kentoh - Fotolia
Microsoft plans to end extended support for Windows 7 in January 2020, so organizations should ensure that they implement the right unified endpoint management tools to support a Windows 10 migration.
Organizations that have not yet migrated to Windows 10 can use this opportunity to implement UEM to help streamline migration and administrative tasks. Organizations that have already implemented UEM will likely want to use it in conjunction with their migration efforts to help ease the process.
Organizations that fall into either of these categories should ask themselves seven important questions about their UEM product to ensure they have the right tool.
1. Does the product support the necessary Windows environments?
Windows 10 migrations are never quick and are often done in phases. IT pros might need to support legacy desktops, such as Windows 7, at the same time they're supporting Windows 10. Most major UEM products can manage Windows 7, Windows 8.1 and Windows 10 devices. Some can also handle Windows 8. ManageEngine Desktop Central supports Windows 8 devices, for example, but Ivanti Endpoint Manager does not, nor does it support Windows Home editions.
The type of support can also vary among products. VMware Workspace One, for example, offers the Windows Desktop platform for managing Windows 8.1 and Windows 10 devices. Workspace One also offers the Windows 7 platform for Windows 7 and Windows 8 devices, as well as Windows 10 devices, but the Windows 7 platform is not as comprehensive as the Windows Desktop platform. IT pros should also evaluate whether the UEM product supports different work scenarios, such as on premises, remote or BYOD.
2. What types of deployments does the product support?
Microsoft offers several deployment options for a Windows 10 migration. A common approach is the in-place upgrade, which uses Windows Setup to update the OS, while preserving its applications and settings. Another deployment option is the wipe-and-load refresh, which wipes the original OS and installs Windows 10 but preserves the user state. Organizations can also move users to new computers, with or without preserving the user state, or refresh old systems without preserving state.
The UEM platform must be able to work seamlessly with the various migration options while simplifying operations. UEM products such as Workspace One and Ivanti Endpoint Manager can both use Windows Autopilot to prepare devices for production, and Quest's KACE Systems Deployment Appliance can automate image provisioning and deployments across multiple OSes, while supporting scripted installations and automated driver slipstreaming.
3. How does the UEM product support Window applications?
The Windows 10 migration process must take the installed desktop applications into account. An IT team might have used a tool such as Microsoft's System Center Configuration Manager (SCCM) to deploy the applications, or administrators may have installed them manually. Users might also have installed applications themselves. Regardless of how the applications got there, the migration process must accommodate them, and the UEM product must accommodate those applications.
Application management is an important component of a UEM product. For example, KACE Systems Management Appliance can inventory all applications installed on managed devices, and Ivanti Endpoint Manager can automate application configurations based on the destination OS. Desktop Central includes over 1,000 built-in application templates for package creation. And Workspace One offers a unified app catalog to manage and access applications. Features such as these can go a long way in making application migrations far less painful.
4. How does the UEM product handle application and user data?
Managing user files and settings is a crucial part of the migration process. IT must be able to control exactly which files and settings are migrated, while accommodating the transition from an older Windows platform to a newer one. IT must also ensure that the settings are correctly applied to the new environment and that the files are accessible to that environment. In addition, IT admins might have to incorporate file syncing services, such as OneDrive for Business.
The better the UEM product can accommodate a data migration strategy, the smoother the migration. For example, Ivanti Endpoint Manager can automatically capture personal settings from a user's existing desktop and store them to a central location so they can be applied to the new system. Ivanti also offers File Director for syncing user files across environments.
5. How does the UEM product protect the desktop environment?
One of the most important considerations of a Windows 10 migration is to ensure that the devices and data remain secure before, during and after the migration, a process that can take many months. Not only must IT pros protect data at rest and in motion, but they must also take into account factors such as existing data encryption or antimalware software. IT might also have to account for issues such as group policy settings, application blacklisting or firewall configurations.
Fortunately, most UEM vendors take security seriously. BlackBerry UEM, for example, offers policy rules, device compliance enforcements, network connectivity controls and encryption capabilities that protect data at rest and in motion. MobileIron provides access control, multifactor authentication, policy configuration and enforcement, threat detection and remediation, and various other protections.
6. Does the UEM product integrate with third-party tools and services?
A UEM product must be able to integrate with other tools and services to carry out an effective and secure migration. For example, many organizations rely on Active Directory or Azure AD for managing their Windows domains, or they use SCCM to carry out administrative tasks. They might also use tools for identity management, system monitoring or an assortment of other operations.
An effective UEM product must be able to integrate seamlessly with these tools and services throughout the entire migration process and beyond. For instance, MobileIron integrates with SCCM, enabling administrators to view all endpoint devices from the SCCM console and take security actions, such as locking, unlocking and wiping devices. Workspace One integrates with Azure AD and Windows Hello for Business, and it supports comanagement with SCCM.
7. What tools does the product provide for managing Windows desktops?
A UEM product should provide the tools necessary for effectively managing the Windows devices before, during and after the Windows 10 migration process. Those tools should be available through a centralized dashboard that provides a comprehensive view of all devices, while making it easy to carry out specific tasks. For example, Workspace One provides Admin Console for drilling into details about managed devices and performing deployment and administrative tasks.
In addition to basic management tasks, a UEM product should support monitoring and reporting capabilities that provide full visibility into the organization's devices and its operations. BlackBerry UEM, for example, lets IT monitor systems and generate dashboard reports that present information about the managed devices and users. IT pros can also export the report's data to a CSV file.
Monitoring and reporting capabilities are critical to maintaining operations and troubleshooting issues during the migration process. The more detailed the information, the more quickly IT can resolve issues and complete the migration process.