Device Management

Entgra UEM: Simplifying Windows Endpoint Management For Sysadmins

Device management, Endpoint security, MDM, Product capabilities, UEM / / / , , , , ,
Photo by Andrea Piacquadio on Pexels
mobile device management solutions entgra-sysadmin01
AI generated image.
A sysadmin’s job is never done – except when it is. Effective use of the right tools can relieve you of undue stress and  Sisyphean toil.

Introduction

A day in the life of a systems administrator (sysadmin) is nothing short of daunting—and definitely not something you would want to, or have the indulgent time to, write home (127.0.0.1) about. As the phone buzzes with yet another update failure alert while you have barely recovered from last week’s patch debacle, your day calls for more than coffee inspiration to wrestle with app deployments, browser vulnerabilities, and a host of unregistered machines scattered across a remote workforce. 

Managing a large fleet of devices is no small feat, and as such, a sysadmin is always on the lookout for tools that can streamline operations, enhance security, and improve overall system efficiency. 

Today, Windows is one of the leading devices operating systems used by enterprises. According to the latest estimates, over 1.6 billion devices are globally run on Windows OS while the Office 365 suite serves over 1 million enterprises of varying sizes. There were 345 million paid users for Microsoft’s AI-powered cloud services alone in 2022. Given its prevalence, any device management platform must have extensive capabilities for Windows devices.

Entgra’s Unified Endpoint Management (UEM) platform delivers on all fronts with its conformity and support for bulk enrollment, Microsoft Store integration, comprehensive update management, advanced application control, and more. 

In this blog, we will take you through the conveniences of using Entgra UEM to handle  Windows devices from the point of view of a sysadmin, focusing on key features that simplify enrollment, task automation, and device security.

Enrolling device fleets – bulk enrollment of Windows devices

First things first. A capable device management platform should encompass feasible options for enlisting your entire device fleet swiftly and faultlessly. 

Bulk enrollment enables organizations to enroll multiple devices at once, reducing the need for manual, device-by-device setup in what appears to be fantasyland for a sysadmin. With Entgra UEM’s many enrollment options, now you can call your shots as deemed apt for your enterprise.  

Windows devices bulk enrollment using PPKGs

Provisioning Packages (PPKGs) allow sysadmins to automate the bulk enrollment of Windows devices by pre-configuring them with required settings for connecting to the UEM server. 

Entgra UEM robustly supports this method for both Bring Your Own Device (BYOD) and for Corporate-Owned, Personally Enabled (COPE) devices, simplifying device management and reducing manual configuration work. Using these bulk enrollment options, you can swiftly enroll large numbers of devices with minimal effort and marginal intervention,  allowing you to focus on more pressing priorities than a hoard of brown goods. 

Windows Azure AD (Entra ID) integrated enrollment support

Windows Azure Active Directory (AD), (Entra ID), enrollment enables the use of Microsoft Azure account credentials for enrolling Azure AD registered and joined devices into the Entgra UEM server. Sysadmins can use a bulk token to generate a provisioning package (PPKG) for automatically enrolling Windows devices, making them ready for corporate use right away, rendering the Out-of-Box Experience (OOBE) for users.

This integration streamlines bulk provisioning for large-scale enterprise deployments, allowing devices to be efficiently enrolled into the Entgra UEM server with existing Azure AD credentials. 

Windows Autopilot enrollment

Windows Autopilot allows device enrollment directly from the out-of-box experience (OOBE) without IT involvement. Entgra UEM supports Autopilot, enabling zero-touch setup for corporate devices.

Sysadmins can simplify bulk deployment by registering devices with the Autopilot deployment service. On first boot, devices automatically retrieve necessary configurations from Autopilot servers, accelerating the process while enhancing the user experience remarkably. 

Core management features

Keeping all endpoints running on the Windows operating system updated is crucial for security and performance, and is therefore an integral part of system administration.

For this, the following Windows Update Management features supported by Entgra UEM are sure to help relieve the sysadmin’s burden:

OS update management

Entgra UEM provides comprehensive OS update management, allowing sysadmins to control and streamline updates across different operating systems. This functionality offers a unified view of available OS updates, helping sysadmins to efficiently manage the rollout of updates for devices across the enterprise.

