Microsoft has been steadily moving its on-premises server applications to the cloud via hybrid deployments that let IT keep using the on-premises versions, even as IT moves to cloud delivery for new features. Today, Microsoft announced System Center Configuration Manager (SCCM) will join the parade later this year, following in the footsteps of SharePoint, Exchange, Active Directory, and the Office suite.
The tactics of the new SCCMAt a tactical level, Microsoft plans to release by January a new version of SCCM that fully supports all three versions of Windows 10: Current Branch (automatic updates), Current Branch for Business, and Long-Term Servicing Branch (IT-managed updates) versions. It will be an in-place upgrade for existing SCCM deployments.
Gone in the new SCCM is a version number. Instead, the software will be updated roughly once a month to keep up with changes in Windows 10 and with Microsoft's Intune cloud-based device management service, which manages Windows, iOS, and Android clients (but not Macs, though OS X's management APIs are mostly the same as iOS's).
IT can skip or defer SCCM updates, but Microsoft will not support any SCCM deployments whose version is a year old or older. With a recent compatibility packs, there's partial support for Windows 10 Long-Term Servicing Branch summer 2015 build in SCCM 2007.
To help IT transition to the new SCCM, SCCM 2012 (running the latest service pack) will support the summer 2015 and forthcoming fall 2015 builds of Windows 10 Current Branch, but no other branches or future builds.
SCCM's hybrid shift is your path to EMSSCCM has been and remains an on-premises server too. But Microsoft is now connecting it to Enterprise Mobility Service (EMS), treating it as a local subset of the company's cloud-based management tool -- you can still use its console to administer clients, leveraging the cloud potions of EMS as well.
SCCM licenses can be upgraded to include EMS, and EMS licenses include rights to using SCCM for services that EMS also provides. Microsoft's goal is that enterprises migrate to EMS whether sooner or later.
EMS is where the new capabilities exist and will be added. EMS is composed of Azure Active Directory Premium, Intune, and Azure Rights Management Platform. Despite the word "mobility" in its name, EMS manages Windows 8.1 and Windows 10 PCs in addition to iOS devices, Android devices, and Windows Phone 8.1 and Windows 10 smartphones.
Mac support in EMS is limited: Intune does not support OS X at all; Azure Rights Management Platform works with Microsoft's Office 365 clients for OS X; and Azure Active Directory Premium manages user access to Office 365 apps, Azure AD-managed corporate portals, and Azure AD-managed cloud services no matter the client platform.
Windows 10 management gets modernized and expandedEMS takes a modern approach to client management, using OS-level APIs rather than software agents -- the approach Apple pioneered for iOS and later extended to OS X (Android also adopted it). Windows 10 takes the same approach, with management as an API-level aspect of the OS. (EMS still supports agent-based Windows management for legacy deployments, such as for Windows 8.1 devices.)
For example, EMS's Azure Active Directory allows devices to be managed without being domain-joined. It also allows users to self-enroll, join groups, and reset their passwords, as well as for IT to manage applications and conduct identity-based security reporting that can provide conditional access, a capability not found in traditional mobile management tools but standard in identity-based access management tools such as Ping Identity.
Conditional access can be used, for example, to detect access attempts from different locations that suggest a user's credentials were compromised, or to prevent access from known bad IP addresses.
EMS also provides single sign-in to about 2,500 cloud apps, not only Microsoft's own cloud services.
And EMS's Azure Rights Management Platform lets admins and authorized users assign rights to documents; these rights and their keys travel with the files. A compatible Microsoft client -- such as Outlook 2016 or Word 2016 -- in Windows, OS X, iOS, or Android can open the file if the user is authorized for that file based on the rights applied by IT to his or her Azure Active Directory account. (IT-created policy templates let you ensure members of specified groups can open documents over time in the same project.) A compatible Office 365 subscription is required.
Source: Config Manager goes hybrid, rethinks Windows 10 admin
Comments
Post a Comment