Why Microsoft Endpoint Manager

One of the biggest pieces of news at Ignite 2019 last week was the announcement of Microsoft Endpoint Managerv – the unification of ConfigMgr and Intune. To better explain the unique value and business impact offered by Microsoft Endpoint Manager, I’ve put together a few thoughts below.

Early in 2019, a number of us recognized that while we were all talking about a unified management solution across ConfigMgr and Intune, there were still a number of things that made it hard for customers and partners to understand where these products were heading. On a very regular basis I would hear feedback from customers who believed ConfigMgr was dead after hearing bad information or input from confused sources. All of this was happening at a time when we were in the midst of investing more in ConfigMgr than at any point since the release of ConfigMgr 2012, as well as making significant investments in ConfigMgr+Intune integration through co-management.

This is when my team and I had to be very honest with ourselves and admit that we had allowed our narrative and product truth to get confusing. There were a lot of things that had lead to these problems. We had too many brands. There was confusion around what the term “modern management” meant.

The way to fix this was simplification. So we simplified.

We simplified branding.

Going forward, all of our management capabilities will be branded Microsoft Endpoint Manager. One name, one brand, one place. Simple. 

We simplified licensing.

Back when we began this simplification process, I was meeting with customer to talk about the value of being cloud-connected, and I asked the people in the room why they had not connected ConfigMgr to an Intune tenant. The answer was simple: They didn’t know if it was possible because they were unsure if they were licensed for Intune. This organization (like most orgs) was licensed for both ConfigMgr and Intune, but none of the people capable of taking action knew that. Having seen this problem first hand, I knew that a BIG part of simplifying had to be the removal of this uncertainty: We have now changed our licensing structure to automatically grant Intune licenses for use in conjunction with ConfigMgr for co-management of Windows devices. Simple.

We simplified the product.

Like I said above, our product truth did not match our vision and narrative – on a lot of levels. The biggest example of this disconnect was that ConfigMgr and Intune were two separate consoles. This had to change. This is why I was so excited to show live demos at Ignite of ConfigMgr tasks and reporting in the new Microsoft Endpoint Manager (MEM) console. Customers will start seeing this console in their Intune tenants by the end of this calendar year. Moving forward, each month you’ll see more and more ConfigMgr tasks appear in the MEM console. A single console. Simple. 

In addition to simplification, we also want to clarify the definition of modern management. That link leads to an important blog post about what it means (and how it happens) to move toward modernizing your management.

Microsoft Endpoint Manager: More than the Sum of its Parts

One of the most unique capabilities of MEM is the ability for ConfigMgr and Intune to manage the same PC – something we call co-management. Co-management is an area we have invested heavily so that two management authorities can exist on the same device and programmatically guarantee that you could never accidently set conflicting policies that can damage your PC estate. With MEM, we add the intelligence from the Microsoft 365 cloud directly to your ConfigMgr deployments.

The power and capabilities of MEM really are unique. I call it “power” because the unique insights we are able to learn from and build on come directly from Microsoft 365 which contains a number of the world’s largest commercial cloud services (e.g. Office 365, Azure Active Directory, Microsoft Defender), and each of these services are usage leaders in their category. The power and usability of these insights is further multiplied by what we subsequently learn from the intersection of device + identity + productivity. This data empowers IT to be more effective and efficient while delivering a better and more secure end-user experience. 

Back in January I was on Wall Street meeting with customers, and one of them casually mentioned to me that he was going “Microsoft 365 native.” When I asked what that meant, he shared his plan to use only the management and security from Microsoft 365 on corporate Windows devices – and any attempt to include additional agents required his personal approval. He had already extensively tested and validated the plan and found that using the Microsoft 365 management and security capabilities provided the best possible combination of security, costs, and end-user experience.

Since that meeting, I have had my team focused on quantifying these benefits. Here are 3 key benefits to consider when going Microsoft 365 native:

1) Organizations using Desktop Analytics (now Microsoft Endpoint Manager Analytics) have been able to automate their application compatibility validation. The automation of this massively time-intensive process has saved up to 85 percent of the time and costs associated with app compatibility validation when upgrading to a new release of Windows 10.

2) Organizations Organizations who adopt a “Microsoft 365 native” setup are often able to remove dozens of agents from their PCs. The Microsoft Managed Desktop (MMD) service is the gold standard for how PCs should be deployed, managed, and secured – and when we recently deployed MMD for one of our customers, 44 agents were removed from their PCs during this process. What happens when you remove that much friction on the device? We found that by removing those agents the average boot time on that PC was reduced by 85%. MMD customers are also see an 85% reduction in the number of crashes for their end users. On top of this, the reduced burden on the processor means that these users get 2x more battery life from their PC. These massive improvements come from just using what’s “in-the-box” rather than loading a bunch of agents on the PC. Also, with the newly announced Productivity Score, we are giving you the insights and recommended actions that enable you to provide this kind of experience to your end users.

3) The best thing about these changes is that the end users notice the improved experience. The positive reaction to these changes translate into HUGE employee sentiment increases: When a group of MMD customers were surveyed, we learned that users of modern devices (touch and SSD) that are managed and secured using Microsoft 365 are  121% more likely to say they feel valued by their organization, and those workers are 38% more likely to say their PC experience enables them to best serve their customers. All of this translates into great employee sentiment and satisfaction – and that feedback presents itself as greater employee loyalty. I’ll publish more on this data next month.

In addition to these benefits on Windows devices, there are a few other unique values to using Microsoft Endpoint Manager:

• The Microsoft 365 Conditional Access capabilities must be written through Microsoft Endpoint Manager to be used across all your devices. It’s at this intersection of device + identity that we implement Conditional Access for Microsoft 365 and any data or app that your organization uses. Conditional Access enables Microsoft 365 to ensure that only trusted users, working from trusted devices, can access your organization’s data and apps.
• Microsoft Endpoint Manager is deeply integrated with the Microsoft 365 endpoint security, which automatically addresses any endpoint threats and vulnerabilities. The Windows capabilities are in-market, we have already announced that this functionality is coming for Mac, and there is much more on the way.
• Microsoft Endpoint Manager will be uniquely integrated with Windows Virtual Desktop. As customers look to move their virtual desktop infrastructure (VDI) workload to the cloud, much of that will move to Microsoft Azure and Windows Virtual Desktop. There are unique management and security capabilities we will deliver at this intersection of device + identity independent of whether the device is physical or virtual.

And the list goes on.

The key point to understand is that cloud intelligence enables a modern way of managing and securing an organization. As you map out your organization’s future and where you would like to be 2, 3 or 5 years from now, you have to take into consideration how to deliver the richest cloud intelligence in order to enhance and accelerate your efforts. Because of the vast data and unique insights it offers, I believe Microsoft 365 offers the capabilities needed to help you provide an experience that is loved by IT, loved by your users, and trusted by everyone.