Article | Performance & Productivity
Microsoft 365 Modern Desktop – deployment using Intune and Autopilot
Microsoft, Lenovo and Insentra are seeking to change the status quo and simplify PC management with Windows 10, using Azure AD, Mobile Device Management and Autopilot. Act like the enterprise with streamlined deployment methodologies built into the cloud.
THE PROBLEM
Windows desktop deployments are hard— efficient deployments have typically required large amounts of infrastructure, setup, testing and deployment tweaking. Managing and redeploying those PCs once deployed using Group Policy and other products also required significant overhead.
Add to this the requirement for systems to be physically plugged into the network and it becomes even more problematic, especially in the current climate.
REFRESH VS EVERGREEN
One of the most significant changes to the desktop is the way the Operating System (OS) refresh cycle has evolved into an evergreen model, ensuring security is at the centre of all updates and continuously improving productivity and efficiency. The way the desktop OS is delivered can be automated, removing overhead and associated costs relating to physical updates, manual imaging, and fault resolution.
Application deployment and management during the evergreen model means that an application is kept separate from the Windows deployment. This also allows them to be updated separately and more often, without the need for significant testing and overhead. Apps can be optionally attached directly from the cloud meaning zero touch to the actual underlying Windows operating system and the ability to assign apps to users easily.
THE TECHNOLOGY
This will not be too technical, but it helps to understand the various components of Modern Desktop. All of these components are available under Microsoft 365 licensing.
Microsoft 365
Buying Microsoft 365 CSP from Lenovo will give you the benefits of integration directly from the vendor. Hardware you purchase from Lenovo will automatically have its hardware hash inserted into Azure Active Directory so when a user signs in, the device is associated with your tenant and deployed accordingly. Zero touch and over the air provisioning from any Internet connection.
Azure Active Directory
With every Microsoft 365 Cloud Solution Provide (CSP) subscription you get Azure Active Directory. A cloud-based identity provider which enables businesses to roll out Windows 10 devices without any on-premises identity solution. And you can do this for free—Azure AD has multiple editions, including a free version. Most organisations, though, are going to pay for Azure AD in some form to gain additional features. This includes automatic MDM registration—Azure AD Premium is required, even if you’re using a third-party identity solution.
Windows 10
Core to the concept is Windows 10 – Microsoft’s evergreen operating system which has bi-annual feature updates. The recommendation here is to always be on a current release, which is a critical part of delivering a Modern Desktop. This ensures the best user experience with the latest features, functionality and security controls.
Mobile Device Management (MDM)
MDM is of course the cornerstone of the cloud-only solution, so you'll need an MDM product capable of managing Windows 10 - such as Intune. You can also build autopilot into your traditional Active Directory Group Policy Object (GPO) management framework, or integrate Configuration Manager to perform additional bespoke tasks on top of the Intune deployment.
THE SOLUTION
Using these technology components, we can now deploy an evergreen, secure SOE environment. This is new and intriguing for lots of customers because it provides a simplified, cloud only approach to PC deployment and management.
Simply order the Lenovo device of your choice, connect to the network, log in with your credentials and validate your identity with a multi-factor challenge (a token or SMS sent to your mobile device) and the device is provisioned including the required applications and access to data. Best of all, this can all be accomplished by shipping the device directly to the end users’ home, getting them securely onboarded in minutes with no intervention or help desk support.
The benefits of deploying this are:
- Lower cost of deployment and management – both time and expense
- An evergreen, security-first, desktop operating model
- Flexibility and benefits of cloud management under the Microsoft 365 licensing SKU
CONSIDERATIONS
One thing to be aware of is that a true cloud only model for deployment may not work for your organisation, but this doesn’t mean autopilot isn’t for you. There are different scenarios which may work, and Autopilot can also deploy domain-based PC’s as well. A lot of the benefits of cloud can still be realised in these scenarios so please reach out and we can have a further discussion about what model suits your business the best.
A WRAP
In closing – or Too Long, Didn’t Read (TLDR), Microsoft, Lenovo and Insentra are now able to bring a modern, streamlined low-touch desktop solution with the benefits of cloud directly to your business.