Rawpixel - Fotolia
A traditional enterprise desktop management strategy where IT professionals manage PCs that never leave users' desks may not be dead, but it's on life support.
A modern management approach that embraces device and operating system diversity and includes mobile device management is the future. An avalanche of change has led enterprise desktop management to this moment, said Aaron Parker, a solutions architect at Insentra, an IT services company in Australia.
How the world has changed
Many users still have Windows PCs or laptops, but others want to work with Apple macOS and even Google Chrome OS. In addition, they have Apple iOS or Google Android smartphones and tablets they want to use to work.
To make matters more complicated, the incoming workforce consists of users who are more tech-savvy than previous generations, Parker said in a presentation at last month's online event hosted by XenAppblog.com.
"They've grown up with devices," he said. "They expect a good user experience. They expect flexibility from enterprise IT -- work from anywhere, use the devices [they] enjoy using."
Plus, Windows 10 has a more aggressive update cycle known as Windows as a service, with two major feature updates a year in addition to monthly updates for security and bug fixes. The feature updates can force IT to test app and device compatibility on a biannual basis.
It's not just the OS that is forcing change in IT's enterprise desktop management strategy, however. Microsoft System Center Configuration Manager (SCCM) has averaged three to four updates a year since 2015 and Microsoft Intune updates multiple times a week.
How can IT update its desktop management strategy?
To adjust to the rapid pace of change, IT pros must plan for how to handle updates in general rather than plan for the specifics of each individual update.
"I want a document that says, 'we're going to do X, Y and Z, not exactly how we're going to do it," Parker said. "[If you] write the design document, by then, Intune [for example], has changed."
In addition, IT pros should use analytics to gain deeper insight into their deployments, Parker said. One option is Microsoft Desktop Analytics, which was announced in September. An expansion of Windows Analytics the cloud-based service can help IT pros assess whether devices are ready for updates by taking an application inventory and assessing their compatibility with the latest Windows 10 features.
With all the change to desktop management strategy planning, IT pros must take some tasks off their plates. Windows Autopilot, for example, allows IT to preconfigure devices to meet users' specific needs. IT doesn't have to build a custom desktop image; when the user turns on the device for the first time, connects to the corporate network and verifies his credentials, it's ready to use.
IT should also enable user self-service for simple fixes such as password changes so it's not bogged down by menial tasks.
Security and compliance remain essential
In the world of modern management, security and compliance come down to managing user identities, Parker said.
"I don't really care what's on the device, I just need to know the device is compliant," he said. "I want to make sure I am managing the user's single identity."
IT should enable single sign-on so users don't have to constantly enter their login credentials. IT should also enforce multifactor authentication (MFA), which relies on more than just a password.
IT can enforce conditional access that controls the privileges users have, as well as what apps they can access. IT can decide what a user can do based on whether the user signed in using MFA, whether his device is trusted, whether there is malware on the device, whether he is accessing a sensitive app and more.
The bottom line
Elements of traditional desktop management will stick around for a long time, Parker said. On a factory floor where PCs are common, for example, there is still value in a more legacy approach.
The key to an effective modern desktop management strategy is to blend strategies and manage everything in as few locations as possible. Microsoft added co-management capabilities to SCCM and Intune, which allows both tools to manage Windows 10 devices and gives IT the power to determine which tool handles which management tasks.
IT can also look into workspace tools such as VMware Workspace One and Citrix Cloud, which provide IT with a single console to oversee all of a user's resources.