Windows Update management

Similarly, Entgra UEM presents advanced features to display available Windows updates and retrieve update details using the Windows Update Agent (WUA) API. This facilitates managing and controlling the rollout of updates efficiently with trouble-free integration within the existing system infrastructure. You can conveniently initiate the update process through the Entgra UEM console by selecting and triggering installations for available updates on managed Windows devices. 

Entgra UEM’s Windows Updates interface offers comprehensive information on each update, including its status, type, and description, so that administrators can monitor and manage the update process for Windows devices efficiently.

Entgra UEM Windows agent – enhanced installation and logging

Entgra UEM has a Windows agent fine-tuned for optimal performance in administering Windows devices. It presents a simplified enrollment agent installation process by separating the installation operations. This improves flexibility by enabling you to manage each part of the installation process independently. 

Furthermore, the Entgra agent presents enhanced logs with improved visibility for troubleshooting and proactive monitoring. 

 It comprises important security features such as:

  • OTP Support: One-Time Password (OTP) functionality that adds an extra layer of security for user authentication, reducing the risk of unauthorized access.
  • SCEP Enrollment: Simplified certificate management through Simple Certificate Enrollment Protocol (SCEP) that automates the enrollment and renewal process, reducing the administrative overhead.

Windows group policy support

Entgra UEM’s Windows Group Policy support enables sysadmins to implement over 200 group policies on enrolled Windows devices, delivering functionality similar to Active Directory (AD) group policy management. This includes a robust range of Supported Policies for controlling device behavior and Restricted Policies for enforcing secure usage limitations. By leveraging Administrative Template (ADMX) files, you can define registry-based policy settings to control aspects such as device configuration, user permissions, and system security across all managed devices. This centralized control facilitates consistent and precise configurations that support organizational policies and compliance standards.

Windows Restriction Policies allow sysadmins to set limitations on specific device features, helping to secure devices by limiting access to non-essential or potentially risky functionality. These restriction policies are especially useful for managing features that may be sensitive in certain operational environments, giving sysadmins added control over how Windows devices are used within the organization.
You can configure policies for device security, user access, application settings, and more, ensuring consistent and secure configurations across all Windows devices.

By automating these policy deployments, Entgra UEM reduces manual effort, streamlines policy management, and helps organizations maintain a secure, compliant IT environment.

Automation and customization

Custom scripts and PowerShell integration for automating routine tasks

Sysadmins can automate regular, recurring administrative tasks on Windows devices using custom scripts and Windows PowerShell integration. Entgra UEM enables you to execute scripts remotely via the UEM console conveniently without manual engagement, and  the need for device-by-device intervention.

This feature also offers flexibility for running advanced configurations that are not natively supported by UEM platforms. With the ability to execute custom scripts through the Entgra UEM console, sysadmins can efficiently manage system settings, improve workflow automation, and extend endpoint management capabilities.

Application and browser control

Microsoft Store integration for Windows devices

One of the most compelling features of Entgra UEM is its seamless integration with the Microsoft Store. 

Sysadmins can publish Microsoft Store applications to Entgra App Publisher as public apps, allowing synchronization of app inventory. These applications can then be installed on Windows devices using the agent application through the Windows Package Manager. 

Curating a list of approved apps to ensure only secure and vetted software is available for installation is also made possible through Microsoft Store integration. This reduces the risk of unapproved or malicious software being installed within the organization’s network.

Advanced browser management support

Effective web browser management is vital for security, productivity, and compliance. With Entgra UEM, you can implement browser restrictions using Microsoft Edge Browser policies to configure how Microsoft Edge runs within your organization. 

These policies cover a wide range of categories including application guard settings, HTTP authentication, kiosk mode settings, screen capture permissions, printing, proxy server settings, SmartScreen settings, and more. Effective browser management capabilities ensures comprehensive control over browser behavior, enhancing security, performance, and manageability within the organization.

