BYOD Basics: Microsoft's Mobile Device Management Toolset

  • Article

A great deal of questions are currently being asked around best practices surrounding Bring Your Own Device (BYOD) strategies. One of the items to take into consideration is which mobile devices management offering would best enable people centric IT. With Windows Phone steadily growing in market share and Windows Server 2012 R2 now including functionality to connect devices through its Work Folders offering, more questions are starting to materialize around what Microsoft's strategy would be to further enable BYOD. To date, Microsoft currently offers 3 specific offerings around BYOD enablement. These offerings are:

What is more compelling surrounding Microsoft's MDM solution offering is that while each offering can work as a stand alone offering, they actually also work better together. So how do you explain this multi-product approach to MDM? Microsoft's layer approach addresses different levels of device management functionality which is all brought together under one console via System Center. Microsoft's layers are as follows:

Exchange ActiveSync

  • EAS provides the enforceable mobile device mailbox policies for all devices that connect to Exchange using ActiveSync
  • Policies are stored in AD and enforced as device settings policies
     

Windows Intune

  • Intune provides the bridge to the vendor specific application stores “App Stores” (E.g. iTunes, Google Play, Windows Phone Store, etc.)
     
  • Additional policies and enforcement
     
  • Intune provides application management and hardware lifecycle management (enroll, manage, retire)
     
  • Intune provides interesting options like selective wipe and application delivery
     

System Center Configuration Manager

  • Configuration Manager, through the Exchange connector, exposes the policy objects in the Configuration Manager console to create collection specific policies
     
  • Configuration Manager provides additional value in the form of asset inventory of devices connecting through EAS as well as reporting and compliance management of EAS policies on the devices
     
  • Configuration Manager provides the single pane of glass for managing EAS and Intune enrolled devices

Microsoft calls this approach Unified Device Management (UDM) since it goes beyond simply managing mobile devices. Using the MS approach all devices including servers, desktops, laptops, tablets, and mobile phones can be managed with the same tool set. Some might consider this too confusing and prefer a point solution with less moving parts, however, consider the following:

  1. Many organizations already have Exchange or hosted Exchange in place
     
  2. Many organizations already have Configuration Manager in place
     
  3. Using an incremental approach allows you to start small using the pieces you already have without purchasing new software and tailor the solution to your specific needs while controlling costs