What if we told you that for $8 per employee, per month, your business could end the need for on-premises servers? For businesses that are already using Microsoft 365, that could be the case.
Depending on your needs, renting a server is likely costing you hundreds of dollars a month. Purchasing a server may have cost thousands, while the maintenance still costs hundreds.
There has never been a better time to make a full transition to the cloud.
Sure, moving to the cloud saves you money each month. But those maintenance costs do not cover the opportunity cost of moving to the cloud fully.
With Microsoft Endpoint Manager, organizations can reinforce their cybersecurity, improve onboarding, and reduce downtime for menial tasks. This is done with features like Intune and Autopilot.
Microsoft Endpoint Manager is the first step toward a hybrid cloud for businesses using Microsoft 365. Ideally, a full move into the cloud for your business is right behind.
Interested in beginning your move to a fully-cloud environment with Microsoft Endpoint Manager? Give us a call at 855-4IT-GUYS, or schedule an appointment with our virtual CIO.
What is Microsoft Endpoint Manager?
Endpoint Manager is Microsoft’s unified device-management platform, focusing on endpoint security and “intelligent cloud actions.” The platform combines Endpoint Configuration Manager and Microsoft Intune.
Microsoft Endpoint Manager is available through Microsoft 365 Enterprise plans like E3. For more on what sets E3 apart from Microsoft 365 Business Premium, check out our breakdown.
Expanding upon their success with Intune, Microsoft rolled Intune into a new platform. Endpoint Manager helps organizations secure and deploy their cloud. After deployment, manage their users, apps, and devices, all together in one place.
The platform is split into two consoles, Configuration Manager and Intune. The former handles on-premises clients and infrastructure. Intune is for cloud-native management of software and devices.
What is Microsoft Endpoint Configuration Manager?
Microsoft Endpoint Configuration Manager is Microsoft’s on-premises device management platform. For on-premises devices and servers, Configuration Manager helps deploy applications, updates, and full images within your organization.
Configuration Manager allows organizations to make the most of their hardware and software, automating menial tasks. It also utilizes Active Directory to enhance organizational security through user management.
By creating a default image to deploy to new devices, Configuration Manager abstracts hours of customization and restoration. When you set up a new device, you are already good to go.
What is Microsoft Intune?
Microsoft Intune is Microsoft’s mobile device management (MDM) and mobile application management (MAM) platform. Intune is a cloud-based management platform, unlike Configuration Manager’s on-premises focus.
Intune helps with access control for mobile devices like laptops and smartphones. This helps to limit what employees can access certain information. Intune also allows you to set extra security measures on non-company-owned devices.
Like Configuration Manager, Intune deploys full images to new devices. It does so through the cloud, meaning devices can be reached remotely and effectively.
Intune also brings extra security with identity and endpoint management through the cloud. Because of its integration with Azure Active Directory, organizations can stay in the cloud instead of using an on-premises server.
With Azure sync, organizations can take their on-premises servers and marry them with Azure cloud. This is the best-case scenario, creating a hybrid cloud.
What is Intune company portal?
The Microsoft Intune company portal is an app that allows employees of companies using Endpoint Manager to access corporate resources securely.
Users with an Intune-enrolled company account can access office apps, email, and OneDrive through the app. The company portal also serves as a means of single sign-on (SSO), boosting security across apps.
How to enroll a device in Intune
To enroll a device in Intune, sign into the company portal with a company account. Once signed in, the portal will walk you through setting up your device and connecting to your company.
Co-Management with Endpoint Configuration Manager and Intune
To get the most out of Endpoint Manager, organizations can co-manage their environment with Configuration Manager and Intune.
That said, the only thing lost by only using Intune is the ability to deploy operating systems traditionally. Configuration Manager has capabilities to wipe a device and load the OS through a drive.
Without Intune, organizations lose risk-based access control and other advanced security options like Advanced Threat Protection (ATP). Configuration Manager is also incapable of auto-provisioning through autopilot.
What are the benefits of Microsoft Endpoint Manager?
There are plenty of overall benefits to using Microsoft Endpoint Manager. In this post, we will focus strictly on how it helps end the need for servers.
First, Endpoint Manager helps secure all your endpoints. With Conditional Access App Control through Azure Active Directory, your most sensitive data or applications are only available to those who need access.
Conditional access policies can be set for devices that access your cloud, as well as the apps that live there.
By registering devices with Azure AD, Endpoint Manager can now enforce security policies, deploy your standard compliance rules, and restrict access from vulnerable or non-corporate-owned devices.
When devices are registered, Endpoint Manager tools help you make sure they meet security requirements. You only want to allow cloud access to compliant devices and those joined to your domain and managed by Intune.
Intune will also deploy security updates to your devices when they are available. When vulnerabilities are patched, your devices will be updated at the next possible moment. No waiting around while known vulnerabilities are ready to be taken advantage of.
With the E3 licenses that companies pay for to get access to Endpoint Manager, they also get ATP.
Endpoint Manager can upload applications and settings to new and current devices instantly using Intune and Autopilot. This is called Zero-Touch Deployment.
For example, say your organization brings on a new employee, but they will be remote. You are sending a computer to their home office, but you need your company policies to be on the device for it to be compliant.
With Intune and Autopilot, your settings deploy as soon as the device is registered with your cloud and Endpoint Manager. That can even include pre-shipment.
This eliminates the need to ship the device to your main office or IT team, configure the settings, and ship it to the onboarded employee. Autopilot does all that for you, so your new employee is ready to go on day one.
Central Control Management
Endpoint Manager keeps everything in one place, allowing you to manage everything within your cloud. Management includes your wireless networks.
With Intune, you can deploy built-in Wi-Fi settings straight to joined devices using settings called “profiles.” By including settings that connect directly to your chosen Wi-Fi network, you can then add the profile to a group of users in your organization.
This way, you never have to worry about users connecting to a vulnerable network. Only the ones you have set up or chosen.
How Endpoint Manager Takes You to the Cloud Exclusively
So, how the benefits of Endpoint Manager are clear. But how can those features take you to a magical, serverless place?
If your company is already using Microsoft 365, your users are also cohabiting your on-premises server as well as the cloud.
User profiles managed through M365 are stored in Azure. Those profiles are pulled down to your server and served out to your on-prem endpoints.
This can become problematic if you have remote users or users that are using non-company-issued devices.
For remote user security, you are likely using a virtual private network (VPN). If a remote user goes home and forgets their password, they will have to update the password for the profile in the cloud.
Unfortunately, they will also have to use that same profile to log into the VPN to sync it to the on-premises server that they are trying to connect to.
The passwords will not line up, and the forgotten password would still need to be remembered to update the password used to reach the VPN.
To change a password, you should only need an internet connection, not an internet connection and a VPN.
With Endpoint Manager, your devices are joined to your cloud through Azure AD. This is compared to your profiles being joined to M365 in the cloud, then synced to the on-premise server.
Because the device is already registered in the cloud, any change written to the device will be instantly changed. Then it is deployed back to the device.
There is no need for a server to serve information to the device because everything is already running through Azure. There is no need for a VPN to perform changes that assist your users.
With the configured policies in your Endpoint Manager, the exchange of information is consistent.
No threat of data being sent to a compromised machine. No VPN is needed to perform
For $8 per user, per month, you can move your devices from your on-premises server to the cloud and leave that server in the past. Where it belongs.
If you are ready to upgrade to Microsoft Endpoint Manager and begin your journey to a cloud-only environment, give us a call today at 855-4IT-GUYS, or schedule a chat with our virtual CIO.