My computer park is out of control! How do I get out of it?
Many IT managers have been asking me this question recently, and for good reason: they have lost control of their desktop inventory and their technical teams are having a hard time providing quality service partly because of this.
So what to do? This is not a new issue, ITSM has been around for over 30 years… But strangely enough too many managers still don’t know how to use it properly. For me, it’s a guide and not an absolute. The techniques and tools to manage an IT department have of course evolved but they still focus on the same concepts: equipment, services, users and processes…
First of all, the inventory. How do you get and maintain an inventory of workstations in 2022? It is now impossible to use the old WMI tools to discover our connected devices and inventory their software because these machines are now outside the perimeter of our office… They are working in remote, many have adopted BYOD policies to accelerate the transition to working from home and now we are suffering the consequences. So, we need to be able to establish this inventory. But before talking about the how, let’s identify the why: to provide a service to users.
We want this (at least this is my vision of what every IT manager dreams of):
- To give end-users peace of mind about protection:
- If a device is broken, stolen or lost… all information is easily retrieved
- Protection tools such as anti-virus, anti-phishing, anti-malware, firewalls etc. are all active and properly configured.
- To provide users with a :
- Simple and uniform in terms of work tools
- Consistent from one device to another, regardless of where it is used
- Performs well and stays well over time
- Enabling high quality IT support:
- Giving technicians the tools to diagnose and repair
- Quickly identifying the equipment being requested
- By easily finding the documents needed to help users
I'm not going to give a lecture on ITSM or ITIL today, I'm going to try to help you answer the question asked in the title: how do I get out of it? Of course, this post is also the start of a discussion. Because every organisation is different and the options may be more or less relevant to your situation.
Several other elements can be identified, but the vast majority are covered by one or other of the wishes I have listed above. These elements are linked by one simple fact: the quality of information. If you know your users, their uses and their equipment properly, it is easier to prepare and maintain an environment that meets their expectations.
So, if we go back to our inventory, how do we get to know all these gizmos that give access to our environments. The central point is identity; every time a user wants to access a piece of data, he must authenticate himself. And normally this tool will capture valuable information on the conditions of this connection in the process. Today in 2022, we are talking about Azure Active Directory for most cases, historically the Active Directory (AD) and in rare cases the Google Workplace platform. We will focus here on AzureAD, since it is aimed at most cases, over 80% in my experience.
Will AAD be enough? Probably not, or rather, I don’t recommend it. The suite needs to go to a more comprehensive device management tool like Microsoft’s EndPoint Manager (formerly called Intune). Thus, AzureAD will be connected to EndPointManager’s MDM to “enroll” said device in its database. This is where things start to get interesting.
In a good MDM tool, you can:
- Limit the devices on which a user is allowed to connect and even use certain applications
- Control the conditions of a connection with conditional accesses that could force the use of an MFA or block access altogether if for example this connection is from another country or from a public (unsecured) Wi-Fi
- Automate the compliance of devices by forcing certain configurations (similar to the GPOs of a traditional AD)
- Automate software installation and even allow some level of “self-service” to add necessary applications
- Force re-authentication on a remote device if there is any doubt about the current session
- Force a reboot of a workstation or even a complete reset of the device to completely clean it up.
In addition to enabling these great opportunities, such a tool will concentrate on one screen all the sessions of a user who makes a request for IT support, thus speeding up the ability of the technician to take over. Thanks to the quality of the data collected by the tool. So, using the automated inventory that is generated.
So, I just told you that you don’t have to plan any work for an inventory, because it will be automated, centralised and always up to date… No matter where the device is located.
It sounds simple, however, multiple options are available, and elements included in some licences and others that are optional. Contact us to hear more and to get a quote to help you take back control of your computer park.
Christian Boulet, Director – Cloud Practice and Technology Modernization