Microsoft Ignite 2021
Microsoft held their annual Ignite conference at the beginning of November, announcing a slew of new features, functionality, and technology coming to the Microsoft 365 ecosystem. These changes run the gamut from new user collaboration capabilities through new security services and everything in between.
In this post, we want to highlight some specific announcements relating to endpoint management and security. We think these are big opportunities for anyone leveraging Microsoft 365 services, specifically with a focus on security + management of the Microsoft 365 cloud services and the endpoints which connect to it.
Microsoft Endpoint Manager Updates
Microsoft Endpoint Manager is the centralized endpoint management platform for Microsoft 365, combining Intune, Configuration Manager, Autopilot, and more into a powerful tool for managing endpoints. Among the collection of announcements at Ignite relating to MEM, two stood out as big wins:
Intune Management of Linux Desktops
Intune has long had the capacity to manage Windows, macOS, Android, and iOS/iPadOS devices, but Linux-based endpoints were unable to be managed. That changes soon as Intune will gain this capability. Administrators will be able to use Intune to push Wi-Fi profiles, certificates, password policies, and more. This ensures that, no matter what types of endpoints you have in your organization, you’ll be able to manage them via Microsoft Endpoint Manager.
Intune gains Script-based Compliance Policies
Intune’s compliance policies have always exposed an extensive collection of settings to measure, but if a setting wasn’t exposed, it was unavailable for usage in determining an endpoint’s compliance state. That will no longer be an issue, however, as Intune is gaining the ability to leverage custom scripts to measure compliance on both Windows and Linux endpoints. If your desired configuration can be measured via script, then it can be used by Intune to determine endpoint compliance. This will open a great deal of flexibility for managing endpoint compliance in your organization.
Find out more about these two items at Microsoft’s announcement blog, here.
Windows Update for Business Updates
Windows Update for Business is a service providing a streamlined experience for managing Windows Updates on Windows endpoints. It is the backbone of managing updates in a Modern Management process.
Here are two big announcements from Ignite that will provide immediate value:
Windows Update for Business Deployment Service will be exposed in Intune
Windows Update for Business’s deployment service already provided the ability to automatically optimize the scheduling and rollout of feature updates across an organization, helping improve the user experience and rollout success through automated analysis of logs and success rates. However, this capability previously required configuration via Microsoft Graph or the PowerShell SDK, raising the bar to entry for most organizations.
Intune will be updated to provide a UI for managing these capabilities, exposing the deployment services’ scheduling-over-time functions to all administrators using Microsoft Endpoint Manager. This will provide a huge boon to update management administrators, further reducing their workload while ensuring increased success and improved user experiences.
Find out more in Microsoft’s announcement blog post, here.
Connected Cache provides an on-network cache for Windows Update for Business
For those companies that want to gain the simplicity of managing updates with Windows Update for Business but need extra care for sites’ WAN links, Connected Cache is the answer. Configuration Manager Distribution Points can be enabled as Connected Cache servers, allowing them to cache data locally from Windows Update for Business. Combined with the Delivery Optimization technology in Windows, this will reduce the WAN impact from clients downloading updates by having a local resource from which to pull the data.
This allows organizations to get the best of both worlds – Connected Cache functions as a streamlined Distribution Point, gaining the caching features while still reducing the administrative overhead as the cache’s contents are managed automatically by the Windows Update for Business service.
More information on Connected Cache and instructions for setting it up can be found here.