We have decided to write a short article on SCCM and these two new products which are a great technological advance and which could greatly facilitate the deployment and configuration of your workstations. Also, it will allow you to have a homogeneous and maintained machine park. Note that the 2 products are part of Microsoft 365 under the name of Microsoft Endpoint Manager.
The changing way of working
37%
of the labour force is mobile
53%
of email opens are on a mobile or tablet
61%
of workers mix personal and professional tasks on their device
Findings on workplaces with mobility needs
Today, we can draw several conclusions from the evolution of this way of working.
Users want to adopt the latest features right away,
The old ways to tackle a "workstation" project that no longer works with Windows 10 (frequency of application remediation, mastering, etc.),
The universe "Cloud" is constantly evolving, difficult to keep up to date,
Difficult to keep a compliant workstation (GPO),
The distribution of updates becomes complicated (WSUS),
Administration and monitoring are absent (inventories, remote management, etc.).
...but there is an ideal scenario!
Take out the post Windows 10 cardboard
Automatic registration and pre-configuration via MDM as Intune
Provision of the Applications that the user needs
Administration & Monitoring of the workstation directly from cloud ("No, your company data does not go back to Cloud !" Your data remains local, only the configurations go through the Cloud. )
The road to a modern workplace is not so long
Typically, IT professionals spend a lot of time creating and customising images that are then deployed on devices. Windows AutoPilot AutoPilot introduces a new approach. AutoPilot is not a "Computer Imaging Software" but a "Device Management Program".
What is Microsoft AutoPilot
This solution allows organisations to send fresh, intact devices directly to the end user and define the provisioning flow that the user follows to get a secure and productive device. Windows 10 devices directly to the end user and define the provisioning flow that the user follows to get a secure and productive Windows 10 device. First, the OEM registers the devices purchased from the Windows Autopilot so that you can assign thenecessary Windows Autopilot profile. This profile defines the Out of Box Experience (OOBE) for that device.
It is also possible to register your existing Windows 10 devices with the Windows AutoPilot. This way, if a device needs to be reset or reconfigured to a new user, it will undergo the same experience as new devices.
Many new computers come with AutoPilot support pre-configured by the manufacturer - Microsoft, Dell, HP, Lenovo and Toshiba already support it. This means that these PCs are directly recognised when they are registered in Intune.
Prerequisites
AutoPilot
- Azure Active Directory Premium P1
- MDM - Mobile Device Management
- Windows 10 version 1703 or higher
Note: Microsoft does not charge for Autopilot, but you must have Azure Active Directory Premium (or a service like Microsoft 365 or Enterprise Mobility + Security that includes it) and a mobile device management service (MDM) like Intune to use it, as well as Windows 10 Pro.
AutoPilot (with Active Directory On-Premise)
- Windows 10 - 1809
- Hybrid Azure AD
- Windows Server 2016 with Intune Connector for Active Directory
Deployment of posts
How was the deployment of a new workstation done until today and how will it be done in the coming years (Modern Management)?
Conventional
Building and managing custom operating system images is a time-consuming process. You may also spend time applying these custom operating system images to new devices to prepare them for use before passing them on to your end users.
Modern Management
Windows AutoPilot simplifies the enrolment of devices in Intune. With Microsoft Intune and AutoPilot, you can assign new devices to your end users without having to create, manage and apply custom operating system images to the devices. When you use Intune to manage Autopilot devices, you can manage policies, profiles, applications, and so on, after they are enrolled.
Main benefits of the Modern Management
From the user's point of view, it takes only a few simple steps to get their devices ready for use.
From the point of view of the IT teams, the only interaction required from the user is to connect to a network and verify their credentials. Everything goes beyond what is automated.
Configuration of workstations
Conventional
- With agent
- Configuration via GPO
- Application management (EXE, MSI, others)
- Local management of updates
Modern
- Lightweight, agent-free
- Configuration via MDM
- Application management (MSI, Modern Apps)
- Updated via the cloud
Configuration tools
Group Policy Objects (GPO)
Managed via Active Directory
Applies when connected to the internal network (physical or VPN)
Configuration Service Providers (CSP)
Managed by any MDM supporting the OMA-DM standard
Applies when connected to the Internet
Also allows you to push certain GPOs (1703+)
Other
SCCM Light configuration of the machine (VPN profile, Wifi, email, certificate...)
Provisioning package
What is System Center Configuration Manager (SCCM)?
This service offers many features. In particular for :
control Windows computers remotely. One can manage the deployment of patches and operating systems. It is even possible to manage the energy consumption of computers.
deploying applications to all computers and mobile devices of employees. Users can also use it to manage network security. Indeed, the tool has malware protection and vulnerability identification features.
The company's IT managers can define a "desired configuration state". The system automatically detects whether all computers match the desired configuration. If a machine's configuration does not match, the system sends an alert.
It is also possible to integrate this system center configuration manager with Microsoft InTune. This makes it possible to manage computers connected to a company network. Although the suite is developed by Microsoft, it is compatible with computers running Windows but also macOS, as well as servers running Linux and Unix, and with mobile devices connected to cloud running Windows, iOS or Android.
Co-managed deployment (co-management) with Intune and SCCM
You can 'co-manage' devices with Intunet and SCCM to take advantage of the functionality of both systems.
Why go to co-management ?
Managing PCs Windows 10 with SCCM and Intune at the same time,
Gradually switch certain workloads to cloud, in pilot mode and in a controlled manner,
Smooth transition from traditional to modern management, without disruption to users.
Advantage of the co-management
A convenient way to migrate in time,
Risks minimised during transition,
Integrated solution at SCCM, easy to implement,
No impact on users.
NoPlease note that server + client licenses for SCCM as well as Intune are included in the Microsoft 365 product line.
Frequently asked questions (FaQ)
Would you like to invite us to your project session?
If you have a question or a suggestion, we are at your disposal to answer it by email or by phone.