The new research from Gartner, “Improve Business Continuity Using Desktop as a Service” is striking a similar chord with me. If the enterprise desktop place that we are living in today is so vulnerable, why don’t we just move to the place that is safer?

Stay with me..

The July 2024 CrowdStrike agent failure was a powerful example of the operational exposure most organizations still face. Gartner’s research “Improve Business Continuity Using Desktop as a Service” which references this incident,  highlights the strategic role of Desktop as a Service (DaaS) and cloud-hosted virtual desktops in minimizing downtime, and also the use, of what Gartner term a “thin client operating system”. But in doing so, it also highlights a prevailing mindset: **that we are designing the endpoint for failover, rather than designing for failsafe.**

Lets quickly tackle that term – “thin client operating system”. Now I’m looking at this it deserves its own blog, but – The term “thin client” is inextricably linked to the hardware. Search on the term “thin client” and what do you see? A page full of hardware. Wikipedia even states “a simple (low-performance) computer”. Ask an AI engine what the benefits of a thin client are and you’ll find improved security, lower TCO, improved reliability and uptime. Lets take those benefits (often, but not always, delivered by or enabled by the software – IGEL) and lets run them on any device,not just “thin clients”.

At IGEL, we believe in a more targeted, fit for purpose strategy: Yes, have a plan. Yes, embrace VDI, DaaS and browser. But first, ask: what if your endpoint was designed to minimize the risk of failure in the first place?

The Recovery Assumption: The Traditional Endpoint as the Failure Point

Gartner is right to emphasize preparedness. Failures—from agent misfires to ransomware—do happen. But implicit in the recovery model is the assumption that a traditional, built for every eventuality, writeable endpoint is the default (specifically calling out resetting it). And that means layering on security agents, patching, backups, and more.

IGEL, see the endpoint differently: not as something to defend with layers, but something to simplify and harden by design.

Security by Design: The Preventative Security Model

IGEL’s Preventative Security Model shifts endpoint thinking from detection and remediation to proactive prevention and simplification.

• Immutable, Read-Only OS: Stops tampering and malware persistence.
• No Local Data: Removes exfiltration and encryption targets.
• Cryptographically Verified Boot: Ensures the system starts in a known-good state.
• Minimized Attack Surface: Only the necessary components are delivered to the device.

This is not about claiming unbreakable software. IGEL OS is software after all. But it’s software architected with the principles of Zero Trust and attack surface minimization at its core.

Workloads no longer run at the endpoint

With applications increasingly moving away from the endpoint and into the cloud, and Gartner themselves predicting that by 2030 Secure Enterprise Browsers will be a central component of application access strategies, isn’t it time to rethink the endpoint? Isn’t this a point in time to redefine the enterprise endpoint – just like the Enterprise Browser is being redefined?

Business Continuity Begins with Fewer Incidents

Gartner is right: you need a business continuity plan. Virtual desktops and cloud scaling are essential. But we believe true endpoint resilience starts before recovery:

• Design devices that are difficult to compromise
• Limit what runs locally and how it’s accessed
• Deliver workspaces adaptively, based on user role and risk

Case in Point: Dual-Layer Resilience in Action

During the July 2024 CrowdStrike incident, IGEL endpoints remained operational and unaffected. Azure Virtual Desktops could be reset in minutes, as shared by Microsoft’s Scott Manchester—showcasing the agility of modern cloud workspaces. This isn’t applicable to AVD, but all DaaS providers. This combination—IGEL at the endpoint and workloads (DaaS, Enterprise Browser) in the cloud—represents a blueprint for secure, scalable, and resilient desktop delivery.

So (and you’ve been patient) if our destination, in the event of a compromise or failure, is a more resilient infrastructure, powered by a more resilient endpoint operating system and VDI, DaaS, or  enterprise browser – rather than go on holiday there, why don’t we just live there?

The post From Recovery to Resilience: Rethinking Endpoint Continuity in a Zero Trust World appeared first on IGEL.

If you are interested as to why we are releasing a Hypervisor, I recommend you read this Blog post: https://www.igel.com/blog/igel-managed-hypervisor-secure-your-legacy-workloads/

Let’s get started!

What you will need

• IGEL Universal Management Server (UMS) v 12.07.100 or later
• IGEL OS12.6.1 or later
• IGEL Managed Hypervisor App (releasing in Q2 2025)
• WebDAV server to store and deploy the disk images (I used IIS on my UMS server for this in a LAB environment)

The process is very simple; create a VM on an OS12.6.1 or later endpoint, capture the disk image, create a profile in UMS to deploy the disk image to a target OS12.6.1 or later endpoint, then you can remotely manage OS12 and the VM from UMS.

