Trend 1: Further integration of Apple products in Microsoft Intune
One thing that was on the roadmap for already December 2021 was Management of user-installed apps on iOS. Intune can manage previously installed iOS applications in this update once they're synced with Intune. As a result, previously installed applications do not need to be deleted and re-issued onto devices enrolled in Intune using device enrollment.
These applications might have been distributed using different MDM's previously, or they might have been personally installed. This feature simplifies the configuration management process for both required and available applications when enrolling devices to Intune.
The second integration is getting the defender for MacOS policies in Settings Catalog, also previewed in the release of Jan 2022.
The third thing on the roadmap and where Microsoft is working is enrolling BYOD or personally owned devices by Apple. This was already possible for Android devices in the Microsoft Intune environment since April 2021. In 2022 it will be possible if Microsoft sticks to the roadmap, of course, to “Enroll devices into Intune through Apple account management.”
The last thing in this trend is adding DMG type app management for MacOS and extending app deployment and management to include the exe-version of Apple apps – DMG for MacOS.
The cool thing is that if Microsoft continues this way, there should be no reason for companies not to accept Apple products/devices in their Microsoft Endpoint environment.
Trend 2: Microsoft Intune and Microsoft Endpoint Manager also integrate on the server-side of things
Linux Ubuntu still has the highest percentage of servers running in the world. There’s even an article about it, “Can the Internet exist without Linux”? In the enterprise world, this means that they will be able to register and manage and secure Linux Ubuntu desktops and laptops and use conditional access for compliance. Microsoft will start with “Ubuntu,” but support is on its way towards Redhat, Centos, and Fedora.
As part of that move, IT administrators will now be allowed to create Azure Active Directory conditional access policies for Linux machines, just like they do for other Windows, mobile, and Mac machines, to ensure that only Linux equipment that isn't in violation of the policy can gain access to corporate resources such as Microsoft Office 365 applications.
Microsoft Endpoint Manager's team said that in addition to adding custom management and security capabilities to the platform, these additional features would be beneficial for verifying the encryption status for detecting any issues that result from BitLocker and Windows Defender Firewall settings or regularly comparing the security score in Defender for Endpoint to guarantee that any security flaws are detected and fixed.
Trend 3: Moving from SCCM to Microsoft Endpoint Manager and Intune or doing Co-Management
We even wrote an article, “From SCCM to Microsoft Endpoint Manager.” Many companies with SCCM, better known as System center configuration Manager, formerly known as SMS, Systems Management Server, are moving towards Microsoft Endpoint Manager and Microsoft Intune. The most significant difference between these traditional methods and the new Microsoft Intune is that SCCM is image-based management and Microsoft Intune is profile-based management. Brad Anderson, CVP Microsoft, predicted that the penetration of Intune in the market would be 50% of Intune on January 1st, 2022. Still, a lot has changed in the last two years, especially in security and the modern workspace. We’re not going down that road, but Covid-19 kickstarted the adoption of Microsoft Endpoint Manager and Microsoft Intune. Because during Covid-19, we saw an increase of Bring-Your-Own-Device or Use-of-own-Device, working from home, etc., all with the necessary critical security flaws. These reasons meant Intune rapidly got more market share.
In August of last year, Gartner acknowledged that Microsoft was the ultimate leader For Unified Endpoint Management Tools. We don’t know the exact number of companies using Microsoft Endpoint Manager, but some internal sources say it has increased by 240%. This means that Chris probably didn’t undersell the 50% adoption of the software.
The problem is that Microsoft Endpoint Manager can’t do all the things that SCCM can do and that SCCM, even with Microsoft Intune, can’t do all the things that the full Microsoft Intune manager can do. So, some companies that are switching from SCCM are doing the CO-Management. We will explain CO-Management in a different blog post. What you need to remember is the following image.
Sidenote by Microsoft: When you manage devices with both Configuration Manager and Microsoft Intune, this configuration is called co-management. When you contain devices with Configuration Manager and enroll in a third-party MDM service, this configuration is called coexistence. So, unless you have co-management, Configuration Manager, and Intune in place, you can’t balance the workloads, resulting in conflicts. This interaction is not available with third-party integrations, and therefore there are restrictions on the management capabilities of coexistence.