Microsoft Managed Desktop Expectations vs Reality
The Microsoft Managed Desktop (MMD) is a newish service so misconceptions around what it does – and doesn’t – do are understandable. Here, we list six common but mistaken assumptions about the Microsoft Managed Desktop service.
What is the Microsoft Managed Desktop Service?
The Microsoft Managed Desktop makes your users self-sufficient, liberates your IT team and delivers a host of organisational benefits. It’s a cloud-powered service for managing and securing your desktop estate, inclusive of user support. You can explore Launching the Next Generation of Desktop Management here.
Expectation No. 1: Microsoft Managed Desktop will Configure and Manage my Microsoft 365 Workloads
MMD requires Microsoft 365 licences, and this is where things can get a wee bit conflated, so let’s step back for a moment. Microsoft 365 includes cloud-based collaboration products such as SharePoint Online, Exchange Online and Microsoft Teams, and the licences for the modern management of devices.
Are these collaboration products delivered and supported through the Microsoft Managed Desktop service? Yes. Does the service configure and manage these premium products on your organisation’s behalf? No. And when you pause to think about it, it’s quite logical really. Take SharePoint Online – a content and document management platform. There are lots of elements to setting up and customising SharePoint; how an organisation chooses to use it is highly specific. Consequently, implementing SharePoint successfully – especially in complex enterprises – takes effort and time. Add to this the set-up and management of Microsoft Teams, Exchange Online etcetera, and you’ll see why the service doesn’t include their set up and administration.
To summarise, if the configuration and management aren’t directly related to your desktop estate, they’re not included in the Microsoft Managed Desktop service.
Expectation No. 2: The Microsoft Managed Desktop Service Configures and Manages Corporate Mobile Devices
Let’s go back to the Microsoft 365 licence mentioned at the top of this blog. Your M365 licence includes Microsoft Endpoint Manager; the new name for the combined offering of Intune and System Centre Configuration Manager (SCCM). As MMD devices are fully cloud-managed, we’ll continue to refer to Intune. If you’re unfamiliar with the marvels of Intune, it’s a cloud-based tool for centrally managing your organisation’s devices, from phones to PCs. We’ve included two links further down. *
What to bear in mind here is that Microsoft’s Managed Desktop service is designed for Windows 10 devices – you can choose from a pre-curated list. It wasn’t built for your Android devices, iPads and iPhones. As part of the service, the good people at Microsoft will use Intune to configure and deploy your Windows 10 desktop estate. The other devices in your company are your (or your IT provider’s) responsibility. For more reading, here’s a useful link: Microsoft Managed Desktop roles and responsibilities.
But this doesn’t mean you can’t use Intune for your non-Windows 10 endpoint estate. After all, it comes with your M365 license, so fill your boots. And if you’d like some expertise to deploy and manage all your endpoints with Intune, we’ll gladly help.
Click for common ways to use Microsoft Intune and supported operating systems and browsers in Intune
You might also like our blog: Intune Frequently Asked Questions
Expectation No. 3: Microsoft Managed Desktop Fully Supports Third-Party Applications
Your cloud-driven Microsoft Managed Desktops equip your users with all they need, including your custom and line-of-business apps.
Everything Microsoft related – e.g. Windows 10 and your Office 365 ProPlus suite – is fully supported and managed as part of the service. If you’re also expecting the service to support your custom and line of business apps, it will – but to a point.
If your non-Microsoft apps fall over because of Windows 10, then you can expect support; absolutely. But if they’re falling over (or otherwise malfunctioning) because of something to do with the application itself, then remediation passes to the app owner or provider.
The Microsoft ops team won’t ignore problems with third-party apps – once they’ve ruled out that the cause is Windows 10, they’ll be sure to make you aware there’s an issue. And again, there’s a logic to this; no one knows the application better than the owner or provider. If you’re using an MSP like IT Lab, we’ll liaise with the app owner on your behalf.
As Microsoft deploys your apps, your mind might be turning to how you get them over to their team in the first place. As you might expect, Microsoft makes the process straightforward. As a one-time activity, you need to package your applications (if not packaged already). If you need help getting them to a state of readiness, we can demystify the process and tell you how long this should take. But rest assured it isn’t the big deal it once was; many tech advances have been made in this field.
Once Microsoft has your apps, their team will deploy them to your devices through Intune.
Expectation No. 4: The Microsoft Managed Desktop Service Will Protect my Wider Estate
“The value of the Microsoft Managed Desktop service is the learning from the wider community of devices applied for the benefit of all.”
– Dan Coleby, Modern Workplace Product Director, IT Lab
The security of Microsoft’s Managed Desktop is a core part of the service. To continuously monitor and protect your MMD desktop estate, Microsoft takes a multi-pronged approach, including:
- People – MMD’s Security Ops team.
- Technology – Microsoft Defender ATP and other security tools.
- Collaboration with customers and partners, using insights from millions of Windows devices and sharing information to help protect endpoints and estates.
Microsoft Security—a Leader in 5 Gartner Magic Quadrants.
What the Microsoft Managed Desktop won’t do is protect your entire IT ecosystem. Here’s what Microsoft told us: “We take accountability for end-point protection of the MMD devices only – but we share intelligence to help secure non-MMD devices and estates in partnership with our customers’ and partners’ security teams.”
So, MMD isn’t a replacement for your vital cyber security services, cybersecurity team or Security Operations Centre – it works in partnership with these services to elevate your overall security posture.
To paint the picture, let’s take two uncommon and extreme scenarios – one Microsoft related, and one non-Microsoft related:
- A malicious email is delivered via Exchange Online and makes it onto a Microsoft Managed Desktop. The user opens the email, which infects their desktop. MMD’s Sec Ops team will isolate and remediate the device. But the bigger security clean-up won’t be done by them.
- Let’s imagine a third-party accounting and payroll system called Spondulix. Your Finance Manager is using it on their Microsoft Managed Desktop. Spondulix is struck with malicious code which executes a zero-day attack. As well as crippling the device with ransomware, the malicious code makes its way onto your file server. Again, Microsoft’s Sec Ops team will isolate the machine to prevent spread and handle the clean-up of the device. What they won’t do is fix the malicious code on your server.
Expectation No. 5: I Don’t Need to do Anything to Enable my Users’ Access to Microsoft Managed Desktop
To access the Microsoft Managed Desktop service, your users will need unfiltered Internet access to the MMD endpoints. It’s your organisation’s responsibility to configure your network and proxies properly; if not, a first-time user of the service may find their access blocked. There’s very little for your IT team to do, but they do need to be aware. If necessary, we’re happy to advise.
Expectation No. 6: Microsoft Managed Desktop is Expensive
Like any premium service, Microsoft Managed Desktop is an additional cost to your company; you’ll need compatible laptops (ask about our leasing arrangements), and there are monthly user licence fees. Expensive? If you’re going to look purely at your expenditure without weighing up the value, then you might well see it this way.
Consider how you’re managing your desktop estate today. Do you measure what it truly costs you? If so, you can show how to offset your expenditure with cost-savings and efficiency gains. For example:
- Modern services are replacing legacy hardware and software and;
- their associated management costs
- Time savings across your IT team and user-base
- Efficiency and productivity improvements
- Reduction in third-party services and hosting
- Talent attraction and retention advantages
- Risk mitigation
We hope this blog cleared any misconceptions you might have had about this service. Ready for the next step? Get Microsoft Managed Desktop ready and request a free consultation.