CHAPTER 1
Configuration Management Basics

System Center Configuration Manager (ConfigMgr) is the latest evolution of Microsoft’s continuing maturation of its systems management platform. Microsoft initially released ConfigMgr’s predecessor, Systems Management Server (SMS), in 1994, along with Windows NT Server 3.5, to help support managing MS-DOS, Windows for Workgroups, Windows NT, Mac, and OS/2 desktops on Windows NT Server, NetWare, LAN Manager, and Pathworks networks. As they say, “You’ve come a long way, baby!”

Configuration Manager provides a total solution for systems management in a people-centric IT environment, including the ability to catalog hardware and software, deliver new software packages and updates, and deploy Windows operating systems with ease. You can also use it to manage mobile devices, OS X, and Linux/UNIX clients. ConfigMgr gives you the resources you need to get and stay in control of your on-premise and mobile environments and helps with managing, configuring, and securing devices and applications. For example, Configuration Manager Current Branch includes the following new capabilities over Configuration Manager 2012 R2:

Windows 10 Support: Updates that help you quickly deploy, upgrade, and configure Windows 10.

Servicing Model: A new ConfigMgr servicing model keeps you current with continuous innovations delivered through Windows as a Service.

Mobile Device Management (MDM): Building on unified management of on-premise and cloud-based mobile devices introduced with ConfigMgr 2012 R2, this version includes Android and iOS innovations through MDM when integrated with Microsoft Intune, including the ability to impose conditional access on devices and on-premise MDM support.

Monitoring: Configuration Manager enables you to see clients that are online and view the health of Windows 10 devices.

Office 365 Management: You can manage Office 365 clients using ConfigMgr’s software update management workflow.

Application Management: Software Center has a new, modern look, with increased capabilities.

This chapter introduces System Center Configuration Manager. To avoid constantly repeating that very long name, this book uses the Microsoft-approved abbreviations of this System Center component, Configuration Manager and ConfigMgr. This sixth edition of Microsoft’s systems management platform includes numerous additions in functionality as well as security and scalability improvements over its predecessors, and it builds on the people-centric IT capabilities introduced in ConfigMgr 2012 R2.

The chapter discusses Microsoft’s approach to information technology (IT) operations and systems management, including an explanation of the Microsoft Operations Framework (MOF), which incorporates and expands on the concepts contained in the Information Technology Infrastructure Library (ITIL) standard. It also examines Gartner Group’s Infrastructure & Operational (I&O) Maturity Model, which is used in the assessment of the maturity of organizations’ IT operations.

The bulk of your department’s budget goes toward paying for teams of contractors to perform operating system (OS) and software upgrades rather than paying talented people like you the big bucks to implement the platforms and processes to automate and centralize management of company systems and user devices.

You realize systems management would be much easier if you had visibility and control of all your systems and devices—regardless of the platform or technology they are using—from a single management console.

Your new full-time job is keeping auditors happy by proving that your organization is compliant with an increasing number of government regulations.

When you try to install Windows 10 for the accounting department, you discover it cannot run on half the computers because they do not have enough RAM. (It would have been nice to know that when submitting your budget requests!)

You spent your last vacation on a trip from desktop to desktop, installing Microsoft Office 2016.

You lack the internal resources to apply software updates manually to your systems every month.

The laptops used by the sales team are still running Windows XP because salespeople never come to the home office. Meanwhile, the team is closing sales using iPads and other mobile devices while connecting to the cloud.

Within days of updating system configurations to meet corporate security requirements, you find that several have already drifted out of compliance.

Your software environment is so diverse and distributed that you can no longer keep track of which software versions should be installed on which system.

By the time you update your documentation, everything has changed, and you have to start all over again!

While trying to bring some humor to the discussion, these topics represent very real problems for many systems administrators. If you are one of those individuals, you owe it to yourself to explore how your organization might leverage Configuration Manager to solve numerous problems. The pain points just listed are common to most users to some degree, and System Center Configuration Manager holds solutions for all of them.

However, perhaps the most important reason for using Configuration Manager is the peace of mind it gives you, as an administrator, to know that you have complete visibility and control of your IT systems. The stability and productivity this can bring to your organization is a great benefit as well.

