Nov 02 2022

Go Forward: The State of Management and Deployment in the Work-from-Home Era

A mobile-inspired approach to desktop and laptop use could offer employees more flexibility while still keeping machines secure.

Before the pandemic, small businesses often didn’t have the resources to take their employees mobile. That made it harder to approach managing devices in a new way.

When employees were all going into an office every day, laptops could often be flashed and provisioned as needs emerged. But when we all went remote, there was no guarantee your employees would set foot in the office again. Maybe they only come in once in a blue moon; maybe they live too far away to make that a realistic option.

Now, as a result of the shifts caused by the pandemic, the threads of mobile device management (MDM) that once defined the way many workplaces provision smartphones have given way to a version of that for traditional PCs, a concept called Unified Endpoint Management (UEM).

To put it simply, UEM works under the premise that the desktop has also become a mobile device and must be managed in a similar way. Like in mobile device management, devices are given provisioning certificates that set parameters for how each device is used and tracked. And rather than the devices being handed directly to employees by IT departments, they’re drop-shipped on demand, as needed. In fact, the IT department may never directly put their hands on the machine.

This is very much a move away from the old way of provisioning, which involved imaging laptops and desktops exactly to specifications and maximizing the IT team’s control of the final experience. But just as the more straight-laced MDM gave way to bring-your-own-device approaches, this strategy reflects a truism of tech usage: The desktop computer is now just as mobile as your phone.

Click the banner below to unlock exclusive security content when you become an Insider.

Unified Endpoint Management: Why Microsoft and Apple Embrace It

For IT departments that might be more used to an older-school approach to provisioning devices, a move to UEM can be a bit of a change (as MDM once was), but in many ways, it reflects the current environment.

It also reflects a shift in technology mindset by some of the primary operating system providers in the desktop ecosystem, one that eschews imaging in favor of a certificate-driven approach. This style of device provisioning, which first came about with mobile devices, moved to the desktop thanks in part to Apple, which utilizes a UEM-style approach with its Apple Business Manager program.

Apple tends to think of its devices as consumer products that just happen to have a business use case, rather than the other way around. That means that the device should match the end-user’s needs while still working within broader parameters set by the IT department through provisioning certificates.

In its platform deployment guide for Macs, Apple specifically discourages companies from deploying firmware updates manually.

“Like iPhone and iPad, Mac computers often rely on firmware updates that are specific to their model. Similarly, updates to the Mac operating system mandate that these firmware updates be installed directly from Apple,” the company notes. “The most reliable strategy is to use the macOS Installer or MDM commands to update.”

DIVE DEEPER: Discover emerging themes as hybrid work continues to evolve.

For PCs, meanwhile, Microsoft’s Windows Autopilot takes a similar approach for distributing laptops with specific provisioning needs, including limiting administrator access, using tools like Microsoft Cortana and mandating specific privacy settings. As TechTarget notes, the goal with this type of technology is to allow a small number of presets to manage the final result for users.

And if your IT department relies on Google Chromebooks for deployment, they also support enrollment policies that can make them easy to deploy as necessary.

Going Beyond Imaging: The Case for Zero-Touch Deployment

You might be asking whether this is easier or harder than the old strategy of imaging. In some ways, there is still work involved here, because you still have to set the rules for how devices are provisioned, and coming up with effective rule sets takes time.

It also might feel like you’re losing control by not planning exactly how the final images appear on each system. On the other hand, there may still be plenty of benefits in the long run. Perhaps, for example, you might allow your Mac users to download software from the Mac App Store, making it possible for them to use some of their favorite life-hack apps along with your company’s traditionally sanctioned tools. Maybe your Windows users want to personalize the system to their exact needs.

And then there are benefits to the mobile approach to consider. Taking a certificate-driven approach to provisioning, called zero-touch deployment, may seem like you’re giving away the ability to manage devices; it’s actually just the opposite, as it allows devices to utilize effective remote management without the headaches of manual imaging. Once the image is built, it’s effectively hands-off — a huge benefit for remote teams.

Small businesses are always in search of ways to encourage growth without manual processes to slow things down. In that light, and with the help of a partner like CDW Amplified™ Configuration Services, unified endpoint management can help your organization keep up with a world that’s getting more mobile all the time.

This article is part of BizTech's AgilITy blog series. Please join the discussion on Twitter by using the #SmallBizIT hashtag.


Weiquan Lin/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT