While that’s great news for your end users, if you are an IT service manager it creates complications. You need to ensure the ever-growing mix of personal and corporate devices are secure and updated with the latest features and patches to protect company data.
To manage this, in 2014 Microsoft extended its Windows Intune service to more platforms and renamed it Microsoft Intune - a cloud-based mobile device management (MDM) and mobile application management (MAM) service.
Why use Intune
With the growth in mobile device adoption for business – and particularly in the wake of the COVID pandemic as many more people were forced to work remotely, Intune can be used to manage all your end user mobile devices. There are a number of benefits:
- Centralized control: You can manage all devices in your IT environment –corporate and employee-owned – centrally and without purchasing any additional on-prem equipment.
- Group policies: Intune offers you greater control in complying with legal and regulatory frameworks. You can, for example, set a minimum requirement for the OS you support – to keep devices and company data secure and protect you from costly non-compliance lawsuits. If a device is running an old version of Windows, you will be notified, and you can choose to block the device or schedule an update.
- Application management: You have control over who can access data and applications to ensure security.
- Deploy software updates: Yes, you can manage use Intune to rollout software and OS updates across devices, using rings, in much the same way as you use SCCM.
So, if InTune does all this, what more do you need to manage Windows Servicing? Well, for many businesses you could run into issues if you don’t, for example, manage scheduling correctly, or pre-test applications.
- Automatic Updates: End users will receive an update on their device – they can accept the update straight away or there will be a grace period. Most people will choose to deploy it later – and forget about it – the update will kick in automatically after that grace period has elapsed and that could cause issues if an important customer meeting has been interrupted or a VIP loses access to data at a critical time.
- Application issues: You can’t simply roll out OS updates without first ensuring your apps – particularly your business-critical apps - will work with it. Taking out business critical operations or VIP access will not go down well in the company.
- Wasting time and effort updating old devices: If you don’t integrate your IT asset lifecycle and Windows servicing programs you won’t know what’s nearing end of life, potentially wasting resources by updating old devices. The same can be said if you are trying to update devices that aren’t compatible with the new OS. You need to check these details ahead of time (in fact you need to check across all your assets, but for now we’re focused on updating mobile devices).
At the very least, you are going to have some disgruntled end users. You aren’t going to win any medals for taking out access when it’s least expected – even if your end users were pre-warned. So, what can you do to mitigate these risks?
Step 1) Data Discovery
First step to protecting your roll out is to understand everything about your IT environment – that means aggregating all the data about the devices, applications, systems, and users that you support.
Step 2) Define app readiness
Analyze your data to categorize your apps – we suggest using three tiers – then you can define how you treat them going forward:
- Tier 1 – business critical apps that could affect business operations – formally pre-test these and then mark them as ready ahead of rollout.
- Tier 2 – important apps that are widely deployed – run software pilots and work with small user groups of typical users to validate these apps before deploying more widely.
- Tier 3 – home-grown or commercial off the shelf apps that aren’t use widely – you can start rolling these out without waiting for validation – and only stopping the rollout if you hear of issues.
While you can get information on usage from Desktop Analytics – you’re probably going to need to pull in additional data about who is using the apps and their level or title within the organization – so leverage AD information and talk to managers.
If you do this you should be aiming for pre-testing or piloting about 15% or less of your applications, and you’ll have some peace of mind that you have incorporated protection into your update.
3) Understand what devices need to be replaced
Analyze your source data to work out what devices are nearing end-of-life or which ones won’t work with the update. Once you have identified a list, define a replacement program working with users to let them know their devices will be replaced (if corporate-owned) or, if they will need to replace devices to continue using them for business applications. Then work out a program of purchasing, configuring, and shipping devices to those end users (making sure you’ve also checked where they are, so you are shipping to the right place). Then you’ll need to chase up the return of old devices, but at least you don’t have to update these.
Yes, Intune will push out updates to user devices and give them some leeway before the updates are implemented, but it’s human nature to put things off – then there will be an automatic update at a potentially crucial time. So, you should define a communication plan, first to warn your end users that an update is happening, then to work out a good time for the update.
Peace of mind can take time
By adding all these steps alongside Intune, you will have some peace of mind for updating mobile devices in your Windows servicing program. But guess what? All this is going to take time. Aggregating and analyzing data, testing, replacing hardware and communicating and scheduling updates with thousands of end users is going to drain time and resources. To save time and effort you could apply intelligent automation to all of the repetitive tasks you perform. It’s also a good idea to adopt a solution that is designed with Windows servicing programs in mind – not just for your mobile devices – but across all your IT environment.
Schedule a demo to understand how ReadyWorks intelligent automation will take the hassle out of your Windows servicing programs.