Deploying the 100 Percent Cloud Management Solution
Moving your whole operation in the cloud could be the option you're looking for thanks to Microsoft 365 and Intune.
It's been years since the hybrid workplace revolution had commenced, and modern enterprises are still working on their playbook. Should it include on-premises management or a hybrid deployment?
For Erwin Derksen, founder of Blue Identity, which specializes in Microsoft 365 and cloud security, he's got a novel take: depoly a completely cloud-based modern workforce. Derksen will show you exactly how to do that with the help of Intune during his upcoming TechMentor conference session (taking place July 17-21 in Redmond, Wash.), titled "Fieldnotes: 100% Modern Cloud Management Using Intune/EndPoint Manager in Real Life."
Ahead of next month's talk, Derksen sat down with Redmond to make the case for the modern cloud workplace, and what you can do today to get the ball running. And if you want more of Derksen's insight, register today for our upcoming TechMentor conference.
Redmond: Can you share the most important best practice for designing a cloud-managed modern workplace using Intune?
Derksen: My advice is to try to keep the design as simple and standardized as possible, while not locking everything down. Use the tools and options Microsoft offers and try to avoid too much additional software, customizations, scripting, etc. Also I try to avoid the hybrid join as this dilutes the vision and idea of moving to a cloud-only workplace with no on prem dependencies. Also I recommend using the security dashboards Microsoft offers to tighten security without sacrificing the user experience. Remember, no one is going to be local administrator.
What are some common technical pitfalls or challenges that organizations may encounter when implementing Endpoint Manager, and how can they be prevented or mitigated?
Deploying (especially legacy and complex) applications can be challenging. Also, Intune is not "instant," meaning that some actions and configurations take some time to process. For example, when deploying an application, it can take a while before you get the reporting and confirmation that an app is installed successfully on the client. I try to avoid a hybrid setup, as it is more complex and implies more dependencies. Hybrid offers an option to keep your legacy easier while the organization might want to focus on SaaS applications, so I (depending on the situation) tend to make hosting legacy apps a bit more cumbersome, so they will be decommissioned faster.
Could you provide some real-life tips or insights based on your experience with managing and configuring Endpoint Manager that the typical IT pro might not know?
It works really well when properly designed and when you can withstand the temptation to customize too much. Users are very happy with a 365 integrated cloud-based workplace with more SSO and less sign-in prompts. Also users like the fact that they can have a bit of freedom (installing Spotify or Netflix, for example) without sacrificing stability or security. Also they love having the option to sync both OneDrive and Teams to the local disk, accessing files using the good old Windows Explorer.
What are some of the most valuable features or capabilities you've found in your day-to-day in Intune that organizations should leverage to enhance their cloud management efforts?
Intune is virtually worry-free and scales very well. System work, regardless of location, can be wiped remotely. Updating works like a charm and in general setup and maintenance are easier than in the past. However, the concept is not at its best when dealing with legacy on the local workplace, best is to separate the legacy and access it using a virtual desktop solution.
What future improvements would you like to see Microsoft make to Intune to further enhance the effectiveness of the service?
Make sure that items can be configured only in one place. Now you can configure some options in four different places, which is confusing. Better auditing and change management should be built in. For example, version management for the configuration profiles, the option to make and restore a backup (or versioning) would add value. Applying security templates should be clearer -- these settings are now a bit hidden and could use an update. Also it would be nice if you could retrieve and edit deployed PowerShell scripts more easily. Now you upload the script, but have to keep the original script as you cannot download it easily from the policy.
Finally, the Azure AD (which included Intune) logging should be longer by default than the 30 days. I feel 90 days would be a lot better and 400 days would be the ultimate, as you need the Azure Log Analytics module now to retain the logs longer (for audits, etc.).