System Center Configuration Manager is a software solution that delivers end-to-end management functionality for systems administrators. It provides configuration management, patch management, software and operating system distribution, remote control, asset management, hardware and software inventory, cloud integration via Microsoft Intune, and a robust reporting framework to make sense of the variety of available data for internal systems tracking and regulatory reporting requirements.

These capabilities are significant because today’s IT systems are prone to a number of problems from the perspective of systems management, including the following:

Hurdles in the distributed enterprise

Automation challenges

Configuration “shift and drift”

Lack of security and control

Timeliness of asset data

Lack of automation and enforcement

Proliferation of cloud computing

Lack of process consistency

This list should not be surprising, as these types of problems manifest themselves to varying degrees in IT shops of all sizes. In fact, in a 2012 report, Forrester Research estimates that 82% of large IT organizations are pursuing service management, and 67% are planning to increase Windows management (see https://www.forrester.com/report/Sustain+Service+Management+And+Automation+Funding/-/E-RES61499). The next sections look at these issues from a systems management perspective.

Increasing Threats: According to the SANS Institute, the threat landscape is increasingly dynamic, making efficient and proactive update management more important than ever before (see https://www.computerworld.com/article/2565944/security0/sans-unveils-top-20-security-vulnerabilities.html). Symantec’s 2017 Internet Security Threat Report concluded that cyber criminals revealed new levels of ambition in 2016, causing unprecedented levels of disruption with relatively simple IT tools and cloud services (https://www.symantec.com/security-center/threat-report).

Regulatory Compliance: Sarbanes-Oxley, HIPAA, and many other regulations have forced organizations to adopt and implement fairly sophisticated controls to demonstrate compliance.

OS and Software Provisioning: Rolling out the OS and software on new workstations and servers, especially in branch offices, can be both time-consuming and logistically challenging.

Methodology: With the bar for effective IT operations higher than ever before, organizations are forced to adapt a more mature implementation of IT operational processes to deliver the necessary services to the organization’s business units more efficiently.

With increasing operational requirements unaccompanied by linear growth in IT staffing levels, organizations must discover ways to streamline administration through the use of tools and automation.

These problems have a common element: All beg for some measure of automation to ensure that IT can meet expectations in these areas at the expected level of accuracy and efficiency. To get IT operational requirements in hand, organizations must implement tools and processes that make OS and software deployment, update management, and configuration monitoring more efficient and effective.

You may be familiar with an old philosophical saying “If a tree falls in a forest and no one is around to hear it, does it make a sound?” Here is the configuration management equivalent: “If a change is made on a system and no one knows about it, does identifying it make a difference?”

The answer to this question is absolutely yes. Every change to a system has some potential to affect the functionality or security of a system or that system’s adherence to corporate or regulatory standards.

For example, adding a feature to a web application component may affect the application binaries, potentially overwriting files or settings replaced by a critical security patch. Alternatively, perhaps the engineer implementing the change sees a setting he or she thinks is misconfigured and decides to just “fix” it while working on the system. In an e-commerce scenario with sensitive customer data involved, this could have potentially devastating consequences.

At the end of the day, your selected systems management platform must bring a strong element of baseline configuration monitoring to ensure that configuration standards are implemented and maintained with the required consistency.

Point-of-Sale (POS) devices running embedded operating systems pose unique challenges, thanks to their specialized operating systems that can be difficult to administer and—for many systems management solutions—are completely unmanageable. Frequently these systems perform critical functions within the business (as cash registers, automated teller machines, and so on), making the need for visibility and control from configuration and security perspectives an absolute necessity.

Mobile devices have moved from a role of high-dollar phone to a mini-computer used for everything: Internet access, Global Positioning System (GPS) navigation, and storage for all manner of potentially sensitive business data. From the chief information officer’s perspective, ensuring that these devices are securely maintained (and appropriately password protected) is somewhat like gravity: It’s a more than a good idea—it’s the law!

But seriously, as computing continues to evolve and more devices release users from the structures of office life, the problem only gets larger.

Cloud computing adds additional challenges to security and control. The question becomes how to best share these controls among the different stakeholders while maintaining strong oversight. This is discussed further in the “Proliferation of Cloud Computing” section, later in this chapter.

Without this data, organizations can over-purchase (or, worse yet, under-purchase) software licensing. Having accurate asset information can help you get a better handle on your licensing costs. Likewise, without current configuration data, areas including incident and problem management may suffer, as troubleshooting incidents will be more error prone and time-consuming.

Resource provisioning of new workstations or servers can be a very labor-intensive exercise. Installing a client OS and required applications may take a day or longer if performed manually. Ad hoc scripting to automate these tasks can be a complex endeavor. Once deployed, ensuring that the client and server configuration is consistent can seem an insurmountable task. With customer privacy and regulatory compliance at stake, consequences can be severe if this challenge is not met head on.

When dealing with systems management, you have to consider many different functions, such as software and patch deployment, resource provisioning, and configuration management. Managing server and application configuration in an increasingly “cloudy” world, where boundaries between systems and applications are not always clear, requires consideration of new elements of management not present in a purely on-premise environment.

Cloud computing—whether private, public, or hybrid cloud—is a very exciting concept to IT operations. The potential for dramatic increases in process automation and efficiency and reduction in deployment costs is very real. Cloud technology makes it possible to provision new servers and applications in a matter of minutes. However, this newfound agility comes with a potential downside, which is the reality that cloud computing can increase the velocity of change in your environment. The tools used to manage and track changes to a server often fail to address new dynamics that come when cloud computing is introduced into a computing environment.

Many organizations make the mistake of taking on new tools and technologies in an ad hoc fashion, without first reviewing them in the context of the process controls used to manage the introduction of change into the environment. These big gains in efficiency can lead to a completely new problem: inconsistencies in processes not designed to address the new dynamics that come with the cloud.

A methodology is a framework of processes and procedures used by those who work in a particular discipline. It is a structured process that defines the who, what, where, when, and why of operations and the procedures to use when defining problems, solutions, and courses of action.

When employing a standard set of processes, it is important to ensure that the framework being adopted adheres to accepted industry standards or best practices and that it takes into account the requirements of the business—ensuring continuity between expectations and the services delivered by the IT organization. Consistently using a repeatable and measurable set of practices allows organizations to more accurately quantify their progress, facilitating adjustment of processes as necessary to improve future results.

The most effective IT organizations build an element of self-examination into their IT service management (ITSM) strategy to ensure that processes can be incrementally improved or modified to meet the changing needs of the business. With IT’s continually increased role in running successful business operations, it is critical to have a structured and standard way to define IT operations aligned to the needs of the business and enable IT to meet expectations of business stakeholders. This alignment results in improved business relationships where business units engage IT as a partner in developing and delivering innovations to drive business results.

Likewise, meeting the expectations of both business and compliance regulation can seem an impossible task. As technology evolves, so must IT’s thinking, management tools, and processes. This makes it necessary to embrace continual improvement in methodologies used to reduce risk while increasing agility in managing systems to keep pace with the increasing velocity of change.

At a process level, systems management touches nearly every area of IT operations. It can continually manage a computing resource, such as a client workstation, from the initial provisioning of the OS and hardware to end-of-life, when user settings are migrated to a new machine. The hardware and software inventory data collected by your systems management solution can play a key role in incident and problem management, providing information that facilitates faster troubleshooting.

As IT operations grow in size, scope, complexity, and business impact, the common denominator at all phases is efficiency and automation, based on repeatable processes that conform to industry best practices. Achieving this necessitates capturing subject matter expertise and business context into a repeatable, partially or fully automated process. At the beginning of the service life cycle is service provisioning, which from a systems management perspective means OS and software deployment. Automation at this phase can save hours or days of manual deployment effort in each iteration.

After resources are in production, the focus expands to include managing and maintaining systems via ongoing activities IT uses to manage the health and configuration of systems. These activities may touch areas such as configuration management by monitoring for unwanted changes in standard system and application configuration baselines.

As the service life cycle continues, systems management can affect release management in the form of software upgrades. Activities include software metering activities, such as reclaiming unused licenses for reuse elsewhere. If you are able to automate these processes to a great degree, you achieve higher reliability and security, greater availability, better asset allocation, and a more predictable IT environment. These factors translate into business agility, more efficient and less expensive operations, and a greater ability to respond quickly to changing conditions.

Reducing costs and increasing productivity in IT service management are important because efficiency in operations frees up money for innovation and product improvements. Information security is also imperative because the price tag of compromised systems and data recovery from security exposures can be large, and those costs continue to rise each year.