Create

The first step is to create your own ‘Golden Image’. Open the Virtual Machine Manager, click File, New Virtual Machine.

This starts with a wizard which will take you through the steps to create the virtual machine. From selecting the operating system, the storage, CPU and memory to the attached peripherals. In my case I used
a USB storage device with Windows10 and Windows XP ISO files.

Install your selected OS and configure as required.

Capture

Now you have your ‘Golden Image’ we can capture the image and get it ready for deployment. Part of the IGEL Managed Hypervisor app is an export utility called IMH Exporter. To export the VM image to the WebDAV server simply open the IMH Exporter, enter the URL to the WebDAV server and select the VM name you want to export.

The IMH Exporter will then create two files on the WebDAV server: %vm_name%.img and %vm_name%.xml. The .img file is the disk image (this will be a large file, you will need to consider the storage size and network when exporting) the .xml file is a configuration file detailing all the component the VM needs, such as network, memory, CPU etc.

Deploy

Now we have the Image and the config file we can create a UMS Profile to deploy the Image to a target device (Tip: make sure you don’t send the VM to the device you used to create it on as you will get inconsistent results, if you need to use the same device remove the golden image first)

There are two sections in the IMH App Profile, IGEL Hypervisor Domains and IGEL Hypervisor viewer sessions.

IGEL Hypervisor Domains is used for image deployment. (a domain in this case is the name of the VM). Fill out the details for your VM and the URL to the XML file on the WebDAV server.

IGEL Hypervisor viewer sessions are used to create an icon which will start a VM viewer on IGEL OS allowing you to see the VM screen, select if you want the VM to auto-start, where the icon will be displayed and if you want the VM to run in kiosk mode.

Apply the profile settings and assign it to a target device.

Manage

If all has gone well, you will now have a VM successfully deployed and running. To manage the VM navigate to the OS12 device in UMS, there will be a new TAB called Managed Hypervisor, click this and you will see the VM’s installed on the device and their status. From here you can perform various management tasks, such as, Start, Stop, Delete and re-image.

There we have it, four simple steps to getting your first IGEL Managed Hypervisor VM up and running.

If you would like to learn more about the IGEL Managed Hypervisor I will be running Webinars on Wednesday 14^th May 2025 diving further into the details, discussing where IMH fits and running through setting everything up.

Registration links below:

10:00am BST | 10:00am ET | 16:00pm AEST

The post How to deploy a VM with IGEL Managed Hypervisor in four simple steps appeared first on IGEL.

IGEL CEO Klaus Oestermann with 2025 Now & Next Award winners from FMOL, Honeywell, and COCC at the Miami event.
• Jason Tujague, IS Systems Administrator and Jamey Shoemaker, Manager, Technology and Infrastructure, FMOL
• Rick Stopf, Senior Offering Management Lead, Honeywell
• Michael Dease, Senior Manager of Professional IT Services, and Billy Cruz, Technology Services Manager, COCC

Hybrid work is reshaping enterprise IT, making innovation in endpoint computing a critical necessity. To remain competitive, companies must adopt new technologies and flexible work environments set by hybrid models. This shift emphasizes the need for secure endpoint computing solutions that meet the dynamic requirements of a modern workforce.

Last month, at the prestigious IGEL Now & Next 2025 event in Miami, IGEL proudly launched the Now & Next Awards program. These awards reflect IGEL’s ongoing commitment to recognizing innovation among its global customer base as part of its customer advocacy and Global Ambassador Program.

To celebrate the achievements of individuals and organizations utilizing IGEL to drive transformative change by aligning with one or more of IGEL’s four pillars—security, lower total cost of ownership, simplified management, and sustainability—IGEL Technology CEO Klaus Oestermann welcomed each of the winning organizations to the stage.

“We are proud to honor these leaders for their innovative approaches to transforming endpoint security and sustainability, continually expanding the boundaries of what’s possible today and the future,” said Oestermann.

Innovation Award: FMOL – Redefining Secure and Sustainable Healthcare IT with IGEL

The Innovation Award honors organizations that are redefining endpoint strategies for tangible business results. FMOL (Franciscan Missionaries of Our Lady Health System) and its focus on utilizing IGEL technology to enhance IT operations and promote a sustainable digital future aligns strongly with IGEL’s security and sustainability pillars.

