The Schwartz Report

Blog archive

Microsoft Emboldens EMS as Partners and Rivals Explore Its APIs

Microsoft's Enterprise Mobility + Security (EMS) service has come a long way over the past year with added integration and new capabilities as organizations grapple with what role it will play. If Microsoft has its way, EMS, bundled with Office 365 and Windows 10 will ensure customers won't choose third-party data tools to secure access to data, apps and cloud services and for authentication and policy management. But despite Microsoft's declaration that EMS is the most "seamless" enterprise information protection offering, the company is also showing a pragmatic view with the recent release of the Intune APIs, and partnerships with those who have rival solutions from VMware, SailPoint and Ping Identity, among others.

Nevertheless, Corporate VP Brad Anderson has long argued the case for EMS, and claims it's the most widely used enterprise mobility, application and device management offering. Anderson released a 35-minute video last week called "Everything You Want to, Need to, and/or Should Know About EMS in 2017," where he made the case for EMS and gave demonstrations showcasing the new EMS portal, and features such as conditional access, ties with the new Microsoft Security Graph, integration with Azure Information Protection and the recently released Windows Information Protection in Windows 10 and the release of the mobile application management (MAM) SDKs, that allow for the embedding of EMS controls into apps.

The slickly produced video came on the heels of a post by Anderson two weeks earlier that highlighted the coming together of PC and device management using mobile device management (MDM) approaches. It is indeed a trend that is gaining notice. It was a key topic of discussion during last December's TechMentor track at the annual Live! 360 conference in Orlando, Fla., produced by Redmond publisher 1105 Media. The application of MDM to PC and device management is also the focus of this month's Redmond magazine cover story, "Breaking with Tradition: Microsoft's New MDM Approach."

Anderson earlier this month pointed to the results of analyst firm CCS Insight's recent survey of 400 IT decision makers responsible for mobility, which found that 83 percent plan to converge PC and mobility operations into a single team within the next three years and 44 percent will so this year. Worth noting is that 86 percent reported plans to upgrade their PCs to Windows 10 within three to four years and nearly half (47 percent) planned to do so this year.

Microsoft has reported that more than 41,000 different customers use EMS. Anderson last week argued that's more than double the size of VMware's AirWatch installed base and triple that of MobileIron. Anderson also is a strong proponent that Azure Active Directory (AAD), the identity management solution offered for both EMS and Office 365, obviates the need for third-party identity management-as-a-service (IDMaaS) offerings.

"There are more than 85 million monthly access of office 365, just shy of 84 million of them use the Microsoft solution to manage and synchronize all of their identities into the cloud." Anderson said in reference to CCS Insight's annual survey. "What that means, just a little over 1 percent of all of the monthly active users of Office 365 use competing identity protection solutions. EMS is the solution that you need to empower your users to be productive how, where and when they want, and give them that rich, engaging experience."

Asked if he agrees with Anderson's strong assertion, CCS Insight's analyst Nick McQuire responded that Intune and EMS has had quite a large impact on the market over the past year fuelled by interest in Windows 10 and Office 365's growth. "Perhaps the biggest impact is the pause that it has generated with existing AirWatch, Blackberry and MobileIron customers," McQuire said. "The EMM market is slowing down and penetration rates of EMM into their customer bases is low and this is a challenge they need to address. Microsoft has contributed to this slowdown in the past 12 months, without question."

That said, McQuire isn't saying it's game over for the other providers. "At the moment, there is a real mix," he said. "Some customers are making the switch to Microsoft. Others may not have made the switch but are absolutely kicking the tires on the product and waiting to see if Intune and EMS becomes the real deal, given that it arrived late to the market and is playing catch up."

McQuire also noted that switching EMM products is not straightforward and churn rates in the industry, although unreported, are very low. "This is evidenced in the renewal rates across all the long-standing EMM players which are high (average 80 to 90 percent range) indicating that when EMM is deployed, it sticks and it becomes very hard to ask customers to rip and replace," he said.

The release of the Microsoft Graph and Intune APIs for Office 365 will help customers who don't want to move to EMS, he noted. Because EMS is offered with Microsoft Enterprise Agreements, using it with other tools will become more practical and make more customers open to using it in concert with those offerings.

"At the moment, we don't see many customers with a production environment under the coexistence model but we do see this growing rapidly this year," McQuire noted. "Microsoft's strategy here is not to concede these accounts but to land and expand."

Why does it make sense for rivals such as VMware's AirWatch or MobileIron to use the APIs? Ojas Rege, MobileIron's VP of strategy said there are two sides to the EMS equation. One is the EMS-Intune console on the front end and the other is a set of middleware services on the back end based on the Microsoft Graph.

"If other consoles like MobileIron want to leverage them, they can," Rege said. "What does matter are these additional proprietary Microsoft features. It doesn't make sense for us to use the Graph API to activate an Intune function to lock an iOS device because we just lock the iOS device directly, but it does make sense to use the Graph API, to set a security control on Office 365."

Adam Rykowski, VMware's VP of UEM Product Management, agrees that traditional desktop PC management and MDM are coalescing and it's fueling growth. "We are actually some seeing some pretty major customers ramp up even sooner than we had expected," Rykowski said.

Andrew Conway, general manager for EMS marketing at Microsoft, posted a brief update last week on EMS and Microsoft Graph APIs, describing them as a gateway to various offerings ranging from Azure AD, Outlook, OneDrive, SharePoint and Intune among others. "The Microsoft Graph API can send detailed device and application information to other IT asset management or reporting systems," Conway noted. "You could build custom experiences which call our APIs to configure Intune and Azure AD controls and policies and unify workflows across multiple services."

Posted by Jeffrey Schwartz on 03/27/2017 at 1:09 PM


comments powered by Disqus

Subscribe on YouTube