1. Cloud-Native Endpoints – Intro – EMS Route

This is article 1 of the Cloud-Native Endpoint Series. This is a nugget-sized how-to series where I want to showcase how to unlock capabilities to achieve the full cloud-native end goal.

💡Value of going Hybrid?

➡You have the immediate opportunity to use Entra and Intune-related policies and settings.
➡You are already making an effort to move any On-prem processes to cloud (GPOs to Intune policies, Windows patching using Windows Autopatch, SOE to Windows Autopilot, Device Identity-based CA Policies, etc.)
➡You can create the necessary Intune policies and use them for the Hybrid devices and once the device is fully Entra joined, policies can be re-used.
➡Using WHfB over Passwords for device authentication.

💡From Hybrid to Cloud Native

Usually an Entra Hybrid Join project will take place to test Microsoft Intune policies and features or onboard devices into Defender or to provide SSO or connect them with CA Policies, but what everyone forget is that while this provides best of both worlds, they need to start plan for the Cloud-Native Endpoints.

💡Cloud-Native Endpoints

Endpoint is Entra Joined and managed by Microsoft Intune.

💡Challenges in Cloud-Native move

🚩Complex GPO structures
🚩File shares and resources
🚩Certificates
🚩Standards that govern the On-Prem connectivity requirements
🚩And all other reasons*

💡Why is planning important?

As flipping a switch or a big bang cutover is not possible for this type of move, it should be properly planned and tested. Discussing with stakeholders like App owners and Service Desk is important as they are all moving parts in the planning. Starting with a PILOT is the best as this will help you to understand the challenges and things to be prepared/ documented to get the other devices onboarded as well.
➡Apps and resource access from Entra Joined
➡Group Policy Modelling and importing it to Intune if required
➡Device Policy management via Intune
➡Device registration in Intune and Autopilot Profile for Entra Joined
➡Certificate management
➡Endpoint Security policies

Going Cloud-Native will help you to minimise on-prem footprint, remove line-of sight access to domain, more device mobility with a good set of security features and policies sand other enhancements.