Desktop and Mobile Device Management Automation
Routine desktop administration tasks such as applying updates and patches and provisioning or decommissioning devices consume the lion's share of a network administrator's time. The new BYOD style of computing makes things even more challenging for network managers, who have to provide secure access to corporate resources for a variety of smartphones and tablets running a mix of operating systems. Intelligently selecting and properly utilizing the tools available to automate device management can save money, increase system stability and performance, improve worker productivity, strengthen security, and free IT personnel to focus on strategic projects that can give your business a competitive advantage.
Progent's network consultants are experienced in helping organizations of any size to establish efficient internal processes, train desktop administrators, and integrate appropriate software tools in order to streamline administration and make sure that desktop PCs and mobile devices remain current, secure, dependable, and productive.
Common tools for managing Windows desktops include the Microsoft Management Console (MMC), configuring Active Directory Group Policy settings, Windows Server Update Services (WSUS), and PowerShell scripts. For small businesses with relatively few installed desktop PCs, the basic set of desktop management tools and mechanisms provided by Microsoft can deliver a reasonable level of automation as long as they are combined with smart and consistent administrative procedures. For larger networks, Microsoft offers advanced desktop management capability with System Center Configuration Manager (SCCM), which supersedes the end-of-life Systems Management Server platform. Progent's Microsoft-certified engineers offer expert System Center Configuration Manager support to help companies follow industry best practices to manage their desktops efficiently.
For managing Internet-facing mobile devices including most smartphones and tablets, Progent offers Microsoft Intune consulting services as well as iPhone and iPad integration, Android phone and tablet consulting, and RIM BlackBerry expertise. Progent can also help you integrate SCCM with Intune to provide a unified, single-console solution for managing your domain-joined desktop PCs along with your cloud-connected mobile devices. In addition, Progent provides management outsourcing services for small businesses who want to save money and eliminate hassle by relying on Progent's certified professionals to handle their desktop management.
Microsoft System Center 2016 Configuration Manager
System Center 2016 Configurations Manager (SCCM 2016) automates the deployment of applications and the provisioning of computers throughout an enterprise and integrates seamlessly with Microsoft Intune for managing cloud-connected mobile devices. SCCM 2016 streamlines software distribution and patching for multi-site networks, simplifies the management of compliance settings, inventories network assets, guards against the leakage of sensitive corporate data, monitors network health, enables secure end-user self service, and provides a common point of control for administering networks with a variety of operating systems and with resources deployed on premises, in the cloud, or across a hybrid environment with both physical and cloud-based resources. SCCM 2016 supports Windows computers, UNIX and Linux servers, Mac computers, plus iPhones, iPads, and Android tablets and smartphones.
Microsoft System Center 2016 Configuration Manager (SCCM 2016) features a wide range of enhancements over earlier versions of Configuration Manager. These improvements include:
- Pre-production Testing for Configuration Manager Clients
You can test a new version of the SCCM 2016 client before upgrading an entire site. The SCCM 2016 console lets you set up a pre-production collection for pilot testing a new client release and promoting the tested client software so you can automatically upgrade the rest of the site.
- Service Connection Point
The Service Connection Point site system role replaces the Microsoft Intune connector for integrating Intune with SCCM on-premises mobile device management (MDM). The Service Connection Point operates as a point of contact for SCCM-managed devices, uploads usage data about your deployment to the Microsoft cloud service, and makes your deployment updates available from the Configuration Manager console.
- Managing Windows 10 Upgrades
A new task sequence in the Create Task Sequence Wizard creates the steps required to upgrade computers from Windows 7, Windows 8, or Windows 8.1 to Windows 10.
- On-premises Mobile Device Management (MDM)
On-premises MDM uses your SCCM infrastructure to manage Windows 10 mobile computers and potentially other mobile devices that incorporate the Open Mobile Alliance Device Management standard. On-premises MDM requires a Microsoft Intune subscription, but Intune is used only to track device licensing and to alert Internet-connected devices to check for updated policies. Intune is not used for managing devices or storing their management information, which instead is kept on premises. When you deploy on-premises MDM you do not have to install or update client software on managed devices, and fewer site system roles are required. Devices that cannot be contacted by Intune depend on your specified polling interval to check in with site system roles for management functions.
- Peer Cache
When you use Configuration Manager to manage content deployment, Peer Cache minimizes WAN traffic by allowing branch clients within a boundary group with no local distribution point to share SCCM content with other clients directly from their local cache. In contrast to Branch cache, Peer Cache works with Windows Preinstallation Environment clients, and Peer Cache clients do not need to be in the same subnet to share content.
- Simultaneous Migration of Shared Distribution Points
The Reassign Distribution Point option in Configuration Manager 2016 permits you to reassign up to 50 shared distribution points concurrently instead of processing reassigned distribution points one at a time.
- Cloud Management Gateway Connector Point
The cloud management gateway (CMG) connector point combines a new site system role and a Microsoft Azure cloud service that permits Internet-facing clients to communicate with Configuration Manager 2016. The CMG supports the management point and software update point roles, needs no additional infrastructure, and prevents your on-premises infrastructure from being exposed to the Internet.
- Fallback Boundary Groups
Configuration Manager clients unable to find content from a distribution point associated with their current boundary group can fall back to use content source locations that have a defined relationship with their boundary group. You can use the Configuration Manager console to define how long a client must wait before searching a neighboring boundary group for content.
