A way to Modern device management: why you should use co-management with Microsoft Intune
When it comes to managing devices, many IT professionals still prefer the traditional on-premises approach. This involves a corporate-owned device, which is issued to the employees, and only these are permitted to join the corporate network for access to corporate applications. But today there are more and more companies that are opting for adopting the modern device strategy – a Microsoft-invented term that describes cloud-based device management. One of the biggest triggers for this switch is remote work. Many organizations adopted the BYOD policy because employees want to perform their tasks at home. This trend requires additional actions to ensure the security of the company data on these devices. FYI, regardless of the company’s official “bring your own device” policy, 67% of people use their devices for work purposes. As a result of all these trends, modern device management solutions are quickly becoming the norm. In this blog, we’re going to discuss modern management, co-management and what is its role in the modern device management strategy. What is Modern Management? Microsoft introduced the concept of modern device management to describe the shift from traditional on-premises infrastructure to modern cloud device management. With modern management, devices are managed in a consistent and unified way with a focus on the security of endpoints. The “modern” element of this strategy basically means “cloud-based”. And Modern management is Microsoft’s vision for the future of device management. With modern management, Microsoft wants to turn every endpoint into a modern, always up to date and secure device. Companies have been slowly moving to the cloud implementing a modern management strategy: based on Microsoft data, by the end of 2022, 50 per cent of Windows 10 devices will be managed from the Cloud. What is co-management and why do you need it? Moving from traditional to modern management is not a quick journey – it’s a long and complex process. For this reason, Microsoft introduced co-management as a bridge between traditional and modern management. Co-management allows users to manage their endpoints using both ConfigMgr and Intune. Co-management enables organizations to benefit from the features and capabilities of Microsoft’s cloud solution while allowing each to move at their own pace to modern management. When you enroll Configuration Manager-managed endpoints in co-management, you gain the following immediate value: Conditional access with device compliance – if a device meets the security requirements of your organization Intune-based remote actions, for example, restart, remote control, or factory reset Centralized visibility of device health Link users, devices, and apps with Azure Active Directory (Azure AD) Modern provisioning with Windows Autopilot. With co-management, you can determine which workloads can be moved from traditional to modern management. ConfigMgr provides a simple interface to slide over workloads to modern management for: Compliance policies Resource access policies Windows Updates policies Endpoint Protection Device configuration Office Click-to-Run apps Client apps To be able to take advantage of co-management you need to follow these requirements: ConfigMgr 1710 or later Windows 10 version 1709 (Fall Creators Update) or later Azure AD Premium (with clients joined to both AD and AAD) Intune subscription (MDM authority in Intune set to Intune). Read more about how to get started with Microsoft Intune in this blog series.
Everything you need to know about patching third-party applications
Consistent and efficient patch management is crucial for keeping your IT infrastructure up to date and secure. Most endpoint management solutions contain patch management features (Microsoft Patch Tuesday) but patching third-party applications is always overlooked. In this blog, we’re going to cover what are the third-party applications, what is third-party patching, why it is important, the consequences of neglecting to patch and why you must go for automated third-party patching. Let’s dive into it. What are third-party applications? A third-party application is software created by an independent vendor (company other than the original manufacturer of the device). Examples of third-party apps are Google Chrome, Adobe Acrobat Reader, TeamViewer, Evernote etc. For example, 7-Zip is a popular third-party app used for file compression. Google Chrome is a commonly used browser; Adobe Acrobat Reader is used to view, open, print, and sign PDF files. On average, a company uses around 110 applications for its day-to-day business operations. What is Third-party patching and why it’s important Third-party patching (patch management) is the process of installing patches to third-party applications, that are installed on your company’s endpoints, to address bugs or vulnerabilities in the software. Third-party patching is critical for the security of your organization that prevents data breaches. Still not sure that you have to implement patch management? Look at these numbers: About 75 % of cyber-attacks happen due to vulnerabilities in third-party applications. 60% of cyberattacks are caused because applications are not up to date. 62% of the companies were unaware that they were vulnerable prior to the data breach. 