The Five Key Components of Modern Device Management
Long gone are the days of domain-joined enterprises using exclusively Windows-based devices. Today’s IT environments are far more intricate: the typical small-to-medium enterprise (SME) is now made up of 22% Macs and 21% Linuxes. What’s more, most businesses now leverage a mixture of mobile devices, cloud services, web-based apps, locally installed apps, employee-owned devices, and many other variables that make their environments heterogeneous and complex.
Traditionally, managing such varied, multi-OS environments has required many tools and processes. Most organizations have been forced to use a mixture of manual management, clunky open source solutions, single OS/platform point tools, and other semi-effective approaches. These approaches place additional strain on IT teams (often only one or two people strong) that are likely already stretched thin.
IT is forced to spend time and energy juggling multiple solutions instead of thinking creatively and tackling larger initiatives. As a result, end users are either overly controlled or literally “left to their own devices,” without sufficient support to get the setup and access they need to do their work. This only heightens the tension that can exist between end users and IT. Ultimately, it’s the organization that suffers.
What if, instead, there was a consolidated, holistic, secure, and compliant device management approach that could meet your organization’s needs without forcing you down any one path?
What if there was a single place to manage policies, settings, and everyday admin tasks for every single endpoint, regardless of their network, applications, or OS?
As business environments become more diverse, device management tools must shift to meet emerging needs. To pave a more effective way forward, we must also shift our understanding of device management.
Device Management Redefined For
The Modern Era
The 2020 pandemic changed the world’s understanding of what it takes to run a business. The percentage of companies that require fully on-site work dropped from 60% in 2019 to 20% in 2023.
Amidst this shift, hybrid remote work is becoming a heavily adopted norm. No longer tied to on-prem infrastructure, employees are now working on a wide range of device types, OSes, and networks. IT needs to be able to securely manage remote users and devices everywhere they exist, from anywhere.
To accomplish this successfully, the focus of device management can no longer be on devices alone. Although user management has not traditionally been considered a part of device management, identity is now at the core of what IT manages.
As such, the device is an integral component of one’s identity at an organization. It is the identity that ultimately accesses company resources: by a user, via a device. Comprehensive device management in modern IT environments must encompass both user management and device management.
There are three characteristics of the modern IT environment that are driving this shift in perspective:
-
Location-independent: The focus of IT has expanded beyond the management of on-prem technology. Firewalls and perimeter security are no longer enough to secure fleets. Every single endpoint must be able to be secured and managed, regardless of its location.
-
User-focused: A positive end user experience is critical to remote and in-office productivity. It’s important for IT to build a culture of user trust and empowerment by giving users what they need while allowing for free-flowing communication.
-
Vendor-agnostic: Companies now use a wide variety of devices, applications, and OSes. Windows machines now account for only 61% of the average SME’s device fleet.
Modern device management plays two critical roles in today’s IT environments:
A user’s device becomes a conduit to their IT resources, which helps them get their work done. A core part of IT’s role is to securely connect users to those IT resources with as little friction as possible. IT must also manage devices for optimum performance (i.e. uptime, speed, reliability).
A user’s device is not only a gateway to their work; it’s also a potential conduit for hackers to breach an organization. If a device is compromised, that user’s identity and the resources they access are likely compromised. IT is responsible for both preventing and mitigating those risks.
When modern device management is thought about this way — as a conduit to IT resources that needs to be high performing and secure in a remote and on-prem work environment — IT admins can break down the management tasks into five key areas.
5 Key Components of Modern Device Management
1) Manages ALL Devices
First and foremost, a device management program must extend to all devices on the network or accessing company resources. This includes:
– All operating systems, including mobile devices.
– Devices in any location.
– Employee-owned (BYOD) and company-issued devices.
The level of control you have over these devices may vary depending on your device management solution, device ownership, and other factors. IT teams typically have less control over employee-owned devices, for example.
In general, you should have the ability to view, verify, and (to some extent) control all the devices on your network or accessing company resources. This can include actions like configuring device settings, monitoring device activity, and locking and wiping devices. More advanced MDM solutions offer much more robust functionality.
Some important questions to ask of a device management system:
-
1
Can it make custom registry changes or deploy custom mobile configuration profiles?
-
2
Can it set GPO-like configs across a cross-platform fleet?
-
3
Can it turn on full-disk encryption? Enforce MFA?
-
4
Can it disable a machine if it goes missing?
2) Remote Capable
To be able to manage a full fleet of devices, a modern device management solution must be able to manage devices, regardless of location.
Automated, touchless workflows are a hallmark of a remote-capable MDM. Initial device configuration, for example, can be an intensive manual process. However, modern mechanisms now allow IT teams to enroll and deploy a device without ever touching it. Microsoft’s Autopilot and Apple’s Automated Device Enrollment through Apple Business Manager enable IT organizations to drop-ship machines directly from the manufacturer to the end user.
When the end user opens the machine, it automatically configures settings, software, and accounts based on the company requirements and policies downloaded from the cloud. This zero-touch process allows IT teams to support remote and global employees with ease.
Remote-capable device access shouldn’t stop at device onboarding. To promote a secure, healthy, and well-functioning device environment, IT should be able to see and control devices throughout their lifecycle. Remote troubleshooting and maintenance can be sticking points here unless IT has the ability to remotely access devices. Look for an MDM that includes remote access functionality.
3) Integrated User Management
An organization is only as secure as its weakest user. Ensuring a user’s account is properly managed and secured is one of the most important tasks for IT and a core part of modern device management. Integrating user and device management provides higher authentication security, deeper telemetry, and a more streamlined user experience.
For example, integrating identity and device management can allow users to authenticate securely on their trusted device without having to type in their password.
Learn how JumpCloud Go™ accomplishes this with phishing-resistant passwordless authentication.
4) Software & OS Update Management
Despite the rise of web applications, IT admins still have a number of on-device applications that need to be managed. From the Microsoft Office suite to Adobe to Zoom to security solutions such as anti-malware or EDR, there is a wide range of software that needs to be controlled, managed, and updated. Not to mention all of the software that IT admins want to ensure is not on a machine. A device management solution needs to have the ability to install, manage, update, and remove applications regardless of the device’s location.
From a compliance and audit perspective, an IT admin should have the ability to see what apps are on their managed devices at all times and have the ability to block certain ones in the future. When combined with zero-touch enrollment, a company’s managed apps can be installed before the user is finished logging into their computer for the first time. Add in browser software and this is a major category of managing a device.
Keeping the OS and all applications up-to-date is a massive chore for IT admins, especially when considering all of the different OS patch cycles and application updates. IT admins need a solid system that informs, updates, and reports on patch status.
5) Device Health & Telemetry
Even after a machine is deployed, configured, and secured, constant vigilance is necessary — especially for remote devices. Deep and continuous visibility into device and software health ensures you’re aware of problems as soon as they arise. This enables you to both stay abreast of potential security incidents and ensure that employees are able to stay productive on their devices.
Device telemetry is less about creating a “big brother” environment and more about ensuring that essential corporate IT resources remain secure. In fact, it’s possible to generate this telemetry without interfering with user privacy or preventing the user from doing their job.
How to Achieve Modern Device Management
There is an alternative to cobbling together various solutions to accomplishing all of the above. It’s possible to manage all the devices on your network while accounting for dispersed locations, patch management, identity management integration, and telemetry — all with one tool. This modern approach is called an open directory platform.
JumpCloud is an open directory platform that provides everything you need to manage your devices:
JumpCloud supports Mac, Windows, Linux, Android, iOS, and iPad devices.
JumpCloud supports devices regardless of their location. It offers zero-touch enrollment, remote configuration, and remote access. This ensures IT can always provision, manage, and troubleshoot devices, regardless of location.
JumpCloud offers patch management for devices and Chrome browsers, a password manager for enforcing best practices, multi-factor authentication (MFA), full-disk encryption policies, phishing-resistant passwordless authentication, conditional access policies, and many other security features.
JumpCloud integrates identity and device management for more comprehensive IT management, a better user experience, and elevated security. You can choose to use JumpCloud as your identity provider or integrate JumpCloud device management with your preferred vendor, like Okta or Microsoft Active Directory.
JumpCloud provides telemetry for all the devices in your environment in a single pane of glass.
Because Jumpcloud is based in the cloud, it’s flexible and open: you can configure it freely to meet your needs. You can even combine it with other identity providers to leverage the features you need from JumpCloud without uprooting your environment.
In short, JumpCloud simplifies device management workflows while providing user access control across virtually every resource in your IT infrastructure. And it does it all from a single pane of glass — powered by a cloud-based console that can be accessed from anywhere.
Curious? Start a free trial of JumpCloud to see how it could simplify and modernize your device management program.