Microsoft Intune+mobile Office apps = Greatness!

Microsoft Office: Word, PowerPoint, Outlook, Excel, OneNote, OneDrive, etc, who doesn’t know these applications? Most of you know the apps from a corporate point of view and I think it is safe to say the Office suite of products is the corporate standard. As we know, there is another world besides the laptop/desktop/Windows based one: the mobile devices world. And besides desktop/laptop vs mobile, we also have a corporate vs private world. To make it even more exciting, the mixture of all worlds is happening all around us.

Wouldn’t it be great to use the same productivity apps you are used to use among all these different devices? What maybe isn’t known to many people is the fact Microsoft has developed many apps for IOS and Android. You can use the complete Office suite on your mobile devices. Find the Microsoft apps on iTunes here. So, if you want to have the same experience on your mobile devices, or even on your Apple Macs as on your corporate device, you can. The Office Suite is developed for all platforms.

Great, users can have the same experience, on Windows, Mac and mobile devices. But when these mobile devices are used professionally, IT would like to manage at least the productivity apps. It is great you can access and consume corporate data by using the Office apps, but you would like to secure the data as well.

To do this security, other MDM/MAM (Mobile Device Management/Mobile Application Management) vendors have created their own productivity apps. Their own email clients and data clients which previews Microsoft Word, Excel and PowerPoint documents. Those apps are not what end users know and like. Also, it isn’t the core business of these MDM/MAM vendors to develop Office/productivity tools.

With Microsoft Intune, it is possible to let users use what they know and like and secure the Office apps in multiple ways:

  1. Traditionally, you can enrol your device in Intune and manage the device and the Office apps: MDM-MAM,
  2. It also is possible to use the apps and secure them without enrolment: MAM Only
  3. If you currently are using another MDM tool, you still can use #2 by using Intune for the MAM part.

Bullit 1 is pretty clear: you enrol the device and policies are being pushed regarding the device and apps, by using Intune. With #2 and #3, the application policies are being pushed after users sign in, within the office apps on IOS and Android, with their accounts in Microsoft Azure/Intune.




So, what can be configured using MDM-MAM or MAM only?

  1. You can allow/deny copy/past from the Office apps to other native apps,
  2. You could allow copy/paste from native apps to the Office apps,
  3. You can set a PIN on all apps for another level of security,
  4. You can specify that links need to open in the Managed Browser,
  5. You can prohibit “save as”, to prevent users to save a corporate document on another, unmanaged location.

With Intune and the Microsoft productivity apps, users use familiar apps for productivity, and which are built for that purpose and IT can secure access to and from these apps, and secure corporate data. Check out this Microsoft blog for more details and screen shots. Also, check out this website to see more apps that can be managed by Intune.

Is VDI dead?

Just Google the title and you will find many articles around thoughts/opinions that VDI is dying or already dead. Well, dead is not the case in my opinion but dying is for sure. And to set the scene, I’m not sure DaaS is the answer either. I have been promoting VDI for years and years but since since early last year, I have been struggling with the concept. It has become so complex and costly. To be clear, I do believe in the solutions VMware and others make though. They are mature and deliver an OS and apps in a decent way. I just think VDI isn’t the right concept anymore.

VDI was meant to make the corporate desktop cheaper and easier to manage and on top of that, to make it easier to access corporate resources from a broad range of devices. Security also was a reason to go VDI. To keep information inside (your) data center.

Again, I believe VDI solutions are very mature and offer you a decent experience. I also believe there are use cases where VDI is a great fit (maybe for a small group of contractors). However, is VDI the way to go for your majority of users in your organization? That I doubt. Let’s be honest and objective about VDI- it is an artificial solution. It is unnatural how you use the OS and legacy apps by making them accessible over the network, remotely using a display protocol. This and all the components you need to set it up has an effect on the cost and user experience. Maximize a full HD video and it won’t be as crisp as locally on a laptop/any other device. Normal features like a communications solution like Skype needs extra attention or isn’t fully supported. Multi-media needs extra attention and likely extra hardware like GPU’s. My statement, a local experience will always be the best experience, no matter how mature a VDI solution might be.

Now the other side; the solution itself. VDI has become very complex. Take a look at all the components you need to setup, to create a VDI environment; you need central hardware like compute and storage, graphics hardware, connection brokers, DMZ components, data bases, additional components to make the VDI solution better manageable and efficient, load balancers and if you want redundancy, you need to do it twice. Just check out a couple of reference architectures and check the components, ports, considerations you have to make to make it all work. It isn’t easy anymore. Also, I’m truly questioning if VDI is the cheaper solution. Also because a lot of environments are over sized. IT departments going for a bigger environment than needed just to be sure.

Is security a good reason to implement VDI? Well, that could be and I’m sure there are use cases for VDI around that topic. However, in general, when you talk about data security, solve that challenge on the data level instead of putting every desktop in the data center. There are great tools out there that can help you label and protect your data. Malware/anti virus protection needs to be done no matter which way you go. Also, security around app access is pretty much the same in a virtual or physical world.

In the end, it is about apps, security and data. You need to manage those in VDI and decentralized/physical environments. In some cases, management might be easier in a VDI environment, and sometimes in a decentralized/physical one. But does a couple of wins there justify setting up a complex VDI environment where, most likely you will lose on user experience?

In my opinion, going back to the physical/decentralized way is (partly) the new way of handling end user computing. Of course, you need to combine that with separation of data from the OS, a new way of managing the OS (light way and through Enterprise Mobile Management) and your move to the cloud with apps/data. I believe that will give you a better user experience, is easier to setup and comes for a better price. And you should be able to access corporate resources from more devices as well. In a different way but but with the same result; great user experience and productivity.

A big change: from VMware to Microsoft

After 9+ years at VMware, I decided to change companies and moved over to Microsoft. At VMware, I worked as a Sr. Specialist Systems Engineer End User Computing. I will fulfill a similar role at Microsoft as a technology Solutions Professional Enterprise Mobility + Security. In this role I will cover Azure AD, Azure Information Protection, Identity, Office Workspace and Mobility-Intune.

I’m truly excited to be working for Microsoft and eager to learn more about all it offers around Enterprise Mobility + Security.

Although I love End User Computing in general (everything VMware, Citrix and Microsoft have to offer), I will change the content of Bright-Streams more towards Microsoft technology…obviously. I will keep on making (Microsoft’s) End User Computing technology simple to understand and explain what it can do for you.