Describe the endpoint management capabilities of Microsoft 365, including Microsoft Endpoint Manager (MEM), Intune, AutoPilot, co-management with SCCM, and tenant attach-Describe Microsoft 365 apps and services
Modern management was a term that Microsoft coined but rapidly caught on throughout the IT industry. Described by Microsoft using the motto “mobile first; cloud first,” it is intended to be a replacement for—or at least an evolution of—the traditional management practices that enterprise IT administrators have been using for years.
The traditional approach to IT device management consists of a paradigm in which all devices are owned, deployed, and managed by the enterprise IT department. This management typically includes the following elements:
- Deployment IT administrators create and maintain system image files and deploy them on new computers using a System Center Configuration Manager (SCCM) management tool. Administrators must create and store separate images and drivers for each model of computer purchased and update them whenever the software configuration changes.
- Updates Administrators manage operating system and application updates, often using a download, evaluation, and deployment tool, such as Windows Server Update Services (WSUS).
- Identity Active Directory is a database of identities and other network resources that provide authentication and authorization services for internal users, services, and applications.
- Configuration Administrators use Group Policy to deploy configuration settings as they connect and log on to the internal network.
This traditional management paradigm has worked for a long time, and many IT professionals are reluctant to abandon it, particularly when adopting a new modern management concept requires them to learn to use new tools and technologies.
The problem, however, is that modern management is not just a fix for something that isn’t broken. The idea of users all working on enterprise-owned and managed devices located in a company site is rapidly becoming a relic of the past. Vast numbers of users are working outside the office using their own devices, such as laptops, tablets, and smartphones, which administrators cannot readily deploy, update, and configure to the specifications of the IT department using traditional tools.
The other motivation for modernizing IT management is the enterprise΄s increased ubiquity of cloud-based applications. As software manufacturers shift their marketing emphasis to cloud-based products, it is becoming increasingly difficult for IT administrators to provide the services their users need with traditional, on-premises applications and services.
Modern management is designed to replace traditional tools with new ones that can work with cloud-based resources, manage users΄ devices, and simplify the deployment, update, and management processes.
The object is to replace traditional reactive management processes with modern proactive processes. Microsoft 365 includes tools that do all these things, such as the following:
- Deployment Windows AutoPilot is a cloud-based service that eliminates the need for separate system images and SCCM and simplifies the process of deploying new computers by automating the process of installing, activating, and configuring Windows.
- Updates The Windows-as-a-Service update program provides Windows 10 and 11 workstations with regularly scheduled feature and quality updates that the computers automatically apply. Microsoft has also implemented technologies to reduce the size of the update downloads, mitigating the burden on networks and Internet connections.
- Identity Azure Active Directory moves user identities from the local network to the cloud, enabling administrators to manage them from anywhere and providing users with single-sign-on capability to all cloud-based services and applications.
- Configuration Microsoft Intune expands an enterprise’s management perimeter to include non-Windows devices and devices that are accessible through the cloud. However, Intune can also replace Group Policy for configuring Windows computers because it has been enhanced with hundreds of mobile device management (MDM) APIs enabling Intune and similar tools to control them through the cloud.