Next steps: Getting started with Entgra UEM

For a systems administrator, Entgra UEM significantly eases the complex tasks of managing large Windows device fleets. Its comprehensive feature set, from Microsoft Store integration to advanced update management and browser control, ensures that your enterprise endpoints are secure, up-to-date, and efficient. With Entgra, it’s a breeze to maintain a well-organized and secure IT environment, enhancing productivity and compliance across the board. 

There are two ways to get started with Entgra UEM. Sign up for our MDM trial where you have access to explore all of Entgra UEM’s capabilities for 14 days, free of charge. We also have a Premium Pilot Program especially for Windows device users. The best part is, when you join this program, you get one and a half years of free device management based on the number of devices you enroll. You’ll also get the opportunity to be in touch with our development team directly and share your feedback on what works for you and what you’d like to see in a future version of Entgra UEM.

Contact us to learn more about Entgra UEM, request for a live demo, or to join our Premium Partner Program.

Windows Device Management Simplified

Premium Pilot Program

Explore

Entgra UEM: Simplifying Windows Endpoint Management For Sysadmins Read More »

5 Common MDM Misconceptions Dispelled

Device management, Education, Endpoint security, Hybrid working, Industry insights, MDM, Product capabilities / / / , , , ,
People looking at devices.
mobile device management solutions entgra-pexels fauxels 3183177
Photo credits: fauxels

Introduction: The popularity of MDM solutions

The number of device users is on the rise. For example, GSMA estimates mobile connections alone will increase by 20% from 2020 to 2030, and there will be 5 billion 5G connections by 2030. This development is coinciding with increased technology adoption by organizations worldwide and the rise of hybrid working and hybrid learning. Today’s employees are opting for more flexibility, and organizations face the task of managing devices securely, both in the workplace and out. Education providers, too, are looking at ways to provide immersive learning experiences with devices.

When device numbers, mobile connections, and technology adoption surge, it presents new challenges. Devices and users must be managed securely, data storage has to be secure and comply with regulations, devices and software need regular updates, and organizations have to ensure the safety of devices they own. The adoption of mobile device management (MDM) software is increasing precisely because of these new challenges. Organizations benefit from a comprehensive MDM platform, where admins can oversee a range of device management functions in one place.

Despite their popularity, some organizations are skeptical of MDM platforms and, in some cases, may have certain misconceptions. This blog lists out 5 common misconceptions about MDM related to device fleet size limitations, use of personal devices by employees at work, device security, costs, and workload – and explains how MDM platforms will enable you to address device management challenges in your organization.

1. Smaller device fleets do not need MDM solutions.

MDM solutions manage devices irrespective of the scale of your device fleet. Both large organizations with extensive device fleets and SMEs with smaller device fleets gain multiple benefits from MDM software. Think about it. Whether you use Android or Windows devices, you can choose from a range of device enrollment options, onboard your devices to your device fleet in bulk, convert your devices to kiosk mode, manage the entire life cycles of your apps, and manage your device and app inventory. Plus, regardless of how large or small your device fleet is, you need to integrate with various external software systems such as workflow collaboration, HR, and marketing tools. You also need to ensure safe login and authorization mechanisms for all your device users. This is another area where MDM solutions are particularly helpful. They come with integration features, so you can make use of the API management and identity and access management (IAM) capabilities to integrate with any third-party platform that you use in your organization, enable secure device use, and protect personal data.

Another advantage about MDM solutions is that they are scalable. You may have a smaller device fleet today, but as your organization and team grow, so will the number of devices in your fleet. MDM solutions can accommodate any device type on any operating system; you can scale as you require without worrying about your day-to-day device management concerns.

2. I can’t use a MDM solution because employees and/or students in my organization use their personal devices for work.

One of the many device enrollment options available in a MDM solution is Bring Your Own Device (BYOD). Many organizations and education providers are looking at ways to balance device management, data protection, device use, and privacy concerns. By supporting BYOD implementations, MDM software enables you to manage app and data/network usage when employees are using their devices for work. Device admins can create lists of apps that employees can and cannot access so that devices, even personally owned ones, are only used for their intended purposes during work hours. If someone attempts to access an app that’s not allowed for use on a device, it will be blocked or uninstalled. You can block certain apps from using your network and even set data usage limits. There’s an added benefit for device admins in education providers: you are able to restrict network access for younger students and prevent exposure to inappropriate apps and content.

