Cloud Managed Windows Endpoint Migration: 5 Week Pilot Implementation

While the workforce and client computing has changed drastically since the inception of Windows device identity and management solutions, much of the original underlying solution architecture and its limitations remain in-place within enterprise networks, today. Windows computers join a logical “domain” on a local area network where the device is trusted to access resources. Once joined, a computer retrieves configuration policies from the domain and users can authenticate with user identities also established within the domain. This technology, developed in the 1990’s, worked fine when Windows devices were only used on a local area network.

Fast forward to today where most enterprise workers have mobile computing devices that regularly traverse off-network where the domain cannot be reached, and we encounter major obstacles where devices cannot obtain their configurations properly and users experience issues authenticating to Windows. To compound the problem, the industry standard tool to manage Windows devices, Microsoft Configuration Manager, is heavily dependent on Windows Server Active Directory and struggles to bring full management capabilities to Windows devices that are not on the local area network.

The combination of the device identity, user identity, device configuration, and user authentication obstacles, cause frustration for end users in the form of a lack of consistent access to network resources and devices that become unusable and require IT intervention over time.

Entra ID joined Windows clients eliminate the line-of-sight requirements of Windows Server Active Directory therefor eliminating the challenges previously discussed. Device and user authentication happen directly with cloud-based Entra ID while device management falls to cloud-based solutions, such as Intune. If the user accounts in Entra ID are sourced from Windows Server Active Directory and replicated using the Entra ID Connect tool, users can continue to access on-premises protected resources, such as file and print shares, without being prompted for credentials.

Once a Windows client is Entra ID joined, technologies such as Bitlocker key management, Windows LAPS, and Windows Hello for Business become extremely simple to deploy adding value and protection to your endpoint fleet.

Solution Overview CDI offers a cloud-managed Windows endpoints professional services engagement to help your organization from planning and user adoption awareness training through deployment and support. Leverage our teams experience deploying this solution for dozens of organizations to jumpstart your transition to cloud-managed endpoints and ensure a smooth transition.

Deliverables include: -Planning, design, and training -Configuration of prerequisites and supporting software -Configuration of Microsoft Intune & Windows Autopilot -Pilot device deployment -User-awareness training documentation