Over the years, Microsoft has released several iterations of technology aimed at streamlining the security and management of enterprise endpoints. Distinguishing the pros and cons of each tool can be a challenge. In recent years, endpoint management has changed a lot. There are now tools made to handle the new situations that come with modern work.
In this article, we will explore how Microsoft tools, both legacy and modern, address device management challenges and endpoint security.
What is Unified Endpoint Management?
The commonality between most MDM (mobile device management) tools is that each attempts to achieve Unified Endpoint Management (UEM). UEM is a concept that often gets conflated with others such as MDM (mobile device management) and EMM (Enterprise Mobility Management). However, at its core, it is a fairly simple construct to understand.
Simply put, Unified Endpoint Management is the idea that all enterprise devices, whether they be Windows, MacOS, iOS or Android, can be viewed and managed within the same portal. Interestingly, UEM was not possible until Windows effectively became a mobile operating system, which happened with Windows 10.
What is Endpoint Manager?
Microsoft’s Endpoint Manager (now absorbed by the Intune umbrella) is what makes UEM possible. It is the most modern tool for device management. Endpoint Manager is an umbrella technology that houses both Microsoft Intune and Microsoft’s Configuration Manager (SCCM).
Endpoint Manager combines technologies and works with tools such as Windows Autopilot, Azure AD, and Microsoft Defender. It aims to enhance security and improve the overall experience for both users and administrators.
The result is a technology that makes modern device management possible for on-premises, hybrid, and remote workers – all from a single pane of glass.
Endpoint Manager operates to achieve the following:
- Cloud-based security of enterprise data in the cloud and on-premises
- Management of “mobile” devices (macOS, iOS, iPadOS, Windows 10/11, Windows 365, Android), virtual machines, desktop and laptop computers
- Streamlined devices deployment
- In-depth endpoint analytics including compliance and usage reporting
What is Configuration Manager (SCCM)?
Microsoft’s Configuration Manager (SCCM) is the Microsoft’s legacy tool to manage Windows devices. It existed prior to a time when device management became necessary in the cloud. SCCM is based largely on device imaging and is predominately designed for domain models (which use the castle-and-moat strategy).
The tool is largely used to manage, deploy, and secure Windows devices in an enterprise in addition to launching patches and updates. However, SCCM is designed to work best with on-premises devices. It can achieve functionality external to the network, but it does require a good deal of additional configurations to get it up and running in this capacity.
Further, it cannot manage operating systems other than Windows. Also, because it relies on device imaging, there is no roll-back or wipe capability other than completely re-imaging the device again. This can take hours and often involves manual effort from IT to bring the device up to a point where a user can take over.
One advantage of Configuration Manager is that it manages Windows servers. There is no equivalent (yet) in Microsoft Intune. For those with a heavy server footprint, Configuration Manager may need to be part of your device management strategy.
What is Microsoft Intune?
Intune is the next step in Microsoft’s evolution of device management. The tool manages and secures devices in the cloud.
It works for all operating systems except Unix/Linux, Chromebooks, and servers. It is similar to SCCM. It is an incredibly effective tool for endpoint management and recently emerged as the clear leader in the Gartner 2021 Magic Quadrant for Unified Endpoint Management.
Intune is designed from the ground up for remote management. In fact, it is the only way to manage Windows 365 devices (virtual machines). That considered, many admins are finding SCCM less beneficial in the modern landscape because they can’t manage non-Windows devices, and can’t effectively manage remote devices.
One of the paramount advantages of Intune is its capability to revert devices to a “golden state.” This feature, known as rapid replacement, means that if an employee leaves a company, an administrator is able to wipe the device over the air and return it to the original configuration without reimaging. The process makes onboarding and offboarding employees significantly more efficient, especially for those who work in a remote or hybrid capacity.
There is simply no equivalent to rapid replacement in SCCM, and it is only available with Modern Management. This makes Intune a more scalable and versatile option for teams looking to bolster the security and employee experience via endpoint management.
Additionally, Intune can streamline the management of your apps, conditional access policies, and compliance policies. These rules make for a more manageable and secure endpoint ecosystem.
What Technology is best for my business?
Consider the current and future state of modern work when choosing an endpoint management tool, as each has its own advantages. Exacerbated by the Covid-19 pandemic, hybrid and remote work have become the norm, and this trend is likely to continue. That considered, it is important to consider that a large portion of your workforce will regularly be off premises, making device updates, patches and replacements challenging with a tool like SCCM.
Endpoint Manager is a great option to integrate a legacy tool like SCCM into your endpoint ecosystem while contributing the option of leveraging the modern advantages of Intune. With the right configuration in place, you’ll position your business to effectively manage all devices for the foreseeable future.