Remember when they said people wouldn’t go to live concerts anymore thanks to the popularity of music videos? There weren’t supposed to be real estate agents anymore thanks to Zillow and there wasn’t supposed to be investment firms thanks to E*Trade. There also wasn’t supposed to be Group Policy thanks to the cloud and MDM, and yet, well… enterprises continue to use it. In fact, enterprise IT professionals are using it more than ever according to a recent poll conducted just weeks ago by Jeremy Moskowitz, a globally recognized SME on Windows Group Policy. An audience of IT professionals were asked the following:
- Describe your usage of Group Policy over the past year. Respondents answered as follows
- Describe your expected usage of Group Policy the coming year of 2019. Respondents answered as follows
Yes, you read that correctly.
The vast majority of enterprise IT professionals expect to use Group Policy more in 2019 than they do currently. Perhaps another question could have been, “Does anyone not use Group Policy?” Just as consumers continue to shop at Best Buy and other traditional retailers despite the dramatic expansion of online retail, enterprise admins still continue to utilize Group Policy rather than exclusively relying on cloud based solutions such as Intune or MDM solutions such as Workspace One.
The reason for the continued devotion and utilization to Group Policy is simple. Azure and Intune are great for cloud-first enterprises but these are mostly SMBs and startups. The vast majority of large organizations today have an internal AD structure with thousands of domain joined computers that was established more than a decade ago. Adding AD Join capability to an existing large enterprise Active Directory infrastructure adds another layer of management complexity for those administering that infrastructure. Other companies have no choice but to keep many of their users and assets on-premise in order to satisfy industry or governmental compliance regulations.
While many enterprises may strive to be “cloud-first,” their WAN infrastructure holds them back from achieving this objective due to latency issues. That is because for many geographically dispersed organizations, all of their web traffic must be backhauled to the enterprise data center which may reside in another part of the country. Known as the “Trombone Effect,” this situation occurs in a network architecture that forces a distributed organization to use a single secure exit point to the Internet. The latency this creates for branch offices is not conducive in today’s enterprise environments which is why many companies are pulling services out of the cloud and putting them on the edge. According to Gartner, while 10 percent of enterprise-generated data was created and processed outside of a traditional centralized data center or cloud, this figure will reach 75 percent by 2022. Because companies are striving to be as close to their customers as possible in order to learn their needs, companies are putting greater emphasis on branch locations. These branches utilize distributed read-only domain controllers residing as virtual machines that can instantly enforce policies to manage and deploy application and desktop settings for users domain-wide, regardless of location.
The debate between domain joined and Azure joined doesn’t have to be an either/or question. Many companies are adapting to a hybrid IT architecture that divides their enterprise up between on-premise and cloud. Determinations are then made as to which applications, users and data types must remain on-premise due to security concerns or compliancy restrictions.
Other resources are then migrated to one or more cloud providers. Jeremy Moskowitz uses the analogy of comparing the GPO/MDM discussion to that of IPv4/IPv6 when discussing the continued reliance on Group Policy. He explains that some people will have an immediate need for the new thing, some will have no need at all and others will have some mixed need.
Deciding between Group Policy and MDM isn’t something you have to worry about with PolicyPak.
Whether your network is 100 percent domain joined or cloud-first, PolicyPak can manage your applications, desktops, browsers and security settings to increase the management reach over your expanding attack surface.
- PolicyPak’s Group Policy Edition greatly augments your management potential versus Group Policy alone when you are creating policies to manage applications settings, Windows 10 file extensions or map websites to specific browsers.
- You can use PolicyPak Cloud Edition and distribute them to remote and non-domain joined machines.
- You can use PolicyPak MDM Edition to work alongside your MDM solution for PolicyPak settings, or to deploy real Microsoft Group Policy and PolicyPak settings to your MDM solution.
There is no doubt that the world is in transition due to the constant pace of technology innovation. To use a final quote, “The more things change, the more they stay the same.” Group Policy remains a tool of preference for IT professionals around the world for managing users and their Windows desktop environments. Yes, Group Policy has some limitations. MDM has even more but is up and coming.
If you need that extra piece to fill in the holes, stop malware and ransomware attacks, simplify Windows 10 management and eliminate admin rights for standard users once and for all, then PolicyPak is a great addition.