The Modern Desktop

Sitting on the roof

IT has moved forward over the last few decades, users have become empowered and interact with computers more than ever and the modern desktop was created to reflect this change.

Windows is still the standard for business machines, and the operating system has become easier to use with each release. With the inclusion of almost all drivers in the Windows Update service devices are able to be up and running with almost no need to install drivers, adding printers is a simple case of finding it on the network and they “just work”.

IT departments often move a little slower, holding onto traditional ways of doing things. Group Policies are created to lock down computers with the main intention being to reduce calls to the Service Desk. If the user can’t change anything, they cant break anything.

Microsoft have made strides to allow us to reboot how we manage desktops, the cloud is here and it is being heavily adopted. Office 365’s Exchange Online being the biggest winner. Fundamental to Exchange online is Microsoft Azure AD, which allows users with the correct licencing to login to Windows 10 computers with their Office 365 credentials.

This allows organisations to have the single source of authentication like AD, without the need for on premise servers. Moving the management of devices to their MDM, Intune. Moving other services to the cloud enables the removal of all on premise servers.

But what is the modern desktop?
As of Windows 10 1703 Microsoft launched AutoPilot, using AutoPilot with Intune allows for computers to be deployed and configured from the cloud.

A new computer or laptop with Windows 10 is added to Intune and can be deployed by the end user anywhere in the world as long as they have internet. All they need to do is login with their Office 365 credentials. AutoPilot will deploy apps, configure settings, prepare the device and make sure they do not have admin rights all before the user logins in. IT do not need to interact with the device at all.

Not only do they not need to interact with the device to configure it, but the user can reset the device back to this state themselves. Resolving their own issues. IT can also take the stance of; “If this issue will take more than 45 minutes to resolve, reset the device”.

Whats the catch?
Well, moving to a modern approach means making some changes. Intune contains a lot of settings that can be made to user devices. However not all of the old Group Policies are possible. Microsofts view is that now is the time to evaluate what settings are actually needed. Do you really need to stop a user from seeing Settings? They cant make any real changes without admin rights anyway.

The biggest loss is printers, natively printers cannot be managed from Intune. With Windows 10 adding a printer is so easy, and users do this at home anyway, why does IT need to do this for them? You can use PowerShell scripts if this feels like a deal breaker however.

Its time for us IT professionals to remember that our users are not the users from 30 years ago who only used computers at work. They either have 30 years experience working on computers, or they have been using computers at home.

Its time to empower the users, to simplify our management and make productivity the focus.