Adoption of a model-based management strategy to implement synthetic transaction technology: Such a strategy is a component of the Dynamic Systems Initiative, discussed in the next section, “Microsoft’s Dynamic Systems Initiative (DSI).” Configuration Manager delivers Service Modeling Language (SML)-based models in its Compliance Settings feature, allowing administrators to define intended configurations.

Incorporating the Infrastructure & Operational (I&O) Maturity Model as a framework for aligning IT with business needs: As discussed in the “Judging Your IT Organization’s Maturity” section, later in this chapter, the five levels of infrastructure and operational maturity help identify your organization’s capability to take on new challenges.

Supporting a standard web services specification for systems management: WS-Management is a specification of a SOAP-based protocol, based on web services, used to manage servers, devices, and applications. (SOAP stands for Simple Object Access Protocol.) The intent is to provide a universal language that all types of devices can use to share data about themselves, which in turn makes them easier to manage.

Integrating infrastructure and management into OS and server products: This requires exposing services and interfaces that management applications can utilize.

Building complete management solutions on this infrastructure: This can be done either by making them available in the operating system or by using management products such as Configuration Manager.

Continuing to drive down the complexity of Windows management: Providing core management infrastructure and capabilities in the Windows platform itself allows business and management application developers to improve their infrastructures and capabilities. Microsoft believes that improving the manageability of solutions built on Windows Server will be a key driver in shaping the future of Windows management.

Updating regularly: Recognizing the rapid rate of software changes as systems move to the cloud, Microsoft has aligned Configuration Manager to have updates multiple times each year, as introduced using the Current Branch model with ConfigMgr’s release in late 2015. Using this model, ConfigMgr’s regular updates are designed to support the faster pace of updates for Windows 10 and Microsoft Intune.

A large percentage of departmental budgets and resources typically focus on mundane maintenance tasks, such as applying software patches or monitoring network health, without leaving staff time or energy to focus on more exhilarating and productive strategic initiatives.

DSI, a Microsoft and industry strategy, is intended to enhance the Windows platform, delivering a coordinated set of solutions that simplify and automate how businesses design, deploy, and operate distributed systems. DSI helps IT and developers create operationally aware platforms. By designing platforms that are more manageable and automating operations, organizations can reduce costs and proactively address priorities.

DSI is about building software that enables knowledge of an IT system to be created, modified, transferred, and operated on throughout the life cycle of that system. It is a commitment from Microsoft and its partners to help IT teams capture and use knowledge to design systems that are more manageable and to automate operations, which in turn reduces costs and gives organizations additional time to focus proactively on what is most important. By innovating across applications, development tools, the platform, and management solutions, DSI results in the following:

Increased productivity and reduced costs across all areas of IT

Increased responsiveness to changing business needs

Reduced time and effort spent developing, deploying, and managing applications and software systems

Microsoft is positioning DSI as the connector of the entire system and service life cycles.

Configuration Manager uses model-based configuration baseline templates in its Compliance Settings feature to automate identification of undesired shifts in system configurations.

Visual Studio is a model-based development tool that leverages SML, enabling operations managers and application architects to collaborate early in the development phase and ensure that applications are modeled with operational requirements in mind.

Windows Server Update Services (WSUS) enables greater and more efficient administrative control through modeling technology that enables downstream systems to construct accurate models representing their current state, available updates, and installed software.

DSI focuses on automating datacenter operations and reducing total cost of ownership (TCO) though self-managing systems. Can logic be implemented in management software so the software can identify system or application issues in real time and then dynamically take actions to mitigate the problem? Consider the scenario where, without operator intervention, a management system moves a virtual machine running a line-of-business application because the existing host is experiencing an extended spike in resource utilization. DSI aims to extend this type of self-healing and self-management to other areas of operations.

In support of DSI, Microsoft has invested heavily in three major areas:

Systems Designed for Management: Microsoft is delivering development and authoring tools, such as Visual Studio, that enable businesses to capture the knowledge of everyone from business users and project managers to the architects, developers, testers, and operations staff using models. By capturing and embedding this knowledge into the infrastructure, organizations can reduce support complexity and cost.