“We were able to apply the IGEL firmware to existing devices and reuse over half of our 11,000 devices,” said Jamey Shoemaker, Manager of Infrastructure and Technology, FMOL. “What it’s done for us is create an environment that is highly organized and easily accessible to our field operations teams. We can provide a uniform experience across the health system, regardless of whether you’re inside the hospitals or working remotely.”

• Watch the video

Visionary Award: Honeywell – Setting the Pace for the Future of Endpoint Computing

The Visionary Award recognizes organizations that are revolutionizing their operations now while shaping the digital landscape. Through its innovative leadership and strategic foresight, Honeywell is leading the way in endpoint computing and is closely aligned with IGEL’s pillars of security and simplified management.

“IGEL OS has really helped us to deliver on this secure endpoint experience with a simple, centralized management experience, reduced deployment and management time,” said Rick Stopf, Senior Product Manager, Honeywell. “Typically, we can develop a new hardware Thin Client in about 30% less time than we previously did with our legacy operating system.”

• Watch the video

All-In Award: COCC – Demonstrating the True Impact of Innovation at the Endpoint

The All-In Award recognizes organizations that implement a comprehensive approach to endpoint computing, showing that true innovation occurs when technology and strategy work together.

From enhancing security to optimizing cost-efficiency and supporting sustainability, COCC’s streamlined endpoint deployment aligns with the IGEL principles of security, lower TCO, simplified management, and sustainability. One example where COCC has been “all-in” with IGEL is Florence Bank, which it assisted in transitioning from a traditional to a virtualized desktop infrastructure environment.

“We chose IGEL specifically for the simplicity and security,” said Billy Cruz, Technology Services Manager, COCC. “It’s much simpler, faster, with up to a 30% reduction in client endpoint management costs, offers better and quicker management, and has extended the life of existing devices. Rather than needing a refresh cycle every five years like we would have in your typical thick client environment, we’re extending that more into a seven to eight-year range.”

Michael Dease, Senior Manager for the Professional Services Team, COCC, added, “We use IGEL across over 50 clients that we have today on our infrastructure service, and we service over 9000 endpoints. IGEL has really had a profound impact on the daily use of technology by our end users. I have not found another thin client endpoint OS that can do what IGEL can do—we’re getting an enterprise solution out of the box.”

• Watch the video

IGEL congratulates each of these trailblazing organizations for pushing boundaries and setting the standard for what’s possible in EUC.

We are also proud to recognize our Now & Next Award nominees for the Innovation Award: ESTES (Estes Express Lines) and Jazan University; the Visionary Award: Texas Children’s Hospital and PQR | Rustmakers in IT; and, the All-In Award: Florence Bank and Stadt Schmallenberg.

Are you Interested in seeing your team on stage next year? Sign-up for IGEL’s Global Ambassador Program today for a chance to be featured as part of the 2026 IGEL Now & Next Awards.

In case you missed IGEL Now & Next 2025, you can register to watch the live stream of Day 1 and Day 2 here. Learn more about IGEL, the secure endpoint OS platform for now & next, and IGEL’s Preventative Security Model, here.

The post Celebrating Innovation in EUC: Meet the Winners of IGEL’s Inaugural Now & Next Awards appeared first on IGEL.

The App Creator Portal is your web-based tool for securely packaging and signing third-party Linux apps to run on IGEL OS 12. It replaces the legacy Custom Partitions method, which required manual scripting. Now, packaging and deploying your apps is a visual, low-effort process with built-in security controls—no scripting required. With the newest update, we have introduced Application Recipes directly on the homepage and added detailed build and packaging logs to make the entire app creation process more intuitive and transparent. These improvements remove complexity and provide a better experience for IGEL admins managing custom app delivery in modern endpoint environments. 

Updated App Creator Portal homepage. Click to view the demo video.

Application Recipes Now on the Homepage

Getting started is easier than ever. With community-driven App Recipes now featured on the homepage, you can quickly find pre-built templates for popular apps—complete with installation logic, dependency management, and packaging instructions. These Recipes come from the IGEL Community GitHub and drastically cut the time it takes to get your apps ready for deployment.  Recipes can also be created by customers themselves, or by IGEL Customer Experience teams upon request. 

