The-league

*It's not about any one of us, Tom. It's bigger than that.

Next Gen Client Platform

Hello, 

We are currently working on our Next Generation client platform.  

Quite a name I know : ) but I will be doing multiple post on that project and I would like to start with the basics.  

Yes , you need to perform life cycle management of your client OSE but this is of course not just about having a supported Operating System Environment.

It’s about requirements , figuring out where you want to land and then built your way to that.  

Now for our functional requirements we had the usual suspects like :  

  • Requires good performance so our core and line-of-business apps runs fluent 
  • Needs to work seamlessly with M365 cloud services  
  • Requires 3 languages for user interface ( Dutch / French / German ) 
  • Requires data at rest to be encrypted  
  • Requires the option to be wiped remotely in case of theft  
  • Needs to be working from home like in the office  
  • Requires an easy way to logon to the device  
  • etc 

But we also wanted to to minimize the effort in the yearly renewal operation of the laptops. Each year we (should) replace about 5k laptops and the time and effort this takes now is significant and the end user experience is not top.  

So this was surely an important aspect to take into consideration as we arrive at our first technical decision : Azure Active Directory Joined or Active Directory joined.  

Switching from AD to AAD joined devices will have quite an impact : we will need to modify existing tools and connectors, we will need to rebuild all the policies and configurations.  

It will take time and effort and we don’t want to do it because : “It’s future proof : )” 

After some discussions we found that there are multiple advantages on the azure active directory joined configuration so this will be our end goal.  

The technical advantages are :  

  1. Deployment : by using azure ad joined devices we skip the requirement of having a domain controller in line-of-sight during the end user part of the deployment. We can simply ship the device by whatever means possible and only require an active internet connection for the complete process. This simplifies majorly our current deployment and user swap process. 
  1. Security : By using a cloud native management and Azure ad joined devices we can reset a device or block it from accessing cloud services regardless of any vpn connection. We can also push policies without having any dependency on a vpn solution. In a world where working anywhere but the office this point gets more important. We need to be able to act quickly and not require devices to pass by the office or open a vpn connection in order to receive a specific configuration. 

Besides these advantages it also pushes the IT Team to start with a greenfield approach and reduce some of the management complexities that have been created over the years in our existing active directory policies and preferences. It forces us to eliminate some of the technical debt that we have built up over the years in terms of management.  

In all honesty I have seen far worse environments after 14 years of GPO & GPP but still you know what I mean.  

Challenges ? Sure lot’s of them but we will go over these in the next blog posts. 

Enjoy. 

gino.dhoker@the-league.be

I am a passionate result driven Workplace consultant. Always looking for a workplace related project with added business value.

,
, , , ,

Leave a comment