An Operationally Aware Platform: The core Windows operating system and its related technologies are critical when solving everyday operational and service challenges. This requires designing operating system services for manageability. In addition, the operating system and server products must provide rich instrumentation and hardware resource virtualization support.

Cloud Applications: Utilizing public and hybrid cloud functionality improves the agility of an organization by simplifying the effort involved in modifying, adding, or removing the resources a service uses in performing work.

Developers have tools (such as Visual Studio) to design applications such that they are easier for administrators to manage after they are in production.

Microsoft products can be secured and updated in a uniform way.

Microsoft server applications are optimized for management.

DSI represents a departure from the traditional approach to systems management. It focuses on designing for operations from the application development stage rather than taking a more customary operations perspective that concentrates on automating task-based processes. This strategy highlights the fact that Microsoft’s DSI is about building software that enables knowledge of an IT system to be created, modified, transferred, and used throughout the life cycle of a system. DSI’s core principles of knowledge, models, and the life cycle are key in addressing the challenges of complexity and manageability faced by IT. By capturing knowledge and incorporating health models, DSI can facilitate easier troubleshooting and maintenance and, thus, lower TCO.

SML facilitates modeling systems from a development, deployment, and support perspective with modular, reusable building blocks that eliminate the need to reinvent the wheel when describing and defining a new service. The end result is systems that are easier to develop, implement, manage, and maintain, resulting in reduced TCO for the organization. SML is a core technology that plays a prominent role in future products developed to support the ongoing objectives of DSI.

ITIL provides a cohesive set of best practices for ITSM. These best practices include a series of books that provide direction and guidance on provisioning quality IT services and facilities needed to support IT. The documents are maintained by the OGC and supported by publications, qualifications, and an international users group.

Started in the 1980s, ITIL is under constant development by a consortium of industry IT leaders. ITIL covers a number of areas and is primarily focused on ITSM; in fact, ITIL is considered to be the most consistent and comprehensive documentation of best practices for ITSM worldwide. ITSM is a business-driven, customer-centric approach to managing IT. It specifically addresses the strategic business value generated by IT and the need to deliver high-quality IT services to a business organization. Following are the key objectives of ITSM:

Align IT services with current and future needs of the business and its customers

Improve the quality of IT services delivered

Reduce long-term costs of providing services

Philosophically speaking, ITSM focuses on the customer’s perspective of IT’s contribution to the business, which is analogous to the objectives of other frameworks in terms of their consideration of alignment of IT service support and delivery with business goals in mind.

While ITIL describes the what, when, and why of IT operations, it stops short of describing how a specific activity should be carried out. A driving force behind its development was the recognition that organizations are increasingly dependent on IT for satisfying their corporate objectives relating to both internal and external customers, which increases the requirement for high-quality IT services. Many large IT organizations realize that the road to a customer-centric service organization runs along an ITIL framework.

ITIL also specifies keeping measurements or metrics to assess performance over time. Measurements can include a variety of statistics, such as the number and severity of service outages, along with the amount of time it takes to restore service. These metrics, or key performance indicators (KPIs), can be used to quantify to management how well IT is performing. This information can prove particularly useful for justifying resources during the budget process!

MOF is a set of publications that provide both descriptive (what to do, when, and why) and prescriptive (how to do) guidance on ITSM. The key focus in developing MOF was providing a framework specifically geared toward managing Microsoft technologies. Microsoft created the first version of MOF in 1999. The latest iteration of MOF (version 4) is designed to do the following:

Update MOF to include the full end-to-end IT service life cycle

Let IT governance serve as the foundation of the life cycle

Provide useful, easily consumable best practice-based guidance

Simplify and consolidate service management functions (SMFs), emphasizing workflows, decisions, outcomes, and roles

MOF v4 now incorporates Microsoft’s previously existing Microsoft Solutions Framework (MSF), providing guidance for application development solutions. The combined framework provides guidance throughout the IT life cycle, as shown in Figure 1.2.

At its core, MOF is a collection of best practices, principles, and models. It provides direction to achieve reliability, availability, supportability, and manageability of mission-critical production systems, focusing on solutions and services using Microsoft products and technologies. MOF extends ITIL by including guidance and best practices derived from the experience of Microsoft’s internal operations groups, partners, and customers worldwide. MOF aligns with and builds on the ITSM practices documented in ITIL, thus enhancing the supportability built on Microsoft’s products and technologies.

MOF uses a model that describes Microsoft’s approach to IT operations and the service management life cycle. The model organizes the ITIL volumes Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement and includes additional MOF processes in the MOF components, as illustrated in Figure 1.3.

It is important to note that the activities pictured in Figure 1.3 can occur simultaneously within an IT organization. Each area has a specific focus and tasks, and within each area are policies, procedures, standards, and best practices that support specific service management-focused tasks.

Configuration Manager can be employed to support tasks in the different top-level MOF components. Let’s look briefly at each of these areas and see how you can use Configuration Manager to support MOF:

Plan: This phase covers activities related to IT strategy, standards, policies, and finances. This is where the business and IT collaborate to determine how IT can most effectively deliver services, enabling the overall organization to succeed.

Configuration Manager delivers services that support the business, enabling IT to change to meet business strategy and support the business in becoming more efficient.

Deliver: This phase represents activities related to envisioning, planning, building, testing, and deploying IT service solutions. It takes a service solution from vision through deployment, ensuring a stable solution that is in line with business requirements and customer specifications.

Inventory management enables you to keep a handle on your hardware and software inventory, assisting with managing costs and planning for operating system and software upgrades.

Configuration Manager uses a connector to provide configuration item data about the computer from System Center Service Manager, enabling that information to be used in the Service Manager configuration management database (CMDB).

Operate: This phase focuses on activities related to operating, monitoring, supporting, and addressing issues with IT services. It ensures that IT services function in line with SLA targets.

You can incorporate a structure into the software updates capability to assess the current situation, identify new updates, evaluate and plan for deployment, and put the actual update deployment into effect, reducing the support and operations costs of implementation by using a process.

Manage: This layer, which operates continuously though the three phases, covers activities related to managing governance, risk, compliance, changes, configurations, and organizations. It promotes consistency and accountability in planning and delivering IT services, and providing the basis for developing and operating a flexible and durable IT environment.

The Manage layer establishes an approach to ITSM activities that helps coordinate the work of the SMFs in the three life cycle phases.

Configuration Manager’s Compliance Settings feature enables you to manage compliance of your systems and identify noncompliant systems so you can take actions for remediation.

You can find additional information about MOF at https://msdn.microsoft.com/en-us/library/ms959769(v=cs.70).aspx.

MOF (incorporating MSF) spans the entire IT life cycle.

Both MOF and ITIL are based on best practices for IT management, drawing on the expertise of practitioners worldwide.

The MOF body of knowledge is applicable across the business community (from small businesses to large enterprises). MOF also is not limited only to those using the Microsoft platform in a homogenous environment.

As is the case with ITIL, MOF has expanded to be more than just a documentation set.

Microsoft and its partners provide a variety of resources to support MOF principles and guidance, including self-assessments, IT management tools that incorporate MOF terminology and features, training programs and certification, and consulting services.

ISO 20000 was developed to reflect the best-practice guidance contained within ITIL. The standard also supports other ITSM frameworks and approaches, including MOF, Capacity Maturity Model Integration (CMMI), and Six Sigma. ISO 20000 consists of two major areas:

Part 1 promotes adoption of an integrated process approach to deliver managed services effectively to meet business and customer requirements.

Part 2 is a “code of practice” that describes the best practices for service management within the scope of ISO 20000-1.

These two areas—basically what to do and how to do it—have similarities to the approach taken by the other standards, including MOF.

ISO 20000 goes beyond ITIL, MOF, Six Sigma, and other frameworks in providing organizational or corporate certification for organizations that effectively adopt and implement the ISO 20000 code of practice.

Continually reinventing the environment requires your IT organization to have the maturity to make the leap. If you are constantly fighting fires, it is hard to find the time or develop the skill sets necessary to take on something new, particularly if it may require re-architecting the way you do things. In addition, adapting new technologies and architectures requires funding and CxO support; being a trusted business partner helps, but that will not happen if your IT department is caught in a reactionary loop.

Loosely defined, the Infrastructure & Operational (I&O) Maturity Model applies to an organization’s capability to take on new challenges. Gartner recognizes five levels of infrastructure and operations maturity, and has developed a self-assessment tool (available at https://www.gartner.com/doc/2481415/itscore-overview-infrastructure-operations) that organizations can use to understand their level of maturity. These are the five levels:

1. Aware: Realizing that infrastructure and operational maturity is business critical and beginning to take actions to gain operational control and visibility. These actions are across people, process, and technologies—the three elements for a successful organizational transformation—and affect quality and productivity.

2. Committed: Moving to a managed environment to become more customer-centric and increase customer satisfaction levels.

3. Proactive: Gaining efficiencies and service quality through standardization, policy development, and governance and implementing proactive/cross-departmental processes. This could include change and release management.

4. Service-Aligned: Managing IT as though it is a business. Industry best practices are in place, and the organization is customer-focused, proven, competitive, and a trusted provider.

5. Business Partner: Realizing that IT is a critical strategic player and business partner for the organization.

Most organizations do not make it to level 5. For a more complete discussion of this model, see https://www.savision.com/resources/blog/how-mature-your-it-department.

Security: Role-based administration secures the access needed to administer Configuration Manager. You can also secure access to the objects that you manage, such as collections, deployments, and sites.

Simplicity: ConfigMgr delivers a simplified user interface with limited top-level icons, organized in a way that makes resources easier to locate. Improvements in branch office support also serve to not only simplify management of the branch office but also reduce ConfigMgr infrastructure costs in these scenarios.

Manageability: Offline OS and driver packages can be created to support OS deployment in scenarios with no or low-bandwidth connectivity. The Updates and Servicing service method makes it easy to locate and install recommended updates. Native Wake On LAN support makes patching workstations after-hours more hands-off.

Configuration Manager helps you embrace this trend without giving up the control needed to protect your corporate assets. User experiences can be delivered and managed based on corporate identity, network connectivity, and device type—enabling you to meet the demand for consistent, anywhere access to corporate services. By providing a unified infrastructure for mobile, physical, and virtual environments, ConfigMgr helps you manage everything in one place, using processes you already have established. This infrastructure also extends to include critical endpoint security and service management technologies necessary to protect and support your workers; at the same time, it provides simplified administrative tools and improved compliance enforcement mechanisms to help make IT more efficient and effective.

The value of Configuration Manager lies in these areas:

Empowering individuals to be productive from anywhere on whatever device they choose: The application model empowers you to deliver the best application experience to the user, based on his or her identity, device, and connection.

Supporting the faster pace of updates: This applies to Windows 10 and Microsoft Intune, with regular updates to Current Branch.

Streamlining operations with a unified infrastructure, integrating client management and protection across mobile, physical, and virtual environments: Role-based administration, Intune hybrid integration, and virtualization scenario support can simplify both infrastructure and processes for IT.

Driving organizational efficiency for IT with improved visibility and enforcement options for maintaining system compliance: This means fewer mouse clicks to accomplish tasks and more automation in activities such as patch management and settings enforcement.

This chapter also discussed ITIL, which is an internationally accepted framework of best practices for IT service management. ITIL identifies what should be described in IT operations, although not actually how to accomplish it, and how the processes are related and affect one another. To provide additional guidance for its own IT and other customers, Microsoft uses ITIL as the foundation of its own operations framework, MOF. The objective of MOF is to provide both descriptive (what to do and why) and prescriptive (how to do it) guidance flow for IT service management as it relates to Microsoft products.

Microsoft’s management approach, which incorporates the processes and software tools of MOF, is a strategy or blueprint intended to build automation and knowledge into datacenter operations. Microsoft’s investment includes building systems designed for operations, developing an operationally aware platform, and establishing a commitment to intelligent management software.

Configuration Manager is a tool for managing systems in a way that increases the quality of service that IT delivers while reducing the operational cost of service delivery. Configuration Manager is a critical component in Microsoft’s approach to systems management that can increase your organization’s agility in delivering on its service commitments to the business.

Systems management is a key component in an effective service management strategy. Throughout this book, you will see this functionality described and demonstrated, and you will come to understand the full value of Configuration Manager as a platform for improving the automation, security, and efficiency of service support and delivery in your IT organization.

Chapter 2, “Configuration Manager Overview,” provides an overview of Configuration Manager terminology and discusses key concepts, feature dependencies, history, and what is new in Configuration Manager Current Branch.