Application Build and Packaging Logs

We have added full-long visibility for packaging and build processes, giving you the insight needed to: 

• Troubleshoot failed builds 

• Diagnose missing dependencies or permission errors 

• Validate every step of the packaging workflow 

• Download logs for internal escalation or vendor support 

Whether you are working on your first app or optimizing at scale, these logs empower you to build confidently and efficiently. 

A step by step quick user guide

1. Select your Recipe
   Now available on the App Creator Portal homepage: select from existing recipes, upload your own, or clone a GitHub URL of your choice.  
2. Get the binary
   Download the third-party Linux installer (usually a .deb) from the vendor or upload an existing binary. Note that some recipes may require multiple binaries—or none.  
3. Upload
   Use the App Creator Portal to upload the application binary. The ACP analyzes the recipe to identify the required binary or binaries and lists them by name, ensuring you do not miss anything. 
4. Package and Sign
   Standard Edition – Digitally sign the application with a community certificate.
   Enterprise Edition – Digitally sign the application with your organization’s unique enterprise signing certificate. 
5. Download and Deploy
   Use IGEL’s Universal Management Suite (UMS) to deploy the signed app and signing certificate to your endpoints. 

Note: Apps created via the App Creator Portal do not appear in the standard IGEL App Portal. These are private packages, signed exclusively for your corporate environment and intended only for your devices. They are also not stored on the ACP—packages are deleted after download in accordance with legal requirements. 

One Platform. Full Control. 

These enhancements align with IGEL’s Preventative Security Model and lean OS philosophy: deploy only what you need when you need it—without compromising visibility or control. By reducing the manual steps and adding insight into packaging pipelines, we are helping organizations improve operational efficiency, cut deployment time, and strengthen endpoint reliability.  This model reduces your attack surface, simplifies compliance, and ensures only trusted software runs on your endpoints. That makes the App Creator Portal essential for securely running apps not yet available in the official IGEL App Portal. 

You are in control of your custom apps. IGEL supports the App Creator Portal, the certificate infrastructure, and the packaging service.  The IGEL Community maintains Recipes and tooling. You manage the applications themselves. 

Together, this shared responsibility model gives you agility, transparency, and security—with none of the manual complexity of traditional Linux app packaging. 

Ready to simplify your custom app deployment? 

Visit the IGEL App Creator Portal

Watch the Demo Video

Learn more about IGEL App Creator in the Knowledge Base 

The post Simplify Custom App Creation and Deployment appeared first on IGEL.

Gaining visibility into endpoint performance, security, and user experience has long been a challenge. Many monitoring and analytics tools require custom-built agents or complex integrations, adding operational overhead while increasing security risks. IGEL Insights eliminates these barriers, delivering real-time telemetry and data management through a new API and an integrated IGEL UMS dashboard. 

This enables IT teams, security analysts, and technology partners to access critical endpoint data without the need for custom IGEL agent applications. By integrating IGEL Insights with DEX, SIEM, SOAR, Threat Management, and Cyber-Physical System Monitoring solutions, organizations can reduce downtime, enhance security, and optimize endpoint performance. 

What IGEL Insights Will Deliver 

IGEL Insights will provide two key access points for understanding and managing IGEL OS endpoints: 

IGEL UMS Dashboard: Real-Time Performance Data for IT Administrators

• A built-in dashboard within IGEL Universal Management Suite (UMS) will provide key performance and system health metrics for IGEL administrators. 
• IT teams will be able to monitor endpoint activity, identify performance issues, and optimize operations without the need for external integrations. 
• Designed for day-to-day management, the UMS dashboard will present a curated set of essential data while maintaining a simple and intuitive interface. 

IGEL Insight Service Dashboard. Click image to view the demo video. 

IGEL Insights API: Deep Endpoint Intelligence for Partners & Security Teams

• The IGEL Insights API will expose 100% of the captured telemetry and management data for integration with DEX, SIEM, SOAR, Threat Management, and Cyber-Physical System Monitoring solutions. 
• Partners and IT teams will be able to correlate IGEL OS telemetry with other IT and security data for root cause analysis, compliance enforcement, and proactive threat detection. 
• Removes the need for custom IGEL agent applications, allowing direct agentless access to data for real-time monitoring and automation. 

Transforming Endpoint Monitoring and Security 

By leveraging IGEL Insights, organizations will gain a new level of visibility into endpoint behavior while enhancing their existing monitoring and security platforms. 

• IT administrators will benefit from integrated performance monitoring through IGEL UMS, ensuring high availability and uptime. 

