What you don’t know about systems management may kill you

I have seen a lot of endpoint trends come and go over my fifteen-plus years in enterprise technology. From the very first ‘mobile’ devices from Palm and HP (iPaq… the first iDevice!) to VDI and now the wave of constantly iterating MDM and mobile security platforms…

I ask myself, what’s a thoughtful CIO to do here?

In the interest of clarity, I should say that I have really only worked with two technologies throughout my IT career: Symantec’s Altiris technology and Microsoft System Center (the artist formerly known as Systems Management Server). There have been a few other brief flirtations (JAMF Casper, LANDesk, etc) but for the purposes of this article assume the commentary is relevant to what I know best.

Now, back to the question I posed. If you are leading a technology organization, or even running a growing business…do you know:

  • All of the form factors in the hands of your end users?
  • The number of solutions deployed to manage those devices?
  • Your patch compliance across the entire ecosystem?
  • What to do in case of emergency?

My experience tells me that you probably don’t know the answer to any of those questions, let alone all of them. The good news is there’s probably someone that can identify the gaps and assess your risk (hint: it’s me, or another grizzled veteran of the Windows Vista wars).

But before you invest any time in the answers… let me give you a few hard truths:

  1. It’s impossible to manage risk without asset intelligence
  2. There are too many complex tools doing too many things
  3. You cannot secure devices you can’t manage
  4. Operational maturity is measured by how your team reacts to an advanced/persistent threat

With respect to asset intelligence, this is not an argument that your ITAM program is broken (but if you think it is, go look at this). The simple fact is you must know who is using whatwhere they are and if they are using those tools for approved purposes. This is the difference between merely having information and having intelligence.

I am also willing to bet that you have separate MDM, MAM and endpoint management tools. This used to be a necessity, but with the rise of the hybrid architecture (watch out for the Azure Shark!) we can stitch the right tool with the right team to accomplish your systems management mission.

Do you have a single systems management platform?

Finally, when the fudge hits the ceiling fan you’ll find out whether you have asset intelligence that is actionable, enabling you to touch those devices and support your remediation mission. If you are a CISO/CSO reading this and want to have some fun – go ask your desktop guys for a live dashboard showing the manufacturer, model and operating system of every device with access to company IP. Keep in mind that is only a surface-level reading of your exposure.

Did they run away, or just pass out?

Windows 10 is going to change your business, and there’s nothing you can do to stop it

In your organization, you have quite a few people who were born digitalWhat Microsoft has figured out, that you may not have (yet)… is that these folks have an expectation that they can work anywhere they want.

The fact that you need to embrace a mobile-first workforce is not new, and even I am cringing at using some played-out buzzwords. So what do you need to know – that you don’t already?

Windows 10 is going to fundamentally change the way you do business, and there’s little you can do to resist that change.

Let’s break it down, based on what we know today:

  • Cortana in Windows 10 means you can talk to your “work” device like you talk to your iPhone with Siri (or your Android with Google Now, or your WinPhone with… Cortana!)
  • Windows Hello means your digital natives are going to expect that their computer greets them, much in the way their phone gives them data on a lock screen – and they’re not going to tolerate complex login processes or gasp! – having to VPN in first. (Seriously, do you want to hire and retain the best?)
  • OneNote, combined with Office 365 and a Surface Pro or iPad Pro is the magical triangle of productivity. Sure, you can use Office apps on many devices but that will involve some compromises. I can see at least 3 Surface Pro 3’s in this Starbucks where I am writing right now.

Now, maybe you are a stodgy last-generation CIO and you don’t believe all of this hooey about digital natives and how they are gonna tell you how to do your job…

My point is that you better figure this out if you want to keep your job and move your organization from a cost center to something that generates real and measurable business value.

Here’s what you need to do today. Right now, in fact.

  1. Set a top-down adoption strategy to move your organization from Windows 7 (or Windows XP?!) to Windows 10, built on a consistent and repeatable process for in-place migration.
  2. Determine how you will build a comprehensive thought on systems management, that no longer makes distinction between a “mobile” device and an endpoint. Manage them all, in one place.
  3. Stop worrying about how to protect it or manage it. Find a way to make people productive.

Questions? Hit me up on Twitter!

SCCM 2012 & 2012 R2 Scalability Improvements

With the forthcoming service packs for SCCM 2012 and SCCM 2012 R2, you can now scale a hierarchy to 600,000 managed devices (50% increase from 400k) and a standalone primary site now can manage a maximum of 150,000 devices (also 50% increase from 100k).

We’ll be testing these scalability numbers over at ITS Partners in the coming weeks and I’ll update this post with our findings.

Would you like FREE training on Symantec (Altiris) ITMS 7.6 and Bomgar?

ITS is hitting the road to provide FREE training for both new and existing customers. The events will be an open format and there is no sales pitch – just engineering know-how!

If you’re thinking about migrating or upgrading to AMS, CMS, SMS or ITMS 7.6 this is a great event to get your most critical questions answered.

If you’re considering purchasing Altiris, you will have an opportunity to ask questions and have them answered on the spot by our resident expert.

Register for the Altiris Revival Tour here.


Symantec (Altiris) ITMS 7.6 and Bomgar – what’s new?

If you’re interested in some of the key new features for Symantec ITMS 7.6 powered by Altiris technology, my colleague Brandon Perkins will be hosting a free educational webcast this Thursday, April 23rd with Mike Sell from Bomgar.

We are also launching a tour across the U.S. to provide FREE training to our customers on how to adopt or migrate to the latest release as well as covering some gotcha’s and tips/tricks.


You can register for the webcast at itsdelivers.com

ConfigMgr Client settings for Cloud DP on Azure?

If you are interested in leveraging Distribution Point on Azure, or are testing, you may have run into a very simple issue – clients won’t use that cloud DP. After you configure your Cloud DP (as an SCCM administrator), you must also configure your default client settings or create a custom device settings policy that enables your CM clients to use it. Watch the attached video to learn how!