“You are secure only by updating!”, reflects our ‘consigliere’ Lauri Haveri, referring to Microsoft Intune endpoint management in the IT environment and the centralized application management implemented through it. With tightening cybersecurity requirements, visibility into the status of cybersecurity and various applications has become an increasingly important matter for IT administration personnel to monitor.
Device Management as a Support for IT Administration
Most current organizational environments are based on Microsoft workstations, and thus, devices migrated to the cloud are managed (at least partially) with Intune device management. It is a convenient cloud-based management tool that has undergone numerous updates (and name changes). As a Microsoft product, it is naturally compatible with Windows, but nowadays it can manage almost all endpoints: Macs, iOS devices, and Androids.
With Intune, one can configure, for example, Windows update installations, application deployments, security settings for phones (e.g., PIN code length), Outlook’s appearance, and even hard drive encryption for Mac and Windows machines. Although applications distributed via Intune can be manually updated using the Supersedence feature, it is somewhat laborious with its packaging, especially in larger organizations. Certainly, some programs have built-in automatic updates, but not all do – and even those are not perfect. For this reason, there are countless solutions focused on updating third-party applications, and the best of them integrate directly into Intune’s centralized application management.
Application Updates are Demanding
Few IT professionals use the exact same software in their work, starting from browsers (e.g., Chrome, Edge, or Firefox), email applications (Outlook and Gmail), and spreadsheet applications (Excel or Google Sheets). Almost certainly, sensitive content or at least information not necessarily intended for everyone is used with all these applications. For this reason, third-party applications also pose a significant cybersecurity risk in almost every environment. The applications listed earlier are often subject to automatic updates, but the smaller the segment of company employees using an application, the less attention its updates may receive.
In addition to standardized applications, cybersecurity policies can define matters related to application updates, but in smaller organizations, for example, failing to update an application used by a couple of employees in financial administration can lead to significant problems at worst.
Already at the application acquisition stage, it would be good to pay attention to regular security updates and potential support services. If an application used for invoicing or payroll (or both simultaneously) experiences a service degradation at the end of the month, it can lead to at least unpleasant situations. The horror stories of the City of Helsinki’s payroll system are still fresh in memory.
Tips for Application and Update Management
Not all updates are necessarily a good thing; an update might contain an error, and if widely distributed, it will be shared with all users. A very recent example of this is the situation with the CrowdStrike security application in summer 2024. Attention must therefore be paid to testing update packages to ensure they do not cause additional unforeseen work!
In smaller organizations, keeping applications up-to-date and testing new updates may still be manageable. However, the larger and more complex the application catalog grows, the more IT department’s working hours it consumes. At worst, it can turn the entire IT department into solely a testing department. Automation typically pays for itself.
Good guidelines for third-party software include the following:
1. Applications should be standardized as much as possible at the enterprise level. A smaller application catalog is easier to manage.
2. Operating systems and applications should be updated automatically and mandatorily, but users can be granted rights to delay the installation of operating system updates if necessary.
3. Operating system and application updates should first be installed for a pilot group, which tests their functionality and potential new features (in production).
4. It is good to know the basics about the developer. For example, if it is a free program that also handles business-critical information or sensitive material. Especially if data is stored in the application, it is good to find out about GDPR-related matters: where the data centers are physically located and whether data leaves the EU/EEA. Cybersecurity and its requirements have also been covered more comprehensively in our previous blog.
Summary
Intune device management is an important centralized management feature for modern IT environments. It is a convenient and straightforward management entity that also provides visibility in terms of cybersecurity, regarding both malware detection and operating system updates. Not to mention compliance, because even the best cybersecurity policy won’t save you if its defined functionalities are not up-to-date or if they are not followed.
It is considerably easier for IT administration to focus on current and important tasks by automating third-party application updates and by receiving up-to-date information on the general status of devices used in the organization. Correct decisions can then be made based on genuine information. At this point, our PilviCapo Managed Cloud service acts as a resource for your IT administration, as the workstation environment and its software remain up-to-date, and the life of IT administration becomes easier – a win-win!
Our PilviCapo Managed Cloud service for Microsoft 365 environments provides exactly the right type of information to support the decisions of IT administration personnel. By having Above IT’s ‘consigliere’ colleagues support your IT administration, you ensure that your workstation environment remains secure and end-users are satisfied. Book a 15-minute discussion slot from our calendar by clicking the button below, and let’s get acquainted!