Asset Management Lifecycle

A key tenet in Information Technology is to know what you have. Asset Management is typically the most significant concern but the lowest accomplished. It is vital to understand and master to ensure an organization is well maintained and secured. Additionally, it is not just a one-and-done project but a continual process.

As a 'Level 1' Help Desk engineer, influencing management on purchasing the right equipment will be challenging. From a support perspective, getting higher-quality machines for employees to use would seem beneficial. Better quality means fewer problems to fix down the line. From a managerial perspective (specifically regarding budgets and the accounting bottom line), everything asset purchased is a Capital Expenditure or CapEx. These costs impact a company's financials. Companies will try to cut expenses during lean years, such as economic downturns.

Resolving this issue will require trade-offs. Should everyone get the same high-end equipment, low-end equipment, or tailored to their work? An example is the difference between a software engineer developing software, in contrast to a building maintenance engineer. The software engineer might need a more powerful computer to build, test, and deploy code. An engineer may only need a low-end computer, as they are primarily working with their hands in the field, not sitting at their desk. They might only need access to email, a web browser, and a work order system (which might be web-based).

A computer with an Intel i5 processor, 8 gigabytes of ram, and a 256-gigabyte solid-state hard drive will suffice. They may need a laptop if expected to work outside their desk (such as in meetings, travel, or work from home). If their computer use is limited, they may need a desktop.

Another consideration is if their work is entirely web-based or if they connect to a 'jump box' or remote into another machine to complete their work. If this is the case, they can use lower-end equipment. This will be the case in many larger enterprises with specific roles (such as video game development, accounting, or software development).

The last component in planning, regarding cost, is if a company wants to streamline its device purchases with a specific brand or to be vendor-agnostic. Both have their positives and negatives. A positive of streamlining with a particular vendor is getting bulk-order discounts and limiting support needs. A con, in this scenario, is logistics. If the vendor runs low on supplies, the company will be stuck waiting on deliveries. During the COVID-19 economic downturn, many businesses ran into long delays in equipment.

In contrast, the vendor-agnostic approach has the benefit of choosing different vendors depending on stock availability. However, this will come at the cost of increasing support for differing devices. (Also might come with device envy... "That computer looks better than mine" or "I want that one!")

To combat costs, it is important to ensure to 'right-size' the decision. Understand the complete needs of a business and its components and choose what will work the best. Coming to the table with a better understanding of management will benefit the planning process. If a good enough presentation is put forth, it is much more likely to get things rolling the way you want.

One personal example of cost-conscious management is at one employer; the management requested a rationale to spend money on warranties for each device. They thought it might be cost-effective to stop purchasing warranties. A 3-year warranty could cost $150 per device. Multiply it across 200 devices purchased in bulk, costing $30,000 for the warranty. If each device costs $1,500 ($300,000 for 200), cutting the warranty could save about 10%. Seems like a no-brainer for management.

But that ignores the possibility of those devices having issues or getting damaged. In my situation, we had approximately five devices that had manufacturer defects. We had about five others that got damaged rather quickly after being delivered. So ten devices needed repairs within the first six months. That might have been $15,000. By the end of the year, more devices had to be repaired. So the $40,000 cost would be a net gain in the long run.

And if stocks are low and delivery times are far out in the future, this would mean many employees without the ability to work, costing even more. With crude math, maybe $1,500 a week per employee, so another $15,000 in this scenario. Once again, knowing how management thinks will help guide a better decision.

Lastly, deciding what to buy should also consider how it will be managed. None of the above examples or options will be effective if the foundational management of these devices is overlooked or poorly deployed. More details in this vein will be in the Operations section of the Asset Management Lifecycle.

A lesser issue, but still worth noting, is how you intend to acquire equipment. There are various strategies in ordering equipment: Direct from the manufacturer, retail outlets, and middle-men resellers. Each may have its benefits, depending on an organization's needs. They also have their negatives.

First, it's essential to determine how you intend to set up and deploy equipment. The three most common ways are manual setup, imaging setup, and cloud-aware setup.

Manually setting up equipment is the most brutal way. You start with ordering the equipment and delivering it to your central office. Then you set up the device with all the software, settings, and user information. Lastly, you send it off to the employee. This is only useful when an organization lacks the resources to implement one of the other two standard setup methods. It will take much longer but is very simple and can follow basic steps, such as a Standard Operating Procedure (SOP) guide. I would guesstimate this process can take 1-3 days for shipment, 2-8 hours of the setup before the employee gets the equipment, and another 2-4 hours of setup after the employee goes through and verifies their needs were met. This process is terrible and tedious. However, it is widespread when you are first starting.

