Cloud-Based App Management Shown at Microsoft TechEd Europe
Microsoft showed how application management works using the Windows Intune and Windows Azure Active Directory services at TechEd Europe on Tuesday.
A demo was conducted by Brad Anderson, Microsoft's corporate vice president of the Management and Security Division, who delivered a "sneak peak" of Microsoft's cloud-based application management concept that will leverage Window RT ARM-based tablets and other "unmanaged" devices. Anderson's demo starts at about hour 2:09 in this Microsoft Channel 9 recording.
Windows Azure Active Directory is now integrated with the latest release of Windows Intune, which is a PC management service offered by Microsoft. The integration helps support multiple device management by IT pros by authenticating users and devices. This capability was something that Microsoft had announced earlier this month, but Anderson's demo may have been the first to show it in action.
IT organizations can point user devices toward apps using Windows Intune (which is called "sideloading" apps) or they can do that via the Windows Store (called "deep linking"), Anderson explained. The process works with unmanaged Windows RT ARM-based tablets, as well as with other mobile devices. In the demo, Anderson used an Apple iPhone.
While today there are corporate-managed and user-controlled devices, future growth will come on the user-controlled devices side, Anderson contended. The main point he made during the talk was that bring-your-own-device scenarios can work in organizations if IT has both governance and control over the device. Organizations don't actually need to own the device, he stressed.
The actual device management gets enabled through the use of an agent, Anderson explained.
"You may have policies that may say, 'Hey, you can have your own personal device, but it has to join the directory'," Anderson said. "And as soon as it joins AD [Active Directory], we're going to push an agent down and we're going to control the device, just like the devices we procure."
Microsoft's traditional management approach with Systems Management Server (now called System Center Configuration Manager) has been organized around handling so-called "privileged apps." However, Anderson posited a new world where most apps won't be privileged.
"In traditional Windows, I can build an agent; I can build a service. That service can have a global view of everything that's happening on the device. That app is incredibly privileged," Anderson explained. "The right column, that's Windows RT or iOS, where you can build an application but the application is its own entity and it can't really see other applications. In an iOS, there is no concept of building a scheduler; there's no concept of building a service. So the app is not privileged."
For this new world, Microsoft is adding governance and control. Governance is about setting the policies for how users access their apps and data, he explained. For instance, IT departments can enforce a "power-on password" if the user wants to access company e-mail or corporate data.
"Whether your device is a Windows device or a non-Windows device, everything that the user is going to do from that device is going to be based on their Active Directory ID," Anderson explained.
Anderson demonstrated using the Windows Intune service to authenticate via Windows Azure Active Directory using a browser on the Apple iPhone. Following Active Directory authentication, the device becomes trusted, he said. He then showed the installation of an app on the iPhone from the Windows Intune service.
A Windows RT device is not Active Directory joined. Instead, the device gets "enrolled into the service," Anderson explained. IT pros can use the Windows Intune service to see all of the apps that have been activated for a particular ID, including line-of-business apps and Windows Store apps. IT pros can delete the device from the service or they remotely wipe the device, he explained.
Anderson concluded the keynote talk by encouraging the TechEd crowd to embrace Microsoft's various "leading-edge technologies."
In addition to this Windows Intune approach to getting apps, Microsoft has previously described a way of getting company-built Metro-style apps on a Windows RT device via a "self-service" portal.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.