A Quiet Revolution

As we continue to fly through 2018, not only am I left thinking where has all that time gone (?!?), but I also find myself reflecting on the changes to the end user device management landscape. Today, managing mobility is no longer about supporting a Bring Your Own Device (BYOD) initiative, or embracing the concept of Corporately Owned, Personally Enabled (COPE) in your environment. Similarly, it is no longer about which device platform or operating system to use. Today an organization must look for more advanced strategies to become connected and reach a new level of agility through digital transformation.

No longer are employees working 9 to 5, from a single desk, on a single floor, in a single office, accessing and sharing information stored in an on-premises data center. They now work flexibly from locations across the world whilst accessing data from data centers both on-premises and in the cloud. Devices are cooler and more convenient than ever before and are enabling this ‘globalization revolution’.

It is this revolution that now means organizations must start to adopt mechanisms that draw together each of those factors in order to ensure that their employees and their company, can work in the way they want, when they want and ultimately be more productive. Device management as a result is no longer just about managing, securing and storing files. Today, mobility management must be central to the organization’s ecosystem, meaning that broad aspects such as governance, analytics and identity provisioning all need to be considered.

True Over-the-Air Management

Technologies such as Intune – together with Microsoft Autopilot - enable the IT organization to set-up and pre-configure new devices, getting them ready for use in the organizations production environment. It is these areas and tasks such as building and customizing images for example, that have traditionally been heavily time and resource consuming to complete. Now the shackles are thrown off in terms of on-domain registration, so that users and devices can now be enrolled into Azure Active Directory and managed over the air.

Win-win for IT and end users alike? Why the question? Surely this is a true statement!?!

Absolutely, IT win in the ways we have already discussed and something as routine as a break/fix situation through to a complex Operating System roll-out are now simplified and provide a more efficient service to the end user. Okay, so IT can now ship a new laptop directly from the supplier to the end user and after a few simple steps the user is up and running on the latest incarnation of Windows 10. All Line of Business (LoB) applications are installed, policy is applied, and the user is up and running.

Where's the Catch?

So far so good. Other than the initial Intune configuration, IT doesn’t have to be involved – fantastic!

But what about the user’s personalizations in their Windows desktop and applications? What about their custom dictionaries, their accessibility settings, the certificates they use to authenticate? What about the toolbars they have set up or their favourite cat picture that takes pride of place as their desktop wallpaper? These are all lost when they move to this new shiny operating system that IT have rolled out and let’s not get started on the Microsoft Excel files stored under a fifteen-level directory structure on the endpoint that have taken over ten years to accumulate! They are lost. The PC is quite literally a blank canvas.

To delve into this further, let’s meet Jo who works as a healthcare worker, based from home and spending five days a week on the road visiting patients and clinics in her geographical region. Without her laptop and the files that are stored on it, completing her job would not be possible. Having to run extra software to get access to files stored on SMB storage in the on-premises data center is cumbersome and time consuming. To get around this when at home, Jo saves files to her laptop using a complex but logical folder structure. She then works on these and when back in the office copies them back to the network storage used by herself and her team. On top of this Jo has several toolbars setup in healthcare and Office applications that help her to complete patient visit documents quickly. Further personalization within applications make sure that readable fonts are used consistently across documents, especially for patients and co-workers.

This process works for Jo and her colleagues in similar roles. But what happens if her laptop is damaged or stolen? Unless the files stored on the device are completely in-sync with the network storage versions, then any changes to the local copies are going to be lost.

IT can request their hardware vendor send out a new laptop to Jo and once the Intune Out of the Box Experience (OOBE) has been completed, her laptop will be up and running and will have applications such as Microsoft Word etc. installed. But unless she heads back in to the office – which means not seeing her patients – her documents are still missing. Plus, the toolbar changes and other personalization all need adding back in.

The Solution  

Enter Ivanti File Director and Environment Manager.

By combining the power of File Director’s synchronization and granular policy controls, IT can now ensure that Jo has all her documents in the location where she left them. Couple this with the Ivanti File Director OneDrive for Business connector and not only do users get their familiar desktop experience with their files being accessed and saved in the same way they always have been, but, simultaneously, IT gets reduced data center costs, support of multi-platform clients and desktop file audit and control.

On top of this, no longer do Jo and her colleagues need to use extra software or visit the office to access SMB storage. File Director allows access to SMB storage when away from the office and without the need to establish a Virtual Private Network.

Also, the personalization Jo has made to both Windows and the applications she uses are in place. Environment Manager has captured her settings from her old laptop and has applied these to her new endpoint.

Environment Manager policy also ensures that IT has the granular and contextual control over the desktop that it requires. The policy engine within Environment Manager replaces login scripts and Group Policies in a simple but powerful console. These multi-threaded policies ensure that the endpoint is efficiently and dynamically configured within the context of the user.

So, Jo now has her replacement laptop, documents and folders in the same familiar location and whilst on the road visiting patients, has real-time synchronized access to SMB storage. At the same time, IT has a replacement device sent directly from the hardware vendor, added to Azure Active Directory and an end user who is productive almost immediately. All without any involvement from the support team, allowing them to focus on business strategic projects.

The Proof!

This all sound too good to be true? See it in action.

Regular readers of this blog might notice that this is not the first time we have talked about this vision. In this blog we showed an earlier iteration of our integration with Intune and Autopilot. As you’ll see, our latest efforts smooth the user experience even further, and use the latest developments in Intune. Be sure to join the User Workspace Management community to discuss all this and more!