Managing Windows 10 through UEM / EMM Overview
When migrating to Windows 10, there are a lot of aspects you can consider. A migration to a new platform is a good time to refresh your policies and work towards a future proof workplace concept. It would be a shame if you did a copy paste of your current workplace to Windows 10 without at least considering the options you have.
Microsoft has added a lot of great things to Windows 10 and new ways to manage your devices. On top of this, Microsoft partners are also adding new dimensions on how to manage Windows 10 devices. The goal of this blog is to inspire you to explore these new features.
This blog will be separated into several sections. One will be published each week.
- This is the first one. In this blog I will try to create an overview of how an EMM is different from the traditional management style.
- Section 2 will discuss several option you have with an EMM deployment
- I will discuss the Role Azure AD could play in EMM versus an on premise AD, what role could Office 365 play?, the BYO options you have with Windows 10 and the possibilities with other 3rd party cloud services.
- Section 3 talks about OS provisioning.
- I will show the options you have to provision an OS with any company related modifications to a device through an EMM. I will walk through the steps you will have to take and give you an example on how this looks.
- Section 4 will touch on how application and update provisioning is done
- This section will discuss the steps to take on how application and update provisioning through an EMM is done and what it would look like to the user.
- Section 5 will discuss on how company data, policies and profiles could be handled
- In this section I will touch on Data loss prevention and containers.
Who am I?
I am Jeroen van Keimpema, I have been on the customer and consultancy side of EMM implementations. On the customers side I had to come up with a strategy to support company data on non-Windows and Windows devices. While doing this me and my team had to make decisions on security, rollout and other subjects. I also assisted in deployments and solving issues customers where confronted with.
Most of my experience is with Intune, Airwatch and XenMobile, but most EMM leaders keep up with releasing the new features.
So what is EMM?
I created a detailed blog about this, you can read it here. In short, Enterprise Mobility Management (EMM) is an upcoming and alternative way of managing devices. EMM is a collective term for Mobile Device Management (MDM), Mobile Application management (MAM) and Mobile Information Management (MIM). Each component solves a problem, is individually usable and compliments the others. EMM is a new way of managing devices. It gives you extra flexibility and a lot of new choices. You can manage multiple OSes and you can choose the granularity of the settings you wish tomanage. This way you get new ways to control your data and you are able to delegate management of your devices.
We now can use EMM to support BYOD scenario’s, but also to compliment your current infrastructure for specific use cases.
Traditional way vs EMM overview
I’m not really getting into what the traditional way is, as we are currently using it in our Windows 7 deployments. Either we use thin clients with Citrix VMWare SBC VDI’s or XenApp servers or domain joined fat clients. All of them are managed by some sort of mechanism (GPO/Citrix/AppSense policies) to shape the user experience. We use profiles to make the experience consistent no matter where the user logs. We have components to distribute software and software up to date, and to top it all off we have a network infrastructure to support all of the above. All these give you a lot of control, but also a lot to maintain.
In the schematic below I created an overview to give you a visual on what the possibilities are. First you see the traditional method, where your required to maintain a lot of infrastructure.
With EMM you focus on the components you do want to manage as opposed to locking down the entire device for stability and security reasons. With EMM you have a presence on the internet by default and so your reach is greater. EMM can integrate with various Microsoft and 3rd party cloud vendors, so you are able to source several tasks.
In the next schematic you have a possible EMM scenario. In this scenario a lot of infrastructure has been sourced to a vendor. Distribution points for provisioning endpoints with an OS, updates and applications had been sourced to the EMM vendor.
The company no longer needs to worry about whether they are connected to the company network or not. It does not matter if the user logs on from home, a branch office or the main office. The devices are provisioned as soon as they connect to the internet or when they try to access company data. The Company controls what updates, applications and policies are deployed through the management console. Custom applications are still provided through published applications.
This scenario has purely focused on the provisioning of devices with updates and not on how data is handled. In my next blog I will discuss some of the choices that will open up when you go with an EMM.
Laat uw gegevens achter en wij zullen zo snel mogelijk contact met u opnemen om uw vragen te beantwoorden.