What features should I look for in a Windows device management tool?Solved

I went through this exact transition last year, and it is a massive relief once you get the right infrastructure in place. 

Based on the pain points you mentioned, here are the absolute must-haves you should prioritize: 

1. Zero-Touch Provisioning: Ensure the tool integrates securely with Windows Autopilot. This allows you to drop-ship laptops directly to remote employees, and the moment they sign in, all corporate policies are applied automatically. 
2. Robust App Deployment: You need a platform that natively supports distributing MSI, EXE, and Microsoft Store apps silently in the background without interrupting the end-user or requiring them to have local admin rights. 
3. Kiosk Lockdown: Since you have lobby devices, a robust Windows Kiosk mode is essential. You want the ability to lock a machine down to a single application (like a browser for visitor registration) or a restricted multi-app Start menu. 

To build on those points, the right choice ultimately depends on your specific organizational requirements, but we use Hexnode to handle our Windows fleet because it covers those scenarios. 

When evaluating a solution, you should also prioritize custom script execution and remote troubleshooting capabilities. While native UI policies cover most daily operations, you will inevitably encounter edge cases. A strong management tool should allow you to deploy custom PowerShell or Batch scripts to execute complex configurations over the air. 

Additionally, look for features that proactively reduce your ticket volume. A self-service app catalog, for instance, allows users to safely install IT-vetted applications on their own without needing administrative credentials. Finally, ensure the platform provides deep security governance, allowing you to enforce BitLocker encryption natively, manage Windows Defender threat profiles, and push critical OS updates centrally