Adopting Windows 10 modern management is a spectrum, not a binary move to MDM

We also have co-management, but there are other things can be considered modern management.

It’s going to be awhile until we get to Windows 10 modern management. For half of us, Windows 10 migrations are going to be taking up all our time between now and January 14, 2020. And for everyone, modern management is a big change. So Windows 10 modern management isn’t happening anytime soon... Or is it?

You might think of modern management as using mobile device management APIs to manage Windows. So, that means you either make the big change to MDM, or you don’t. But modern management doesn’t have to be binary.

The most obvious middle ground is co-management, which allows MDM enrollment alongside Microsoft SCCM. Other products like Workspace One AirLift can also enable co-management. But even these can take a long time—for example, if you’re using Intune for co-management, you have to upgrade SCCM, too.

However, over the last few months, I’ve realized that we need to think of Windows 10 modern management differently: It’s not just MDM or co-management versus doing nothing—there’s a whole spectrum of options.

One interesting example is that if you use an agent that can give your identity and EMM platform visibility into your Windows devices. For example, look at MobileIron Access for laptops, the Okta MSI for Windows, or the Workspace One agent.

The idea here is that if you’re doing modern identity and device management and using zero trust and conditional access concepts, your laptops can be part of this world, too. You don’t have to go all the way to MDM for Windows 10, you just have to add another agent that can give you a bit of visibility to register the device, and possibly install a certificate or do some compliance checks. (I know our laptops have enough agents as it is, but it’s just one more, and you can do a lot with it.) In my mind, this an example of embracing modern management.

And really, there are a lot of other ways to do Windows 10 modern management without doing full MDM or co-management. For example, there’s Device Guard for app whitelisting, keeping Windows always up to date, doing zero-touch enrollment with Windows Autopilot, using Workspace One No Touch Restore, or even storing user profiles and app layers in the cloud.

(If you are doing co-management in the Microsoft way, you can still be selective about how many MDM policies you actually used. Microsoft recognizes that this is a spectrum, too.)

So, there’s no need to think, “Eh, maybe we’ll look at modern management and MDM after we’re doing migrating, but it’s going to take a while.”

Instead, there are lots of ways to do Windows 10 modern management, and lots of great low-hanging fruit, because it’s a spectrum, not binary.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Don't forget about all the "missing Group Policy settings" from MDM. You guys did an awesome job explaining PolicyPak here:
Thanks for sharing this nice post, Jack! Good information and insights shared! As MDM is evolving and will only be known as UEM in near future, it will include array of OS platforms that will evolve over the time and support a wide spectrum of devices to the core. The term co-management will blur with UEM and Enterprises using varied devices will be able to benefit from it.