Microsoft is banking on Enterprise Mobility Suite (EMS) and its upcoming Windows 10 operating system to turn the company’s oft-repeated “mobile-first, cloud-first” vision into a reality for businesses.
Ahead of the Windows 10 launch on July 29, the company is offering a glimpse of what it has in store for IT administrators charged with managing users and their devices. When deployed on environments managed by the company’s cloud-based EMS platform, PCs and tablets running the new operating system (OS) can slip into an organization’s bring-your-own-device (BYOD) initiatives right from the start and with fewer hoops to jump through.
“With Windows 10, we’re excited to enable automatic MDM enrollment of both corporate-owned devices as well as personally owned BYO devices, powered by Azure AD,” Mahesh Unnikrishnan, senior program manager of Microsoft’s Identity and Security Services unit, announced in a company blog post June 12. EMS bundles the company’s Azure Active Directory (AD) Premium, Intune and Azure Rights Management (RMS), although customers can subscribe separately.
“We’re eliminating the hassles of MDM enrollment. When a user joins their Windows 10 device to Azure AD, it will be automatically enrolled for MDM,” said his colleague, Alex Simons, director of program management within the same division at Microsoft.
A year after the EMS launch, several organizations have taken Microsoft up on its offer. The integrated user and mobile-device management (MDM) suite of cloud-delivered services has attracted 13,000 customers, reported Unnikrishnan.
When Windows 10 arrives, those customers will be able to welcome the OS into their environment faster and more seamlessly than in the past, with little or no IT intervention.
Administrators can institute policies requiring automatic Intune MDM enrollment for corporate-owned devices that are attached to Azure AD, as well as requiring Intune enrollment when users bring in their personal Windows 10 devices. In the latter case, a guided, self-service sign-up process displays a terms-of-use page, along with the policies that govern the device.
“If you accept these terms, your Azure AD account is added to your device and subsequently enrolled for management with Microsoft Intune,” said Unnikrishnan. “This seamless experience saves you the trouble of having to enroll your device separately for management or perform other manual steps to do so.”
If a user declines, an Azure AD account will still be added for the purposes of enabling the platform’s single-sign-on capabilities. Naturally, that choice can have a major impact on a user’s ability to accomplish their tasks. “However, you will be denied access to sensitive corporate resources or applications that your IT administrator has configured to allow access only from policy-compliant devices,” Unnikrishnan said.
Microsoft isn’t leaving out businesses that have already settled on other MDM providers, he assured. “We are working with third-party MDM ISVs [independent software vendors] to support automated MDM enrollment and policy-based access checks.”
