Microsoft Tunes-up MDM
A cloud-based service called Intune will connect mobile devices--Apple and Android as well as Windows--to Microsoft's device configuration management system for enterprises.
In Microsoft's Hand Beginning to Show, I offered some perspective on how Microsoft will leverage Office to drive success with Windows 8 phones and tablet devices (and of course Lync). Microsoft is late to the newest version of the mobility game, but clearly has some big plans. Now we have more clues as to how Microsoft intends to woo enterprise IT managers: Adding Mobile Device Management capabilities to its broader device management system.
To review the history of MDM: Cell phones evolved from analog to digital, then from voice to text then email. RIM's Blackberry (Crackberry) was the primary benefactor of that development. RIM realized email was central to both IT and communications, so it implemented a strategy around mobile device management and security that won the hearts of IT managers.
Then came the iPhone and the beginning of a revolution. The iPhone was designed first and foremost for consumers--a breakthrough device that broke the chokehold carriers imposed on device manufacturers. The iOS ecosystem exploded with applications and peripherals. The result was disruption of the mobile market--new rules and new vendors. And as often is the case, the prior leader (RIM) was slow to respond, allowing the next generation of devices to penetrate the enterprise.
There are still enterprises sticking to their guns regarding mobile device control. They insist devices be corporate owned or at least centrally managed, which can be tricky in a BYOD environment. This is why many firms block BYOD and some even stick to RIM devices--security is mightier than the experience. Solutions from Symantec, MobileIron, AirWatch, and IBM are competing for enterprise MDM market share, an aspect of the mobile ecosystem where Microsoft has been largely absent--up to now.
MDM is critical for enterprises because mobile devices, particularly in BYOD environments, are a security nightmare. Not only do individual owners have admin rights (risking malware, spyware), but the devices contain a trove of potentially confidential information including emails, contacts, and real time location. With Apple and Google largely ignoring enterprise management concerns, enterprise managers are scrambling for protection and control via third-party MDM solutions. Key enterprise MDM features include encryption; selective wipe; containerization of email, contacts, applications and selected data; software push; syncing functions; and more.
Microsoft enterprise customers often use a management solution called Microsoft System Center Configuration Manager (SCCM) to manage large groups of Windows-based desktop computers. SCCM provides remote control, patch management, software distribution, operating system deployment, network access protection, and inventory services--but not for mobile devices up to this point; Microsoft had stated that Windows RT tablets would not be managed the same way as Windows PC, but did not elaborate with more specifics.
Then, on September 10, Microsoft announced the beta release of service pack 1 for System Center 2012, and within the news were the first clues as to how Microsoft intends to address mobile Windows Phone 8 and Windows RT devices. It involves a Microsoft cloud service called Intune.
Intune is a cloud service introduced last year aimed at SMB users for managing Windows PCs and mobile devices running iOS and Android. It manages those devices since they support Exchange ActiveSync (EAS) services--ironically, this is not fully implemented within the current release of Windows Phone (7.5). In other words, Intune can manage iPhones better than Windows Phones. But Microsoft intends to fix that, and the next version of Intune will be able to manage and control the next version of Windows Phone (Windows Phone 8 and Windows Phone RT).
Intune can manage Windows desktops too, but rather than position Intune (new service) as a potential replacement for SCCM (installed product), Microsoft instead intends to offer users a premise/cloud hybrid strategy for device (desktop and mobile) management. SCCM 2012 with Service Pack 1 will be coupled with Intune to enable centralized administration of all network devices that integrate with Exchange.
Here's how that will work: Intune will do things like application deployment, managing encryption, and setting security policies on Windows, iOS, and Android mobile devices. Organizations that use SCCM to manage their PC environment will be able to administer changes to mobile devices from SCCM's 2012 SP1 console, which will connect to the mobile devices via the Intune service, creating the aforementioned premise/cloud hybrid system. SCCM remains the single platform to manage all connected devices--corporate Windows desktops and mobile devices as well as personal-owned non Windows mobile devices.
Microsoft has a pretty bold 2012 agenda: Introduce new versions of Windows and Office (2013 editions), take on market leaders iOS and Android in tablets and smartphones, expand into computer hardware manufacturing (Surface), aggressively expand cloud services (Azure and Office 365), and now take on MDM (note Gartner's Magic Quadrant for MDM 2012 covers 18 vendors, none of which are Microsoft). Aggressive, certainly--but impressively aligned.
Dave Michels is a Contributing Editor and Independent Analyst at TalkingPointz.com.