The Cloud is far more than just a datacenter in the sky. Cloud technologies and platforms enable a multitude of new ways to work and, for IT, new ways to deliver IT services to end users. Microsoft’s recent introduction of Windows Autopilot is a new example of how the Microsoft Cloud is evolving to support these new workstyles, and of the changing role of IT in the cloud era.
For many users, the traditional route to work computing is that IT orders computer equipment, configures it and delivers it to them. It’s often a week or more before a new employee has their laptop set up and running in most organizations. And what happens when they need to upgrade or replace that laptop? The employee is back where he started, waiting several days (or more) and possibly visiting IT once or twice while they set up and migrate applications and data to the new laptop.
This is where Windows Autopilot and Intune come in. When IT pre-registers any new Windows 10 device, that device will be automatically enrolled in both of these cloud-based services when first switched on by their new owner and connected to the Internet. Autopilot will present the user with a logon tailored to their organization, and will allow that user to log on using the account pre-assigned to them by IT. Further, if the laptop is pre-built with Windows 10 Professional it will be automatically upgraded and licensed for Enterprise.
After that initial logon, Intune will set basic policy, deliver applications, and give IT a high degree of control over the all-important Office 365 setup and the service branch the device is part of.
So far so good, this all sounds promising—but wait a minute! What does IT lose through this style of management? Well, first, there is an inconvenient feature gap between SCCM and Intune. But the biggest challenge is that with Windows 10 devices using Autopilot and Intune, the user is authenticated with AzureAD, not traditional Active Directory, so Windows 10 devices using Autopilot and Intune are not domain-joined, which knocks out a lot of traditional IT management tools—including Group Policy.
If you want the convenience of Autopilot and InTune plus the ability to apply policy, help is at hand from Ivanti’s User Workspace Management products. In particular, Ivanti Environment Manager can apply Group Policy-like policies to the endpoint, but with a far higher degree of performance, flexibility and granular targeting.
If you’re willing to give up that control to get a low-touch way to configure new laptops, you’re still faced with this question: how do you migrate the user’s persona (settings, local files, shortcuts, printers, credentials, regional settings, favorites, etc.) from their old Windows device to a new one? And how do you ensure that if a user loses or breaks her laptop, you can give her a new one—in minutes—that will look and feel exactly the same as the old one?
That’s something we at Ivanti call Personalization—the roaming of a user’s persona between devices—that is delivered by Environment Manager and Ivanti File Director as part of Ivanti’s User Workspace Management products. And, yes, before you ask, Environment Manager and File Director can be cloud-hosted.
Need to lock down those devices? Unfortunately, Intune policies don’t cover things like app blocking, whitelists and privilege control—but Ivanti Application Control has the answer with capabilities like Trusted Ownership™.
So—how would you put Autopilot, Intune and Ivanti products together to give IT full control of the user experience and workspace, while embracing the new world of Autopilot and Intune? What would the end-to-end workflow look like? Here’s a 3-minute video to show it all working together.