• Technology partners and security teams will gain deep telemetry data via API, enabling them to improve root cause analysis and incident response. 

• Enterprise IT teams will be able to reduce support costs, optimize remote work environments, and improve compliance through enhanced endpoint intelligence. 

With the first partner API expected at the end of Q2, IGEL is expanding how organizations access and leverage IGEL OS data to support security, compliance, and performance initiatives. 

Enhancing IT & Security Through Seamless Data Integration 

By making real-time telemetry and management data more accessible, IGEL Insights will empower organizations to take a proactive approach to endpoint security and performance. Whether through the integrated IGEL UMS dashboard or the comprehensive IGEL Insights API, IT teams and security partners will be able to act faster, reduce risk, and optimize user experience—without unnecessary complexity. 

Want to learn more? 
Stay tuned for upcoming announcements and prepare to integrate IGEL Insights into your security and IT operations strategy. 

View the Demo Video

The post IGEL Insights to Deliver Unified Endpoint Telemetry & Management Data appeared first on IGEL.

IGEL Preventative Security Model  & AWS Isolated Recovery Environment

The IGEL Preventative Security Model and AWS Isolated Recovery Environment combined form a multi-layered defense strategy that helps provide security from endpoint to cloud recovery. IGEL PSM ensures that endpoints remain a trusted, compliant, and non-persistent access point for AWS-hosted EHR environments, even in the face of sophisticated cyber threats.

• Read-Only OS: IGEL OS runs in a locked-down state, preventing malware installation, unauthorized software execution, and persistent threats. 

• No Local Data Storage: All data remains centralized within AWS IRE, eliminating the risk of endpoint data exposure due to device loss, theft, or compromise. 

• Trusted Boot Process: IGEL’s chain-of-trust architecture verifies the integrity of every OS component at boot time, ensuring the endpoint has not been tampered with. 

• Secure Application Execution: Only pre-approved applications and virtual workspace connections (ex: Amazon WorkSpaces, AppStream 2.0, or Microsoft Edge) are allowed, reducing potential attack vectors from rogue applications.
  
• Centralized Endpoint Management: IGEL Universal Management Suite (UMS) provides real-time policy enforcement, configuration lockdowns, and automated endpoint recovery, ensuring rapid response to security threats or environmental changes. 

 Securing Critical Workloads in the Cloud with AWS Isolated Recovery Environment

AWS IRE is a highly secure, logically separated recovery architecture designed to protect EHR workloads from ransomware, data corruption, and unauthorized access. 

• Logically Separated Data Storage: EHR workloads are stored in logically separated AWS accounts, ensuring isolation from the primary production environment. 

• Immutable Snapshots & Encryption: AWS Backup, AWS Snapshot Manager, and S3 Object Lock provide protected copies of EHR environments, preventing unauthorized modifications. 

• Automated Recovery Orchestration: AWS CloudFormation and AWS Lambda enable rapid, automated environment restoration with minimal manual intervention, reducing downtime during recovery. 

• Advanced Threat Detection & Monitoring: AWS GuardDuty, Security Hub, and IAM policies enforce continuous threat detection, anomaly monitoring, and strict access controls, ensuring only authorized recovery actions occur. 

• Zero Trust Access Control: AWS IRE leverages IAM policies, AWS Organizations, and AWS Control Tower to segment access permissions, restrict lateral movement, and enforce least-privilege principles. 

By combining IGEL’s endpoint security with AWS’s isolated, fully automated recovery environment, EHR customers achieve seamless, policy-driven access to their recovery systems while maintaining compliance with HIPAA, HITRUST, and NIST cybersecurity standards. 

IGEL and AWS IRE Strengthen Electronic Healthcare Record Security

• AWS Solution with Secure Endpoints: IGEL OS is part of a recovery architecture, ensuring secure, policy-driven endpoint access to EHR environments. 

• End-to-End Cyber Resilience: AWS IRE isolates EHR workloads, and IGEL ensures trusted access with a read-only, stateless OS. 
• Zero Trust and Compliance-Ready: Supports organization in meeting HIPAA, HITRUST, and NIST standards, securing healthcare operations from endpoint to cloud recovery. 
• Seamless Recovery Access: IGEL endpoints ensure clinicians and staff can instantly access AWS-hosted EHR environments in a disaster scenario. 

IGEL and AWS are delivering a fully validated, end-to-end IRE solution for EHR customers. By combining IGEL’s secure, policy-enforced endpoints with AWS’s isolated recovery architecture, healthcare organizations can achieve enhanced cyber resilience ensures , secure patient data, and maintain uninterrupted operations. 

