What's New in Ivanti Neurons for Mobile Device Management?
The latest release of Ivanti Neurons for MDM includes enhancements for managing COSU devices and transitioning to cloud-based device management.
Provide extra security and support for your Android COSU devices
Corporate-owned single-use (COSU) devices are dedicated for a single use, and Android Enterprise's capabilities can help configure those devices to best serve that purpose. Use cases for COSU devices include:
- Point-of-sale (POS) systems in retail.
- Handheld barcode scanners in supply chain.
- Smart panels (such as information kiosks, timecard entry panels, physical access entry panels, etc.) across a number of industries, including healthcare, retail and manufacturing.
These locked-down devices can be dedicated to a single user, multiple users or external users. The Android Enterprise COSU configuration provides more control over how your staff and customers use the device by compartmentalizing the operating system to deploy in a locked-down environment, running a single application or a specific set of apps. Usually, one application is intended to run on the device and that’s all. COSU improves security, efficiency, processes, compliance and user experience by locking devices down to execute a small range of specific tasks.
With the latest release of Ivanti Neurons for MDM, several new features have been added to better secure and support your COSU devices.
5G slicing support
With more COSU devices deployed in remote locations, 5G support becomes more essential for securing those devices. Not only does Neurons for MDM provides 5G information to let you know if your device is part of your private 5G network slice, 5G network slicing allows your provider to take a shared physical network and portion it out into logical segments. Each segment is provisioned for a different set of users, devices and applications, and the logical separations mean the traffic from one slice does not interfere with another.
In a retail environment, different slices can be configured to provide for your mobile POS devices and for your customer kiosks. Your remote retail environments might employ these slicing schemes to provide better employee and customer experience, while behind the scenes keeping track of inventory. These slices would separate each other’s traffic and resources, improving security. 5G slicing can be enabled in the lockdown Android Enterprise configuration within Ivanti Neurons for MDM.
Configuring higher app priority distribution and updates on your COSU devices
With Ivanti Neurons for MDM, IT can set higher-priority apps for enrollment and update on COSU devices. This will allow admins to set which applications are critical for deployment and updating. This is important especially if the update would resolve or prevent a production-related issue. Getting these updates out as fast as possible can reduce downtime or even prevent a production-affecting event from surfacing.
Providing additional USB security to your COSU devices
With Ivanti Neurons for MDM, you can configure the USB port to be used for charging only to prevent the USB port from being used as a physical vector for malicious attacks, keeping unauthorized users from accessing confidential data. This is important particularly important for COSU devices in an open area, such as kiosks and POS devices in retail stores.
Unattended remote session support
Remote session support becomes even more of a necessity for remote COSU devices, particularly in a retail environment where there maybe no one is available after the store closes to troubleshoot and resolve technical issues.
With Neurons for MDM, you can initiate a remote session from within the console without requiring input from any user at that location, making it easy to manage COSU devices when there is no physical access to those devices.
Easily transition Windows devices to cloud-based modern management
We are excited to announce an Ivanti Neurons for MDM deployment package with the Q2 release to support customers with an easy transition for their Windows devices from traditional management to modern management.
Ivanti Neurons for MDM deployment package
IT can enroll devices managed by Microsoft Configuration Manager (formerly SCCM) or Ivanti Endpoint Manager into Ivanti Neurons for MDM. The Deployment Package tool allows organizations to streamline the transition of Windows devices to cloud-based modern management, without downtime or end-user interruption. Seamless transition is achieved by downloading a unique deployment package from the Neurons for MDM console, then deploying it through the existing management tool or domain. Once the package is deployed, it will silently enroll endpoints into Neurons for MDM for ongoing management. This approach allows administrators to first migrate devices easily, then have flexibility to configure devices later over the air. When device enrollment is completed silently into Neurons for MDM, it is joined with MDM and gets co-managed by two management authorities. Once an administrator configures the desired Windows experience within Neurons for MDM, a legacy management platform can be decommissioned, leaving Neurons for MDM as the single management authority of the device.
This package can be deployed in environments that do not leverage Azure Active Directory (AAD). The main elements of Neurons for MDM modern Windows management suite do not require AAD. Co-management or co-existence may require certain workloads or configurations to be deployed upon silent enrollment, to avoid any impact during transition.
Why move to cloud-based modern management?
As UEM solutions have evolved and added more capabilities over the years, it has become critical to provide a consistent user experience and management capabilities between mobile (iOS and Android) and Windows devices. Cloud-based modern device management on Windows devices is fundamentally different from traditional device management, but similar to mobile device management on iOS and Android.
One of key differences is profile-based management. Breaking from image-based management relieves significant IT workload from manual device imaging and maintenance. A profile is a collection of configuration settings that are applied to a device based on group membership, which allows profiles to be created as a module with multiple profiles assigned to a single user depending on their job function and required apps. With profile-based management, IT can remotely make changes on any configuration and push patch updates over the air.
Those differences mean that cloud-based modern management significantly reduces IT overhead and the complexity of managing Windows devices.
There are a number of drivers for considering a transition from client-based to cloud-based modern device management:
- Higher scalability and lower cost impact. We can view scalability into two different ways – faster deployment and ease of scaling. First, a cloud-based solution is faster to deploy compared to an on-prem solution. Second, if you want to deploy more devices with a cloud-based solution, you don’t need to build a new server, which would be required for an on-prem solution to scale. Also, cloud-based solutions are managed by the vendor, so customers can save the cost of managing infrastructure and servers on their own.
- Better security posture. Some might argue that on-prem has a better reputation when it comes to security posture. And it is true that some customers in heavily regulated industries still prefer to continue using on-prem solutions. The caveat is that security posture really depends on a customer’s infrastructure, and it often requires a heavy investment for customers to build their own security infrastructure and hire experts to manage it. Cloud service providers, including Ivanti, meet a high security standard with various certifications — for example, Ivanti Neurons for MDM is FedRAMP and SOC2 certified.
- Improved productivity and user experience. Remember the significant efforts that went into the Windows 10 migration of a few years ago — and the loss of productivity due to downtime during the update? Modern device management minimizes impacts on productivity between Windows OS updates, as devices are being managed like smartphones. Modern device management also allows you to leverage a zero-touch provisioning solution that integrates systems like Windows Autopilot, Apple Business Manager, Android Enterprise and Samsung Knox Mobile Enrollment. IT can ship a Windows device directly to a user, and it automatically gets enrolled into the cloud-based UEM solution. You can cut onboarding time from weeks to two days, which results not only in a faster onboarding but also higher user satisfaction.