Microsoft has truly entered the enterprise mobility management arena, so it's a good time to get to know the capabilities the company offers through its range of services.
As part of its enterprise mobility management (EMM) strategy, Microsoft integrated Windows Intune, a cloud-based mobile device management (MDM) service, into System Center Configuration Manager 2012 R2. Together, these systems provide a single, unified interface for administering a wide range of desktop and mobile devices. Although administrators can use Intune as a standalone service, its integration with Configuration Manager provides increased scalability and extensive administrative capabilities.
What's included in Microsoft's EMM platform
Configuration Manager already dominates the desktop management space by providing IT with a single infrastructure and administrative console for managing Windows, Mac OS, Linux and Unix computers. Microsoft now provides Configuration Manager extensions that integrate Intune components into the console and extend the infrastructure to include iOS, Android and Windows mobile devices by taking advantage of the application programming interfaces (APIs) built into the operating systems. Microsoft also provides Exchange ActiveSync, or EAS, connectors for working with nonsupported devices, such as BlackBerry smartphones.
Microsoft is now a serious contender in the EMM race.
Intune is also part of Microsoft's Enterprise Mobility Suite, along with Azure Active Directory Premium and Azure Rights Management. Together, the three cloud services provide hybrid identity management, information protection and MDM. You can purchase the three services separately or as a package, and use them in conjunction with Configuration Manager. Organizations can use any of the three services without implementing Configuration Manager, but the Configuration Manager-Intune integration is what provides the most unified device management platform.
This integration is further enhanced by new features in Windows Server, such as Dynamic Access Control, which lets you classify and tag individual documents, and Information Rights Management, which provides more granular control over document encryption. Plus, the platform's integration with Active Directory makes it possible to register mobile devices as Active Directory objects while supporting single sign-on and single password management. In addition, Windows Server Active Directory can be synchronized with Azure Active Directory.
Top Microsoft EMM features
When using the full complement of Microsoft's EMM components, you can manage devices, applications, content and information, all from the Configuration Manager administrative console.
On the device management front, you can apply a wide range of policies to a device, depending on the APIs and settings available to a particular operating system. For example, you can configure email profiles, enforce device encryption, or deploy Wi-Fi and virtual private network profiles. You can also remotely lock a device; reset its passcode; wipe all data from the device; or selectively wipe company apps, data and management policies.
Microsoft's EMM platform also supports mobile application management by providing self-service portals where users can view and install company applications on their devices. Admins can publish in-house apps through the portals or provide links to Windows Store, Google Play or the Apple App Store. Users can also view an inventory of business apps installed on devices, as well as update or uninstall those apps.
Through the mobile content management capabilities, you can set up a secure share on a Windows Server 2012 R2 server to provide mobile workers with access to sensitive documents. The platform also supports mobile information management by letting you encrypt and apply policy settings to individual documents and Exchange email messages.
How Microsoft's EMM compares to others
Microsoft is still playing catch-up with companies such as AirWatch and MobileIron, which have been in the EMM game a lot longer. On a feature-by-feature basis, other products usually come out ahead. For example, many offerings support geolocation services, and Microsoft EMM does not. Although Microsoft is planning to implement such new features as app wrapping and bulk device enrollment, these services are already available in other products. And given that Apple and Google are not likely to share API information in the early development stages with Microsoft as they might with other EMM providers, Microsoft could always be in catch-up mode.
More on enterprise mobility management
EMM smackdown whitepaper
Who will be the winners and losers in the EMM market?
What to do when your EMM vendor gets acquired
But a feature-by-feature comparison is only part of the equation. The Microsoft platform offers a level of integration not available in other products, particularly when it comes to Active Directory, whether Windows Server or Windows Azure. Even EMM products outside the Microsoft framework often rely on Active Directory and Exchange for account and access information. As EMM products seek further inroads into the Microsoft ecosystem, they inevitably look to greater Active Directory integration, but Configuration Manager is already there.
A single interface for device management is also a coveted feature, which perhaps explains the consolidation in the industry, such as VMware's acquisition of AirWatch. Organizations already using Configuration Manager to manage desktops could prove fertile ground for Microsoft, especially if they're also using any of the Enterprise Mobility Suite services.
On the other hand, organizations that have already committed to another EMM vendor could prove a harder sell. Once they've configured and learned a new system, they're not likely to switch anytime soon. Even if organizations have not committed to another EMM service, they might find the Configuration Manager-Intune offering more complicated to set up than they would like, especially if they're also trying to incorporate the other Enterprise Mobility Suite services. A full Microsoft EMM launch also means investing in the latest versions of Windows Server and Configuration Manager, as well as in the Intune licensing, which costs $4 per user per month for those with existing Configuration Manager and Endpoint Protection licenses. (Or you can purchase all three Enterprise Mobility Suite services as a package for $7.50 per user per month.) These factors alone might make Microsoft EMM beyond an organization's available resources.
Whether the Microsoft EMM platform will ever outshine the likes of other vendors' platforms remains to be seen, but Microsoft is now a serious contender in the EMM race. We appear to be moving toward a world of single-platform products that can handle total device management needs across the enterprise and beyond.