Solving Modern Desktop Dilemmas with Microsoft 365

Sep 22, 2023

As more and more organizations support hybrid workers remotely and on-premises, operations teams are having a hard time keeping devices both secure and up to date with the latest patches as well as just managing policies that need to be applied to the devices. Many organizations are using a multitude of tools and in some cases, remote users have to physically pick up new endpoints in person traveling great distances. At Planet, we meet with customers regularly to make sure they are aware and using all of the licensing capabilities they currently own. Many customers are not aware that built into most licensing skus like M365 and Enterprise Mobility and Security (EMS) include tools that can use and, in many cases, replace existing tools. In this blog, we will explore some of the benefits of using modern desktop deployment strategies to solve problems using Microsoft 365 technologies. We will also discuss additional solutions that organizations can leverage to solve their needs for turnkey desktop deployment (Windows 365) and secure remote access (Intune Remote Help).   

What is modern desktop deployment and what are the benefits? 

Modern desktop deployment is a process of delivering and maintaining Windows 10/11 and Microsoft 365 Apps to your devices using cloud-based tools and services. By using modern desktop deployment strategies, you can solve some of the common problems that IT professionals face.  

Unlike traditional desktop deployment, which involves creating and deploying custom images, testing and remediating app compatibility issues, and manually managing updates, modern desktop deployment allows you to:  

Reduce the time and cost of deploying and updating devices  

Improve the user experience and productivity. 

Enhance the security and compliance of your devices 

  • Reducing the time and cost of deploying and updating devices. With modern desktop deployment, you can eliminate the need for creating and maintaining custom images, and instead use the cloud to deliver the latest version of Windows 10/11 and Microsoft 365 Apps to your devices. You can also automate the device setup process using Windows Autopilot, which allows you to pre-configure devices with your organization’s settings and policies before they reach your users.  
  • Improving the user experience and productivity. With modern desktop deployment, you can provide your users with a consistent and familiar computing experience across devices, with access to the latest features and security enhancements of Windows 10/11 and Microsoft 365 Apps. You can also enable your users to install Microsoft 365 Apps on their own devices directly from the portal, or use Windows 365 to stream a full Windows desktop from the cloud to any device.  
  • Enhancing the security and compliance of your devices. With modern desktop deployment, you can leverage the built-in security features of Windows 10/11. To start, look at Autopilot and Intune Co-management to simplify and streamline the deployment and management of Windows 10/11 and mobile devices. Let’s take a look at each of these services and how they can benefit you.  

Autopilot is a cloud-based service that automates the enrollment and configuration of new Windows 10/11 devices. You can use Autopilot to pre-register devices with your organization’s identity provider (such as Azure Active Directory) and assign them to users or groups. With Autopilot, you can eliminate users traveling to headquarters and in most cases ship the endpoint directly from the manufacturer to the end user. When users receive their devices, they only need to connect to the internet and sign in with their credentials. Autopilot will then apply the settings and policies that you have defined for them, such as language, region, apps, security and compliance.  

Co-management is an integration that automates the enrollment and configuration of devices from Microsoft Endpoint Configuration Manager (MECM) (formerly known as SCCM). You can use this integration to tie MECM to Intune for enrollment and shared management. Co-management allows IT professionals to take a small step into cloud-based management without having to migrate all their devices to Intune immediately.  Once enrolled, you can gradually move your existing controls to Intune. 

Intune offers a range of features that make device management a breeze.  One of its key features is its ability to manage Windows devices. With Intune, organizations can manage Windows updates, deploy applications, and ensure all devices comply with security policies. This ensures that all devices run smoothly and reduces the risk of security breaches.  All of this is without the need for on-prem infrastructure and servers.   

Moreover, managing MacOS is another critical feature of Intune. With Intune, organizations can manage software updates, deploy applications, and ensure that all MacOS devices are secure. This is particularly useful for organizations that have a large number of MacOS devices since manual management can be extremely difficult. We have even seen some customers eliminate the need for JAMF. 

