Skip to content

Enterprise Mobility + Security


With the 1710 update to ConfigMgr and the 1709 update to Windows 10, we’ve provided the foundations of our solution to bridge Windows modernization through Co-Management.  This bridge is an entry-point for our customers to start their transitions to modern management – a path that leads traditional, domain-joined and ConfigMgr-managed solutions, to a deployment of Azure Active Directory and Intune.

This path will, of course, be a bit different for each organization.  What makes the Co-Management bridge so great is that it provides each organization a way to start that move to cloud-management by selectively moving workloads at their own pace.

One of the earliest adopters of this bridge is Avanade.  Below is a guest post from Joseph Paradi, an executive at Avanade responsible for their infrastructure, and he offers some very interesting insight into how the Co-Management bridge has helped drive their transition to modern management.

____________________________________________________________

 

Why Avanade Chose Co-Management

By Joseph Paradi

As a global enterprise with over 10,000 workstations, Avanade faces many of the same challenges that other enterprises face as we move along the journey to modern management.  We partner very closely with Microsoft and the Windows product group to both help them understand the challenges that we, and other enterprises face, but also to test solutions as they come to market.  Avanade has been an aggressive adopter of Windows 10, and the Windows as a Service model, and was one of the first adopters of Co-Management.

The journey to modern management has similarities to the broader journey to the cloud for a broad array of IT services.  Different companies are going to have different unique challenges, but many companies will share common challenges.  With the move to modern management, some of the most common challenges cited by enterprises have been the vast array of controls (mostly through Group Policy), processes, and tools that they have developed over the past 20+ years to manage their workstation fleet.  Moving to a new model for all of these will take time, and there will be some aspects that can move sooner, and some that will take longer to move.

With the introduction of co-management, Microsoft is allowing enterprises to design their journey to modern management in the way that will allow them to be successful.

One of the common themes across all enterprises is the increasing mobility of the workstations in use within the enterprise.  This has created challenges for workstation health as many of the traditional tools, like group policy and ConfigMgr, were not originally designed or implemented to support remote workstations that are not connected to the corporate network.  Investing in implementation of technologies like Always On VPN and Internet Based Client Management for ConfigMgr may not be strategic investments for many enterprises, so co-management offers a path that is more strategic and requires less investment.

The approach of co-management should be familiar to any enterprise that has migrated to Exchange Online or a hybrid cloud model for their datacenter.

By implementing co-management, you can start to take advantage of the benefits of the cloud (reduced costs, faster feature availability, more flexibility), while moving at the right pace for your business.

You may choose to go faster with your mobile sales workforce, and slower with your back office machines.  You may be able to enable a new retail kiosk solution more quickly than you could with legacy tools.  Co-management lets you plan and execute the migration to modern management at a pace that works for you.

How do you get ready to deploy co-management easily

While some may be intimidated by the thought of moving to co-management, we found that the journey was mostly things that we were already doing within our workstation and mobile device infrastructure.

The first focus area will be your ConfigMgr infrastructure.  Every organization should already be on the ConfigMgr vNext versions, or well along the way to get there.  As one of the earliest adopters of ConfigMgr Current Branch, Avanade has the experience with version to version upgrades to understand the dramatic improvements that Microsoft has made in the upgrade process.  Our version upgrades are now done during the business day, with little to no impact to our users, and with no more than a few mouse clicks from our ConfigMgr engineers.  You will want to make sure you are keeping up with the optimal versions of key ConfigMgr components like WSUS, but with the flexibility in the operational model of the modern ConfigMgr builds, that is pretty easy.  You will also find that the latest version of ConfigMgr introduces features that can be quick wins for your enterprise, like Express Updates, the Cloud Management Gateway, and easy deployment of firmware updates for Surface devices.

Avanade has been a long time Intune customer for managing our mobile devices globally, so we were already very familiar with Intune.  You will have to look at your Intune policies and build the new policies to apply to your workstations, then assign those to the appropriate user or device groups.  This is going to help you to get familiar with using Intune for the modern management future.

The next focus is obviously Windows 10 itself.  We are a very aggressive adopter of every Windows 10 version, which is made dramatically easier by leveraging the Servicing Model from ConfigMgr.  The joint development effort by ConfigMgr and Windows is evident in the Servicing Model, because it allows the enterprise to target machines with an in place upgrade of Windows 10 with very little effort and high reliability.  We take advantage of the power of cloud software distribution by having all the update packages delivered from the public internet, which is where the majority of our users are located.  There are also options for local caching and peer to peer software distribution if that works better for your environment.

The final piece of the puzzle is having your machines registered with Azure AD.  We have been doing this for a while now, and it is automatic in the latest few versions of Windows 10.  We did this primarily to give our users a good seamless sign on experience for our Azure AD protected applications, like Office 365, but it also enables co-management to just work.

Our experience with co-management

As part of the TAP program, the MS product group team worked on-site with our workstation, ConfigMgr and Intune teams and we were up and running on ConfigMgr 1710 in about 90 min, because all the prerequisites were already done.  This proves the value of moving to the “as a Service” model, since it gives you the ability to consume new features and functionality much more quickly, with less effort and less risk.

After piloting co-management with a few hundred machines, we turned  on for all 1709 machines as they upgrade now.  We have had very few support tickets since we introduced co-management, and no performance or compatibility impacts.

We are still discovering the different areas where we will leverage co-management, and we are admittedly in the early stages of our journey.  Our immediate win from having the Intune functionality was the ability to remotely reset Windows on a machine.  This is important to us for lost or stolen machines, which is more common in our highly mobile workforce.  This is functionality that we otherwise would have had to build and maintain in a custom ConfigMgr package.  We are continuing to work with the Microsoft product groups to help enhance the different control models available, so that we can look forward to the point where we can move away from group policy and over to modern management for our workstations.

We think one of the most exciting opportunities that we will be taking soon is the ability to control all Windows Updates from Intune with Windows Update for Business.  We will get all the optimizations that Microsoft has done for the hundreds of millions of consumer PCs with no extra effort, like Delivery Optimization.  This is particularly applicable to our mobile workforce, but is an increasingly common need among all enterprises.

Conclusion

Co-management is a great gateway for any enterprise who is on their journey with Windows 10 towards modern management.  It takes advantage of the things that you are already doing to be successful, and allows you to move at the pace and with the flexibility that is going to help you be successful.