Organizations sometimes think that BYOD results in lower productivity. In fact, BYOD gives your team members a chance to do their work on devices they’re used to working on, and device admins have access to device usage trends with MDM solutions so that you can oversee productivity levels.

3. MDM solutions are not needed when anti-virus software exists.

MDM solutions are entirely different from anti-virus software and used for different purposes. Suppose your devices are misplaced, stolen, or there’s a data breach. MDM tools give device admins a mechanism to erase device data (i.e., remote device wipe), lock devices to prevent use by malignant actors, and even perform a factory reset all while remote. As device admin, you can also make use of geofencing features to set geographic boundaries for your device and set up alerts when the device leaves these boundaries to keep track of corporate device locations constantly.

Other device security features in MDM include data encryption and containerization capabilities to separate corporate and personal data on devices. Furthermore, device admins can integrate with external identity management tools for secure user authorization.

4. MDM solutions add to my team’s workload and are a steep expense.

MDM tools are user-friendly platforms. They prioritize navigation and usability, provide self-guided enrollment, and offer UI tours to help you enroll devices and discover all available features. By using remote access management features such as remote screen sharing for troubleshooting devices, dashboards to understand device functionality patterns, remote configuration and command enforcement to standardize device settings across your organizations, key device management functions such as app and security updates, device and user onboarding, and maintenance are no longer as time consuming as previously thought. 

Furthermore, implementing MDM software is not as costly as you think. Many vendors have cost-effective, cloud-based plans in place based on the number of devices in your organization to help you gain the most from your investment.

5. MDM solutions are limited to devices only.

MDM does not solely refer to device management; it involves security and device compliance policies, device users, and organizational processes. It’s a commitment for the long term, with continuous software upgrades to address device management concerns and technological advancements.

To sum up, MDM solutions play an integral role in device management regardless of fleet size. They provide features for bulk device enrollment, kiosk mode conversion, app lifecycle management, and integration with numerous external software systems. MDM solutions are scalable to accommodate device increases and support any device type on any operating system. Their support for BYOD is indispensable to the modern workplace and education provider, as organizations can manage personal devices used for work by controlling app and data usage for productivity. Features such as remote data wipe, device locking, geofencing, data encryption, and secure user authorization help you address any device misplacement, loss, or theft quickly. Finally, MDM solutions are user-friendly, with capabilities such as remote access management and budget friendly cloud-based plans.

Because MDM solutions are a mainstay in your organization’s performance and growth trajectory, it is important to understand and evaluate their comprehensive feature lists. Learn more about MDM solutions and how you can customize them for your organization here.

5 Common MDM Misconceptions Dispelled Read More »

Digitalizing Day-to-Day Tasks of Public Field Officers

Leave a Comment / Device management, Industry insights, Public services, UEM, Use cases / / / , , ,
Photo by Christoph Theisinger on Unsplash
Photo by Christoph Theisinger on Unsplash
Photo by Christoph Theisinger on Unsplash

How Sri Lanka’s Government Administrators Can Digitalize Vital Citizen Data Collection Functions

Sri Lanka has a multitude of government agencies with varying levels of processes involved. At present, numerous public field officers employed by these agencies perform many tasks – such as citizen data collection – manually using paper forms. They include village officers (or Grama Sevakas), public health inspectors (PHIs), community midwives, environmental police officers, municipal council employees, and field officers from the Department of Agrarian Development and the Department of Census and Statistics to name a few. They then visit the relevant area government offices to sync their work – again performed manually.

In a bid to digitalize key government functions, some agencies have begun distributing public field officers with mobile devices that contain a set of apps to eliminate these manual tasks and ensure that data is available in a centralized system in a timely manner. 

While this is a welcome move, this endeavor does not address key functionalities. These include:

  • A centralized strategy to monitor and manage devices deployed in the field.
  • An ecosystem to provide remote app updates or new apps. Public field officers are required to manually download and install apps. 
  • Strategy to provide operating system (OS)/ security updates and mandatory app updates such as virus guards.
  • Remote troubleshooting of device, app, and OS related issues that would eliminate time consuming and costly field visits by IT support teams.
  • Tools to enforce data usage restrictions, misuse of devices or data/ device theft.
  • System level architecture to provide centralized identity, device management, integration or APIs.