- Hybrid Mobile Device Management (MDM) with Configuration Manager and Intune
You no longer need to target specific versions of Google Android and Apple iOS when you create new policies and profiles for devices managed by Intune in a hybrid deployment. Instead, you can specify Android, Samsung KNOX Standard 4.0 and higher, iPhone or iPad. Whenever Microsoft Intune standalone adds support for a new version of iOS or Android, users in a hybrid deployment that combines Configuration Manager and Intune can rapidly update their mobile devices without having to wait for Configuration Manager to be updated. Hybrid deployments of SCCM and Intune also support Android for Work device enrollment and management.
- Endpoint Protection Alerts
Configuration Manager 2016 can alert administrators when events such as malware infections or outdated anti-malware software are detected in your SCCM hierarchy. Alerts show up in the Endpoint Protection dashboard in the Configuration Manager console in the Alerts node of the Monitoring workspace. You can also configure endpoint protection alerts to be emailed to specified users.
How Progent Can Assist You with System Center Configuration Manager
System Center 2016 Configuration Manager is an enterprise-class configuration management solution that, when properly deployed, dramatically cuts management time and expense, enhances worker output, and improves security and compliance. However, to achieve the full potential of SCCM 2016 demands meticulous planning that addresses your network infrastructure, business goals, security and compliance needs, and budgetary restrictions. Progent's Microsoft-certified consultants have the knowledge and experience to assist companies of all sizes to design efficient site hierarchies for SCCM 2016, define and enforce appropriate policies, integrate local and cloud-based network architectures, and find the right balance between management control and user productivity in environments that include a combination of company-owned and personally owned devices of all types.
Progent can help you migrate legacy versions of SCCM or from System Management Server to SCCM 2016. Progent can also help you design and carry out an efficient Windows Server 2019 migration or Windows Server 2016 migration to provide an up-to-date infrastructure for SCCM 2016.
To find out more about Progent's consulting services for Microsoft System Center 2016 Configuration Manager, phone 1-800-993-9400 or visit Contact Progent.
Microsoft Intune dovetails with System Center 2016 Configuration Manager by providing configuration management for Internet-facing mobile devices that are Cloud-connected rather than domain joined to the corporate network. Intune provides a comprehensive set of Cloud-based Mobile Device Management (MDM), Mobile Application Management (MAM), and PC management capabilities. In addition, you can integrate Intune with SCCM 2016 to create a unified change management solution across your SCCM 2016 infrastructure and Microsoft Azure's Cloud infrastructure. Intune is a subscription service licensed per user, where each user can have multiple devices. This aligns well with the modern BYOD style of computing. Intune is available as a stand-alone service or as part of Microsoft’s Enterprise Mobility Suite (EMS), which includes Microsoft Azure Active Directory Premium and Microsoft Azure Rights Management. Important features of Intune within its three categories of functionality include:
Mobile Device Management (MDM)
Advanced Mobile Device Management (MDM) systems must provide mobile device users with convenient access to the corporate resources they need to do their jobs, but without compromising security and compliance requirements. MDM solutions must also make it easy to manage the crowd of popular mobile devices and operating systems that has become the norm for today's BOYD style of computing. Microsoft Intune meets these challenges by delivering a feature-rich solution that includes secure self-service capabilities, fine-grained policy management, and extensive control over access to corporate data and services.
Mobile Application Management (MAM)
Mobile Application Management (MAM) has to do with applying policies to mobile device applications that limit or eliminate certain functions within apps that could otherwise pose a security threat to corporate data. For example, an administrator could restrict a managed app from executing the Save As command or the cut-and-paste function in order to prevent sensitive information from being leaked. Intune offers a continually expanding selection of MAM capabilities for managed applications running on mobile devices powered by Windows, Apple iOS, and Google Android. These MAM capabilities include built-in MAM functions for Office 365 apps, a managed web browser that allows managers to limit access to specified sites, a secure PDF viewer and AV player, and the ability to wipe selected data (as opposed to all data) from devices that are retired, out of compliance, or lost.
For computers that are not enrolled as mobile devices with Intune, you have the option of installing Intune client agent software that runs on the PC. Current versions of Windows offer the option of being managed as enrolled Intune mobile devices or via the Intune client agent. The Intune client agent enables centralized management of PCs and supports functions that include policy-based software deployment and firewall configuration, app management, Endpoint Protection, asset and configuration inventory, automated software updates, and compliance monitoring.
How Progent Can Help You with Microsoft Intune
Progent's Microsoft-certified consultants can help you evaluate the business case for using Intune to manage your mobile devices. Progent can help you design and build a pilot system to assess whether Intune is an appropriate tool for your situation, and Progent offers comprehensive project management services or task-based consulting to help you upgrade to Intune from a legacy change management platform. Progent can also help you integrate Intune with System Center 2016 Configuration Manager to create an advanced, single-console configuration management solution for your entire enterprise. In addition, Progent can help you understand and activate the MAM capabilities of Intune with Office 365 applications, integrate Intune with Microsoft Exchange ActiveSync, and analyze your Intune security policies to make sure they align with industry best practices, your internal standards, and regulatory compliance requirements.
32-bit to 64-bit Operating System Migration
Migration of a desktop PC from a 32-bit to a 64-bit operating system presents special problems for desktop administrators and requires special methodologies and software tools to carry out efficiently and successfully. If you are moving to Windows 10 from a 32-bit version of Windows, you have to install the target computer from scratch while at the same time dealing with possible application incompatibilities and new drivers. This can be a frustrating process when you do it for the first time. Progent's 64-bit computing consultants and Windows 10 migration experts can help you plan and carry efficient desktop operating system upgrades on individual workstations or on large groups of desktop PCs so that save time, eliminate manual errors, and limit service disruption.
If your business network needs any of the support services available from Progent, call 1-800-993-9400 or visit Contact Progent.