Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Picking up Where Microsoft Leaves off with Modern Management, Endpoint & Application Security

June 26, 2020

  • Blog
  • Archive

This is an updated blog that was originally published on May 30, 2018

With the launch of Windows 10 almost five years ago, Microsoft touted modern management as an approach that drives improved security and nimble IT operations, resulting in happy users and lower cost for organizations. With Windows 7 hitting end of life earlier this year, the number of devices now running Windows 10 has surged to over 1 billon. Yet, fully realizing the promised benefits of modern management still remains elusive for most organizations. Simply put, it requires more than Microsoft can deliver. Endpoint privilege management solutions pick up where Microsoft leaves off and help fulfill the modern management promise of improved security, nimble IT operations, and satisfied and productive users for the organization.

Windows 10 modern management: The evolution of IT

Modern management, according to Microsoft’s aspirational view, is enabled with a single platform that manages all kinds of Windows 10 devices. The legacy way of deploying the Microsoft Windows operating system was to leverage Active Directory (AD), Group Policy (GPO) and System Center Configuration Manager (SCCM) for desktops and an enterprise mobility management (EMM) solution for deploying across mobile devices.

EMM solutions allow for simpler deployment and better management of mobile devices that are not only on the network, but also those that no longer need to be connected to the traditional corporate network by workers to do their jobs—resulting in a better user experience compared to what traditionally had been done for desktops. Microsoft sought to bring this cloud-based EMM experience to the desktop world – allowing for desktops and mobile devices to be deployed and managed in a single, unified approach with Windows 10.

The modern way of deployment and management (aka “modern management”) is through the cloud Specifically, it is done with what Microsoft calls Enterprise Mobility and Security (EMS), which is comprised of Azure Active Directory, Microsoft Intune, Azure Information Protection, and other tools. This allows the worker—no matter where they are, as long as they have an internet connection—to just turn on their computer the first time they get it and have updates to their installed Windows OS, other software installs, and system configurations automatically deploy. Microsoft is executing on a vision of a minimal software world, where business applications like Office 365 are accessed through the cloud and through the Windows Store for Business.

What is driving Microsoft’s vision for modern management?

Worker expectations and the benefits of the cloud have been the two main drivers behind the Microsoft modern management approach. Workers continue to demand simpler and superior experiences when using enterprise software. Consequently, Microsoft customers are demanding solutions to meet these needs. This is particularly true with the proliferation of new kinds of device form factors, bring your own device (BYOD) to work and corporate-owned personally-enabled device (COPE) trends. In recent times, the COVID-19 pandemic has also accelerated the need to support remote and mobile workforces at scale, an endeavour that is made simpler to securely achieve via a modern management approach.

Almost every major software vendor is transitioning to the cloud (or creating a complementary cloud offering), to better meets the needs of consumers, and saves IT resources (e.g. infrastructure costs, management costs, etc.), and they need to keep up. Microsoft has clearly been at the forefront of cloud movement. Many organizations may have moved to the cloud for business applications, but infrastructure solutions, such as OS deployments, had traditionally lagged in adoption.

While Windows 10 adoption is not itself a requirement for modern management, it has presented a great opportunity for organization’s to improve management of IT infrastructure and increase their endpoint security. Also, many organizations, particularly larger enterprises, will possibly adopt a hybrid “co-management” approach, using both modern management and traditional tools like AD, GPO and SCCM in tandem, allowing for a more gradual transition from traditional to modern management tools and techniques.


Learn more about Windows 10 vulnerabilities in the Latest Microsoft Vulnerabilities Report

Where Microsoft falls short in modern management

Back in 2015, Microsoft announced their Local Administrator Password (LAPS) solution which provided a basic password rotation solution that could help in stopping cyber-attacks and lateral movement. However, we have covered why there are some shortfalls in using LAPS alone. Similarly, while Microsoft has painted a vision and roadmap for enterprises to transition to a cloud-based modern management approach, they have fallen short in at least two key areas:

  • Security
  • Operations

While Microsoft has improved security in Windows 10 and continues to make further enhancements with each update, it still lacks the ability to deliver security diverse enterprise endpoints and to users with dynamic and evolving requirements. Consequently, Windows 10 alone is insufficient for the security needs of complex enterprises. And best-in-class security is absolutely essential for modern management.

Windows 10 does not achieve the balance of removing admin accounts from employees and usability, since many commons tasks and applications will require admin rights to work. Workers will either need to be completely locked down-- thus sacrificing the user experience-- or operate completely unconstrained, allowing them to install applications or perform privileged tasks as part of their jobs--but sacrificing security and exposing the business to cyberthreats.

As the Microsoft Vulnerabilities Research Report has shown, removing admin rights will mitigate more than 80% of all critical Microsoft vulnerabilities reported last year. So, this is an essential piece to get right to condense your organization’s threat surface. Privilege management with it’s broad, far-reaching risk-reduction and productivity enhancement capabilities should be the centrepiece of your endpoint security.

Microsoft’s modern management approach makes it easier to deploy and manage Windows 10 for remote, off-the-network employees, but does not address the need for these remote workers to quickly and easily install needed applications in a manner that balances the security needs of the company and the user-friendly experience they expect. IT workers cannot as easily get on a network to help users install needed software when admin rights are removed, degrading the user experience.

BeyondTrust PAM picks up where Microsoft leaves off

BeyondTrust picks up where Microsoft leaves off and helps complete the vision of Windows 10 modern management by enabling:

  • Best-in-class security: BeyondTrust’s Privilege Management for Windows & Mac solution allows organizations to harness the security of standard user accounts on Windows 10 by removing the need for full admin accounts and applying a more granular layer of control. Simple policy rules grant workers access privileges when they need them to perform work seamlessly. The solution’s application control capabilities also make allow listing in Windows 10 more effortless by removing admin rights and allowing organizations to put rules in place for trusted, approved applications and allow flexible, user-friendly exception handling.
  • Nimble management of IT operations: our endpoint privilege management solution enables least privilege management and application control across Windows and Mac, ensuring IT teams remain efficient and remote workers receive the best experience possible. BeyondTrust’s Privilege Management solution is available in both on-premises and SaaS deployments. The SaaS privilege management solution has the same robust features as the on-premises solution, plus it allows IT organizations to manage endpoint security for Windows 10 through the cloud and leverage subscription-based pricing.

With BeyondTrust, helpdesks can focus on what they do best: serving the IT needs of the workers in the organization.

Here are a few ways to learn more about BeyondTrust’s Privilege Management for Windows & Mac solution:

  • Guide to Endpoint Privilege Management (white paper)
  • Remote Working: A Catalyst for Enhancing Your Endpoint Security (blog)
  • Privilege Management SaaS Hardens Windows & Mac Endpoint Security, Protecting On-Prem & Remote Workers & Systems (blog)
Photograph of Jonathan Clarke

Jonathan Clarke, Content Marketing Manager

With a Master's Degree in English Language and Media, Jonathan has a genuine passion for producing compelling and thoroughly researched cybersecurity content. Coupled with a B2B agency background, he is adaptable to a wide range of industry topics, and also looks after BeyondTrust's Public Relations and social media channels. A huge animal lover, he is the proud 'father' of Simba, a very hyperactive German Shepherd dog.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Cybersecurity Survival Guide, 2022 Edition

Whitepapers

Azure PIM vs. BeyondTrust PAM

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.