It’s hard to overstate just how much the world has changed since Ignite 2019. Last September, when I outlined our vision for modern management, it was easy to talk about the importance of modernizing—but now, a year later, the pandemic has laid bare who was prepared and who was not. One thing that’s been consistent in the response of every business is the central importance of you—the IT Pro.
In countless cases, the exhaustive work by the IT community saved businesses and kept the world economy afloat while we all tried to adapt to this strange new normal. You collectively worked billions of hours to support remote work, provision devices, grant access to business-critical apps, and ensure that new security measures were in place along the way.
You are a credit to our profession, and I am both amazed by the work you have done to keep your organizations stable, and I am humbled by the stories you have shared with me. I consider it my job’s foremost priority to ensure we keep developing and delivering the tools and services you need at this critical time.
Today, I’m excited to talk to you about the work we have done to continue to try to support the work you are doing and, with automation and insight, try to take some of this burden from you. I hope that some of what I share with you today will help you create a plan for what your organization will look like in the weeks, months, and years to come.
Here are the highlights of what I will share today:
- Enhancements to Microsoft Endpoint Manager as the single hub for management and endpoint security, including the new Microsoft Tunnel, new support for Windows Virtual Desktop, an expanded first-class macOS management experience, new support for Shared iPad for Business, Windows Autopilot in co-management, and managing Microsoft Edge
- Important new insights in Productivity Score to give you the insight you need to keep your organizations productive
- Expansion of App Assure to include Windows 10 on ARM 64-bit devices so you can ensure a great Windows 10 experience across platforms
Expanding Microsoft Endpoint Manager to become your single hub for management and endpoint security
As many organizations continue to utilize remote work, reopen offices, or have a combination of both, it is critical to enable users to be secure and productive from anywhere, across all their devices. With this shift to remote and hybrid work, many of you have turned to co-management with Microsoft Endpoint Manager to help you with this new set of needs. Microsoft Endpoint Manager connects you to all the important aspects of your IT estate with native integration with Microsoft 365 and Microsoft’s advanced security, compliance, and identity solutions. It also connects to what I’d argue is the best browser for business, Microsoft Edge, as well as new solutions designed for hybrid work environments like shared workspaces with Microsoft Teams Rooms.
Microsoft Endpoint Manager brings together endpoint security, device management, and intelligent cloud actions in a unified management solution with Microsoft Intune and Configuration Manager. So today, I’m excited to announce the public preview of several new updates to Microsoft Endpoint Manager to improve both the end-user experience and simplify IT.
- Microsoft Tunnel, a remote access solution integrated with Microsoft Endpoint Manager, enables iOS and Android devices to connect to on-premises apps and resources from anywhere to be productive on the go. Microsoft Tunnel supports full-device and per-app virtual private networks (VPN), split tunneling, and ties into Conditional Access to ensure your users and devices are compliant with policy before allowing access to your network. Microsoft Tunnel is available today in public preview.
- Microsoft Endpoint Manager will now support management of virtual endpoints, so you can manage your Windows Virtual Desktop endpoints, or third-party VDI solutions, right alongside your physical PCs within the same console. This integration will be available in preview by the end of calendar year 2020.
- Customers are looking to leverage Microsoft Endpoint Manager for managing all their endpoints, and we now provide a first-class management experience on the macOS to meet the most important productivity needs for our Mac admins. New capabilities include the ability to deploy scripts to devices, new enrollment experiences with single sign-on (SSO) across apps, and new managed app lifecycle features from Apple. We also continue to focus on our unique partnership with Jamf, so you can make the choice for what is best for you and it’s all integrated. These features are available today in public preview.
- New support for Shared iPad for Business will let you deploy shared iPad devices to your users and have them log in with their Azure Active Directory (AAD) accounts into separate partitions of the device. The Shared iPad for Business UI provides a seamless experience for users needing to get work done on a personal iPad, including having a separate device passcode for each user. Support for Shared iPad for Business is now generally available. This is the latest addition to the shared device support in Microsoft Endpoint Manager that exists today across iOS, Android Enterprise, Zebra, and Windows.
- Windows Autopilot in Co-Management—Use of Windows Autopilot has skyrocketed over the past several months as more and more of our customers are doing zero-touch deployment directly to their employees working remotely. We’ve added two important features to help support this; first, you can utilize Autopilot with Configuration Manager-managed devices. Second, we want to make it as easy as possible for you to embrace co-management, we made it available to deploy during enrollment where previously we required Azure Active Directory (AAD). This is important for you because it enables you to move to modern provisioning and retain and use the investments you have made in your ConfigMgr application library.
