Endpoint Management (EPM) Centralization and Standardization Program: Status Updates

Status Updates

December 1st, 2023

June 30h, 2023

Information about migrations broken down by unit is available on the Customer Migration page.

March of 2023 Updates: 

• Delivered MOU for Patch My PC
• Began development on iOS management in Jamf
• Working with Dell Med on HIPAA BYOD

Feb of 2023 updates:

• Completed first Office hours for MECM and Jamf ITSO units
• Developed process of roadmap review with EPM Committee

December of 2022 updates:

• Provided support for TikTok block on EPM enrolled devices
• Developed Feature updates approach for MECM enrolled windows devices
• Continued to support units onboarding to EPM Jamf
• Updated EPM Jamf firewall to include support for Apple services 
• Updated the wiki to include support options for units needs API access 

In the first week of June 2022, the following activities were completed:

Windows  

• Microsoft Endpoint Configuration Manager (MECM) is now installed on 13,324 clients   
• Cleaned up Ivanti instance so that stale devices and tasks have been removed  
• Completed Inventory reports to populate Isora  
• MECM is now backing up to Azure  

Jamf 

• 254 computers and 6 iPads are enrolled in Jamf 
• The team contacted and supported all remaining units with transitioning devices from Ivanti to Jamf. 
• Planned major work efforts for Phase 2 and 3 
• Completed the first draft Jamf SLA

Other Tools 

• Completed testing of Active Directory (AD) Device naming  
• MDE Collections has been consolidated for departments VPFA, ITS and ENG to support the future direction   

In the third week of February 2022, the following activities were completed:
Windows  

• Sent notification via email to units still using Ivanti about deleting hung tasks so that the adoption rate will expedite
• Microsoft Endpoint Configuration Manager (MECM) is now installed on 11,069 clients   
• Testing PatchMyPc initial software package updates  
• Communications were sent out to start Ivanti instance cleanup efforts  
• Inventory reports to populate Isora created expecting minor changes  

Jamf

• The team contacted and supported all remaining units with transitioning devices from Ivanti to Jamf.
• Completed the first stage of planning for the 2nd and 3rd phases of work for the Jamf track
• Completed Jamf licence centralization to main Austin account  

Other Tools

• Active Directory (AD) Device naming testing     
• MDE Collections realignment for departments VPFA, ITS and ENG to support future direction 

In the second week of February 2022, the following activities were completed:

Windows  

• Microsoft Endpoint Configuration Manager (MECM) is now installed in 11,049 clients   
• Testing PatchMyPc initial software package updates  

Jamf

• Developed a script for enrolling clients using Ivanti for mac management
• Completed testing the script for enrollment, with a sign off on readiness on Monday Feb 21st.   
• Jamf identified a need for additional approval with centralizing licenses, which was secured this week.  

Other Tools

• Active Directory (AD) Device naming testing   
• Powershell created to support automated tagging     
• Dashboards are published for Microsoft Defender for Endpoints (MDE) and index evaluation are ready for review by the EPM committee 

In the first week of February 2022, the following activities were completed:

Windows  

• The administrative push of MECM agent deployment
• PatchMyPC best practices planning meeting
• PatchmyPc  initial software update group selected and created
• Dashboards: Microsoft Defender and Spunk dashboards ready for committee demo  

Jamf

• Complete beta phase of onboarding clients to EPM
• Refining onboarding experience for endpoints  
• Creating onboarding checklist
• Centralized billing for Jamf instances  

Other Tools

• AD Device naming testing   
• Powershell created to support automated tagging     
• OneDrive Technology Resources plan for early adoption  
• VPFA redirect lists testing complete
• Pre-execution script for patching EPM CM's unknown computers complete
• MDE Published dashboards and index evaluation secondary review

In January 2022, the following activities were completed:

All Tracks 

• ServiceNow Catalog advertised   

Windows  

• Communicated CSU action required to remediate WSUS group policy  
• All 29 departments have subscribed to CM, and 10,564 clients have been installed 
• MECM agent deployment announced  
• VPFA Onboarding  
• Ivanti removal package created  
• Training and working session with LAW 
• Ivanti Migration check-in meetings CSUs complete 
• All 29 departments have subscribed to CM  
• Configuration Manager console user access audit initial users' actions  

Jamf 

• Team and EPM Governance signed off on onboarding all customers to EPM Jamf starting Feb 11th 
• Inventory PList completed 
• AUP, Screensaver Policies in place 
• Nessus package is available  
• Documentation made public 
• Preparing for beta client to join the Jamf environment  
• Screen saver and AUP policies in place 
• Implementing ADFS in the sandbox and then promoted to prod 
• Team validated documentation 
• Completed initial testing of the prod environment.  

