Chapter 4: End User Device Management
The device management model has been static for many years within enterprises. Before the advancement of some of the currently utilized enterprise device management tools, companies were challenged with efficiently deploying a consistently configured device to their users.
Companies may have utilized out-of-the-box images with the layering of Group Policy or even scripts to pre-configure specific settings for users. For many, this evolved into standalone imaging tools that allowed the organization to capture a pre-configured image or baseline that could be pushed out to new devices as part of a deployment. Traditionally, these methods were extremely time-consuming and resource-intense on organizations but still serve a valuable purpose for securing and hardening your Windows systems. In this chapter, we're going to cover the tools used to build and deploy a secured hardened image. We will provide an overview of the latest deployment model, known as the Windows Autopilot service. Then, we will cover two major enterprise device management models. It is important to understand the available features of each model as a properly hardened Windows system may include configurations enforced by one or both solutions. The following main topics will be covered:
- Device management evolution
- Device imaging and Windows Autopilot
- Microsoft Endpoint Configuration Manager (formerly SCCM)
- Intune mobile device management (MDM)
- Introducing Microsoft Endpoint Manager