Definition

Microsoft Endpoint Manager (MEM)

What is Microsoft Endpoint Manager?

Microsoft Endpoint Manager (MEM) is a cloud-based solution that is designed to address the challenges associated with deploying, managing and securing devices in the enterprise. This includes servers, PCs and mobile devices. IT administrators are also able to create policies for personal devices being used to access an organization's applications and data.

What is included in Microsoft Endpoint Manager?

MEM includes several different services, which collectively allow for the management of physical, virtual and mobile devices throughout an organization. The following services are included with MEM:

  • Microsoft Intune. As Microsoft's solution for mobile device management and mobile application management, Intune is a cloud-based solution that allows admins to configure and secure iOS, Android, MacOS and Windows devices. It can also be used as a solution for deploying applications to managed devices.
  • Configuration Manager. Whereas Intune is a cloud-based solution for managing a variety of devices, Configuration Manager resides on premises and is used to deploy applications and manage updates for PCs and servers.
  • Co-management. This tool ties Intune and Configuration Manager together so that either one can be designated as the management authority for an organization's various workload groups.
  • Desktop Analytics. This is a cloud-based solution that delivers actionable insights based on the data gathered by Configuration Manager. It can help organizations identify issues with applications, drivers and updates.
  • Windows Autopilot. This is designed to automate the deployment of new devices. In doing so, Autopilot can perform the initial setup and configuration for a device and enroll the device into Intune.
  • Azure Active Directory. When an administrator joins a Windows Device to an Active Directory domain, a computer account that represents the device is created in the Active Directory. Similarly, Endpoint Manager stores device and user information in Azure AD.
  • Endpoint Manager Admin Center. This web interface allows admins to manage Endpoint Manager and its various subcomponents.
Microsoft Endpoint Manager admin portal
MEM allows users to deploy, manage and secure devices used in the enterprise.

How does MEM work?

In recent years, device management has become far more challenging and time consuming. Whereas users once worked primarily from tightly managed, domain-joined desktops, today's users tend to work from multiple devices of varying types. MEM is designed to couple modern device management capabilities with existing legacy solutions, namely Configuration Manager. In doing so, there are several ways in which MEM helps administrators, including the following:

MEM helps with the provisioning of new devices. When a team member acquires a new PC, Autopilot can install Windows onto that device, perform an initial configuration, and then enroll the device into Intune. Hence MEM automates this once manual process, saving the IT staff a considerable amount of time.

MEM assists users who want to use personally owned devices for work. A user can access a self-service portal to enroll their device into Intune. MEM can then verify that the device adheres to the organization's compliance requirements. At that point, the user can begin using the device. This automated enrollment process provides a better overall user experience. This can ultimately lead to increased productivity because the user does not have to wait for the IT department to approve and provision their device.

MEM helps organizations manage devices once they have been enrolled. MEM can be used to detect and automatically deploy missing security updates. Likewise, admins can create security policies that are automatically applied to devices to ensure that those devices remain configured in a secure manner. For example, a policy could be used to ensure that mobile devices are configured to require a password protected lock screen. Also, a policy could be created that requires the firewall to be enabled on Windows devices. If a device is found to be out of compliance, MEM can sometimes perform automatic remediation, depending on the nature of the issue.

MEM can save administrators from having to install applications onto devices. An enterprise app store makes approved applications available to users on an as needed basis.

How to get started with MEM

Organizations that want to use MEM can choose between two different subscriptions. The Enterprise Mobility + Security E3 subscription costs $10.60 per user per month, while the Enterprise Mobility + Security E5 subscription costs $16.40 per user per month.

The Enterprise Mobility + Security E5 plan includes several capabilities that are not available with the E3 plan. These include risk-based conditional access, privileged identity management, Intelligent data classification and labeling, Microsoft Cloud App Security and Microsoft Defender for Identity.

This was last updated in January 2022

Continue Reading About Microsoft Endpoint Manager (MEM)

Dig Deeper on Desktop management