IT Decision Maker

Blog archive

System Center's MDM and BYOD Strategy

For months now, I've been bemoaning -- to pretty much anyone who'll listen to me -- Microsoft's mobile device strategy, or seeming lack thereof.

When Windows Phone 7 was announced, I thought, "Aha! This is how Microsoft's going to compete! They'll leverage their deep relationship with business and produce a mobile phone that's cutting edge and manageable, unlike everything Apple and Google have thrown at us!" I note that recent Samsung devices are an exception; Sammy's been getting enterprise-savvy in the past months.

When Surface was announced, I thought "Aha! This is how Microsoft's going to compete! They'll leverage their deep relationship with business and produce a tablet that's cutting edge and manageable, unlike..."

Yeah, not so much. Microsoft seems so "et up" with Apple Envy, Windows Phone and Surface RT both turned out to be almost purely consumer plays (Surface Pro doesn't count; it's not a tablet, it's an Ultrabook with a removable keyboard, which is fine). Nothing in Windows RT or Windows Phone really pointed to proper enterprise manageability. No Group Policy love. No real anything love. Ugh. I keep telling people that I wish Microsoft would spend a bit less time worrying about the phone my Mom buys, and ship a phone my CIO could love. Fewer organizations would feel the need to cave to BYOD if a viable corporate-friendly alternative was available.

Or maybe BYOD is inevitable. Certainly, fewer organizations are paying for those expensive smartphones and their data plans, now that BYOD is rampant. "Heck, if users are willing to pay for these things and use them to check work e-mail... um, OK." But BYOD still has massive downsides, and Microsoft's tablet and phone folks just didn't seem to be attacking the problem.

Leave it to the System Center team, specifically the System Center Configuration Management (SCCM, although I'm told I'm supposed to call it ConfigMgr these days) team. With SCCM (I'm old-school) 2012 R2, these folks have come up with a brilliant solution that recognizes not only the importance of MDM, but the stark reality of BYOD. They're rolling out a "Company Portal" app, which users can download from their device's respective app store, and use to enroll in their organization's infrastructure. SCCM will understand the difference between a BYOD situation and a company-owned device (you tell it which situation a device is in), and offer appropriate data and manageability. For example, company owned devices can be more deeply managed and completely wiped; BYOD devices can have company-deployed apps and data removed, but that's all. Once a device is enrolled, you get inventory, app deployment, and even a great degree of configuration enforcement through SCCM's configuration auditing feature set. The Company Portal app, along with native device features, essentially acts as a local SCCM client.

The Company Portal app also provides an "in" for sideloading enterprise apps without going through the device's native app store. Typically, the Portal app accepts the organization's deployment certificate, which would need to be obtained from Apple or Google or whoever, which enables sideloaded apps to execute on the device. It's a lot like the Test Flight app for iOS, which allows developers to recruit their friends, and "push" app builds to them, bypassing the store during testing phases. That means organizations can offer mobile apps to users -- whether those apps were developed in-house or brought in from a vendor -- and drop the apps directly on the device, bypassing the device's store. Those apps can similarly be wiped -- along with their data -- on demand.

Note that all of the MDM features of SCCM are actually conducted through an InTune subscription; InTune does the management, and integrates with SCCM for a simpler and more centralized administrative experience. It's another clear sign that Microsoft's future consists of a Cloud+Local=Hybrid environment.

For me, this is just one more example of how Microsoft's back-end business units really "get it." Buying Azure? They're happy to have you run a LAMP stack in Azure... you're paying for Azure, and that was their goal. Standardized on iOS, or just inundated by it? SCCM is happy to manage it... 'cuz you bought SCCM, and that was the goal. It's as if Microsoft -- or at least that back-end portion of the company -- has said, "so long as we own the back-end, we don't really care what the front-end is doing, so we're going to be as embracing of the different front-end ecosystems as possible."

Of course, it's a journey. The current MDM capabilities from InTune and SCCM aren't 100 percent complete, but they're pretty darned impressive. Each new release (InTune is on a quarterly rev cycle, like many of Microsoft's cloud offerings) brings new capabilities to Windows RT, iOS, and Android, along with Windows Phone. "Do whatever you want on the front-end," Microsoft is saying. "Our business unit makes money when we're managing it all."

Bravo, Microsoft.

Posted by Don Jones on 09/12/2013 at 2:36 PM


Featured

comments powered by Disqus

Subscribe on YouTube