Microsoft Endpoint Manager 2103 Adds Cloud Configuration and Tunnel Features

Microsoft on Thursday highlighted a few additions this month for users of Microsoft Endpoint Manager, which is used for configuring and managing devices and servers.

The March improvements are enabled by Microsoft Endpoint Manager service release 2103, released this month. A list of the improvements are compiled in this "What's New" document.

Microsoft's Thursday announcement just focused on a few additions, namely Windows 10 in cloud configuration support and new perks in Microsoft Tunnel, which is still at the preview stage. There also were lots of Apple device management enhancements.

Windows 10 in Cloud Configuration
Service release 2103 now lets Microsoft Endpoint Manager users deploy Windows 10 devices using the "Windows 10 in cloud configuration" process.

Microsoft had earlier described Windows 10 in cloud configuration as a way to carry out Windows 10 deployments using its simplified recommended settings. This guided scenario "automatically adds the apps, and creates the policies that configures your Windows 10 devices in a cloud configuration," according to Microsoft's "What's New" document.

Windows 10 in cloud configuration, while sounding optimal, isn't for every organization, though. It's designed for organizations that can get away with delivering the same set of apps to all end users, without adding customizations and without having on-premises dependencies. Devices need to be domain-joined using Azure Active Directory, which is Microsoft's cloud-based identity and access management service. Device management happens through Microsoft Intune, the mobile device management solution that's included in Microsoft Endpoint Manager subscriptions.

Even though Windows 10 in cloud configuration is just a bunch of easy-to-apply configuration settings, there are requirements to use it. Organizations will need subscriptions to Microsoft Intune, Azure Active Directory Premium P1, Microsoft Teams, OneDrive for Business and at least the Windows 10 Pro edition.

Microsoft Tunnel Preview Perks
Microsoft Endpoint Manager service release 2103 now delivers new "performance and health metrics" for Microsoft Tunnel users via the "Heath Check Tab" link. It shows "the top four health checks -- CPU, memory, latency, and your Transport Layer Security (TLS) certificate," the announcement explained. IT pros can use that information to carry out troubleshooting tasks, although Microsoft Tunnel is still at the preview stage.

Microsoft Tunnel was first introduced as a public preview release at Microsoft's September Ignite conference. It's used to connect mobile devices to an organization's network resources. It supports virtual private networks, split tunneling and the use of Microsoft's Conditional Access compliance service.

In related news, Microsoft Tunnel is now available in the Microsoft Defender for Endpoint preview version, which is Microsoft's cloud-based security forensics solution (a separate product from Microsoft Endpoint Manager). Microsoft is planning to phase out the older client version of Microsoft Tunnel at some point, the "What's New" document explained. 

To try the Microsoft Tunnel preview in Microsoft Defender for Endpoint, IT pros need to jump through a few hoops, as described in the document:

For this preview, you must opt in to gain access to the preview version of Microsoft Defender for Endpoint, and then migrate supported devices from the standalone Tunnel client app to the preview app. For details, see Migrate to the Microsoft Defender for Endpoint app.

Apple Automated Device Enrollment
Microsoft Endpoint Manager service release 2103 also bumps up capabilities for organizations using Apple's Automated Device Enrollment solution. It's typically used for no-touch enrollments of "large numbers of devices."

Microsoft has made "architectural changes" in Microsoft Endpoint Manager service release 2103 to "enroll three times the number of devices per single token with the same profile." This change was done mostly to meet the requirements of healthcare organizations and school districts, the announcement explained.

Other Perks in Microsoft Endpoint Manager
The "What's New" document described a few other tidbits associated with Microsoft Endpoint Manager service release 2103.

For macOS devices running Apple's silicon hardware, Microsoft Endpoint Manger will deploy Microsoft 365 apps as so-called "Universal" versions, which is Apple's term for software that runs on its M1 system-on-chip technology. Microsoft had announced Apple silicon support in its Microsoft 365 and Office 2019 applications back in December. Microsoft Endpoint Manger also now deploys the Microsoft Edge browser on Apple silicon-based macOS devices as the Universal version.

Microsoft expanded the number of iOS or macOS devices per enrollment token. The old limit was not more than 60,000 devices per token. It's now at not more than 200,000 devices per token. 

IE 11 Support for Intune Is Ending
Microsoft is killing off Internet Explorer 11 admin portal Web access to Microsoft Intune on March 31, 2021. IT pros are encouraged by Microsoft to use the Microsoft Edge browser instead, or use "another supported browser," by that end date.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube