Why modern management?
The Modern Management moves away from On-Premise dependencies, creates a more flexible and mobile workplace and more cost-effective management of Windows 10 devices. This means doing things the smart way, rather than continuing to do them the way you've been doing them for the last 100 years or so. Why would you want to stop doing what you're doing and start doing things in a new way? One is to save time for IT as well as for the end users. By saving money, you can reduce costs in your business. It's also about not reinventing the wheel, which all organisations are doing today in a sense.
Another example is that you can reduce complexity and remove infrastructure, for example by applying patches. Decommission old WSUS servers and apply patches via Windows Update for Business, which involves relying on existing Microsoft infrastructure rather than downloading everything from Microsoft, approving patches, distributing them, etc. from the infrastructure.
Introduction and definition of Co-Management
Co-management" or co-management is the first fundamental step on the road to modern management to be able to use the existing Windows devices and configuration "as is", while adding a modern management tool. Once this is done, you can move on to modern management, as the move to the modern world will not happen overnight for most organisations.
Now, "co-management" means different things to different people. Our view on "co-management", whether the client uses ConfigMgr or not, is to keep your Windows 10 client "as is". By this we mean that Active Directory Joined is configured via Group Policy Objects, then adding the MDM so that you can start doing a new configuration via MDM.
Our idea is that once you have decided to go down the road of modern management, you will not have to work to add new functionality to your existing solutions. This includes non-scripting, configuration and applications deployed or configured via Active Directory or ConfigMgr on-premises. Instead, you do it in the modern management tool (if possible). Focus 100% on transferring current resources to the world of modern management!
The ultimate goal, which should be sought, is achieved when configuration, patches and applications are managed by a modern management solution, and there is no dependency on on-premises resources such as ConfigMgr, distribution points, Group Policy Objects, etc. Do we believe this can be achieved regardless of organisation and size? Yes. However, there are many challenges and it will certainly not be easy or quick for many organisations. It will take years for many organisations, but we see great potential to achieve the goals in a much shorter period of time.
Applications are one of the biggest challenges in the modern world. In the best of worlds, applications abandon the use of Kerberos or other traditional authentication mechanisms, as well as legacy code or runtime requirements. Instead, rely on modern authentication and preferably OAuth 2.0 to further remove dependencies fromActive Directory on-premises while providing the ability to use conditional access, for example.
Current applications, whether traditional or legacy, in MSI or EXE format, need to be replaced, redesigned or repackaged. Today, repackaging can be done by repackaging in AppX format. Popular packaging software such as AdminStudio has had this capability for several years, but if you want a free option, look at Advanced Installer which also allows applications to be packaged in AppX format.
Whichever option you choose for co-management (see Deployment Options articles in Co-Management with your MDM), moving to this new packaging format is the best way forward. At least for the option for clients without ConfigMgr (see Deployment Options), moving to this new package format is essential, as there is no other efficient way to deploy applications outside of it.