Key Takeaways 

• Validated AWS IRE Solution: IGEL endpoints ensure compliant, trusted access to recovered EHR environments. 

• Seamless Disaster Recovery: Rapid failover with pre-configured, policy-enforced IGEL devices. 

• Zero Trust Security: Endpoint-to-cloud protection ensures resiliency against ransomware and cyberattacks. 

Would you like to explore how IGEL OS and AWS Isolated Recovery Environment can support your EHR security strategy?

Contact us today to learn more.

The post Enhance EHR with AWS Isolated Recovery Environment and IGEL appeared first on IGEL.

Why Progressive Web Apps Matter 

PWAs bridge the gap between web and native applications, delivering an app-like experience while remaining lightweight and browser-based. They bring several benefits, including: 

• Offline Support – PWAs can function even when connectivity is limited. 

• Push Notifications & Background Sync – Improves engagement and real-time updates. 

• Cross-Platform Compatibility – Works seamlessly across devices and operating systems. 

• Centralized Deployment – IGEL administrators can deploy PWAs to IGEL OS desktops, allowing users to access them just like any other application, with a seamless launch experience. 

For IGEL OS users, this means another secure and efficient way to access enterprise applications while maintaining IT control and minimizing overhead. 

Expanding Application Delivery: PWAs & Beyond 

PWAs complement the existing application delivery methods IGEL already provides: 

• Virtual Apps & Desktops via DaaS & VDI – With Omnissa, Microsoft AVD/Windows 365, and Citrix, organizations can virtualize applications securely without endpoint dependencies. 

• Enterprise Browsers – IGEL OS natively supports Edge, Firefox, and Island, providing secure, direct access to web applications. 

• IGEL Managed Hypervisor (IMH) – When Windows is required at the endpoint, IMH delivers an immutable, rollback-ready Windows instance for critical environments. 

• Additional PWAs – expanding the number of PWA’s available from the IGEL App Portal now including Microsoft Office apps like Teams, Outlook, Word, Excel, PowerPoint, and Copilot, and Google Gmail, centrally managed and deployed for seamless access. 

A Secure Foundation with the Preventative Security Model 

Like all IGEL innovations, PWA support is built on the foundation of the Preventative Security Model (PSM), ensuring: 

• A secure-by-design approach that eliminates attack vectors rather than reacting to them. 

• Integration with IGEL’s security ecosystem, including authentication, encryption, and Zero Trust principles. 

• Simplified management and control—centralizing security and access policies while reducing endpoint complexity. 

A Unified Approach to Secure Application Access 

With expanded PWA support, IGEL OS offers an even broader application access strategy that meets organizations where they are—whether through DaaS, VDI, enterprise browsers, hypervisor-based Windows, or IGEL native apps. By enabling centralized deployment of PWAs, IGEL ensures users experience them just like traditional applications, while IT maintains full control over security, configuration, and access policies. 

Ready to Leverage PWAs on IGEL OS?

If your organization is looking for a modern, secure, and cost-effective way to deploy applications, PWAs on IGEL OS are an excellent option. Combined with our robust ecosystem of application delivery methods, IGEL provides the ultimate flexibility for secure enterprise access. 

Would you like to explore how IGEL OS can support your digital workspace strategy?

View the IGEL PWA demo video

Contact us today to learn more.

View the  Microsoft Teams PWA on IGEL App Portal

The post Expand App Access on IGEL OS with Progressive Web Apps appeared first on IGEL.

The Power of IGEL UMS as a Service for IGEL OS Endpoint Management 

IGEL UMS as a Service  extends software as a service (SaaS) benefits specifically to IGEL OS-powered endpoints, providing a centralized, streamlined solution for managing thousands of devices with ease. IGEL Universal Management Suite as a Service is a cloud-hosted endpoint management solution delivers scalability, security, and simplicity. IT admins manage policies, updates, configurations, and performance monitoring from a single console.

Strong Security & Compliance 

Security is built into IGEL UMS as a Service (UMSaaS) from the ground up: 

• Zero Trust Ready: Strong authentication and role-based access controls ensure only authorized users can manage endpoints.  

• Read-Only OS Security: IGEL OS endpoints are inherently secure, preventing malware installations and unauthorized modifications. 

• Integration with SIEM Solutions: UMSaaS allows logs to be exported to Security Information and Event Management (SIEM) platforms for compliance monitoring. 

