aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Blog

Picking up where Microsoft leaves off with modern management

Gary Lombardo

As part of Windows 10, Microsoft has touted modern management as an approach that drives improved security and nimble IT operations, resulting in happy users and lower cost for organizations. However, fully realizing the promised benefits of modern management requires more than Microsoft can deliver. Endpoint privilege management—specifically Avecto-- picks up where Microsoft leaves off and fulfills the modern management promise of improved security, nimble IT operations and happy users for the organization.

Windows 10 modern management: The evolution of IT

Microsoft views modern management as the evolution of IT – from traditional to modern.

Modern management, according to Microsoft’s aspirational view, is enabled with a single platform that manages all kinds of Windows 10 devices. The traditional way of deploying the Microsoft Windows operating system is to leverage Active Directory (AD), Group Policy (GPO) and System Center Configuration Manager (SCCM) for desktops and a Mobile Device Management (MDM) solution for deploying across mobile devices.

MDM solutions allow for simpler deployment and better management of mobile devices that are not only on the network, but also those that no longer need to be connected to the traditional corporate network by workers to do their jobs—resulting in a better user experience compared to what’s done for desktops. Microsoft seeks to bring this MDM experience to the desktop world – allowing for desktops and mobile devices to be deployed and managed in a single, unified approach with Windows 10.

The modern way of deployment and management (aka “modern management”) is through the cloud Specifically, it is done with what Microsoft calls Enterprise Mobility and Security (EMS), which is comprised of Azure Active Directory, Microsoft InTune, and Azure Information Protection. This allows the worker-- no matter where they are as long as they have an internet connection-- to just turn on their computer the first time they get it and have updates to their installed Windows OS, other software installs and system configurations deploy. Microsoft also envisions a minimal software world, where business applications like Office 365 are accessed through the cloud and through the Windows Store for Business.

Almost every major software vendor is transitioning to the cloud.

Microsoft’s reality

Microsoft is doing this because they have to and because it’s good for business, and indeed, their long-term survival. There are two main drivers pushing Microsoft for a modern management approach: worker expectations and the benefits of the cloud.

Workers are demanding simpler and superior experiences when using enterprise software and as a result, Microsoft customers are demanding solutions to meet these needs. This is particularly true with the proliferation of new kinds of device form factors, bring your own device (BYOD) to work and corporate owned personally enabled device (COPE) trends, the increase in workers working remotely and off the corporate network, and with workers bringing the same expectations to the work world that they have experience in the consumer world: a frictionless, superior user experience.

Microsoft is also facing the reality of the industry: almost every major software vendor is transitioning to the cloud (or creating a complementary cloud offering), which better meets the needs of consumers, and saves IT resources (e.g. infrastructure costs, management costs, etc.), and they need to keep up.

Most Microsoft customers are still in the traditional mode of deploying operating systems such as Windows. While they may have moved to the cloud for other solutions (particularly business applications), infrastructure solutions such as OS deployments lag. There are early adopters who have embraced the cloud for OS deployment – or modern management—but many are still assessing a strategy.

While adoption of modern management is expected to grow as more organizations adopt Windows 10, mass adoption is likely to take some time, as organizations both upgrade to Windows 10 and decide if modern management is the way to go (Windows 10 will still be able to be deployed in the traditional way, so customers will not be forced into a modern management approach. In other words, Windows 10 adoption is not a compelling event or requirement for modern management. However, it is a great opportunity to adopt a modern management approach). Also, many organizations, particularly larger enterprises, will possibly adopt a hybrid “co-management” approach, using both modern management and traditional tools like AD, GPO and SCCM in tandem, allowing for a more gradual transition from traditional to modern management tools and techniques.

Learn more about Windows 10 vulnerabilities in the Latest Microsoft Vulnerabilities Report.

Where Microsoft falls short

While Microsoft has painted a vision and roadmap for enterprises to transition to a cloud-based modern management approach, they have fallen short in two key areas:

  • Security: While Microsoft has improved security in Windows 10 and continues to do with each update, it still lacks the ability to deliver security to dynamic enterprise endpoints and to users with dynamic and evolving requirements. As a result, Windows 10 alone is insufficient for the security needs of complex enterprises that need to deal with an ever-changing landscape of cybersecurity threats. And best-in-class security is needed for modern management. Windows 10 does not achieve the balance of removing admin accounts from employees and usability, since many commons tasks and applications will require admin rights to work. Workers will either need to be completely locked down-- thus sacrificing the user experience-- or operate completely unconstrained, allowing them to install applications or perform privileged tasks as part of their jobs--but sacrificing security and exposing the business to costly and devastating cyberattacks.
  • Operations: Microsoft’s modern management approach makes it easier to deploy and manage Windows 10 for remote, off-the-network employees, but does not address the need for these remote workers to quickly and easily install needed applications in manner that balances the security needs of the company and the user-friendly experience they expect. IT workers cannot as easily get on a network to help users install needed software when admin rights are removed, degrading the user experience.

Avecto picks up where Microsoft leaves off

Avecto picks up where Microsoft leaves off and completes the vision of Windows 10 modern management by enabling:

  • Best-in-class security: Avecto allows organizations to harness the security of standard user accounts on Windows 10 by removing the need for full admin accounts and applying a more granular layer of control. Simple policy rules grant workers access privileges when they need them to perform work seamlessly. Avecto’s application control capabilities also makes whitelisting in Windows 10 more manageable by removing admin rights and allowing organizations to put rules in place that trust approved applications and allow for flexible, user-friendly exception handling.
  • Nimble management of IT operations: Avecto’s least privilege management and application control solution ensure IT manages nimbly and remote workers receive the best experience possible. Avecto also provides a cloud-based management platform that allows IT organizations to manage endpoint security for Windows 10 through the cloud, enabling IT to manage nimbly and focus on what they do best: serving the IT needs of the workers in the organization.

Check out Avecto’s leading endpoint privilege management solution, Defendpoint and bring your organization to the full promise of Windows 10 modern management.