How Microsoft Autopilot and Endpoint Manager can Simplify Endpoint Management via a Golden Image.
January 29, 2021
Even before the COVID-19 pandemic, more and more organizations were migrating to the cloud. Much of this is due to the increase in remote working over the past few years. Even if employees weren’t in the office, they could access all the tools, resources, and documents they needed via the cloud. Yet despite the flexibility and accessibility of the cloud, the question of security and endpoint management arises. How are organizations to keep everything secure and updated--especially endpoint devices?
That’s where the golden image comes in. In this article, we’re going to discuss how to effectively use the golden image to manage desktops and the latest methods used to deploy and manage the golden image using Microsoft technologies. We’ll be specifically looking at how Microsoft Autopilot and Microsoft Endpoint Manager can streamline and simplify the process. You’ll also see how HealthEquity, a company helping individuals and businesses make smarter healthcare decisions, used a golden image to simplify their endpoint management strategy with the help of JourneyTEAM.
Finally, you’ll hear from Cloud Solutions Specialists from JourneyTEAM on the architecture of Endpoint Manager and Autopilot and what’s possible with these solutions.
The Golden Image
A golden image (also known as a clone image or master image) is a pre-configured template that’s distributed among users. The image contains the perfect software setup which is then used in multiple environments.
Using a golden image eliminates the need for IT to make repetitive configuration changes. This approach can help to simplify deployment, save time, and increase consistency as the chance for operator error is reduced.
Microsoft Autopilot
Autopilot is a collection of technologies that are used to pre-configure and set up new devices prior to productive use. The solution can also be used to recover, reset, and repurpose devices. Essentially, this program streamlines and simplifies the entire device lifecycle which reduces the amount of time IT spends managing devices.
Microsoft Endpoint Manager
Formerly known as Microsoft Intune, this is a cloud-based service that allows you to control how company devices are being used, including smartphones, laptops, and tablets. It gives users the ability to manage mobile devices and operating system scenarios from a central location in the cloud.
Using Endpoint Manager, you have a unified endpoint management system for both corporate and personal devices. You can easily set up rules, configure devices, deploy and authenticate applications, and keep corporate data safe and protected.
When used together, Autopilot and Endpoint Manager streamline the setting up and management of new devices. IT can use Autopilot to configure workflows and register new devices in Endpoint Manager. When a new device is unboxed and signed into, Endpoint Manager will sync the Autopilot settings and ensure that new configurations and updates are done. Using these two solutions, the time that IT spends on deploying, managing, and even retiring devices is significantly reduced.
How JourneyTEAM Helped HealthEquity to Streamline Endpoint Management with a Golden Image
Founded in 2002, HealthEquity was created to help Americans set up a health savings account to give them more power and control over their health and financial future. Over the last decade, the company has grown to include 3,000 employees and an incredibly long endpoint management process.
Prior to using Microsoft products, HealthEquity was using a golden image that was manually applied to each device. Devon Ritchie, Senior IT Manager, described the process this way:
“We used a gold image and applied those through Pixie Server. Then we had the technicians join the computers to the domain, then add the user account, set up the profile, and then install any additional software on the laptop. This process would take generally anywhere from two to four hours depending what was on the profile and the amount of software that had to be installed.”
Once the device was set up, they had to send the device to users via a carrier (this was after the COVID-19 outbreak). To do that, the IT team first had to gather shipping information and determine if additional equipment was needed to complete work. Next, they had to contact HealthEquity’s carrier to figure out shipping. Finally, when the employee received the laptop, the IT team had to walk them through setup.
The length of the process was just one of the reasons that HealthEquity started looking for a new solution for their golden image. They wanted to consolidate all user accounts and devices to a single domain, manage the demands of working during the COVID-19 pandemic, and create an easier on-boarding process. Additionally, their current solution was not scalable and incredibly expensive.
Helping Organizations Attain Success
Hearing of the success others had using Microsoft products, HealthEquity implemented both Microsoft Autopilot and Endpoint Manager. The implementation of these solutions changed things drastically for the company. Rather than arranging to ship with a carrier, HealthEquity now ships devices and all equipment directly from the vendor and includes setup instructions. This has saved the IT team a lot of time on the service desk side so they can focus on resolving tickets and issues instead of workstation setups.
When asked if HealthEquity ran into problems while implementing these solutions, Devon stated that the two biggest ones were training employees on the new process and carrying over existing user settings from an old device to a new one. However, they found that using a PowerShell script in Autopilot allowed their IT team to carry over user settings smoothly.
Devon offered this piece of advice for those looking to do a computer deployment using Microsoft Autopilot. “Have a plan on what you want the end state to look like. Work very closely with your security teams to understand your security requirements upfront, what you can expect, and what you need to implement going forward.” He stressed the importance of coming to a consensus between security and usability to ensure there was a good balance between each.
