Q&A

Q&A with Panu Saukko on Managing Windows

A Windows management expert explains how much automation is too much, and why one of the most useful features in Microsoft Intune is so hard to get hold of.

• By Gladys Rama
• 05/09/2022

As longtime Microsoft MVP Panu Saukko knows, some of the best tools to manage Windows are often staring you right in the face.

In a session called "10 Tips for Managing Windows" that's part of the upcoming TechMentor conference taking place Aug. 8-12 in Microsoft's Redmond, Wash., headquarters, Saukko plans to shed light on some of the most useful -- but least used -- management features that are already packaged in Windows 10 and Windows 11.

In this sneak-peek of his TechMentor session, we caught up with Saukko to ask him about some of the most relevant issues that IT pros are facing right now about Windows management, from how to manage hybrid workers, to how to maintain the right balance with automation, and more.

Redmond: Has the rise of remote or hybrid work made Windows management more difficult for IT in recent years? In what ways? 
Saukko: The rapid rise of work-from-home forced organizations to ramp up very quickly IT solutions that enable secure access to corporate resources from anywhere. Cloud-based management like Microsoft Intune provides native management capabilities for Internet devices. ConfigMgr customers can install cloud management gateway (CMG) to manage Internet devices easily and cost-effectively. Traditional VPN solutions are also useful, but in many cases, they were not designed to handle the capacity that widespread work-from-home created.

All those solutions were available before the pandemic, but their utilization was much lower. The remote work has made Windows management "different" and might require a little bit of different skills, but not necessarily "more difficult."

How much should IT try to automate Windows management? Is there a point where it becomes "too much" automation? 
Generally, IT should automate common tasks as much as possible. With automation, you get consistent, reliable and repeatable process. Most enterprises have automated the deployment of new workstations either with ConfigMgr task sequences or with Windows Autopilot (and Intune profiles/applications). That is an easy choice, because workstation deployment is a complex process and organizations get many new workstations.

Few customers have automated the creation of new application packages and settings profiles because each application package/settings profile is different. In most cases, creating a new application from the UI is much faster than creating a script to do it.

Automation can cause problems. The classical case is that there is a very skillful employee who does amazing PowerShell scripts. Then she moves to another company and the existing employees cannot make necessary changes to the existing scripts. They might not have enough PowerShell skills and/or the existing scripts have limited or no documentation, or the scripts are too complex. The main issue might not be "too much" automation, but the lack of scripting knowledge and documentation within the organization.

In my experience, "too little" automation is a much more common issue than "too much" automation.

Is there a Windows management feature that -- in your opinion -- has been a total dud? Something that causes more problems, confusion or complexity for IT than it's worth? If so, is there a better way to accomplish the job? 
Microsoft has released a new remote help utility within Intune. With the tool, the help desk can remotely assist users by viewing and potentially controlling a remote device's display. Remote help is nicely integrated to Intune with specific role-based access controls and reporting. Technically, it is a useful tool.

Unfortunately, the tool is not included within any existing licenses, but it requires a new premium add-on for Intune license. Both IT support workers and users need the license. The license costs $3.50 per user per month and this will make remote help much more expensive that the competing products.

To be honest, I expect Microsoft to release additional premium add-ons and provide an attractive bundle price for multiple add-ons. But with the current pricing, I don't see that many customers will utilize the new remote help.

What about tools that are unsung heroes -- the features that are absolutely essential for IT to manage Windows, but are often overlooked or underrated? 
I started to use Kusto Query Language (KQL) more often when CMPivot was introduced to ConfigMgr a few years ago. CMPivot is just an amazing tool to get almost any data from workstations very quickly and, with simple KQL queries, you can represent the data in many ways.

KQL is used in more and more of Microsoft's cloud services. If you don't yet know KQL, you should learn it.