Windows Modern Management

Let’s face it, your IT environment will look very different to 15 years ago - you’re likely to have fewer on-premise applications with more in the cloud, whether that is email and/or Teams provided by Microsoft 365, or other line of business SaaS services. Plus, users are much more mobile - with hybrid or remote working the norm, they are less likely to consistently connect to an on-premise network, making the traditional architecture more challenging.  

Modernising device management 

In a modern computing environment, management is performed by cloud services instead of an on-premise network. Windows devices are enrolled directly into Microsoft 365 services such as Entra and Intune to handle authentication, configuration, software deployment and servicing. Eliminating the need for on-premises connectivity for management means 

• Changes to devices are more responsive, improving both end-user experience and security 

• Deploying new devices is quicker, potentially without IT interaction, and users need not be in an office for their first sign-in 

• Greater user self-service capabilities improve both end-user experience and lower administrative effort 

• Greater visibility of devices and their security posture – as the tools require only an internet connection to function 

• You can improve security by introducing Zero Trust concepts such as granting access based on the compliance of devices with your policies 

Access to any on-premise resources remains available for users on cloud-managed devices, either through traditional VPN or via a modern remote access method granting more granular and conditional access. 

However, one key consideration in planning your transition is whether you have any services which rely on on-premise device authentication to function. If you do, this reliance needs removing. Most commonly this means making adjustments to wireless network authentication and VPNs (if still used in your new solution). 

How to get there 

The approach that’s right for you will vary depending on how quickly you want to realise the benefits, and the business appetite for pace of change outside of a ‘Business as Usual’ refresh. 

Over the last few years, it’s been common to take a ‘slow burn’ approach by adopting cloud management services gradually for your traditionally managed devices. This is typically done in the following order for ease of adoption: 

• Compliance 

• Windows updates 

• Software deployment and servicing 

• Device & application configuration 

This ‘hybrid management’ approach allows you to start seeing some of the benefits of modern tooling, without managing a wholesale change to devices, straight away. 

Once all of these component services are in place, and reliance on device-based authentication removed, you’re ready for devices to transition fully to cloud managed. Handling the transition as part of standard device refreshes does minimise change management effort, but extends the transition completion to years, and means a more complex mixed environment to manage in the interim. 

To realise the benefits sooner and minimise the support complexity of a mixed hybrid environment, the new management environment can be prepared and tested upfront, and a more aggressive schedule of device transitions adopted. Device rebuilds are the default method from Microsoft, but third party software tooling can allow you to rapidly and automatically migrate devices from one state to another without a rebuild. 

Start today

Modern management provides a number of benefits to both the business and today’s mobile office workers, but there are several adoption approaches, and it isn’t for every situation. To discuss your options, reach out to your Waterstons contact or contact us on ModernWork@waterstons.com. 

For more information of the Windows 11 upgrade and what this means for you, why not read our recent article explaining all the updates. Read the full article here.