Reaching the modern management nirvana with Dynamic Environment Manager (DEM) and Workspace One Unified Endpoint Management (UEM) integration
Us folks in end user IT management have been hearing all the hype over the modern managed desktop. It seems you can get rid of LDAP dependent management of our desktops and reach zero-trust of our desktop fleet.
We've heard that patch management and software distribution issues are a thing of the past by using products like Workspace One UEM and Access. We've heard that we can gain real time insights of our device fleet and create automations to make our life easier using Workspace One Intelligence and its integrations. This all sounds great, and yes, Workspace One makes all that possible…sort of.
The one thing that was missing from all of this was end user profile and application management. The ability to manage end users' settings like their printer, drive mappings, application settings, folder redirection, VDI smart policies and file type associations, to name a few, are provided by profile management tools like DEM. But tools like DEM have been, for the most part, dependent on file shares for configuration settings and User profiles as well as active directory for assignment settings. That kind of killed the whole zero-trust-desktop-thing and tied the desktops to the local network more than we wanted.
Well, those dependencies have been fixed in part by the integration of DEM and UEM in version 2106 and newer. Now you can deliver the DEM FlexEngine Agent and the config profile settings via a file called the DEMConfig that is delivered to the enrolled desktop via UEM. You can also now store the end user's profile in cloud-based storage like OneDrive for Business. This solves the how do I deliver the agent and settings issues as well as getting rid of the dependence on an on-premises file share.
When it comes to Windows management, UEM and DEM go great together. UEM manages devices via profiles that deliver payloads. Think of it like active directory group policy management without the need to be onsite, connected via VPN nor joined to the domain. DEM manages the users' desktop environment much like roaming profiles, but with granular context-based controls, conditional assignments, not having to worry about corrupt profiles issues, and now, no dependence on joining the AD domain nor a need to access a on-premises file share for the IT profile settings.
In conclusion, by integrating DEM and UEM you can remove your Windows PC dependence on active directory and group policy for security management and device settings, deliver application via peer to peer and content delivery networks and manage the end users' profile and application settings without the need for file shares