Months and months into the pandemic, the reality of a distributed workforce is starting to become clear. Users working on their own devices in a BYOD context aren’t always as scrupulous at setting and updating strong passwords; their home Wi-Fi networks aren’t as secure what’s back at the office; data loss and prevention policies aren’t being adhered to strictly, and it’s increasing your risk.
First things first, you’ll need to figure out whether Microsoft’s Basic Mobility and Security functionality is enough to meet your needs, or whether you’ll want to utilize Intune, Microsoft’s full-fledged MDM (mobile device management) solution. This will depend on what types of devices you’re working with and what types of actions you’d like to be able to take remotely on those devices.
This part is pretty straightforward—if you’re only utilizing devices supported under Basic Mobility, you may not need a full-blown Intune account. If you need support for operating systems that Basic Mobility doesn’t cover, then Intune is your best bet.
When we get to actual functionality, there’s a bit more nuance to consider. Basic Mobility will support a fair number of actions, including:
In short, it lives up to its name: if you have a relatively homogenous mix of devices in use across your operation, and you don’t need too much granularity in your controls (in the next section, we’ll discuss how much granularity you actually need based on your business), then this can be a quick and simple solution to the challenges that crop up in device management with a remote workforce.
If this doesn’t seem like enough, then Intune has a number of additional capabilities that you might need or want:
There’s obviously a big difference in the amount of functionality offered by these two offerings. If your gut reaction looking at the list of capabilities for Intune above is that your outfit doesn’t need that level of sophistication, that’s fine. On the other hand, if you’re seeing a lot of the tasks that your IT department would normally perform for device management at the office, Intune may be a safer bet.
For some of, there’s an obvious choice to be made between the two options presented above. For others, it might depend on what MDM policies would actually best fit with your business. This is going to depend on your size and industry more than anything.
There’s also the question of whether to manage usage on the application or the device level. When users are utilizing their own home devices for work, they may be less inclined to provide unfettered device access to a remote administrator. In this case, you can set compliance standards and regulations for particular applications instead. In this way, you’re able to maintain some level of standardization in terms of security, data governance, etc., while your distributed workforce is able to maintain control over their own laptops, phones, and tablets.
At the end of the day, there aren’t a lot of one-size-fits-all answers for setting the right policies. You need to assess your current device landscape; consider what your device policies were when everyone was in the office; assess whether those actually helped you achieve standardization, boost efficiency and achieve better security; and, ultimately, put forward a vision of how you want users to access to your cloud infrastructure.
All of the considerations that we laid out above might seem daunting—and, to be sure, there is a lot to consider. But, at the end of the day, Intune or another MDM solution can save you a ton of time and money while allowing you to scalably maintain consistent standards across a whole host of different devices. Not only can you prevent security breaches by gaining a more comprehensive, granular overview of compliance across devices and profiles, you can rapidly speed up the device provisioning, configuration, and setup processes. The result is smarter, more cost effective device management all around.
And, as it happens, once you’ve decided on a policy to set in a particular area, it’s not too hard to actually implement it. If, for instance, you decide set a compliance policy for specific devices, you simply enter the admin portal and navigate to Devices and Compliance policies.
You’ll also have the option to set an appropriate cycle time and grace period if necessary. Then, you can navigate back to the admin portal to see the compliance status of each relevant device (see here for more granular instructions). In this way, you’re able to gain insight into all your endpoints at once, and even run analytics on them to get a clearer picture of compliance for your various policies.
Though some of this might seem a little bit in-the-weeds, our hope is that it gives you a sense of how comparatively easy Intune and similar MDM systems can make it to manage devices remotely. Before the rise of this kind of technology, it might take the IT department an hour per device to get a new laptop or phone configured and sent to its intended user—with an MDM, you can do it all in a manner of minutes. On top of that, you can avoid data breaches and other security lapses, you can maintain uniformity, and you can improve productivity beyond the walls of the IT department.
All that being said, there is plenty of room for confusion—especially if your team isn’t comprised of cloud experts. This is where a managed services provider can come in and add a lot of value. Since a nearshore services provider would be able to offer labor cost savings of up to 30%. On top of that, they’d be able to add even more time savings, since they’d be cloud experts with a specialized knowledge of Intune’s various configuration and policy options. In this way, you can reserve your IT resources for more important tasks, and keep your devices safe, secure, and efficient no matter where in the world they are.
Intertec’s teams have hands-on experience in developing and migrating applications on leading cloud platforms. In addition to design and development, we provide a complete range of application testing, deployment and ongoing support services, including managing physical infrastructure and offering outsourced DevOps teams. Click here to learn more. Prefer a personal consultation? Go ahead and schedule a meeting with us here!