Endpoint Management

Robust, secure management of all of your corporate devices.

With the rise of work-from-home, you need to be certain that all of your endpoints are secure against viruses, malware, and hackers. 

A recent Ponemon Institute study showed that 65% of organizations are not adequately prepared for a cyberattack. Is your company prepared?

Introducing Microsoft Endpoint Manager

When the pandemic hit last year, IT administrators scrambled to keep their systems and businesses running as employees transitioned to a work-from-home model. The need for users to securely access company data from all around the globe from any device became paramount. IT administrators found it increasingly difficult to control these devices and the company data that was on them once the device was outside of the corporate network.

Enter Microsoft Endpoint Manager – an all-in-one solution offering endpoint security, device management, and intelligent cloud actions in a unified management platform. Microsoft Endpoint Manager helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises. Endpoint Manager includes the services and tools you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers.


Microsoft Endpoint Manager includes the following services:


Microsoft Intune: Intune is a 100% cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices. It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices. It integrates with other services, including Azure Active Directory (AD), mobile threat defenders, ADMX templates, Win32 and custom LOB apps, and more.

Configuration Manager: Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.

Co-management: Co-management combines your existing on-premises Configuration Manager investment with the cloud using Intune and other Microsoft 365 cloud services. You choose whether Configuration Manager or Intune is the management authority for the seven different workload groups.

As part of Endpoint Manager, co-management uses cloud features, including Conditional Access. You keep some tasks on-premises, while running other tasks in the cloud with Intune.

Desktop Analytics: Desktop Analytics is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud. It provides information on security updates, apps, and devices in your organization, and identifies compatibility issues with apps and drivers. Create a pilot for devices most likely to provide the best insights for assets across your organization.

Windows Autopilot: Windows Autopilot sets up and pre-configures new devices, getting them ready for use. It’s designed to simplify the lifecycle of Windows devices, for both IT and end users, from initial deployment through end of life.


The Endpoint Management Device Lifecycle

Ideal corporate device management follows a lifecycle consisting of four phases:

Enrollment phase: Devices are registered with the mobile device management solution. Intune allows you to register both mobile devices such as smartphones and Windows PCs.

Configure phase: Make sure that the registered devices are secure and comply with all configuration and security policies. You can also automate common administrative tasks, such as configuring WLAN.

Protect phase: The mobile device management solution allows you to continuously monitor the settings set in the Configuration phase. In this phase, you also use the endpoint management solution to keep devices compliant by monitoring and deploying software updates.

Retirement phase: When a device is no longer needed, lost, or stolen, you should protect the data on the device. You can remove data by resetting the device and performing a full or selective reset that only removes enterprise data from the device.

Windows AutoPilot

Traditionally, IT pros spend significant time building and customizing images that will later be deployed to devices. Windows Autopilot introduces a new approach.

  • From the user’s perspective, it only takes a few simple operations to make their device ready to use.
  • From the IT pro’s perspective, the only interaction required from the end user is to connect to a network and to verify their credentials. Everything beyond that is automated.

Windows Autopilot enables you to:

  • Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). For more information about the differences between these two join options, see Introduction to device management in Azure Active Directory.
  • Auto-enroll devices into MDM services, such as Microsoft Intune (Requires an Azure AD Premium subscription for configuration).
  • Create and auto-assign devices to configuration groups based on a device’s profile.
  • Customize the Windows Out of Box Experience (OOBE) content specific to the organization.
  • Existing devices can also be quickly prepared for a new user with Windows Autopilot Reset. This Reset capability can also be used in break/fix scenarios to quickly bring a device back to a business-ready state.
  • You can also use Windows Autopilot to reset, repurpose, and recover devices. This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that’s easy and simple.

Once AutoPilot policies have been configured in Microsoft 365, you will have the ability to order new Windows 10/11 devices from a hardware vendor and have the devices shipped directly to the end user. Device deployment, policy application, and app installs will happen automatically once the user logs into the device for the first time. 

AutoPilot will allow you to stop wasting hours upon hours imaging Windows devices for users!

Why Nimbus IT?

Embracing modern technologies is essential for organizations to compete in this digital age. Enterprise cloud adoption requires knowledge developed through years of practice. As a Microsoft Partner with over 15 years of enterprise IT consulting experience, we are certified experts in Azure and Microsoft 365.

We facilitate cloud migration, governance, and operations to empower organizations to realize the full potential of the Microsoft Cloud through a unique blend of SaaS solutions. We support organizations throughout their cloud journey, from strategic planning to licensing and workforce enablement.