Endpoint management has become more important than ever in light of the current pandemic situation with many organizations following a hybrid work model. As such, Microsoft is working on some improvements for Endpoint Manager to increase security, reduce total cost of ownership (TCO), and enhance the end-user experience. The idea is to bundle these endpoint management solutions in a new and "cost effective" Microsoft 365 plan for organizations.
To that end, Microsoft has announced a bunch of new endpoint management capabilities today to include in the upcoming Microsoft 365 suite.
For starters, there is a new cloud-powered solution called "remote help" that ties in with Endpoint Manager and enables helpdesks to connect to employee PCs securely. Integration with Endpoint Manager ensures that connections can be made cloud-managed PCs as well as on-prem machines with Role Based Access Controls (RBAC) working in tandem with a Zero Trust security model. Remote help is now generally available.
The end-goal is to make an endpoint the workplace and using insights and AI to proactively tackle problems rather than waiting for an employee to contact helpdesk. This capability will integrate with leading IT service management tools without the use of third-party tools.
With the hybrid working environment nowadays, many employees use unenrolled mobile devices to access privileged company resources on-the-go. Microsoft is now adding a layer of security abstraction over this process by enabling IT admins to enable VPN connections for unenrolled mobile devices via Microsoft Tunnel. However, employees will have to use Edge on their mobile for this to function.
Microsoft says that its solution is unique because it benefits from strong authentication via Azure Active Directory (AAD), the company's expertise in native mobile app protection policies, and validation of corporate identities through a VPN in Edge.
These same principles will also apply to Linux devices and workers using them will be provided an easier path forward to access corporate resources through conditional access policies in Microsoft Endpoint Manager.
There are other endpoint management capabilities in tow too. IT admins can now provision Android Open-Source Project (AOSP) devices in public preview with conditional access to corporate resources. Similarly, people who have multiple organizational accounts will soon be able to access resources with proper boundaries and data protection policies.
IT admins will also be able to send targeted messages to Windows 11 users on the desktop, lock screen, and above the taskbar using Endpoint Manager. The idea is to improve communication by offering a direct one-way channel between the two parties.
Windows Autopatch is a new service coming to Windows E3 licensing in July 2022 too. It will empower IT admins to ensure that endpoints are healthy and compliant through ring-based, staggered deployments. IT admins will also have the ability to reverse updates easily if something does go wrong.
Finally, Microsoft is also working on three automation initiatives. The first will enable employees to have local admin privileges temporarily for specific tasks with rules and monitoring capabilities for IT admins. Secondly, certificate lifecycle management will be more streamlined. Lastly, organizations will be able to configure and automate device vulnerability management.
Microsoft will continue to talk about and roll out these capabilities as add-ons to various Microsoft 365 plans. Once a "sufficient" number of features hit general availability, they will be bundled as a standalone suit for purchase.