Microsoft Lays Out Its Mobile Device Management Strategy

Enterprise Mobility Suite, Azure Active Directory and Intune anchor Microsoft's new "mobile-first, cloud-first" approach to user and device management.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Microsoft offered a glimpse of its mobile IT management ambitions during the March 27 launch of Office for iPad. Now, Brad Anderson, corporate vice president of Windows Server & System Center, is spelling out just how the company plans to make its mark in the sizzling mobile device management (MDM) market.

"Our vision is to help organizations enable their users to be productive on the devices they love, while protecting the company," said Anderson in a statement.

The long-awaited Office apps for the iPad, the best-selling tablet line from rival device maker Apple, weren't the only products Microsoft announced on March 27. The company also took the wraps off a new MDM solution called Enterprise Mobility Suite (EMS).

Julia White, corporate vice president of marketing for Microsoft Office, said during the EMS debut that it offers "one place to go to manage the bring-your-own-device [BYOD] strategy, help in a cloud-based way, do identity and access management as well as protect company data."

Anderson echoed some of those themes in a blog post—the first of what will become a series of updates—that details some of the principles that guide his company's MDM efforts and the steps that Microsoft is taking to fulfill its vision.

BYOD makes financial sense, argued Anderson. Users are "more productive and more satisfied" in BYOD-friendly organizations, which, in turn, helps improve the bottom line. "In pure dollars and cents, this satisfaction and efficiency generates significant positive impact for the company," he said.

Yet, organizations must also grapple with keeping data safe and users secure. It's a balancing act that Anderson feels Microsoft is perfecting with EMS and the company's user and device management ecosystem.

"Our approach has been to put the end-user in full control of what happens on their personal device when they bring it to work," stated Anderson. "The company, however, should be the ultimate authority and in full control of the corporate assets (applications and data) being accessed and stored on the personal device." And it all starts with the user identity piece of the puzzle, he asserted.

Cloud-Enabled MDM

Describing Active Directory as "the authoritative source of corporate identity around the world," Anderson said that the on-premises platform's capabilities have been extended to the cloud in the form of Azure Active Directory (AAD). Organizations can leverage ADD to allow users to register personal devices, which "is super critical because you need to be able to express policy on both the user and the device," he stated.

In terms of mobile security, Microsoft's plans continue along a platform-agnostic path, suggested Anderson. "I believe that, eventually, all the mobile device/OS vendors will deliver native containers for corporate content (SAFE on Android is a specific example today), and these OS components will be integrated into solutions like Intune and Azure Active Directory."

Finally, Microsoft is banking on Azure to provide enterprises with MDM components that are easy to manage, more cost-effective to acquire and more responsive to the rapidly evolving mobile device market.

For instance, Windows Intune, Microsoft's cloud-based IT management platform "is updated and improved at a cloud cadence," said Anderson. He added that like Office 365, EMS in now licensed on a per-user basis. "This means you no longer have to count the number of devices in the organization or be concerned about your costs increasing as your users bring in more mobile devices," he said.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...