The second way is a bit less labor-intensive once your image is created. You also open up two ways to set up the computer. It can either be imaged by the vendor or delivered to you and images, before sending it off to the employee. However, the image must first be created, which can also be tedious. Once the initial image is created, you can deploy these images with either a USB thumb drive or a deployment server. This method may be less useful if you set up minimal devices over a year. However, this will be beneficial if you are setting up in bulk. A reasonable expectation is that it may take 1-7 days for an initial image to be set up and then 1-3 days for vendor imaging and shipment. Then possibly another 2 hours after the employee receives their equipment to verify their needs. I avoid this method at all costs. An image is only as good as it is kept up to date.

The last standard setup is cloud-aware setups. This method is more developed within the Windows realm of computers. Microsoft has a simplified but powerful tool to streamline ordering, setting up, and implementing new equipment. Their tool for this is called Microsoft Autopilot. A vendor can take a device still in the box and ship it directly to the employee. That employee can set up their computer by logging in for the first time, and the majority, if not all, settings and apps are automatically deployed. This process can take 1-2 months for the initial setup and integration of the vendor into the system and 1-3 days for the vendor to upload the computer information to Autopilot and shipment. And another 1 hour for the employee to verify any miscellaneous tasks or applications out of their standard.

The main sticking point with this method is knowledge of these systems. It can take much less time than I estimated, but it requires knowing how to set up policies, configurations, scripts, and applications. This can be wildly different between vendors. In my experience, one non-Microsoft system took almost a year to perfect because of the evolving nature of its platform. However, Microsofts Intune/Endpoint Manager took much less time but offered less functionality (albeit they are improving it frequently). The downside to this method is shared drives, printers, and archaic software. There is no native support for shared drives and printers (Microsoft specifically pushes for their other cloud services to replace them). Archaic software will be a show-stopper, depending on how it installs (specifically if it requires a local domain controller or cannot be installed through the command line).

Once you have determined what method works best for your organization (with me pushing for the cloud-aware option), you can figure out who you can order from. If you choose the first method, any supplier will work. If you select the second method, you will need a reseller who offers imaging capabilities (at an added cost). If you choose the last option, you can order from resellers or directly from vendors. Most of them have the capabilities to link to the Microsofts Autopilot system.

In the past, I felt it was beneficial to stick with one vendor instead of diversifying. This seemed helpful, as you can get bulk discounted deals and have standardized equipment. One or two models, heavily discounted from retail pricing, and the ability for consistent support. However, with the experience of logistics shortages in the past few years, this option may not be as beneficial for most companies. Smaller companies may be fine with delays in deliveries. However, mid or large-sized organizations will find it challenging to wait weeks or months for equipment to show up. Additionally, if you are not imaging devices, the current form of Windows Update will handle varying manufacturers much better. The only issue is verifying the quality of the individual models.

If your company uses cloud or more modern desktop applications, moving to a cloud management system with Microsoft Autopilot and multiple vendors is best.

After figuring out the business needs, budget, and logistics, you must execute the plan. How will employees request new equipment, and where?

As a Help Desk engineer, you do not choose who gets the equipment. Nor should you want to be that arbiter. Setting a standard for how employees submit requests is vital to ensure consistent operations and support. This will involve what ticketing or request platform an organization has implemented. Modern systems like FreshDesk, Salesforce, ServiceNow, ZenDesk, and ConnectWise have workflow capabilities.

This workflow is a pretty simple concept. The employee requests equipment through the platform, selects who it is for (themselves or another employee/hire), and the request is sent to their approver (typically a manager). You submit the order and set up the equipment. Setting up this standard workflow and automation will improve the quality of life for Information Technology staff and employees.

To expand on that workflow further, this process should confirm what needs to be set up on the computer: available models to choose from, where they want the equipment to show up, and what settings or software they need. Most of this will be superfluous if your device management system is set up correctly. Software, printer, or shared drive deployments based on group membership is the best way to accomplish this. However, you will need this information for new hires to make the employee's first day less stressful.

The final thing to consider is how much work the employee will have to endure when getting up to speed. There are various ways to limit employees' need to handle technical work. The first way is to have their password. This way, you are taking the work from start to finish. The employee takes the equipment and is ready to go. Knowing an existing employee's password is frowned upon, but it still happens. This is less of an issue for a new hire, as they haven't started yet. The workaround for security concerns is to have the employee reset their password afterward.

