, login with their Azure AD work accounts in separate partitions on the device including having each user having a separate device passcode on the device.

Introducing Microsoft Tunnel. Customers have been asking for this literally for years. Tunnel allows you to connect your users on iOS and Android to apps and services. Full device and per app VPN with split tunneling. Natively integrated with Microsoft 365 and Conditional Access so you can protect your sensitive company resources.

This is now available in preview to a broad audience over the next couple of days. Please check it out.

 

"Zero Trust"

Cloud attached management is critical to Zero Trust Security and Endpoints are trusted only when identity is securely established.

MEM si growing fast, and it also offers the following areas of investment in new classes of shared devices. Today Microsoft will announce the general availability of Endpoint Analytics which is one of the fastest growing new capabilities in MEM.

 

 

Every cloud attachment is unique and there are several different on-ramps to cloud management and (according to Microsoft) it's just a couple of clicks, but in reality you do have to satisfy prerequisites and those take some time to setup prior to those clicks.

 

Demos

As Steve already mentioned there's been a massive shift towards remote work and a strong indication that this trend will continue even in the long term. Ensuring business continuity and resilience is going to be key for IT. Microsoft Productivity score and Endpoint Analytics enable the IT Pro to understand how organizations are working, how technology is supporting them and how productive their end users are.

"Microsoft Productivity score and Endpoint Analytics enable the IT Pro to understand how organizations are working, how technology is supporting them and how productive their end users are."

Analytics really makes the IT Pro the hero. Endpoint Analytics is release to general availability at Ignite, Microsoft Productivity Score will be released in October.

Below you can see the productivity score and how it displays employee experience and technology experience.

Endpoint analytics is part of Technology experience, last year Microsoft announced some cool new features in that area to measure startup performance.

It also offers Proactive remediations, recommended software and application health reports.

Application health (new) is based on the 0-100 paradigm.

 

Shows you top applications that affect your performance over the last 14 days. Overlays crash data over the usage of each app and the number of devices that are using this app. This let's you focus on the top applications that are impacting productivity.

Conditional access

Conditional access enables zero trust access control where identity is the parameter and all endpoints are treated equally regardless of the network that they attach to. Customers are telling Microsoft that they have some legacy applications that are simply not ready for modern  authentication and conditional access.

"Microsoft Tunnel is a mobile access gateway. Microsoft Tunnel is a vpn gateway to allow your iOS and Android users to access apps and on premise resources using modern authentication, single sign-on (sso) and conditional access."

Microsoft Tunnel is a mobile access gateway to take care of this. Microsoft Tunnel is a vpn gateway to allow your iOS and Android users to access apps and on premise resources using modern authentication, single sign-on (sso) and conditional access. This is setup by the IT admin. There are three main steps.

1. Configure the gateway
2. Deploy VPN profile for Tunnel
3. Deploy Edge and Tunnel apps for these devices

You can find this new functionality under Tenant Administration in the Endpoint Manager console.

Key takeaways

Recommended reading

• Working from home - the new reality
• Introducing Microsoft Tunnel
• Microsoft Productivity Score https://adoption.microsoft.com/productivity-score/
• Endpoint Analytics https://docs.microsoft.com/en-us/mem/analytics/overview
• Microsoft Endpoint Manager https://endpoint.microsoft.com