February 22, 2023
Secure and Streamline Remote Devices with Modern Management Tools
Cloud-based management solutions such as Microsoft Autopilot reduce the burden on IT departments.
When it comes to remote work, device provisioning can be a burdensome task for IT departments. However, modern management tools can transform this chore into a simple, streamlined experience for users and IT staff alike. Cloud-based solutions such as Microsoft Azure Active Directory, Autopilot and Intune enable a zero-touch experience for IT staff while improving security and enabling organizations to customize the user experience.
Windows 11 Autopilot works in a couple of different ways. An organization can use a partner such as CDW to preprovision devices, installing applications ahead of time so that when a user connects to the internet and logs in, the machine configures quickly and has everything it needs. This can be useful when an organization employs several large applications because users can get started promptly rather than waiting for applications to install.
The second approach is to ship to end users devices that are configured to visit Microsoft and start the Autopilot experience when connected to the internet. The devices will then authenticate via Azure AD, enroll in Intune or another mobile device management system, ask for the username and password, and find the related profile and applications. The MDM then syncs with Autopilot to install the correct applications and sets appropriate configuration policies.
Provisioning devices to remote employees can be a hassle for IT departments. However, these difficulties can be alleviated by modern management tools. Solutions such as Microsoft Azure AD, Autopilot and Intune offer a zero-touch experience for IT staff and a customizable user experience, all while boosting security.
Autopilot brings multiple features to your environment and can enhance the end user’s overall experience. Autopilot can:
- Customize the user experience
- Reduce the IT burden by simplifying remote device setup
- Enforce security policies for remote devices
Customize the User Experience with Microsoft Autopilot
Cloud-based management tools make it easy to customize a user’s out-of-the-box experience. Organizations can create multiple profiles based on various user roles and determine which applications to install before users log in. They also can set devices to show status screens so the user knows what is happening.
Messaging can also facilitate troubleshooting. For instance, if the installation hasn’t finished in 60 minutes, the device could flash a text box that says, “Provisioning has failed. Please contact IT support.” Organizations can also configure devices to let users capture logs of any issues, which they can send to IT staff. Communications like these create a much better user experience and streamline IT processes.
By partnering with a company such as CDW, organizations can engage in a “white glove” scenario in which devices can be preconfigured before a user logs in. This includes installing any large applications and device settings so that users can immediately start working instead of waiting for installations to finish.
In a second scenario, users can receive devices shipped directly to them and begin the Autopilot experience when connected to the internet. The devices will authenticate through Azure AD, enroll in a mobile device management system (such as Intune), obtain the username and password, and locate the related profile, policies and applications. The MDM will sync with Autopilot to install the correct applications and set up configuration policies.
Reduce the IT Burden by Simplifying Remote Device Setup
Cloud-based management offers a major perk to IT departments by eliminating the need for imaging machines. For example, with Autopilot, the process of changing a Windows 11 Pro device to run Windows 11 Enterprise is as easy as entering the license key. Additionally, Autopilot can automate common IT tasks that would have happened during imaging, such as installing security patches and updating core images, simplifying the work for IT staff no matter where the user is.
Imaging can be useful in certain situations, such as when a large computer lab needs to install computer-aided design and computer-aided manufacturing applications. It is often more efficient to use an image than to download a large application to multiple machines over the internet. However, Autopilot is a more efficient and cost-effective way to deploy and manage large numbers of computers. It allows you to deploy a standard image quickly and easily to multiple computers, saving time and money. Autopilot also allows you to quickly update the image on all computers, ensuring that all machines are running the same version of the operating system and applications. Further, Autopilot provides a more secure way to deploy images, as it can be used to ensure that only approved images are deployed, which simplifies and streamlines the process for your IT organization.
Enforce Security Policies for Remote Devices
With cloud-based provisioning, IT teams always have access to devices to push out new applications, security features and other updates — essentially, to remotely maintain the security and readiness of devices to meet the organization’s needs.
As more users work from home, security has become a higher priority for organizations. Cloud-based solutions allow IT teams to remotely maintain the security and readiness of devices, enabling them to deploy new applications, security features and other updates to meet organizational needs.
One way of doing so is for organizations to use a cloud-based identity management solution such as Azure AD to continuously authenticate users and keep identities up to date, which is more secure than maintaining cached credentials. This allows for conditional access policies to ensure devices can only authenticate when they meet the security policies set by the organization.
When an employee leaves an organization, IT staffers can utilize Autopilot to reset the device or perform a factory reset, which will delete all data on the device the next time it connects to the internet. This allows the machine to be shipped straight to the next user, while protecting organizational data and simplifying the repurposing process.
Story by David Weiner, a principal field solution architect in the CDW Digital Experience group, focusing on Microsoft 365 security. David has over two decades of experience in implementing, managing and consulting on enterprise-grade technologies and services. His specialty is endpoint management and security related to a wide variety of environments, including the data center, cloud, endpoint operating systems and endpoint management.