Modern workplace management with Enterprise Mobility + Security- part 1

How to do (modern) workplace management is a continuous question which keeps me busy. It is a great topic to think about and to try to figure out how you can make workplace management easier and give the user a better experience.

New technologies arrive, old ones disappear, new insights, new use cases, new devices, new cloud services etc. The “workplace” is evolving and it should, but that means you need to evolve with it to support the change. Trying to put the new world inside the old management framework, isn’t the right thing to do. Users will be unhappy because you can’t provide them with features they have at home. I’m fully aware that stepping out of the known management framework isn’t easy. It requires change of mindset and that’s always uncomfortable. So, let’s be open minded together and see if new possibilities can work in your organization. This post, for sure, isn’t meant to tell you this is the only right way of doing things. I’m prejudiced, of course, because I do work for Microsoft, but I also like this topic.

One thing I have learned though, is that there isn’t a 1 size fits all solution. I wish, but the fact is, in a lot of organizations, there are some (small groups) which require something special. However, don’t let those specials be leading in the decisions you make around workplace management. Treat them as an exception.

So, let’s define a workplace because you can make that definition a lot bigger when you include the actual office space for example, or the area at home where you work. That I won’t touch, although, it is a very part of the workplace. In my definition, the workplace consists of:

  1. Identity,
  2. Client apps and cloud services,
  3. Content/data,
  4. Devices,

The order above isn’t randomly chosen by me. In my opinion identity is the most important part of the workplace today followed by client apps/cloud services and data. To me, numbers 2 and 3 are equal. The devices however don’t have the same importance to me anymore what it used to have in terms of management. To manage and secure modern workplace, you need layers of control. With layers, think about Azure Active Directory, conditional access, Identity Protection, Mobile Application Management, Mobile Device Management, rights management and access management on data, data labeling and classification etc. I know I’m prejudiced but I believe Microsoft Enterprise Mobility + Security platform is the integrated platform to realize this modern management by providing you the layers of controls for management, security and also gives a great end user experience.

Next, Modern workplace management with Enterprise Mobility + Security- part 2

Don’t let legacy apps block you from Windows 10 modern management.

Windows device management is changing enormously and possibilities are huge. One of the reasons is because Windows 10 is completely different than its predecessors, and is considered to be more of a mobile Operating System. Also, the broader devices environment is changing as we all know. You most likely have seen the “old vs new management style” of Windows devices in organizations. The old school consists of:

  • Corporate owned devices, most of them Windows desktops, Active Directory joined, Group Policies, SCCM managed, on-premises, locked down, business only purpose,

The new school consists of:

  • A mix of corporate and personal devices (Choose your Own/Bring Your Own), a mix of Windows/IOS/Android devices, Azure AD joined (where possible or necessary), managed via an Enterprise Mobility Management solution, on- and off-premises, more open/light way management, mix of business and personal use.

EMM vendors see a huge opportunity for their products to play a big part in Windows management within organizations, and they are right in doing so in my opinion. With EMM you can check all the boxes of the new way of management: 1 platform for managing different flavours of devices, corporate and personal owned, light way management, most times offered as a SaaS service etc. Bottom line, less device management, more app and data management for different kind of devices.

So, what’s keeping you from going to the bright side, the new school, the modern way of management? Many customers are using or investigating EMM products for the traditional mobile device- and application management, many customers are looking at content/data security but some customers are hesitant to use EMM for the Windows desktop/laptop devices, even though the world is changing, as mentioned before. Maybe they would like to use it but apparently there is a blocker (besides that change always is scary : ) That blocker, in my opinion is : legacy Windows apps.

Legacy Windows app can be difficult to manage. Most times they are 32-bit also or even worse, 16 bits, you deal with manual patches, difficult configs, multiple MSI’s etc. Tools like SCCM can be used to deploy those apps, just fine. Another way, maybe even additionally to SCCM, to optimize the desktop and/or app management, customers have been moving/looking at Server Based Computing and VDI. With those platforms you make management better, easier and maybe more efficient for some use cases. However, you don’t deal with the real problem: the apps themselves.

EMM tools are for light way/light touch device and app management. They cannot do all the fancy things SCCM can (MSI chaining, prioritizing order of install, pre- and post scripts), and they shouldn’t. The new way of management is just different. Take a good look at your legacy apps. There are may options nowadays: app vendors also have SaaS services, or a hybrid solution like Office365, or, change your apps/vendors and go for a competitor. I’m aware it isn’t easy but I remember a customer who mentioned an app, used by 5 users, 16-bit, no new versions, hard to manage and keeping them from upgrading their standard OS. An incredibly expensive app. Rip off that band aid, go through the first pain and in the end, life will be better. Seek the solution where the problem is. Maybe switching to a modern approach is a great moment to evaluate your app landscape. I am a firm believer in the modern management way with physical mobile devices managed by EMM. I believe that way will save a lot of management time and cost (imaging-apps-user setting solutions) and will increase user experience. SBC and VDI are great solutions to specific use cases but can be slowing you down in modernizing your apps and in worst case, keeping you from moving to Windows 10 and modern management.