Microsoft Intune+mobile Office apps = Greatness!

Microsoft Office: Word, PowerPoint, Outlook, Excel, OneNote, OneDrive, etc, who doesn’t know these applications? Most of you know the apps from a corporate point of view and I think it is safe to say the Office suite of products is the corporate standard. As we know, there is another world besides the laptop/desktop/Windows based one: the mobile devices world. And besides desktop/laptop vs mobile, we also have a corporate vs private world. To make it even more exciting, the mixture of all worlds is happening all around us.

Wouldn’t it be great to use the same productivity apps you are used to use among all these different devices? What maybe isn’t known to many people is the fact Microsoft has developed many apps for IOS and Android. You can use the complete Office suite on your mobile devices. Find the Microsoft apps on iTunes here. So, if you want to have the same experience on your mobile devices, or even on your Apple Macs as on your corporate device, you can. The Office Suite is developed for all platforms.

Great, users can have the same experience, on Windows, Mac and mobile devices. But when these mobile devices are used professionally, IT would like to manage at least the productivity apps. It is great you can access and consume corporate data by using the Office apps, but you would like to secure the data as well.

To do this security, other MDM/MAM (Mobile Device Management/Mobile Application Management) vendors have created their own productivity apps. Their own email clients and data clients which previews Microsoft Word, Excel and PowerPoint documents. Those apps are not what end users know and like. Also, it isn’t the core business of these MDM/MAM vendors to develop Office/productivity tools.

With Microsoft Intune, it is possible to let users use what they know and like and secure the Office apps in multiple ways:

  1. Traditionally, you can enrol your device in Intune and manage the device and the Office apps: MDM-MAM,
  2. It also is possible to use the apps and secure them without enrolment: MAM Only
  3. If you currently are using another MDM tool, you still can use #2 by using Intune for the MAM part.

Bullit 1 is pretty clear: you enrol the device and policies are being pushed regarding the device and apps, by using Intune. With #2 and #3, the application policies are being pushed after users sign in, within the office apps on IOS and Android, with their accounts in Microsoft Azure/Intune.

 

 

 

So, what can be configured using MDM-MAM or MAM only?

  1. You can allow/deny copy/past from the Office apps to other native apps,
  2. You could allow copy/paste from native apps to the Office apps,
  3. You can set a PIN on all apps for another level of security,
  4. You can specify that links need to open in the Managed Browser,
  5. You can prohibit “save as”, to prevent users to save a corporate document on another, unmanaged location.

With Intune and the Microsoft productivity apps, users use familiar apps for productivity, and which are built for that purpose and IT can secure access to and from these apps, and secure corporate data. Check out this Microsoft blog for more details and screen shots. Also, check out this website to see more apps that can be managed by Intune.

VMware Horizon Mobile- IOS support

I have written several articles on VMware Horizon Mobile. My last article ended with the question if and when Horizon Mobile would move to IOS. During the keynote on day 2 at VMworld 2012 in San Francisco, that question got an answer… Yes, Horizon Mobile is moving to IOS.

The Horizon Mobile team posted a great video of its IOS support on Youtube. Also, Srinivas Krishnamutri posted a great article on this topic and in general why Horizon Mobile is a great solution when you talk about mobile devices, BYOD, data leakage and apps.

First thing I would like to mention here is the difference between Horizon Mobile on Android and Horizon Mobile on IOS.

As you have noticed, with Android devices, a complete virtual phone is pushed on a personal Android device. Inside that virtual phone, you will find your enterprise apps and data.

The IOS approach is different. Via Horizon Mobile you don’t push a virtual IOS phone but in stead, you push IT-managed, secure apps to a personal IOS device. These apps are wrapped in a container in which policies can be set and are isolated from personal apps. Data inside these apps is encrypted and also communication from and to these apps is encrypted. Because IT manages these apps, they can remotely wipe and update them as well.

I like this last approach a lot. At the end, all I want as a user are apps: personal and enterprise apps. That brings me to my last comment: why not use this approach on Android as well? One common way of handling mobile devices. Apparently that’s difficult to do on the Android platform. It is very fragmented. There are many different Android flavours versions, OEM/carriers/Google updating them at different times, for different devices. Creating a virtualization platform will normalize that complexity by giving enterprises a stable and secure version of Android. Maybe a Unity kind of view on Android devices will be an answer. The approach will still be different but the view/experience will be the same as on an IOS device. All that said, it’s great to see Horizon Mobile IOS support.