What is Microsoft Endpoint Manager (MEM)

The unified endpoint management with Microsoft is realized through two market leading solutions, both available as part of Microsoft 365. Microsoft Endpoint Configuration Manager and Intune already manage over 150M devices all over the world. They work together to bring the depth of management and agility of cloud services to the daunting task of securing your modern workplace. 

Microsoft Endpoint Manager helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises

   Microsoft enables IT to transform the delivery of device management and security services, using tools and processes they are already familiar with. It is the most complete and flexible device management platform, allowing you to secure corporate data on any endpoint, whether managed or unmanaged, using the power a globally scalable cloud.

Microsoft Endpoint Manager Including Intune and Configuration Manager

Microsoft Endpoint Manager (MEM) Features

Solution that combines the functionality of Microsoft Intune and Microsoft Endpoint Configuration Manager.

  •  Microsoft Intune: Microsoft Intune is a cloud-based enterprise mobility service that help to manage Mobile device Management (MDM) and Mobile Application Management (MAM). It lets you control features and settings on Android, Android Enterprise, iOS/iPadOS, macOS, and Windows 10 devices. It integrates with other services, including Azure Active Directory (AD), mobile threat defenders, ADMX templates, Win32 and custom LOB apps, and more.

As part of Endpoint Manager, use Intune to create and check for compliance, and deploy apps, features, and settings to your devices using the cloud. Check my last post “What is Intune” about Intune features.

  • Microsoft Endpoint Configuration Manager(MECM): MECM is an on-premises management solution to manage desktops, servers, and laptops that are on your network or internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory (AD), Microsoft Defender for Endpoint, and other cloud services. Use Configuration Manager to deploy apps, software updates, and operating systems. You can also monitor compliance, query and act on clients in real time, and much more.
  • Co-management: Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It helps you unlock additional cloud-powered capabilities like conditional access. As part of Endpoint Manager, co-management uses cloud features, including conditional access. You keep some tasks on-premises, while running other tasks in the cloud with Intune.

Desktop Analytics: Desktop Analytics is a cloud-based service that integrates with Configuration Manager. It provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows clients. The service combines data from your organization with data aggregated from millions of devices connected to the Microsoft cloud.    

  • Single pane of glass for getting and staying current across Windows 10 and Office 365 ProPlus
  • Deep integration with Microsoft management tools
  • Richer app and Office macro insights with App Health Analyzer and Readiness Toolkit for Office.
  • Data-driven pilot ring creation

Windows Autopilot: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. Windows Autopilot can be used to deploy Windows PCs or HoloLens 2 devices. As part of Endpoint Manager, use Autopilot to preconfigure devices, and automatically enroll devices in Intune. You can also integrate Autopilot with Configuration Manager and co-management for more complex device configurations (in preview).

  • reduces the time IT spends on deploying, managing, and retiring devices.
  • reduces the infrastructure required to maintain the devices.
  • maximizes ease of use for all types of end users.

Azure Active Directory (AD): Azure AD is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure AD Premium, which may be an additional cost, has additional features to help protect devices, apps, and data, including dynamic groups, auto-enrollment, and conditional access.

Endpoint Manager admin center: The admin center is a one-stop web site to create policies and manage your devices. It plugs-in other key device management services, including groups, security, conditional access, and reporting. This admin center also shows devices managed by Configuration Manager and Intune (in preview).