The second way is to do the bulk of the work before the user signs in. Then sitting with them to complete the rest of the setup. This limits their work and eliminates password sharing, but it is less seamless for the employee.

The last way is slightly more work for the employee but eliminates password sharing and splitting the setup process. This option is only helpful for cloud-aware deployments. They will still need to do minor tasks, like setting default applications, arranging icons how they see fit, and signing into applications to complete setups (such as Office applications). Implementing the proper automation can be as quick as a thirty-minute process, directly shipped from the vendor.

The maintenance aspect of asset management is much less complicated. The basics are keeping devices updated, keeping applications updated, keeping security software updated, and ensuring device security settings are enabled.

As Windows has evolved, the updating function has ebbed and flowed from terrible to fantastic. As Microsoft has improved the system, they have encountered other issues, such as bad patches. However, with all those growing pains, Windows Update has elevated its quality. Windows Updates are installed seamlessly in the background for many updates, with the larger ones having 90% of the work completed in the background and only 10% visible during a reboot. Drivers are consistently supported across most vendors natively in Windows Update, limiting the tedious nature of finding vendor patches for your computers.

For the company, it is essential to set basic policies for updating. Most device management systems have integrated ways to accomplish this. However, it is better to set up update rings. Early adopters (such as IT and some employees in the company willing to test out updates) get updates right away. The rest of the company receives delayed updates (30 or 90 days out).

On the other hand, applications vary significantly as to how they update. Some may not update automatically. Instead, they force you to go online, manually download, and update it yourself. Others may have built-in update mechanisms, but they are not automated. However, it streamlines the process. Lastly, more modern applications update automatically by default.

IT can manage application updates through device management systems. If a release comes out, you can push it out to employees through that system, using scripted logic (applying only to those that aren't current). IT can also migrate a company from older, more onerous applications to update.

In the same vein as applications, antivirus software should be kept current. Ensure they are set to download and install virus definitions, which should be by default.

For the security of a device, not only do updates and antivirus need to be current, you also need to ensure the device's settings are secure. Windows comes with a wide breadth of configurable settings. Many of these can increase the risk for a company and its data. Ensuring proper NIST-recommended password policies are employed, disk encryption is enabled, and Windows security baselines are enabled.

With Windows security baselines, you can standardize settings on your devices with recommendations from either Microsoft or Center for Internet Security (CIS) baseline profiles.

One last comment about maintenance is probably the most critical aspect of Asset Management. Tracking devices from purchase to destruction. I have run into companies who have no clue where equipment is. I have also seen companies that use asset tags stuck on devices but not saved in a system consistently, rendering the system pointless. The tried and true method of tracking equipment is their serial number. It is typically already adhered to the bottom of the device and shows up in the computer's settings, but also trackable across multiple systems.

The key is to ensure there is a method of tracking what devices exist and who is currently using them. In contrast to tracking computers or phones, I do not necessarily believe you need to track mice, keyboards, or monitors.

It should go without saying, but when someone leaves the company, they must return their equipment. However, if the equipment is not destroyed, you may need to trigger a device wipe to protect sensitive company data.

If the company is large enough, Human Resources is the point of contact for all terminations. If equipment needs to be returned, they must provide means for it. Either the former employee drops it off with them, and it is returned to IT, or a box is shipped out for the equipment to be returned. IT may still need the physical labor, but the Human Resources personnel are run point on the logistics.

If equipment is lost, damaged, or stolen, the data should be wiped out of the machine. This will prevent data theft when recycling or trashing equipment.

It is reusable if a device is being returned and still within warranty (or company policy dependent, less than five years old). Having a process to wipe and repurpose will save the company money. Device management systems can wipe devices. If you have Autopilot set up, you can rapidly redeploy devices where needed.

The final statement regarding decommissioning devices is to recycle where possible. If a device cannot be repurposed, send it to an e-Waste company or Staples. Staples provides free recycling. If the equipment is sensitive enough, use an Iron Mountain-like company for the secure destruction of hard drives. You can save money or even get charitable write-offs if you coordinate with a non-profit to recycle old equipment.

Asset management is a blend of many functions of IT. You need to prepare for the needs of a business, work within the budget, lobby for a bigger budget, and deploy devices most efficiently and economically. After that, you need to ensure the security of those devices and recycle them when they are no longer in use.

For a Help Desk engineer just starting, this is an excellent primer on how to become a better asset at a company. Being proactive in thinking about the various aspects of your job and the other functions of a company will let you advance in your career. I have saved a company over $500,000 a year by being curious about something outside the original scope of my contracted work.