The future of Endpoint Management at HealthEquity is strong according to Devon. He stated that they are focused on building more dynamic groups and distribution packages that can be pushed through Autopilot to make it more seamless and accessible for new and existing teammates. They’re hopeful that with a more seamless process, they can have better management of devices from applications all the way down to settings.
The Importance of Architecting Autopilot
What HealthEquity was able to achieve with Microsoft solutions is just some of what Autopilot can do. Tim Brandt, a Cloud Solutions Specialist at JourneyTEAM and who worked with HealthEquity on implementing the solutions, described how they were able to architect the solutions to fit their exact needs. Architecting these solutions is perhaps one of the most important steps of the implementation process.
“Architecting the solution is a vital part of implementing Autopilot,” Tim said. “Don’t skip this step and speed through the process without proper planning in the beginning.”
Autopilot is not a one size fits all solution. You’ll want to identify the needs of your business first then customize the solution to meet them.
Tim then went on to describe a few things to keep in mind while installing Autopilot for a higher chance of success:
Review Your Microsoft Licensing: Determine if you have the proper licensing. If not, you’ll need to figure out what licensing will allow all users to use Autopilot. Should you need help determining your licensing needs, speak to a JourneyTEAM representative.
Identify the Goal: What does success look like? How will you know if Autopilot installation was successful? It’s important to identify and focus on a specific goal or risk lengthening the time to completion or go over budget.
Consider Hiring a Project Manager: Project management can help to focus the effort and ensure you’re reaching your end goal. They can also help to coordinate project needs, provide status updates, manage the budget, and ensure project checkpoints are reached.
Identify Potential Blockers: You’ll want to identify early on in the process potential blockers that will harm the project. This way you can call them out and remove them so your project doesn’t get derailed.
Consider a Phased Approach: For some organizations, a “big bang approach” is not always the way to go. Some companies may benefit from a phased approach where changes are rolled out slowly and communicated clearly to users.
Plan for the Future: Set yourself up to succeed down the road. Make sure you have someone to own and manage projects later on.
Be Flexible: As the project progresses, things will change and shift in focus, which means you have to be agile.
“Architecting a solution is the difference between success or failure,” Tim said. “Take the time to plan things out.”
What’s Possible with Autopilot and Endpoint Manager
The possibilities of what you can do with Autopilot is endless. We’ve seen some of what’s possible with HealthEquity’s implementation, but let’s take a closer look. We’re specifically going to be focusing on what you can do with your golden image in the cloud.
Better Management of the Device Lifecycle
When you purchase a device from a Microsoft partner and reseller, we’ll ship those devices directly to your users. Your IT department provides us with a golden image which we’ll install prior to sending devices. When the user receives the device, they’ll turn it on, connect to the internet, and the computer will recognize it as a company device. From there, they’ll log in using their Azure credentials, prove their identity via multi-factor authentication, and Autopilot begins to work its magic.
Device configurations are automatically applied to safeguard data and Autopilot is able to automatically determine if new software needs to be applied or updated via the golden image. When the device reaches the end of its lifecycle, it’s wiped of all company data immediately and then retired.
Ultimately, Autopilot makes it so much easier to update and manage devices from set up all the way to retirement without IT needing to touch them.
Microsoft Zero Trust Architecture
Using Autopilot, you can adopt a zero trust architecture which is based on the principle: never trust, always verify. This security approach protects your company and resources by managing and granting access based on the continual verification of identities, devices, and services. This prevents hackers from accessing sensitive company data or information.
If a threat is detected, Autopilot automatically alerts an IT professional who can immediately respond without having to cut through IT organization silos.
Update Rings
Endpoint Manager allows you to more easily manage update rings. When Windows 10 software updates are ready, you don’t have to approve individual updates for each group of devices. Endpoint Manager makes those updates automatically, simplifying the update management experience.
You can also manage risks in your environment by configuring an update rollout strategy. For example, if a Windows update is ready, you can preview the update by having specific users test the update before rolling it out to a bigger deployment group, which targets the remaining devices in the environment.
Finally, update rings provide valuable analytics of how the policies are being deployed to your environment and gives you the ability to pause, resume, extend, and uninstall the updates depending on the data.
GPO Analytics
This is a new feature available in Endpoint Manager that helps you determine how your group policy object (GPO) translates in the cloud. The output shows which settings are supported by master data management (MDM) providers and which, if any, deprecated settings are not available to these providers. This is a great tool for evaluating your current group policies and determining which are ready to be brought into the cloud and which are not.
Let JourneyTEAM Help You Make the Move
There are a number of ways you can take your golden image to the cloud; however, you need to determine which of the models below best describes your company:
Determining which approach is best for your organization can be difficult. That’s where JourneyTEAM can help. Whether you need to figure out your Microsoft licensing needs or create a better golden image for your users, our representatives have the expertise and knowledge to help you plan your next steps. With JourneyTEAM, you can start enjoying the increased productivity and shorter device management time in no time. Contact us today to get started.
Contact JourneyTEAM today!