A new name should clarify Microsoft’s strategy for managing PCs via Config Manager and Intune, but IT teams should seize the opportunity to clean up old group policies and reduce the number of agents on PCs.
Microsoft Ignite 2019 in review: Azure Arc, HoloLens 2, Edge, Quantum and Teams
With around 26,000 attendees at Microsoft Ignite 2019 in Orlando, the company has announced dozens of new features, products, and updates.
For Microsoft, System Center Configuration Manager and Intune are the same: ways to manage the PCs and servers and other devices in your organization that use the cloud and Config Manager to provide a “modern” management experience that makes both IT and users happy. with secure PCs that start faster, last longer and crash less.
However, for customers it has been very different things. Renaming their shared Microsoft Endpoint Manager (MEM) platform is part of clearing up confusion and reassuring customers that when Intune gets a new feature, it’s not a step closer to killing Config Manager and pushing everyone to the cloud . Microsoft 365 vice president of the company Brad Anderson explained the decision to TechRepublic.
Brad Anderson, vice president of the Commercial Management Experiences team within the Experiences & Devices Group of Microsoft.
Image: Microsoft
Anderson had long been opposed to name changes. “But what I started to realize in the past year is that while I think of Config Manager and Intune as one, all these things prevented our customers from seeing them as one – branding, licensing and product,” he said.
The new name was chosen because it allows Microsoft to add new options to the management platform – Anderson emphasized that “any endpoint can be managed” – and to prevent the cloud or on-premises management approach from “winning” by reusing one of the existing names. If you want to continue using Config Manager because solutions are built on it, or if you need management options that Intune does not have, Microsoft wants you to continue using Config Manager, but adding the extra features that the cloud connection can bring.
Licenses are also much clearer: if you already have Config Manager licenses, they now come under shared management of Windows devices via Intune (or rather via the cloud service in Microsoft Endpoint Manager) for functions such as analysis, conditional access and management beyond the firewall without needing additional licenses. If you want to manage non-Windows devices through Microsoft Endpoint Manager, you still need a separate Intune license (which you can only get as part of the Enterprise Mobility & Security license or as part of a Microsoft 365 E3 or E5 license).
“We would talk to customers and ask them why they had not engaged co-management and linked Intune to Config Manager, and it was remarkable how often we would hear it, I don’t know if we have a license for it,” Anderson said .
How the Intune and System Center Configuration Manager architecture fit together.
Image: Microsoft
But Microsoft Endpoint Manager is more than just a new name for something that organizations might already have without realizing it. Beginning in 2020, the Microsoft Endpoint Manager Admin Center is coming, a new web console for managing all your devices – even Macs managed via Jamf integrated with Intune.
“We wanted to bring together an integrated admin experience for everything. You have all the devices managed by Intune, by Config Manager: everything comes in one place and it becomes that one point of administration.”
This integration goes beyond the usual idea of ​​’single glass’. The release of Microsoft Endpoint Configuration Manager from 1910 (as SCCM is now known) adds more of what Anderson calls “cloud intelligence” – PC management functions that may be provided through Config Manager but that depend on analysis and intelligence in the cloud .
The cloud intelligence functions that you get by combining cloud and on-premises management.
Image: Microsoft
There are two steps to connect Intune with Config Manager, which offer various benefits. Tenant Attach offers you the new EMAC console and analysis options that provide information about the status of your PCs. The new Desktop Analytics is part of it and, unlike the previous Windows Analytics, Config Manager is required. That is so that the service knows which tenant the PCs that are supervising are part of. “We need an authoritative source for what the PC domain is for an organization, and that becomes Config Manager,” Anderson said.
Tenant Attach also allows integration with Defender Advanced Threat Protection and Desktop Analytics to see security tasks that should be a priority for your organization in the same console where you deploy them on PCs. That is part of how Microsoft is trying to improve security team and IT operation team productivity by making it clearer on which PCs a problem occurs, what you can do about it, and how successfully the solution has been applied.
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF) (TechRepublic)
You also need Client Attach (or ‘co-management’), where you register Config Manager devices with Intune, conditional access, management outside your firewall and the new Autopilot support in 1910 for setting up new Windows 10 PCs.
