What’s new in Microsoft Endpoint Manager – 2111 (November) edition
Ramya Chitrakar
Corporate Vice President - Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps and Microsoft Defender for Identity #MSSecurity #MicrosoftDefender
This month, after the great set of announcements from Microsoft Endpoint Manager at Microsoft Ignite, I thought I'd share ?“behind the scenes” stories about some of the new capabilities we announced at Ignite, from remote help to our Frontline worker investments. There are plenty of additional capabilities that we released this month; from Filters to Windows Updates - here’s the complete list of Endpoint Manager features for 2111 (November). As usual, I appreciate your feedback and I hope you appreciate these "behind the scenes stories" of features newly released or coming soon. View the original article here.
Remote help: Getting our remote assistance offer to market
The need for a cloud-native remote assistance solution for Windows became more time sensitive for customers during the COVID-19 pandemic, when users could no longer visit their company helpdesk in person.
The Endpoint Manager team interviewed existing and potential customers to understand requirements across different organizations and regions. They told us they wanted a solution that would ensure security and build trust between Helpdesk staff and the users who needed help. They also needed it to tie directly into Endpoint Manager for ease of overall management and integrate with other security features such as device compliance.
Rather than build from scratch, we were able to accelerate time to market by building from some existing technology that Microsoft had which already had much of the functionality we were seeking; we needed to add in more enterprise-grade features. By partnering with the internal team that had built the technology, we were able to develop an enterprise-ready remote assistance product faster and with higher performance than we would have otherwise.
The outcome of our partnership is the new remote help application, featuring enterprise capabilities such as role-based access control, enhanced trust, elevation, and session reporting. Private preview customer feedback has been very positive, and we’ll be releasing the public preview soon. For more information, see: Remote help: a new remote assistance tool from Microsoft – Microsoft Tech Community and hear directly from a member of the Endpoint Manager team Neha Shah, Sr. Program Manager who led the development for this solution:
Designing device management for Android Open Source Project based on the needs of Frontline Workers
Our Android Open Source Project (AOSP) device management initiative started to roll out and was?announced?in October, but has a longer back story that involves deeply understanding the needs of Frontline Workers.
Historically, Android devices that aren’t integrated with Google Mobile Services (GMS) don’t have a management option to keep up to date with management API changes. Android Enterprise is not an option, as that management mode has a hard dependency on GMS. Device Administration (DA) management provides some basic management support but doesn’t match the scope of corporate device management with Android Enterprise. Moreover, DA management has reduced support over the past few years as Google moved towards Android Enterprise and newer APIs. While DA provides basic management, support remains limited and based on available settings and additional OS-level end of support.
As such, many Frontline workers use devices without GMS, making deployment, configuration, and device protection challenging.
We set out to address the situation. Together with a dozen customers, we listed the engineering challenge: how do we best manage the heterogeneity of Android devices, especially those without GMS? How can we help Frontline Workers using these devices on a factory floor or in a healthcare facility stay secure and ensure configurations and policies that make these devices easy to use are applied?
Goodyear, one of the world’s leading tire manufacturers, was part of the cohort of customers that greatly influenced our direction. As shared in this case study, they were using Microsoft Endpoint Manager and RealWear assisted reality wearables to help remote experts diagnose and fix broken machinery in their plants. Ensuring all their Frontline Worker devices were provisioned based on their needs and more secure to protect sensitive information was critical to them. ?
By continually testing ideas, prototypes and then preview software with our customers, we built a management solution for AOSP devices that was launched in public preview in October. Our first release, with support for configuration and compliance policies, conditional access, and base remote device management, and additional features (such as adding support for additional applications) will come in 2022. RealWear is the first Android (AOSP) device that will be supported by Endpoint Manager for corporate AOSP management. Learn more: ?Microsoft adds Android Open Source Project device management - Microsoft Tech Community. For a demo, see this video:
领英推荐
Managing unenrolled Microsoft Defender for Endpoint devices
Endpoint security management is as old a concept as group policy and active directory. That, in itself, was the problem that most of our customers faced when they started looking at modernizing security management. With multiple ways to configure the same settings, getting complete coverage of your digital endpoint from a single surface was complicated.
It was hard to leave behind the old ways and come up with innovative solutions. There was always a machine that wasn't connected to Endpoint Manager, one that was born in the cloud with no connection to Active Directory, or any other permutations of scenarios that fractured the security management experience. We wanted to bring these worlds together, without another management surface.
We brought together our Endpoint management team with the Microsoft Defender for Endpoint team to brainstorm. How could we create a security management story that leverages the investments people have already made in the Microsoft 365 stack, while keeping making it easy to manage and use. Our goal remained simple. Once Microsoft has a security or management presence on the device, everything else should just work!
Our approach rested on four principles:
At Microsoft Ignite we announced our first step in this journey. With the Microsoft Defender for Endpoint team, we've built a capability that allows your Windows devices to receive security policy from Endpoint Manager, regardless of their enrollment status. This initial capability provided by the Defender for Endpoint client is available for public preview, with more innovations on the way. While security continues to grow in complexity, this management integration will drive simplicity for your organization.?To read more, see - ?Manage Unenrolled Defender for Endpoint Devices | Microsoft Tech Community and to learn more about endpoint security and its role in your organization, watch Endpoint Manager Program Managers Lance Crandall and Matt Call at Ignite: Endpoint security management with Microsoft Endpoint Manager.
Coming soon – the ConfigMgr 2111 release
Microsoft Endpoint Configuration Manager is a core component of Endpoint Manager, our unified endpoint management solution.?We are about to release ConfigMgr 2111 in the next few days! Be on the lookout for more via LinkedIn and the Configuration Manager Blog - Microsoft Tech Community, as we release 2111 to the early update ring and then it will be globally available soon after!
Let us know what you think
This month was a huge month of announcements for Microsoft Ignite! ?So, this month more than ever, please share your feedback so we can continue to improve the user experience and simplify IT administration. Please share comments, questions, and feedback by commenting on this post! Again, the original What's new post is here: What’s new in Microsoft Endpoint Manager - 2111 (November) edition - Microsoft Tech Community
Cloud consultant modern workplace management bij BLAUD | Microsoft 365 Certified: Administrator Expert
3 年Hi Ramya Chitrakar, great release with several useful new features! Could you tell where to find this remote support app? After watching the Ignite video and reading the techcommunity article, there is no reference on how to get this app. In the tech community there seems to be several others with the same question. Thank you!