In today's fast-paced business landscape, staying ahead of the competition requires efficient and effective solutions. According to Microsoft’s Work Trend Index, nearly 70% of employee report that they don’t have sufficient time in the day to focus on “work”, with more time being spent Communicating than Creating.
Microsoft 365 Copilot is designed, with Microsoft’s cloud trust platform at its core, to allow for employees to both be more productive, reduce the time spent searching for information, performing mundane tasks, and other low-value activities.
In my recent conversations with customers, a re-occurring theme keeps coming to the forefront. Senior Management (IT and Business) say it takes too long to deliver a new or replacement PC to an end user in a business-ready state. I hear this from all companies/organizations of all sizes and industry verticals. Let’s dive into this a bit deeper and see if we can uncover the “why”.
I think it all starts with understanding the expectations of those involved: the End-user, the End-user’s leadership, IT Leadership, and the IT Admins. Each of these persons(s) have a very realistic expectation of what it means to be issued a new PC when starting a position within the company/organization or getting a replacement PC for a device that they have been using for the last several years. So, let’s look at this from each perspective and determine how to leverage the tools you already have (M365, OneDrive for Business, Active Directory, and Configuration Manager) to make this an optimized process that benefits all.
Business-ready PC
So, let’s look at the parts that comprise the whole of a PC in a business-ready state.
- PC Hardware (form factor/vendor really doesn’t matter outside of OS support and drivers)
- PC Accessories (Docks, Port Replicators, etc.)
- Operating System (version and patch level)
- User data (Why is it on the device?)
- User Profile configurations (Web Browser favorites, Printers, Backgrounds, Shortcuts, Application configurations)
- Software Applications (Core, Role specific, Location Specific, Department specific, Optional)
In the following infographic, let's break down what a user PC is actually comprised of and what we can use to separate the layers so the PC can become a commodity that can be replaced without the countless hours of effort to get it to a business-ready state.
In the list above the starting point must be getting the user’s data and potentially user profile off the PC and somewhere where it is accessible from any device. Yes, I am still hearing stories that IT must back the user’s data up before they can swap their PC out and then re-copy the data back down to the device. This problem must be solved before you can even consider talking about “Modern Device Management” or even optimizing the traditional imaging process that we have utilized for the last couple of decades.
So, what options do we have to address this problem of lifting the data off the device and storing it where it is accessible no matter where the device is located?
User Data
Option 1: On-premises customers
- Leverage Work Folders via GPOs to redirect the folders (Desktop, Documents, Pictures, Downloads, that are part of the Windows OS.
- Configure default save locations for applications to target these Known folders
- Use Work Folders GPOs to block Users from saving outside of designated folders
Option 2: Hybrid customers
- Leverage One Drive for Business Known Folder Move
- Configure default save locations for applications to target these Known folders
- Use Work Folders GPOs to block Users from saving outside of designated folders
User Profiles
User profiles contain all sorts of customizations specific to the users. As such, transferring existing users to a new PC has been a cumbersome exercise. This has either been a manual (high-touch) exercise or we’ve spent the time to set up the User State Migration Tool (USMT). There are also other approaches such as Enterprise State Roaming and/or User Environment Virtualization (UE-V) that can handle Windows App configurations, custom application configuration, network printers, and windows explore customizations. These solutions need a Network Share to be utilized.
Physical Devices (Windows 10/11)
|
Active Directory Joined |
Hybrid Azure AD Joined |
|
|
User Experience Virtualization (UE-V) |
Yes, pointing to File Share |
Yes, pointing to File Share |
|
Enterprise State Roaming |
No |
No |
|
Edge profile sync |
Yes |
Yes |
|
Outlook settings roaming |
Yes |
Yes |
Applications (Core, Business, and Ala Carte)
The message I want to convey here is to get to know what applications your users need on their devices. If I were to survey IT Pros in most organizations, they would indicate they don’t really know all the applications needed on a user’s device. To the surprise of many, you already know what they are using if you are collecting Asset Intelligence, Software Metering, and Hardware inventory via Configuration Manager.
Use this data to build “Global Conditions,” collections, applications, and Task Sequences needed to deploy Business Applications and Ala Carte Applications. This can be taken to the next level by assigning attributes to users in Active Directory and importing them into Configuration manager to inject intelligence into your collections and Task Sequences via variables. You most likely know the Core Applications stack and have been either injecting it via the Task Sequence or performing a “Build and Capture” with these installed.
Also, you should look at the new “Application Groups” feature in Configuration Manager for creating groups of applications for your Role-based/Department-based deployments to be made available to devices or users.
Operating System
My motto here is to keep it lean, clean, and updated. Keep it lean by using the default WIM file provided by Microsoft. Keep it lean by not adding anything to it. Keep it updated by injecting scheduled updates into it through automatic offline servicing. However, this is just the beginning. You can optimize the WIM by only using the index (version) that you plan to deploy. As you may have guessed I am not a proponent of the “Build and Capture” method as it requires a significant amount of effort to maintain the image(s). It also means that every machine will get these core apps whether they need/use them or not.
In my recent conversations with customers, a re-occurring theme keeps coming to the forefront. Senior Management (IT and Business) say it takes too long to deliver a new or replacement PC to an end user in a business-ready state. I hear this from all companies/organizations of all sizes and industry verticals. Let’s dive into this a bit deeper and see if we can uncover the “why”.
If you are struggling with modernizing and optimizing your PC deployment process, reach out to us and let us help bring the needed change to this critical process for your organization/company. We have been helping our customers manage their endpoint devices using SMS/SCCM/Configuration Manager and now Microsoft Endpoint Configuration for nearly 30 years.
MEM / MECM Modern Management Accelerator
Leverage your existing Microsoft Endpoint Configuration Manager (MECM) environment to accelerate the adoption of Modern Management with Microsoft Endpoint Manager (MEM) and Windows 10 devices.
KiZAN is a Microsoft National Solutions Provider with numerous gold and silver Microsoft competencies, including gold data analytics. Our primary offices are located in Louisville, KY, and Cincinnati, OH, with additional sales offices located in Tennessee, Indiana, Michigan, Pennsylvania, Florida, North Carolina, South Carolina, Georgia and Texas.