In addition to that, Intune also offers iOS and Android management for both corporate-owned and BYOD devices, which can be an asset for organizations that have numerous mobile devices. With Intune, organizations can manage device settings, deploy applications, and ensure all devices are secure.  This helps to reduce the risk of data breaches and ensures that all devices are running smoothly. 

Finally for existing Intune users, Microsoft recently added new capabilities for the Microsoft Intune Suite.  See Announcement  

One capability that we have seen some customers start evaluating and utilizing is Remote Help.   Intune’s new Remote Help solution is one of its most valuable features. With Remote Help, organizations can provide remote assistance to their employees, regardless of their location.  This is especially beneficial for organizations that have remote employees or employees who travel frequently. With the Remote Help solution, organizations can provide timely assistance to their employees, ensuring that their devices are functioning correctly and productivity is not compromised.  All of this without a separate Remote Monitoring and Management solution (RMM). 

Overall, Microsoft Intune is an essential tool for organizations that need to manage their devices and data. With its powerful features for Windows, MacOS, iOS, and Android management, as well as its Remote Help solution, Intune can help organizations reduce the risk of security breaches, ensure that all devices are running smoothly, and provide remote assistance to employees who require it. By utilizing Intune, organizations can stay ahead of the curve and ensure their devices remain secure and up-to-date. 

Beyond physical devices, Microsoft Intune is a powerful tool that can manage both Azure Virtual Desktop (AVD) and Windows 365. With Intune, administrators can easily manage these platforms on a granular level, ensuring that the right users have access to the right resources and that all data is secure. Intune also provides robust reporting and analytics capabilities, allowing administrators to monitor usage and performance and make data-driven decisions. Overall, Microsoft Intune is an essential tool for any organization looking to maximize the benefits of Azure Virtual Desktop (AVD) and Windows 365 while minimizing the risks. 

Additional Solutions and Services You May Want to Consider  

Azure Virtual Desktop is a cloud-based service that delivers virtual desktops and apps to your users on any device. You can use Azure Virtual Desktop to provide remote access to your on-premises resources, such as legacy applications or data. You can also use it to enable scenarios such as bring your own device (BYOD), virtual labs, disaster recovery or seasonal workers and finally secure remote access to on-premises or privileged/compliant access to secure environments. Azure Virtual Desktop can also be Hybrid Joined to both Azure AD and on-premises Active Directory. This allows your users to seamlessly integrate into your existing infrastructure and doesn’t require separate management. 

For organizations looking for a turnkey SaaS Solution for desktop management, consider Windows 365 Windows. Windows 365 is a cloud-based service that provides you with the latest version of Windows 10/11, along with security updates, feature updates and Microsoft apps such as Office 365. You can use Windows 365 to provision new devices or have to upgrade existing ones without having to create or maintain images. You can also use it to configure settings and policies for your devices using the cloud-based Intune (formally Microsoft Endpoint Manager) console.  

Conclusion 

Modern desktop deployment with Microsoft 365 is a great way to simplify and optimize your desktop management while providing your users with a secure, productive, and efficient computing experience. By using cloud-based tools and services, you can reduce the time and cost of deploying and updating devices, improve the user experience and productivity, and enhance the security and compliance of your devices. To learn more about modern desktop deployment with Microsoft 365, you can visit these resources:  

 Move to a modern desktop with Microsoft 365 – Training  

https://learn.microsoft.com/en-us/training/modules/move-to-modern-desktop-m365/ 

Helping customers shift to a modern desktop  

https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/ 

Autopilot 

https://docs.microsoft.com/en-us/mem/autopilot/ 

Intune CoManagement 

https://docs.microsoft.com/en-us/mem/configmgr/comanage/  

Azure Virtual Desktop 

https://docs.microsoft.com/en-us/azure/virtual-desktop/  

Windows 365  

https://docs.microsoft.com/en-us/windows/deployment/windows-365/