The promise of Autopilot and Modern Management

Zero touch deployment is something of a Holy Grail in the desktop configuration management world. Even with complex scripting and numerous third-party products it has continued to evade us. Does that now change with the advent of Microsoft Autopilot? Will you become the Indiana Jones of your organisation?

So what is Windows Autopilot? Autopilot is a process more than a technology, which enables you to take a Windows 10 device out of the box, connect it to a network, type in your credentials and voilà! Moments later (timings dependent on many factors, obviously) you’re up and running complete with applications and data. Truly zero touch (if you exclude the typing); but only for the right users, in the right locations, with the right applications.

autopilot.png

At a high-level you upload – or more likely your hardware manufacturer will – your device IDs to your company’s Azure tenancy and you get your policies and applications applied as you login without the need to re-image. The technology behind this is based upon modern management (unified endpoint management) so this will work with any Enterprise Mobility Management (EMM) vendor. Modern management makes use of the APIs enabled in Windows 10 and allows you to manage them in the same way you do the mobile devices in your estate. So SCCM equals traditional, AirWatch, Intune etc. equals modernity. The problem is SCCM has a long history and manages the majority of enterprise organisations’ estates today. That’s a good deal of customisation and knowledge that’s been baked-in over the years as well as the features and functionality that the EMM boys are yet to develop.

There’s also the consideration of whether you join your machines to Active Directory. Autopilot is dependent on Azure AD. This brings your identity strategy into question. Are you ready to switch off AD? APIs give you access to a few thousand settings but group policies run to tens of thousands and if you consider that they’re really just registry settings then they’re virtually infinite. So how quickly could you translate all that configuration onto a new platform?

Microsoft is well aware of this though and since Windows 10 1709 allowed Autopilot to work in conjunction with SCCM in a hybrid model. This allows you to join machines to Azure AD and your local AD, which goes some of the way to solving the current restrictions. However, deployment is still triggered by your EMM tool and so the granularity that SCCM offers is somewhat negated. So what does that mean in practice? Statistically, seven out of ten people reading this are not going to be on Windows 10 yet and so have a transformation programme ahead of you. Thousands of users will be sitting in your offices ready for their new devices. They’ll get them, unbox them and individually start downloading 20GB data across your network. How do you see that going?

Modern management, as a technology, is developing fast so it definitely needs to be part of your strategy but you need to know your use cases and requirements to get the greatest benefits from it. Users who spend the majority of their time away from the office and have a limited application set are a great place to start. Generally, for office users you’ll want to deploy to them using a traditional SCCM imaging solution. Once they’re on Windows 10, then modern management is the way to go as you transition away from local AD security policies and traditional application delivery, but that is a process that will take time to reach maturity.

This is the future of deployment, without a doubt, but for the time being it needs to be part of an overall deployment strategy. As colleagues have become more mobile traditional management methods have failed to keep up. EMM platforms were built with the assumption that all users are mobile. The transformation of your environment will most likely be suited more towards SCCM with some opportunity for Autopilot. Once you get to Windows 10 though, more users are likely to be suitable to be managed in a modern way. As the technology develops more new and refreshed devices will come into scope. The key here is to make Autopilot part of your infrastructure now, but understand which users are able to make use of it. Be aware though that in six months’ time those use cases will have changed and grown so they need to be reviewed regularly. In Autopilot Microsoft has finally caught up with Apple’s Device Enrollment Programme and the expectation that users have for how things should work. So maybe you will find the Holy Grail and won’t need the hat and whip!

Tags: , ,

About Adam Kelly

Digital Workplace Solution Leader

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s