52% of respondents said their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes. Consequences of neglecting patching third-party applications The consequences of ignoring third-party patches can be a disaster for your company. There were 20195 security vulnerabilities (CVEs) published in 2021. To compare: in 2020 there were 17050. Unpatched vulnerabilities in third-party apps are a gateway for hackers to enter the corporate network and steal your company’s data. Every time you don’t patch, you are exposing your endpoints to potential cyberattacks. For example, due to Log4shell vulnerability, the most dangerous exploit, discovered in 2021, only during the first week since detection the number of attacks exploiting the flaw had exceeded one million. Automating the patch management process enables you to avoid the destructive impact of cyberattacks because of not updated software. Unlike Microsoft, which updates its products regularly according to the schedule (Patch Tuesdays), third-party application vendors do not follow a specific schedule for patch releases. Normally, they do this when a vulnerability or bug is detected, and the patch fixes it. The enormous number of third-party applications that companies use makes it impossible to keep track of all the updates and patches available. Solution? Automated third-party patching! Automated third-party patching ensures that all your applications are up to date and secure. Needless to say, that automated patch management not only helps keep your endpoints secure and up to date but also lets you get rid of manual patching, saving your time. Read here about automated patching here: Automated third-party patching with Scappman Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the whole process of uploading the application and updating it in the Microsoft Intune environment. There are more than 600 third-party applications in Scappman App Store, that are always up to date and secure to use. We’ll make sure that hackers can’t use vulnerabilities in outdated applications to steal or encrypt your data. Scappman scraps the installed applications for the new version and if it’s available, Scappman tests it, wraps the application installation file into .intunewin and uploads it to Intune and installs it to the assigned users. It’s that straight forward. Learn more about Scappman’s patch management capabilities here.
How to choose Patch Management software
Patch management plays an extremely important role in the security of any company. Poor patch management can leave a company vulnerable to breaches and cyber-attacks. There are many different patch management solutions on the market, and it can be difficult to decide which one is right for your organization. In this article, we will discuss some of the factors you should consider when choosing a patch management solution. Intuitive dashboard Patch management software should have an intuitive dashboard which provides a clear overview of what is going on with your application updates. This will make it easier for you to keep track of the installation status of deployed applications, and licenses, and deploy them quickly and efficiently. Auditing & Reporting Patch management solutions should have a good auditing system to be able to detect the source and history of the problem and prevent the problem from growing out of control. While auditing provides the historical records of the actions, reporting provides an immediate overview of patch deployment status. These insights help IT admins make informed decisions for the IT system of the company. Easy to use All patch management solutions should be easy to set up and easy to use, even for those who are not tech-savvy. Too often, software that is intended to be easy to use ends up being difficult, which can lead to frustration on the part of administrators. With the intuitive interface, the new IT staff will have a much easier time exploring software without losing precious time. Intuitive and easy to use patch management solutions can also increase productivity by reducing labour hours. Advanced features for customization For the best user and end-user experience, the best patch management solutions must be highly configurable, so the IT admin can set up updates as needed. For example, you may configure a system to postpone or reschedule patch installation based on your business activities. Third-party application patching According to the Forrester Security & Risk research 2021, the majority of security vulnerabilities and attacks now come through third-party applications. Therefore, it is best to adopt an application management solution that will take care of application updates, protecting your company from breaches. With more applications in use at companies, it is more of a challenge to ensure that they are always up to date. Applications such as browsers (Google Chrome, Mozilla Firefox) and Adobe products are major concerns. With so many different types of applications being used in organizations, this challenge can quickly spiral out of control. Cloud vs. on-premises As more and more companies move to the cloud, combined with an increasing number of BYOD, a patch management solution must be capable of handling endpoints and applications wherever they are. An automated patch management solution saves time and money The best patch management solution should be fully automated to free IT admins from manual patching so they can focus on other activities. If you’re looking for an affordable third-party patching solution that offers everything we mentioned, try Scappman. Scappman offers all these features to help keep your third-party applications always up to date and secure. Read more about Scappman here: A New Way of Third-Party Patch Management for Microsoft Intune How to manage private applications in Microsoft Intune?