• Automatic updates: Continuous updates ensure that security patches and new features are always applied without manual intervention.
  

Faster Deployment & Reduced IT Burden 

With IGEL UMSaaS, IT teams can deploy IGEL OS endpoints in minutes rather than days. There’s no need for manual provisioning, and updates are applied automatically.  

• Pre-configured Quick Start Templates enable fast deployment of IGEL OS devices with minimal setup time. 

• Distributed Peer Updates app enables the IT admin to set up one endpoint device as the peer update server so that only this device will access the main server to download the updates. All other devices access the distributed peer update server from within the network and will no longer offload the outside network.
  Auto-scaling capabilities support organizations of any size without performance bottlenecks. 

• More efficient use of IT resources – teams can focus on strategic initiatives rather than endpoint maintenance. 

• Consistent user experience – standardized configurations ensure every user gets a seamless, secure experience. 

• Lower IT support burden – fewer troubleshooting calls and faster resolution times. 

Distributed, Hybrid, and Global Workforces 

IGEL UMSaaS makes managing remote and hybrid workforces effortless by allowing IT administrators to deploy, monitor, and update devices anywhere in the world via a web browser —without requiring VPNs or on-premises infrastructure.  

Modernize Your Enterprise Endpoint Strategy with IGEL UMSaaS 

As enterprises continue to embrace cloud-first strategies, IGEL UMSaaS provides the scalability, security, and ease of use required to manage modern endpoints effectively. By eliminating infrastructure complexity and automating key management tasks, IT teams can focus on delivering exceptional user experiences while maintaining robust security. 

Whether you’re looking to reduce costs, enhance security, or simplify endpoint management, IGEL UMSaaS is the cloud solution that helps future-proof your digital workspace. 

Would you like to explore how IGEL OS can support your digital workspace strategy?  

Contact us today to learn more about how IGEL UMSaaS can streamline your digital workspaces. 

The post Cloud-Powered Endpoint Management for the Modern Enterprise appeared first on IGEL.

What is PIV? PIV is an acronym for ‘Personal Identity Verification’ – which is a US federal government-wide credential. IGEL do support PIV.
What is CAC? CAC is an acronym for ‘Common Access Card’ – Is a standard identification for US defense personell. IGEL supports CAC.
Both PIV and CAC = certificates that validate an identity. Certificates also exist in non-US government environments, like healthcare, government etc. outside of the US – this article apply to all of certificate-based identification scenarios. Throughout this blog I will name everything PIV (as the function YubiKey is named PIV – to store a user identity certificate)

Security keys are becoming more and more popular, and using security keys in remote sessions is crucial. IGEL OS does, through its browsers support Fido2, but when it comes to access of Azure Virtual Desktop and Windows 365 we are waiting for the Fido2 auth support. While waiting, there is another way to use your security keys. Looking at YubiKey, these security keys have a PIV slot, which means that you can install a certificate on the YubiKey and use the certificate on the security key for strong and rapid authentication.

Technically, the YubiKey replaces the smart card, with the benefits of increasing the access performance. Using a YubiKey instead of a common smart card will give definite speed improvements, just by the architecture of the YubiKey, which has a much higher IO rate compared to regular smart cards. Where speed is of essence, YubiKeys are here to help!

The drawback in my view of security keys vs smartcards is the user intervention while inserting and removing the component. It is just more cumbersome to insert a USB stick that doesn’t fit in one way (USB-A variant), this of course gets easier with the USB-C version of YubiKeys. Of course, I’m talking about the roaming user concept.
If you have the benefit of having One User – One device, and can leave the YubiKey in the port, makes it much easier.
Smart cards on the other hand, is usually very easy to insert and remove based on its formfactor.

When using YubiKey PIV, the stick presents itself as a smart card, when inserted in the IGEL OS device, which also means that we can utilize the smartcard watch daemon, which monitors insert and removal actions and allow you to script what should happen when a smart card is inserted or removed.

As you probably understand by now, you can mix users with smart cards and users with PIV security keys, as IGEL OS treats the components equal. this makes it easy for you while transitioning from smart cards to security keys, or just want to have a mix.

To configure IGEL OS to use your security key as a PIV device no additional configuration is needed above what’s explained in this article: https://www.igel.com/blog/authentication-to-windows-365-with-igel-smart-card/

IGEL OS is not specifically tied to Windows 365. If you are using Azure Virtual Desktop (AVD) and Windows 365, or maybe even only AVD, this configuration applies to both environments. You do not need to use Windows 365 specifically.

