Device Management Overview

Managing a device is now easier than ever on Windows IoT Enterprise. There are multiple options that your organization can choose from in order to best manage your devices, such as Azure Arc, Microsoft Intune, Endpoint Manager, and third-party OMA-DM based management tools.

Azure Arc for Server on Windows IoT Enterprise

Azure Arc unlocks new hybrid scenarios by enabling new Azure services and management features on any infrastructure. Azure Arc-enabled servers is now supported on Windows IoT Enterprise. With Azure Arc, you can extend Azure Resource Manager capabilities to your Windows IoT Enterprise devices and manage them on Azure. Connect your Windows IoT Enterprise machines to Azure Arc as described here.

When you connect your machine as an Azure Arc-enabled server, you can perform the following actions:

  • Monitor operating system performance and discover application components to monitor processes and dependencies with other resources using VM insights. Collect other log data, such as performance data and events, from the operating system or workloads running on the machine and this data is stored in a Log Analytics workspace.
  • Assign Azure Policy guest configurations to audit settings on the machine.

We are actively working on expanding this list of supported actions.

Mobile Device Management

Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server. Learn What's new in mobile device enrollment and management to further understand the capabilities that are being offered.

Microsoft Intune

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used and can configure specific policies to control applications. Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune integrates with Azure Active Directory (Azure AD) to control who has access, and what they can access. It also integrates with Azure Information Protection for data protection. Here's a guide on how to enroll your devices in Microsoft Intune.

Microsoft Endpoint Manager (Formerly SCCM)

Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune, without a complex migration, and with simplified licensing. Continue to leverage your existing Configuration Manager investments, while taking advantage of the power of the Microsoft cloud at your own pace.

Note

Starting in version 1910, Configuration Manager current branch is now part of Microsoft Endpoint Manager. Version 1906 and earlier are still branded System Center Configuration Manager (SCCM). The Microsoft Endpoint Manager brand will appear in the product and documentation over the coming months.

Update Management

Device Update Center and Windows Server Update Services are update controls and mechanisms that are not full device management solutions, but are included in the list for completeness.

Device Update Center

Device Update Center (DUC) is available for IoT Core today. DUC is update control that is staged before device management in the control chain. DUC is a great solution if you are looking to push app updates or control OS updates for a SKU of devices collectively (vs. individual devices as addressed above by Device Management). This means that you can still use device management if you choose DUC for upstream control. This service is often used with Azure Device Agent by appliance device builders.

We are working on bringing Device Update Center to Windows IoT Enterprise in the coming months, it is currently in Private Preview.

To learn more about DUC, please review this animated YouTube video on Microsoft Device Update Center Primer.

Windows Server Update Services (WSUS)

Windows Server Update Services (WSUS) enables organizations to deploy the latest Microsoft product updates to their Windows IoT devices. You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to devices on your network.

A WSUS server provides features that you can use to manage and distribute updates through a management console. A WSUS server can also be the update source for other WSUS servers within the organization. The WSUS server that acts as an update source is called an upstream server. In a WSUS implementation, at least one WSUS server on your network must be able to connect to Microsoft Update to get available update information.