Adding co-management is a good time to see which group policies you have set and whether you can remove them – old Group Policy objects that you no longer need can delay PCs. The new Intune policy analysis feature (currently in private example) scans existing group policies and shows how many of them you could move to MDM via Intune. (That also helps Microsoft to see which Group Policy organizations use organizations to be added to Intune.)
Improving the user and technology experience
If you need inspiration to get rid of that old policy, check out the new productivity score. This includes user experience and technology experience, which shows whether you are benefiting from what’s new in Office 365 and Microsoft 365, or whether users are getting the same slow experience that has plagued corporate PCs for years. The first is about whether people use Office 365 functions such as sharing and co-authoring via OneDrive and Teams, instead of sending round attachments and combining multiple versions at the end. It also covers the experience with working with Office 365: if that is bad, it is usually because your business network is in the way.
“Within the same company you have a number of users who have enormous speed when communicating with files in Office 365, and others for whom it is just incredibly slow. If you dig into it, 99 percent of the time is networking. Like, for people working at the Singapore office, all network traffic comes back to Detroit before it goes to the internet, “Anderson said.
The technology experience score looks at three statistics for Windows: start-up time, battery life and the number of crashes and gives a list of actions you can take to improve things.
Anderson tells stories from executives who asked him why their PCs are so slow, like a CFO who was eight minutes late for a Skype call, because that was how long it took for his PC to start up. Sometimes that is the hardware – and most of the time it’s hard drives instead of SSDs. “It’s remarkable how many times I’ve heard horror stories from the purchasing team, to save $ 200 per pc, buy bad hardware, and keep that laptop from stopping people for the next four years.”
But the other major reason for slow startup times is the number of Group Policy objects and the number of surveillance agents on a PC (which can also increase the number of crashes). When Anderson looked at the CFO’s PC, he discovered that it had “dozens of agents”.
“There are basically three startup phases: the operating system is initialized; you verify and then, depending on the number of agents you have, there is a time before the box actually comes to balance. Bad hardware influences it all, if you have a hard disk instead of an SSD. Group policy has the greatest impact on the login time. And in the third phase, the number of agents on the device makes the largest contribution. “
Microsoft learns a lot about the difference that it makes through initiatives such as Microsoft Managed Desktop, where Microsoft supplies and manages the PCs that an organization uses. One customer had PCs that needed between eight and ten minutes to boot; Anderson’s team reduced that to less than 30 seconds. The big difference? “They had 47 agents on their devices.”
SEE: Windows 10: a cheat sheet (TechRepublic)
The technology experience score is a way for customers who do not use the Microsoft Managed Desktop service to get comparable improvements. “I want to be able to tell customers why their start-up time is three minutes or four minutes, and the best set of actions they need to take to improve it,” Anderson explains.
That means the security team and IT administrators start talking and viewing data instead of just policies.
“I often hear from the endpoint manager in a company that they have to put all these agents on the device because this is required for security and compliance. And they have never had the data to sit down and talk to these other teams to conduct saying, “let’s talk about the impact this has on productivity and on our users,” because you have to find a balance between user experience and security. “
“Microsoft is right to focus MEM and Productivity Score on employee experience,” said Nick McQuire of CCS Insight analyst. IT teams need to improve employee experience on PCs, which is often so bad that they work less quickly at work. But with CCS Insight’s latest Employee Workplace Technology Survey showing that 42% of employees work on a mobile device for more than three hours a day, the uniform nature of MEM in managing other devices through the same platform becomes important. So although Intune PC management is now included with Config Manager, organizations will probably have to plan for the additional Intune licenses to manage iOS and Android to really get that modern management.
“By focusing on productivity, uniting desktop and mobile, and focusing on a faster, frictionless experience, Microsoft will help many IT departments catch up with these trends,” McQuire suggests.
Weekly newsletter from Microsoft
Be Microsoft’s insider for your business with the help of these Windows and Office tutorials and the analyzes of our experts on Microsoft business products.
Delivered on Monday and Wednesday
Register today