The lack of these functionalities would pose several challenges that will impede the long term success of a large scale project such as this. This blog provides a step-by-step guide on how government agencies can implement a device strategy that addresses these functionalities and simplifies data collection whilst saving costs in the long term.

Device Strategy and Ecosystem: A Step-by-Step Guide

The device strategy and ecosystem must address each of the following considerations before devices are used in the field.

Device functionality

Takes into account issues such as device robustness, how they would work in the field seamlessly, battery life of each device, and device weight.

Device specifications

Operating system used by devices (i.e. OS or Android), scanning requirements, whether or not devices are able to connect to printers, and the warranty period of devices.

Device ownership and user policies

Privacy and user guidelines are central to a project such as this. The device strategy must address who exactly will be given access to use devices in the field, guidelines for doing so, and the policy adopted for usage outside of official duties.

Identity and access management and storage

Security and identity management (IAM) are often the cornerstones of a sound device management strategy. A successful IAM system consists of single sign-on (SSO), self sign up, password set ups, and password resets. This system must decide on whether OTPs for sign up will be sent via SMS or email for secure signing in and the official verification/approval process.

Device configuration

Test devices, check runtime usage, and ensure that onboarding configurations are functioning as intended and device apps work in offline mode.

App development

Apps must incorporate user behavior, use the mobile device management (MDM) app store, sandbox environment in place, and kick start beta testing.

Device distribution and education

Once all of the above are in place, the relevant government agencies must prepare lists of device recipients, map serial number ID with employee IDs, decide on a complete support structure (i.e. who will provide 1st and 2nd level support), prepare instruction manuals to educate users, and organize device delivery to the field force. This is also the ideal time to formulate the device roll out plan and scale the device system with the expected support load.

Run a pilot and deploy devices to the field

This is the ideal moment to define the defect reporting process and the warranty claim process.

Pre-work device check and monitoring

Finally, before devices are in full use, assess the level of support needed, how alerts/escalations are reported, and app functionality.

Data Analysis and Visualization to Aid Policy Makers

A project such as this will require particular attention paid to methods of data storage and visualization to facilitate analysis by policy makers. The device strategy requires a central data storage mechanism – by ‘data’ we refer to both citizen data and device functionality data. Data visualization will be enabled in the form of dashboards to aid government employees and policy makers.

By implementing a device strategy with these considerations in mind, government agencies are better able to lower costs through greater control over device usage, plan for the long term, and start digitalizing services for the benefit of citizens, policy makers, and public field officers alike.

Entgra provides has worked with many public agencies and private sector organizations to implement robust device strategies. Learn more here.

Digitalizing Day-to-Day Tasks of Public Field Officers Read More »

A 7-Step Device Strategy To Succeed With IoT Technology and Create Flexible Organizations

2 Comments / Device management, Industry insights, UEM / / / , ,
mobile device management solutions entgra-benjamin smith IpWzUTLvOzQ unsplash edited
mobile device management solutions entgra-benjamin smith IpWzUTLvOzQ unsplash edited
Photo by Benjamin Smith on Unsplash

With the ongoing pandemic creating many upheavals, organizations are increasingly grappling with a monumental challenge – creating seamless workflows and remote working environments whilst staying resilient, relevant, and flexible to respond to present and future changes. These changes are also taking place against a backdrop of evolving technology usage, both by organizations and individuals. Industry analyst Gartner identified Internet of Behavior (IoB) as one of the strategic technology trends for 2021. Explained simply, IoB is a data-driven approach to guide behavior. Data is gathered from many different sources and IoB will increasingly shape interactions between people and organizations. Using data from multiple sources and devices to gain insights into business operational processes and productivity is of course not a new phenomena. Organizations across industries have been moving towards deploying connected devices and Internet of Things (IoT) enabled business environments for quite some time.

