Did you know that Microsoft Intune turns 13 this April? If you’re anything like me and were desperately trying to get your hands on it at launch, you’re probably starting to feel a little old about now!
But what started off as a side note in the systems management world has now become an integral part of the Microsoft Modern Workplace and the stack has never felt more relevant than it has these last few years. For many organisations, cloud-based management solutions were pivotal in how they responded to the challenges posed by a pandemic and now global economic uncertainty.
Although Microsoft Endpoint Configuration Manager (in all its flavours) continues to dominate the enterprise, the gradual shift towards Intune has picked up more momentum over the last few years and a large number of our customers are running a hybrid solution or have completely moved to Intune.
So, for those of you still on the cusp of embracing Microsoft’s Modern Workplace, we’ve put together five tips to help your transition to Microsoft Intune:
Bonus Tip: Intune Deployments Made Easy
Assess Your Current Environment
Let’s start with the obvious! You have an end goal in mind so it’s crucial to baseline your current environment to define the steps and changes that need to happen in between. Every organisation is different but there are a few key areas to consider:
- Device inventory: Make a list of all the devices you want to manage with Intune and include details such as the manufacturer, model, OS types, and current configurations. This will help you determine which devices are compatible with Intune and what policies you need to create to manage them.
- Current management solution: You might want to continue running your existing management solution after deploying Intune so it’s important to evaluate your data and user/device policies. Document what will be migrated and what needs to remain (and potentially updated).
- Network infrastructure: Review the network infrastructure at all sites to ensure it supports the number of devices that you want to manage. If you’re coming from an on-premise solution, you will need to check firewall settings and ensure that your Internet links are capable of handling the extra data (although the payload is relatively small, satellite sites on slow links might benefit from a proxy server).
- Applications: Users don’t care how cool your back-end tech is! If they don’t have access to the right applications, they can’t do their job. Audit your application estate to identify which are in scope and focus on usage where possible to help prioritise compatibility testing, applications updates, or replacements.
- Policies: Not all settings in your current AD Group Policy will migrate. In fact, you will probably want to start afresh rather than move over those 20-year-old GPOs that no-one really knows what they do! Don’t think about how you’ve previously done things, it won’t necessarily work – AD groups policies are applied to a hierarchy that doesn’t exist in Intune and you’ll probably see a lot of conflicting settings. Instead, think about what you’re trying to achieve! It’s essentially to fully audit your existing policies to understand the impact of moving to a new platform.
Plan Your Deployment
Now you have a clear understanding of your current environment, it’s time to turn your thoughts to planning the transition to Intune. This will involve deciding which devices and apps are in scope, the policies you’ll put into place and building a timeline from which to run a successful communications campaign.
- Define your objectives: Intune brings many technology benefits but it’s important to consider the problem it will solve. Look at the business needs and goals you want to achieve. Are you looking to improve security for remote workers, support employee-owned devices, or streamline processes and reduce operating costs? This will help to create the deployment phases and measure during rollout to ensure the project stays on track.
- Choose a deployment method: Decide whether you want to deploy Intune as a standalone solution or integrate it with existing solutions, such as System Center Configuration Manager. Define the metrics that you will use to identify when users, devices, apps are ready to move and start measuring this.
- Select your management policies: Decide on the policies you want to put in place for device enrolment, device security, and application management. Ensure that you have differentiated requirements for managing corporate and personal services side-by-side.
- Define a workflow: Developing a structured process is key for a successful and seamless deployment. There are a lot of moving parts in an Intune migration and a well thought out workflow is essential to drive change, reporting, automation, and communicating to your end users.
- Phase your rollout:
- Start with a small pilot group of users (up to 50) that know they are early adopters and have agreed to provide feedback. This will help you to refine your configuration, deployment process and documentation. This group should not include CxO, executives, or VIPs.
- Extend the pilot to include a greater number of people from all parts of the business. You’re targeting about 200 users and a small number of senior management within IT. This will provide feedback that’s more representative of your user estate.
- After a successful pilot, you’re ready to move to a phased production rollout. Groups could be targeted by department, geography, or device to ensure that resources are maximised and there are no gaps in the deployment schedule.
