As the old saying goes, “An ounce of prevention is worth a pound of cure.” Looking to the coming year, what headaches could a director of Infrastructure save themselves by doing a little updating and maintenance now?

Turns out, plenty. And much of it is low-hanging fruit—that is, tasks that are simple and routine, but that can prevent a lot of problems down the road.

Added bonus: Now, as the budget year heads into Q4, is a great time to do them. Many IT departments have budget to spend before year’s end. This has been especially true for departments that have put on hold things like in-person conferences and tradeshows, live training sessions, and travel, in the wake of COVID-19. Spending that money on upgrades and maintenance helps justify the budget even as it sets up your organization for smoother running.

Here, then, are our five suggestions for projects that can easily be done in Q4 2020 and that will set you up for success in 2021.

laptop displaying code upgrade maintenance windows environment

  1. Configure Conditional Access-Based Multi-Factor Authentication. Conditional Access lets an admin create and define policies that “react” to sign-in events. These can then be used, for example, to request further authentication or additional actions before a user is granted access to an application or service. Combined with multi-factor authentication, it is the best way to secure access to Microsoft 365 apps, data, and services.
  2. Configure MAM to Secure M365 Data and Services. Microsoft’s new Endpoint Manager (previously Intune) includes a suite of tools for mobile application management (MAM), including tools for publishing, pushing, configuring, securing, and updating managed M365 apps. In this age of “BYOD” (Bring Your Own Device), mobile apps represent a heightened security and data leak risk. In fact, a recent report by Verizon found that some 43% of enterprise organizations are not adequately addressing mobile security, and roughly 55% of all security breaches have “lasting effects.” Configuring MAM appropriately for M365 apps, data, and services is a no-brainer.
  3. Upgrade SCCM/MECM to the Latest Current Branch Version. There are two reasons to do this. One is to have access to the latest features (such as custom configuration baselines as part of compliance policy assessment). The other is to stay within the official support window: Each update version of SCCM/MECM remains in support for 18 months from its general availability release date, so you will want to ensure that update to the current version at least that often.
  4. Implement MECM Cloud Management Gateway/Co-Management Infrastructure. Frankly, we’re surprised more organizations have not done either (or both) of these yet, as they are both vital solutions for any organization that now has employees working from home. For more specific details about Cloud Management Gateways and modern MEM/MECM Co-Management with Endpoint Manager (Intune), we highly recommend downloading our recent white paper, “Updating When Everyone Is Off-Prem: Strategies for Handling Windows 10 Updates and Compliance Issues in a WFH Environment.”
  5. Pilot Windows Virtual Desktop. Windows Virtual Desktop is an Azure-based system for virtualizing the Windows operating systems, which means that applications and even the desktop itself are hosted in the cloud. It can be deployed right alongside other Azure services within the Azure portal, making for a single, easy point of control and easy scaling. But the real benefit of Windows Virtual Desktop is that it standardizes applications and the desktop experience for remote users.

“But I Don’t Have the Time…”

The pace of change can be slow in some industries, and that goes double for environments containing many (1,000+) endpoints. Many of the organizations we talk to are not doing the above simply because they can’t find the time between all of the other projects and responsibilities on IT’s plate.

This is where we can help. Our team has extensive experience with Microsoft Infrastructure, including SCCM/MECM, Azure, and Endpoint Manager/Intune. And we have developed tools that allow our team to automate many of these tasks, freeing you to pursue those other projects. If that sounds like something you would like to pursue, here’s how to contact us.