- Managing Microsoft Edge—With the increase in BYOD accessing the corporate network, you may have more cases where you are not taking on managing the entire device – such as an employee working on a personal PC or Mac. Mobile application management (MAM) as part of a unified endpoint management solution is both the future and the ideal state—manage only activity in an app that’s related to work and leave the rest of the device alone. We are building Microsoft Endpoint Manager MAM controls into Edge (on all platforms) that will allow you to enable your employees to use their personal devices to access any web app, and we ensure the data doesn’t leave the browser or your approved locations. Check out these details and more on all the latest Microsoft Edge innovations, and its powerful anti-phishing tools, on the Web Experiences blog.
And these are just the beginning of the important innovations we’ve made to Microsoft Endpoint Manager. For more insight and demos, check out my Microsoft Endpoint Manager Ignite session and Microsoft Mechanics. You can also head to our TechCommunity blog for details on preview availability and more.
And for those of you who are partners and managing Microsoft 365 on behalf of small or midsize companies, we’re working to make it easier. We’re introducing the new Microsoft 365 Lighthouse portal, which will enable IT partners to manage settings across multiple Microsoft 365 tenants from one place. This will enable partners to more efficiently manage devices, threat protection, and user access at scale. You can learn more on Tech Community.
Greater employee and technology insights coming to Productivity Score
Today, I’m very happy to share that Productivity Score, which we announced last year at Ignite 2019, will be generally available by the end of October with three additional categories to help organizations understand and empower great work with powerful technology.
Productivity Score focuses on two areas – the Employee Experience and the Technology Experience, which provide visibility into how your organization works, insights to identify where you can make improvements, and actions you can take to update skills and systems so everyone can do their best work.
At general availability, Productivity Score will introduce three new categories. Two categories in Employee Experience will focus on Meetings and Teamwork. As organizations continue to evolve how they meet and work together in teams, understanding best practices and technologies that ensure inclusive, consistent, and effective ways of working together is critical.
In addition, we are adding a new category to Technology Experience in Productivity Score: Microsoft 365 Apps health. This category provides insights into performance and currency, ensuring that Microsoft 365 apps are up-to-date, secure, and able to support employee workflows. This is in addition to Endpoint Analytics, which connects insights in Productivity Score to action in Microsoft Endpoint Manager to ensure everyone can do their best work with Microsoft 365.
These three new categories – in addition to visibility, insights, and actions in Content Collaboration, Mobility, Network Connectivity, Communications, and Endpoint Analytics – will help ensure organizations can get the most out of their Microsoft 365 investment, quickly evolve to ensure business resilience, and achieve their digital transformation goals.
Finally, we’re refreshing the Business Continuity special report to help customers measure how the move to remote work during COVID-19 has impacted productivity in their organizations.
To learn more about Productivity Score, and how it can help you and your organization make the most of your Microsoft 365 investment, head to this TechCommunity blog.
Extending App Assure to Windows 10 on ARM 64-bit devices
Back in September 2018, we introduced a new program called App Assure with FastTrack, which put Microsoft Engineering resources behind our compatibility promise with Windows 10 and Office 365. Fast forward two years, and we have seen incredible success and expanded the program to address any app compatibility issues with Windows Virtual Desktop and Microsoft Edge. In fact, since we launched App Assure, we have worked with thousands of customers and on 709,895 apps, of which only 1,822 required remediation. By working with customers directly, we have been able to save organizations more than $7.4 billion and prevented 42 million help desk escalations.
Today, building on this success and our commitment to Windows compatibility on any platform, I am excited to announce that App Assure now supports Windows 10 on ARM 64-bit devices running version 1709 and later. So, as you deploy Windows 10 on ARM 64-bit devices within your organization, we are here to help with any concerns you may have around app compatibility. Reach out to learn more on the FastTrack site.
Investing for the future, whatever it may bring
As you will hear from us this week at Ignite, we are continuing to invest in Microsoft Endpoint Manager as your IT solution hub to unify security, apps, access, compliance, and end-user experience across your entire technology estate. It is also intelligent, providing you with analytics and insights – like Productivity Score – to keep you ahead of change so you can keep costs down and keep your organization running smoothly, whatever the future brings.
Check out my Ignite session about modern management at Microsoft, my Ignite session on Microsoft Endpoint Manager, my Microsoft Mechanics video, and Microsoft TechCommunity for even more insights, updates, demos, and skilling. For more in the security world, you can also check out the Microsoft Security blog from my colleague Vasu Jakkal.