Develop a Communication Plan
End-user engagement is one of the most important markers in determining adoption and success. We can all appreciate how frustrating and disruptive change can be without prior knowledge so the job of the communication plan is to be sure that users are aware of what’s coming ahead of time and what potential disruption to expect.
Think about how you’re going to communicate with your users, how often, and what information you want to share. Here’s how we often recommend that our customers approach this:
- Work with your marketing team to draft the content in advance.
- Create an email campaign schedule that communicates with your users often, provides relevant information, and guides them through what can often be a complex process.
- Automate emails to be sent at a timely point in the process. This creates a personalised experience because you’re providing information about what is happening next.
- Don’t stop communicating just because the technical work has finished. Provide follow-up emails containing training or support materials during the hyper care phase and don’t forget to collect feedback to continuously improve your service.
The email campaign schedule (mentioned above) will be aligned to key technical steps in your overall deployment process but can have the biggest impact on your users. I’ve outlined an approach that we typically take with our customers:
- Kick-off: This will be a broad communication that addresses questions like what Intune is and why your organisation is adopting it. You should also outline some of the key dates in your deployment plan and when you’ll next be in touch so everyone knows what to expect.
- Pre-enrolment verification: With so many organisations adopting flexible or home working over recent year, it’s important to verify that the device, application, and location details are accurate. This ensures that hardware and engineering resource is sent to the correct location and users have the correct resources for their role.
- Deployment scheduling: When a user is flagged as ready to receive Intune, they’ll be added to a deployment schedule. Email should be used to allow them to create/edit a booking or provide confirmation if this is generated automatically.
- Countdown: As the deployment date grows closer, a series of emails are sent to help the user prepare for the change. For example:
- T-1 week: Remind the user of any outstanding activities such as archiving data.
- T-3 days: Issue any instructions about preparing the device or arranging for courier collection.
- T-1 day: Remind the user of their time slot, location and engineer assisting them. For home based-users, courier tracking details could also be provided.
- Hypercare: To help your user easily transition to Intune, provide training guides or FAQs to help them get the most out of Intune. It’s also a good idea to provide details of support teams that are dedicated to the Intune project.
- User Satisfaction: Post-deployment surveys are a great opportunity to fix any issues in your deployment process or offer an opportunity to celebrate the great experience provided by your team.
The Microsoft Intune Adoption Kit contains a couple of email templates to get you started!
This is where defining your objectives earlier is incredibly important. Having a clear view of what services your organisation needs to be productive and secure will help to determine which licensing model is most appropriate.
Although we recommend speaking to your licensing partner, there are a few factors that might help to determine which licensing model is best for your organisation:
- Intune only: Available on subscription or as a standalone service, you might consider only deploying Intune if your primary goal is to deploy policies and profiles without any enforcement.
- Co-management: Your Configuration Manager license already includes Intune for co-management of devices only. Full Intune device management will require a separate Intune license.
- Policy Enforcement and Compliance: Intune compliance and password policies are enforced using a combination of Intune and Azure AD Premium. This is the first licensing level that provides access to Windows Autopilot, a complementary Microsoft technology that is used to automatically pre-configure and enrol new devices.
So far, we’ve looked at the licensing scenarios that provide basic Intune features, but many organisations will also be providing access to corporate services and applications alongside Intune:
- Office 365 can be used to manage apps on devices and provide basic mobility and security. It might not be right for everyone but do check Microsoft’s MDM for O365 vs Intune comparison to see if it’s a good fit for your organisation.
- If you’re looking to deploy Office 365 apps and secure the device, you’ll need to consider Office 365 and Intune as a minimum. On top of that, Azure Information Protection will classify emails and documents, and prevents unauthorised access to your company data while using Office apps.
- Azure Active Directory Premium would be required for Intune to leverage functionality offered by:
- Windows Autopilot
- Multi-factor authentication
- Conditional access
- Dynamic user/device groups
- Microsoft Defender for Endpoint will provide a level of protection from malicious activity and can be partnered with AAD conditional access to block access to your organisation’s resources in certain scenarios.