As a summary, you now know that IGEL OS will enable you to use certificate-based identification to Windows 365 and/or AVD, it might be that you want to streamline the authentication speeds, your are using a mix of security keys and smart cards, or you want to increase the authentication strength for your users accessing your cloud (or local using AVD on Azure Local) desktops.

Let’s have a look att the user experience when logging in to Windows 365 using YubiKey PIV. This is the first Youtube, the second video is using the Yubikey PIV to login to Azure Virtual Desktop:

Hope you found this useful!

/Fred

Stay tuned to the upcoming blogs on Insider Tips with Fred Brattstig.

IT leaders, innovators and security experts will converge at IGEL Now & Next in Miami in March to show the latest solutions and synergies to optimize endpoint management, enhance security, and improve clinical workflows. Click Register Now to view the agenda and keynote speakers.

The post CAC/PIV smart cards, YubiKey and more. Insider Tips on how IGEL OS use both appeared first on IGEL.

Usually our life isn’t binary, very few organizations have the luxury of only having ONE single solution for their IT environment. In this follow-up blog I take the opportunity to show how IGEL OS can be your companion enabling secure certificate-based authentication with EntraID and Smart Card while using both Windows 365 and Azure Virtual Desktop. Many organizations looking and, or using, Azure Virtual Desktop and Windows 365, will in many cases combine both to fulfill different use cases.
Let’s fulfill a simple roaming between stations for your users, that have no interest at all about HOW the IT infrastructure is set up, they just want to do their work, and they certainly don’t care if they connect to a Windows 365 or an Azure Virtual Desktop (AVD) session.

I have seen many organizations that I have had the pleasure to engage with, where the optimal configuration is to have non-personal kiosk stations scattered across the organization’s office/hospital/warehouse, their users should be able to just walk up to one of the stations and easily roam their remote session to the station wherever they are, insert their smart card, and get back to where they were when leaving the last kiosk station.
At the same time, the solution that I demonstrate in the video below, of course fulfill the single user – single device, making it ideal for Zero Trust initiative.
You might think that this will add waiting time for users, as when using IGEL OS AVD or Windows 365 App, there is no subscribed resources, so it must take longer time to complete the login sequence!? Actually, that is not the case, a complete smart card certificate-based authentication to Entra and get connected to a desktop in just shy of 14 seconds. While maintaining Zero Trust!

Adding to that, the possibility that IGEL OS gives to assign a custom AppID for your IGEL OS endpoints when connecting into the AVD/Windows 365 services raise the security dramatically! I happened to write a blog on that subject, you can read it here: https://www.igel.com/blog/elevate-avd-and-windows-365-access-with-insider-tips-for-igel-os/

Let’s get back to what I’m about to show you. My IGEL OS device is configured for a Kiosk type of scenario. I have disabled any user access to the operating system, making the only way to interact with the kiosk station, is to insert the smart card, validate the Pin, and connect to the Desktop in Azure, so be it AVD or Windows 365. Actually, this can be used with Azure Virtual Desktop on Azure Local too.
the user, after validating the Pin for the smart card, gets logged in, without any further user interaction, and are taken back to the virtual desktop and can continue to be productive in matter of seconds.

When the user is done and need to rush away in the organization, simply removing the smart card from the IGEL OS endpoint disconnects the remote session and returns the IGEL OS kiosk to be ready for the next user to insert their smart card.

As you can see in the video, I have created a custom wallpaper, that also follows to the interaction screen of the AVD client, instructing the user about what to do to get started. With the nifty device customizations in IGEL UMS, this can be a way for you to talk to your users, by using desktop customization updates, you can push a new welcome screen to your users in matter of seconds, to inform about outages, or other important messages.

Now, let’s look at the video on optimal user experience with smart card session roaming, Microsoft EntraID, Azure Virtual Desktop and Windows 365!
By the way, all the configurations that done I for this video can be found in the blog here!

Hope you found this useful! Stay tuned to the upcoming blog on PIV, CAC and security keys.

/Fred

IT leaders, innovators and security experts will converge at IGEL Now & Next in Miami in March to show the latest solutions and synergies to optimize endpoint management, enhance security, and improve clinical workflows. Click Register Now to view the agenda and keynote speakers.

The post Strong and Simple Authentication, Clean Kiosk, and Zero Trust appeared first on IGEL.