Endpoint Management During Challenging Times

With the unfortunate events transpiring lately and employees suddenly required to work from home, organizations across the globe are struggling to support a “management everywhere” approach. With the sudden explosion in enterprise access for personal devices, rapidly configured mobile devices (some consumer grade), and almost all of it on unmanaged networks, the endpoint is now the most vulnerable element for malicious activity. This is supported by a recent study revealing a staggering fact that 60% of breaches can be reduced with a patched and compliant environment (Truta, 2019).

Heading into the COVID-19 crisis, organizations likely did  not have a mature BYOD or remote work plan in place, thereby leaving those organizations to rely on their best judgement for application and device protections, implementing faster than they would have liked. History has shown that malicious actors can and will craft realistic traps exploiting these types of situations.  Taking the time to ensure that managing a device or application from anywhere has become more critical than ever.  

Below are some relevant articles with excellent details:

While many employees already had work laptops available for at home use, this recent shift has organizations seeing a massive increase in the number of personal devices accessing company data. By using Conditional Access and Microsoft Endpoint Management policies together, enterprise IT organizations can control and secure corporate data in approved applications on these personal devices, allowing employees to remain productive and secure. Companies of all sizes must have urgency around this is to make sure that only trusted and compliant devices and applications have access to corporate data.

The global COVID-19 crisis has made businesses look to the cloud to complement their existing on-premises device management infrastructure. Organizations that currently use Microsoft’s Configuration Manager can easily add Microsoft Endpoint Manager’s cloud services to manage remote devices. This provides a holistic coverage plan for enterprise and personal devices. Upon implementation, co-management gives an organization the ability to:

  • Enforce conditional access upon signing in for accessing corporate data
  • Take immediate actions on all managed devices, including remotely wiping a device of corporate access, applications, and data
  • Deploy software and updates faster, regardless of device type

To manage through this crisis and provide your employees the most flexibility while ensuring security, Ascent recommends your organization takes the following steps:

  • Extend managing company owned devices everywhere with Microsoft’s Endpoint Manager cloud management
  • Provide secure access control to enterprise data and applications for employees using personal devices
  • Provide a Microsoft Windows Virtual Desktop experience if necessary
  • Simplify management by unifying all platforms under one console
  • Enforce Conditional Access to your corporate resources and applications
  • Integrate an advanced threat protection service, allowing platforms to combat suspicious activities before they are formally identified
  • Migrate on-premises restricted policy management to the cloud

The good news for many enterprises is that if your organization owns Microsoft 365 E3, EM+S E3, or the E5 versions of those licenses, you may already have the technology needed to implement these recommendations. With Microsoft’s Unified Endpoint Management, these policies can be deployed to all platforms. Solutions that are readily available today can dramatically reduce the risk of malicious actors compromising networks, devices, and applications.

Microsoft has published more on these topics, including the following:

Ascent encourages you to talk with us or your trusted IT Services Provider about services to jump start your modern management deployment with Microsoft Endpoint Manager. Don’t let this crisis open your organization to additional issues. Ascent Solutions brings our customers over six decades of experience and over 1,000,000 devices deployed globally. Combined with our core values and industry experts, you can count on Ascent having your needs front and center. Ascent Solutions has helped customers of all sizes and across a variety of industries transform their End-User Computing organizations into a modern management platform leveraging Microsoft’s Endpoint Manager. Ascent is aware that this crisis has required a renewed effort to increase the security of endpoints, while also providing flexibility for end-users. Our extensive experience and expertise in this area has prepared us to help all customers, no matter how unique or sophisticated their infrastructure architecture may be.

By Tim Knapp

Principal Consultant