Ideally your Service Desk should have hands on experience with Intune and be involved with the project as soon as you have a product that can be tested or as part of your early pilot group. This will provide them with invaluable insight into the type of issues that they will likely encounter during the project and afterwards in BAU.
Your Service Desk will be exposed to issues that the problem will unlikely encounter so it’s a good idea to hold regular meetings throughout the deployment phase. This provides an opportunity to share feedback from your end-users which can be used to refine delivery and improve the overall experience.
The day-to-day work should be underpinned by workflow that enables communication between project, engineering, and support teams.
Unless you have a major technical issue that wasn’t identified in earlier stages, the vast majority of tickets created by your users in the early stages will be related to adapting to an unfamiliar system.
To help reduce the demand on your service desk, consider running a dedicated deployment clinic at a central location where engineering staff are on hand to help users adopt Intune. Floor walkers are a great alternative for deployments that focus on specific offices or buildings.
Email is also an effective way to help onboard users:
- Provide links to training resources immediately after deployment.
- For the first few days after enrolment, consider sending bite-sized tips that will help users get the most out of Intune.
- Check in with users a week after deployment and provide links to advance resources or guides that are useful once they are familiar with Intune.
- Not all problems are reported to the Service Desk so follow-up after 10 days with a satisfaction survey and provide an opportunity to report minor issues.
Intune Deployments Made Easy
Moving to Intune can seem a little daunting at first, especially if you’re a large organisation or have a small IT team. There are new management concepts to embrace, in addition to coordinating lots of moving parts and tracking their dependencies. And that’s before you consider how to identify which devices are ready to migrate and communicating that with your end-users!
ManagementStudio was built specifically for this task. Our software helps IT project teams to manage large or complex change within an organisation, just like your Intune deployment, and has migrated millions of objects over the years. Here are just a few ways that ManagementStudio can de-risk your project and help you to deploy Intune quicker:
- Assess: Create a comprehensive picture of who uses what, where and when and automatically track the relationship between users, applications, and devices. Easily identify devices that meet Intune compatibility requirements and monitor the progress of dependencies.
- Single Source of Truth: Taking data from multiple sources, ManagementStudio becomes the single version of the truth for your project to ensure that all teams have access to the accurate, real-time information. No more emailing spreadsheets that age as soon as they are sent or people working from old copies of data! What’s more, you can notify individuals when assigning tasks or actions to ensure that progress doesn’t stall.
- Ready for Intune: Track dependencies for all users, applications, and devices to understand whether they are ready to move to Intune. For example, identify the application in UAT that’s preventing a user or device from being ready to move to Intune, or show how deployment to a satellite office being dependent on an Internet connection upgrade.
- Workflow: A structured workflow is essential to understanding the progress of your Intune deployment and driving activities at each stage of your plan. ManagementStudio supercharges your workflow by automating repetitive tasks and gives you full visibility through our reporting engine. From discovery and testing to deployment and support, your ManagementStudio workflow will underpin a successful Intune rollout.
- Communications: Email is at the heart of your Intune plan. It’s there to notify, educate, and support your users at all stages of your deployment and beyond. With ManagementStudio, you can create an email campaign that automatically communicates with your users at key points throughout their enrolment journey. Engagement improves and adoption is increased. With full tracking, reporting and even support for email in multiple languages, ManagementStudio’s email engine is an integral part of your project.
- Rollout: Deploying a new service to your users is more than just turning on a new product. Everything that you’ve done up until this point will come together to facilitate a seamless transition to Intune. With ManagementStudio, you’re able to create a fully customised rollout plan to cater for all aspects of your business, from bulk rollouts to a white glove experience for VIPs and everything in between. Not only do we help with the communications and scheduling, we can also tell Intune that your users and devices are ready, and decommission access to old services in AD and Configuration Manager. And all this can happen in the background with our automation engine!
We’re only scratching the surface of how ManagementStudio can seamlessly transition your organisation to Microsoft Intune. It’s a powerful tool that has helped hundreds of organisations to transform their IT. But don’t take our word for it, let us show you!