About Endpoint Management Services at IU

• Overview
• Windows device management (SCCM) Global Standard
  • Client functionality requirements
  • Operating system deployment USB build media
  • Connect to and access the ConfigMgr console via RemoteApps in Windows
  • Console inventory overview
  • Software updates workflow, processing, and end-user experience
  • Software catalog overview
  • Manual client installation on a device outside OSD (side-load)
  • Preferred devices
• Configurations and functionality issues
• Further resources

Overview

Endpoint Management Services (EMS) at Indiana University provides platforms for endpoint patching and device management.

Information and service support are available M-F 8am-5pm.

The information here outlines best practices and standard configurations within SCCM. Adherence to the standard maintains proper functionality and maximum efficiency on the SCCM server as well as the individual client device. Failure to follow best practices and adhere to the standard will cause an increased number of client policies to process, and increased policy processing times for both SCCM server and client device.

Windows device management (SCCM) Global Standard

Global Universal Device Management (UDM) configuration follows a standard for service and support. To configure your SCCM tenant environment in compliance with the standard, see:

• Global UDM OSD Overview
• Global UDM Software Catalog Overview

Client functionality requirements

SCCM client functionality requirements related to group policy and Active Directory OU permissions support appropriate client installation methods and proper communication between the host and client.

For details on client functionality requirements, see Global SCCM/ConfigMgr Client Functionality Requirements.

Operating system deployment USB build media

Bootable WinPE USBs for UDM deployment should be up to date for tenant-owned USB sticks. They need to be refreshed during certain times (such as a site upgrade or a modification to the boot image); the EMS team will notify tenants when a refresh is needed. A common oversight is using an old USB build stick without first updating it with the latest build media. Outdated build media may not function after an update.

For more about how to properly create USB build media, see Create UDM OSD Boot Media.

Connect to and access the ConfigMgr console via RemoteApps in Windows

• Access to the RDP gateway can be established on both Windows and macOS.
• Access to the console through RemoteApps requires Two-Step Login (Duo) authentication for your SCCM administrative account.

For more about console access, see:

• Windows: How to Connect To and Access the ConfigMgr Console via RemoteApps in Windows
• macOS: Windows: How to Connect To and Access the ConfigMgr Console Via Microsoft Remote Desktop in macOS

Console inventory overview

For more about the console inventory, see Global SCCM UDM Console Inventory Overview.

Software updates workflow, processing, and end-user experience

EMS provides a base software update configuration with available maintenance windows. All required updates are deployed as they are released.

For more about the software update process, timing of software update deployments, and notifications for end users, see Global Software Updates Workflow, Processing, and End-user Experience.

Software catalog overview

The global software catalog (GSC) is a collection of commonly used applications available to deploy individually, as well as through the full catalog service available in the Software Center.

Manual client installation on a device outside OSD (side-load)

An SCCM client may be installed on a device that has not been built in the OSD environment. This is typically done as a one-off, for devices that are not within the common hardware model (BUY.IU standard models for Dell and Microsoft) or for older models not within the scope of the OSD service.

For more about manual client installation, see Manual SCCM Client Installation.

Preferred devices

Any device models available in BUY.IU will have drivers available for the OSD build, when applicable. Supported hardware of legacy models will continue to be supported until they fail to meet the minimum standards of the operating system requirements.

Configurations and functionality issues

• EMS reserves the right to correct functionality issues related to tenant-created configurations, including but not limited to:
  • Erroneous distribution point packages
  • Misconfigured device collections
  • Application packages, task sequences, and deployment packages

  When EMS identifies such issues, staff will coordinate with the tenant to correct the issue by contacting the tenant to provide information about the issue. EMS will provide the tenant with both required steps and a time frame for correction.

  The time frame is determined by the functionality impact severity. If not corrected within the given time frame, EMS will correct the issue on the tenant's behalf.

  Note:

  EMS assumes no responsibility for issues on tenant devices related to the necessary corrective actions taken by EMS.
• Some functionality issues may be corrected by EMS without tenant notification, with both notification and timing determined by EMS based on issue severity.
• EMS will provide globally available base configuration options for most items.
  Note:

  Tenants may create both unique configurations, and copies of global base configuration items, but EMS will not support either.

Further resources

For more about UDM, see Global UDM Updated Documentation.