Other Tools 

• PatchMyPC best practices planning meeting  
• AD Device naming ready for initial testing   
• Powershell created to support automated tagging    
• Completed OneDrive deployment plan meeting ready to send for approval  
• OneDrive Technology Resources plan for early adoption  
• VPFA redirect lists testing complete 
• Pre-execution script for patching EPM CM's unknown computers complete  
• AD Device naming ready for initial testing   
• MDE Dashboard and Splunk analytics breakout meeting 
• Powershell created to support automated tagging    
• Completed OneDrive deployment plan meeting ready to send for approval  
• VPFA redirect lists testing complete 
• pre-execution script for patching EPM CM's unknown computers complete 

In December 2021, the following activities were completed:

Windows track

• Centralized Distribution Point for EPM MECM has been built and in use by newly onboarded CSUs (LAW, DellMed)
• Pilot DellMed subscription to MECM in progress
• Pilot LAW subscription to MECM in progress
• Created script to find devices older than 180 days
• Breakout session WSUS patching
• Ivanti migration breakout
• WSUS migration
• Geoscience’s school upgraded their endpoints to Win11 with ConfigMan with success
• Win11 Basic validation breakout session
• PatchMyPC purchase completed 
• Service Now catalog offering is developed, and the team has been onboard
• Write pre-execution script for patching EPM MECM 's unknown computers in progress
• PatchMyPC is available, we’ll evaluation started
• Ivanti Migration check-in meetings with remaining CSUs  
• Holding a town hall in January
• Centralized deployment of Nessus agent planning
• ConfigMan console user access audit
• Create a removal package for those who have already migrated off Ivanti
• Created a script to support EPM Win automated future communications plans

macOS track

• Conducted health checks with Jamf professional services for CNS, TRECS, LAITS, and the College of Education. 
• SSL Certs and DNS are now in place
• Daily inventory Scanning is set up in production
• Development of the production environment is now underway, and the team has identified their critical path
• Continue developing the production environment by establishing an inventory PList and SITE-IT-Admin accounts
• Once the Inventory PList is in place the team will develop standard processes for installing Code 42, Nessus, and Microsoft Defender, AUP message and Screen Saver
• Migrate Customers from Ivanti to Jamf
• Expand development of Jamf in support of Jamf to Jamf migrations 
• SMTP mail relay is set up and working
• Created phone number and associated to teams Jamf account on teams Phone Number 
• Begining task decomposition migrating departments from Ivanti
• Begining task decomposition creating departments that don't currently use Jamf
• Coordinating with ISO to identify requirements for ingesting data from Jamf
• Scheduled Health Check meetings with Jamf professional services for the beginning of January 
• Began project planning with James Lewis and Melissa Medina-Razzaque, will be expanding to technical team resources next week

In November 2021, the following activities were completed:

Windows track

• Centralized Distribution Point for EPM MECM has been built and in use by newly onboarded CSUs (LAW, DellMed)
• Pilot DellMed subscription to MECM
• Pilot LAW subscription to MECM group Ivanti migration
• Created script to find devices older than 180 days
• Breakout session WSUS patching
• Ivanti migration breakout
• WSUS migration
• Geoscience’s school upgraded their endpoints to Win11 with ConfigMan with success
• Win11 Basic validation breakout session
• PatchMyPC order was started
• Common good deployment servers Qual ready
• PatchMyPC in central purchasing now; pending final approval
• Service catalog offerings in progress
• Dell Med device migration to MECM in progress
• Law School Migration to MECM 350 clients installed and 350 left
• Wiki creation for documentation sharing in progress
• Communications with Business schools regarding data collection requirements ongoing
• Ivanti migration costumer documentation in progress
• Write pre-execution script for patching EPM CM's unknown computers in progress
• Naming standards meeting scheduled
• Determine the fields (default custom attributes) that would be considered standard for HW reporting
• Common good deployment servers Prod in progress
• Once PatchMyPC is available we will evaluate how to configure the storage
• MECM onboarding
• MECM onboarding checklist underway

macOS Track

• Sandbox setup completed up and running
• Team login with local accounts working
• Working on naming conventions meeting completed
• Department ID convention in progress meeting
• Ivanti retirement in progress townhalls completed
• Jamf connect session
• Site permissions breakout meeting
• Health check breakout meeting
• EntAuth Shibboleth is underway
• Working on naming conventions in progress
• Department ID convention in progress
• Ivanti retirement in progress
• Ivanti retirement future working sessions  
• Jamf connect future
• Build Jamf Health check questionnaire in progress

In September-October 2021, the following activities were completed:

• Onboarded new Program Manager (Kim Clark)
• Held initial EPM Town Hall
• Initiated migration planning for Ivanti Windows users
• Revisited Backup recommendations and determined new strategy:
  • Original EPM machine-based backup approach for campus will be set aside 
  • Each department will be allowed to continue using their current backup approach 
  • Begin exploring solutions to data protection that are not limited to a specific tool, including investigating options other than Code-42. 
• Selected Jamf vendor and finalized purchase
• Finalized license migration plan for existing Jamf customers and Ivanti MacOS users

In August 2021, the following activies were completed:

• EPM Core Team kickoff completed; resources assigned to technical tracks  
• EPM Program Manager filled – Kim Clark slated to start on 9/13/21 
• EPM FYI date selected – 10/12/21 
• Common EPM change management use cases documented   
• Initial Ivanti migration proposal drafted and slated for EPM Committee review and endorsement  

In July 2021, the following activies were completed: