Thursday, June 17, 2021

A framework for Windows endpoint management transformation

Investments in Azure and Microsoft 365 can streamline your transition to the cloud and make it easier to manage endpoints across your organization. Now let's explore ways to develop and implement effective strategy to make that transition and help you create the “how” and “why” to leverage these solutions in your own environment.



Updating means staying ahead of adversaries and competition with technology innovations to drive security and business results through:

  • Better managing the risk of change in a fast-moving technology world with deployment rings keeping Windows up to date with the latest quality updates, feature updates, and security features managed by solutions like expedited updates and Windows Update for Business.
  • Optimizing and de-duplicating bandwidth without sacrificing control to quickly deploy critical changes to improve security and productivity using Delivery Optimization.
  • Reshaping processes to avoid determinism, embrace statistics, and becoming quality driven via Update Compliance or Desktop Analytics.
  • Redefining how your organization manages technology to invest in on-going servicing capabilities not products, and driving the use of processes and not projects.


Extending means driving real cloud value while still benefiting from your existing investments using Microsoft 365 to:


Standardization involves increasing security and manageability while reducing operational costs by sticking with well-known and proven solutions:


To revitalize means building long-term user satisfaction by standardizing on reliable applications and a dependable, more focused operating system. This involves:

  • Deploying a cloud config to users that only need one or two apps in addition to their productivity apps.
  • Eliminating constant repackaging with vendor-provided packages and durable customization packages for a better application lifecycle management strategy.
  • Separating applications from the operating system and from each other as a security or reliability boundary using App and Guard Containers such as Windows Defender Application Control (WDAC) and MSIX.
  • Managing application catalogs like a portal, with tools such as Endpoint Manager’s Software Center & Company Portal to manage security and user experience while directly integrating with distribution platforms with application portfolio management.
  • Quickly recovering from reliability or security issues by building capability to rapidly reset and recover with technologies such as device reset.


Securing endpoints from the cloud involves providing the right balance of security and convenience, reducing attack surfaces, and increasing monitorability by:


Ironically, implementing a zero-trust approach simplifies user interactions in a world where identity is the new perimeter by using a single powerful Windows identity across apps and endpoints. We recommend:

Wrapping up

As you can see, the “north star” for endpoint management transformation involves a holistic end-to-end solution set that simplifies operations, optimizes user experiences, and increases security using the best of suite culminating in a modern, cloud-managed Windows endpoint. Microsoft 365 provides this holistic solution across the entire framework. We hope these principles help you develop the proper framework for your organization.

Have feedback or a best practice to share? Drop a comment below!


Posted at