Endpoint Management is the the process though which organizations identify, provision, deploy, update and control endpoint devices such as smartphones, tablets, laptops, and workstations. There are many different solutions that can be used for Endpoint Management, including Citrix, Manage Engine, Qualys and Microsoft. These value proposition of these technologies is to simplify and unify Endpoint Management and to reduce its cost. There is a definite investment in time and effort front for an organization, but the promise is that once complete, there will be an improvement support and a reduction in cost. Prior to the development of Endpoint Management technologies, there were just Endpoint Management strategies using a variety of cobbled together tools. This is why sometimes the new solutions are called Unified Endpoint Management.
Rather than further expound on what Endpoint Management is, lets look at Crowdbitz' own experience in moving to Microsoft Endpoint Management.
Traditionally these devices have been identified by manually entering their serial numbers in a database. They have been built and provisioned by taking images and cloning using Veeam Free Agent. Those images were then deployed by using Veeam and then manually joining the system back to a domain and allowing the user in. Updates were just handled automatically and remote controlled manually. The iOS devices were simply not managed, other than capturing their serial number. If this does not mean that much to you don't worry, the summary is that we used a variety of methods, involving a lot of in person intervention, and often found we were catching up with issues rather than handling them in advance.
Having decided to use Endpoint Management in order to reduce the amount of in person support, Microsoft Azure was chosen as the platform. This decision was made partly because Crowdbitz has experience in Azure, and most of our devices were Windows based. It is also because Microsoft has performed very well in Gartner's Magic Quantrant for Unified Endpoint Managment. We also wanted to move our devices out from dependence on the on-premises domain controller, so that users could work remotely without any dependence on the company's main office.
In order to know we had had any level of improvement, we first needed to measure or capture how much time we were spending managing endpoints without a unified platform, and how happy users were with the current situation. Measuring the total time spent on support was difficult, but we finally came up with an estimate of about 1 hour per month per device. This is partly due to the fact that we have a lot of local IT skills and do not need to rely on others for most of our support.
The journey to a fully deployed Microsoft Endpoint Management solution for our devices did not take a long time, a matter of a couple of weeks, but we had the benefit of having already done it for clients and having a clear idea what we wanted the final outcome to be. We also skipped a few steps, such as a test move or a full project plan. We felt we could take this approach as we were dealing with a relatively small number of devices, have an IT savvy group, and have experience in Azure and Endpoint Management.
In the end, since we only run a few iOS devices, we left the iOS devices out of our current Endpoint Management solution because most of our iPhones are BYOD (Bring Your Own Device). Furthermore a business account is required from Apple before you can fully enroll devices in Endpoint Management. We were left with a number of Windows 10 devices. The fact that all of the tablets, laptops and workstations in use had Windows 10 Pro or above also helped our migration, as we did not have to perform any major version updates to the devices.
Once complete, we had gained a number of proficiencies that we did not have before:
- We could now have software installed or uninstalled automatically based on group membership
- We did not need to maintain images or clones anymore
- Rebuilding or deploying a workstation can be done remotely and within about 1 hour
- Users are now fully authenticating to Azure Active Directory are no no longer dependent on the on premises domain controller
- Users are now used to keeping data in the cloud and can treat their workstations basically a cloud based terminal. It can come and go, but their experience remains the same
There were a few things lost. We are still working through the many different configuration settings. We no longer want to do individual site visits to set one setting on a particular system. Whenever possible we want to use Endpoint Management to do it, the idea being 'solve it for one and you will solve it for all'. This has meant that we are still investing time in configuration settings, and probably will continue to do so for the near future.
So was it a success?
Thus far, it does appear to have been a success. The users are happier with their systems, and with how quickly we can rebuild a system if there is an issue. We are also spending less time per month on each workstations. It is a bit early to develop a full return on investment, but when we do we will add it to this article.
Gartner's Magic Quadrant for Unified Endpoint Mangement
Source: Gartner (August 2020)
Note: Microsoft's solution used to be called Microsoft Intune, but is now called Microsoft Endpoint Management.