Successful use of IoT technology requires a device strategy, regardless of the type of organization. When I use the term “devices,” I refer to both mobile devices and IoT enabled devices. A device strategy must take into consideration 7 important factors to thrive: business planning, product building, operational efficiency, scaling, tech support, value creation, and sustainability.

Business Planning

Organizations that require a device strategy fall into 4 broad categories – device manufacturers, application developers, system integrators, and device users. Each of them have different needs and priorities when formulating a device strategy. As a starting point, ask yourself some crucial questions about your organization – which of the above 4 categories you belong to and what your organization envisions for itself.

Here is an overview of the different technology requirements for these organization types:

  • Device manufacturers – to develop devices and basic software (such as an API) to showcase device capabilities
  • Application developers – need to build IoT applications on top of their existing hardware
  • Systems integrators – to integrate several IoT applications and create value in a particular industry
  • Device users – provide devices to their employees to be used for specific purposes

Product Building

All of these organizations must then identify the specific market requirements, target customers, and the expected types of device engagement. These are the things to keep in mind for a product building strategy.

A generic guideline is as follows:

  • Device manufacturers consider where and how the devices are to be used, taking into considerations issues such as device robustness, protocol use (existing or new protocols), chipset usage (existing or new chipsets), device security, and power consumption.
  • Application developers are mainly concerned with the types of devices that will be used, the type of software platform to use, application distribution, and how the application logic compares with power consumption.
  • Systems integrators’ main concerns are with integration – which platform to use, the need of new platforms, security, protocols, analytics, dashboards, and how they can expose APIs with external parties.
  • Device users need to understand if they’re using the right type of device, whether or not these devices are user friendly, data security and storage, and device ownership (who owns the devices – the organization, device manufacturer, or the employee).

Operational Efficiency

Once you build your IoT applications and deploy your devices, then it’s time to think about operational efficiency. Your key concerns at this stage would broadly consist of detecting device failure notifications, identifying device anomalies early so as to minimize operational disruptions, pushing software updates to all your devices in your ecosystems, and how you can reset your devices in the case of a security breach.

Scaling

Any organization must first have a thorough understanding of their IoT deployment so that they can formulate and implement a scaling strategy. A starting point for this exercise would be to first identify which architecture layer within your IoT deployment needs scaling and how this can be done, recognize usage and failure patterns, consider questions around device throttling, and finally, if your organizations will use server or edge computing capabilities.

Support

When we talk about technology support, the biggest issue is what actions an organization will have to take when a remotely installed device fails. Using backup devices is an option (although this is often not the most cost-effective choice).

Value Creation

Devices and their deployment are expensive. Long term value creation must therefore be a cornerstone of your device strategy. Measure the impact of device integration and understand what steps your organization can take to prevent your devices from becoming less valuable over time, how your organization can gain a competitive advantage through your devices, what type of data can be generated from your devices for business insights, and how you can diversify your business offerings and processes.

Sustainability

A discussion about value creation naturally leads to questions about sustainability. Sustainability focuses on 3 areas – technology, data security, and legal challenges.

On the technology front, devices and platforms used today may not be valid in several months’ time. As such, organizations must address any vendor lock in issues with your devices, whether or not your platform can be scaled with other devices and applications, and any license fees and data ownership concerns that you will encounter.

When considering data security, any breach impacts consumer trust in your organization which in turn affects sustainability. Pay particular attention to how your data is stored, whether or not you use a managed cloud service, who will be given access to the data, whether or not a data filtering mechanism exists within your organization, and how your mobile apps were developed. 

Finally, on the legal challenges front, many regions have introduced data privacy and security laws, for example, GDPR in the EU, CCPA in California, USA, and CDR in Australia. With these regulations, there’s a chain of liability, many different and complex data ownership scenarios, and automated contracts. Any questions on a sustainable device strategy must look into the intricacies of these regulations and even in the absence of formal regulations, pay heed to privacy concerns of individuals and device users.

Learn more about our Mobile Device Management (MDM) and IoT technology. Our customers span the Android device manufacturing, original design manufacturing, government, education, pharmaceutical, healthcare, insurance, and service industries.

A 7-Step Device Strategy To Succeed With IoT Technology and Create Flexible Organizations Read More »

Scroll to Top