The workplace is evolving rapidly and employees have new expectations around the way that they work. As such, business leaders are embracing these changes and supporting a new culture that can include:
Microsoft 365 can help deliver this vision, through a combination of Windows 10 on modern devices, Office 365 ProPlus and cloud-connected management, powered by Microsoft Endpoint Manager.
What is Endpoint Management?
Endpoint Management from Microsoft 365 provides you with a way to configure and protect your corporate endpoints, regardless of their location.
Endpoints can include Windows 10 Laptops and Desktops, IOS and Android mobile devices and even meeting room devices, like smart boards or video conference units.
Mobile phones have been protected with endpoint management solutions for some time now. This allows you to enforce certain restrictions on the devices, to ensure they comply with your company policy. These can include requiring a PIN to access the device, blocking certain applications and preventing jailbroken or root access. You can also improve the user experience by automatically configuring their mail client or updating the corporate WiFi settings.
It also gives you some remote control of the device should you need to act, to protect the user or the data. In the event of loss or theft, the device can be wiped remotely, removing any trace of the user or corporate data.
You are now able to protect and administer Windows 10 devices in the same manner. Instead of relying on traditional group policy to manage desktops and laptops, you can instead enrol them in endpoint management and push all configurations from the cloud. This means we don’t have to wait for devices to come back to the office for configurations. They can instead receive them in near real time, regardless of location.
Everything from Windows Updates, to software installations, to printers and drive mappings can be managed by Endpoint Management, from Microsoft 365.
How does it work?
Endpoint Management works based on enrolment. In order to receive policies and configurations, the user must consent to the device being managed by their organisation.
This enrolment can be done automatically for new devices, using features like Apple’s Device Enrolment Program or Google zero-touch deployment for Android. The latest versions of Windows 10 provide the capability to enrol a device automatically, the first time a user signs in, with an appropriate license.
Once a device is enrolled, you’ll have visibility of it in Microsoft Endpoint Manager. You can now administer the device using compliance policies and device configurations. You can also install or simply advertise your line of business applications and SaaS apps.
Compliance policies are used to create a baseline requirement that all devices must meet, in order to gain access to corporate resources. For example, you can set a policy that requires all Windows 10 devices to have antivirus software installed and enabled. If a device reports that its antivirus is disabled, it will be marked as non-compliant. The user’s device can then be prevented from accessing any corporate resources, until the issue is resolved. Device compliance policies are available for all platforms and are a great way to prevent potentially compromised devices from accessing your data.
Device configurations are settings that are applied to devices once they’re enrolled. Configurations are very much the evolution of group policy as they can replace the policies you have on premise, as well as giving you access to more modern features. Device configurations can include setting up the user experience, look and feel of the device, restricting access to certain areas that should be limited to administrators and mapping printers or network drives. Microsoft provides recommended security baselines that can be applied to all devices, in just a few clicks. This makes it easier than ever to secure all endpoints with the latest, best practice recommendations.
Finally, endpoint management allows you to install software on your enrolled endpoints. These can be modern apps from the Windows store or Play store, as well as legacy, line of business apps that require more complex installations.
Apps can be enforced on enrolled devices, resulting in the automatic installation of an app, when a device registers with endpoint management. This is ideal for an app such as Office 365, as you know that it’s essential for all users.
In addition, we can advertise apps through a corporate app store. This can be a mix of modern apps from IOS or Android stores, as well as more traditional Windows-based apps that usually require some interaction to install. Users can have freedom of choice when it comes to which app is best suited to the task, using a familiar app store experience to browse, rate and install any approved app with one click.
Why do I need it?
Endpoint management is a key feature of Microsoft 365. Once you start using it, you’ll be able to apply a security policy that puts you in control of how individuals can access corporate data.
You’ll be able to mandate that access to any 365 service, or any Azure AD integrated app, is only possible from a managed, compliant device. Therefore, apps such as Outlook, SharePoint, OneDrive and Teams, alongside SaaS apps like Sage, ServiceNow and Salesforce, would all be blocked on personal devices. Where corporate devices are lost, stolen or fall out of compliance, they would be instantly blocked. It also means that should a hacker attempt to force access, even with a user’s password and an MFA bypass, it isn’t possible.
You cannot achieve this level of security, without compromising user experience, unless you have endpoint management.
How do I get it?
Endpoint Manager is available with Microsoft 365 Business Premium, E3 and E5. It is also available as a standalone service, or as part of Enterprise Mobility and Security (EMS) E3 or E5.
Use of this service is highly recommended as part of Microsoft 365 or EMS, in order to take full advantage of the capabilities highlighted in this blog.
If your business is less than 300 users, Microsoft 365 Business Premium is essential. It includes Endpoint Manager, Identity Protection, Information Protection and the full suite of Office 365 capabilities.
If you are over 300 users and already using Office 365 E3, adding EMS E3 will let you to take full advantage of endpoint management.
How can LIMA help?
LIMA are experts in driving modern workplace transformation. We provide tools and resources that ensure employees can collaborate effectively and share information securely, no matter where they work.
As a Microsoft Gold Cloud Productivity Partner, we are perfectly placed to assist our customers with evaluating and integrating solutions, from the entire Microsoft 365 stack.
LIMA’s Microsoft 365 modern desktop assessment has been purpose built to help you move to modern management. Through this service, you can expect to receive the following high-level outcomes:
Through this powerful toolset, your business can re-architect how devices are provisioned, how applications are deployed and how your employees access their data.
Speak to your Account Manager or email firstname.lastname@example.org to find out more about how LIMA can help mobilise your workforce, with our Microsoft 365 Assessment Services.Contact us Back to News & Events
For the past 20 years, we’ve been solving business challenges by designing and delivering intelligent IT solutions with a passion for technical excellence and customer satisfaction.
If you have a question you'd like to ask, we’d love to answer it.
Fill in the contact form below and we’ll get back to you as soon as possible.