Enterprise Mobility and Security Blog

RSS

As you likely noticed, over the last couple weeks I’ve been hinting at some big “events” and earlier today I discussed the first one: Confirmation of the General Availability (GA) dates for the upcoming Intune updates as well as the updates for the Office for iPad apps that will enable secure, managed mobile productivity. Check the link above where I go through all the reasons that this genuinely changes the game for the EMM industry.

Now, let’s look at the 2nd one:

Event #2: MDM is a Part of Office 365!

Office 365 will be updated in Q1 2015 to include mobile device management (MDM) capabilities by integrating a subset of Microsoft Intune MDM capabilities directly into Office 365. This means that going forward Office 365 will include built-in MDM capabilities to help organizations manage iOS, Android, and Windows Phone devices that connect to Office 365.

The license for the MDM capabilities is included in the Office 365 license, and the Intune MDM capabilities will be deeply integrated into the Office 365 administrative console. This is a HUGE value for customers. Let me explain why:

The Most Broadly Used MDM Solution Just Got Better

Let’s start with a question from today’s previous post: What application is managing more mobile devices than any other? Easy: Exchange.

Years ago, the Exchange team was one of the first groups in the industry to recognize and understand the need to manage and secure mobile devices. The scenario in question was simple: Users wanted to get corporate e-mail on their mobile devices, and IT needed a way to do that while ensuring that data was secure and protected. In response to this scenario, Exchange Active Sync (EAS) was born.

Today, Exchange via EAS is (by a very wide margin) the most commonly used MDM solution in the world. It is estimated that EAS is currently managing 100s of millions of devices around the globe. With today’s announcement, the MDM capabilities of Exchange delivered through Office 365 are significantly richer. These new MDM capabilities in Office 365 will enable organizations to deliver e-mail (Exchange) and file sync (OneDrive for Business) to users across all the devices they want to use – and this will be done with the confidence that the sensitive and confidential data accessed through these devices is secure.

`A subset of Intune MDM capabilities will be seamlessly integrated into the Office 365 administrative console. As Office 365 administrators go to the console in Q1 they will see an “MDM” set of capabilities light up right next to where the current EAS capabilities are configured. All the administration is done through the Office 365 console and then Office 365 communicates with the Intune service through a secure and integrated Web service API to effect the changes. It’s just that simple. Here is a screen shot I took earlier today of the actual pre-production service. Notice how integrated the MDM capabilities being delivered by Intune are in the Office 365 experience.

Cap1.2

We have also built monitors for the end-to-end scenarios across Office 365, AAD, and Intune – all of these are working together to deliver this secure, managed, mobile productivity. We have integrated the operations, servicing, and escalation processes across AAD, Intune, and Office 3656 to provide an integrated end-to-end experience for you – if/when you need to call for support.

What MDM Scenarios are Enabled in Office 365?

With the new MDM capabilities for Office 365 there are now more than 100 additional configurations and settings that O365 admins can use across Windows, iOS, and Android devices which were not available with EAS.

The way the industry should think about this is pretty straightforward: The MDM capabilities of Intune represent the evolution of EAS, and this is where everyone using EAS should upgrade to for more feature-rich MDM capabilities.

Amongst all these great new MDM capabilities, there are a couple big features included in Office 365 that early users have already identified as key reasons to upgrade from EAS:

Chart1

Here is a capture (again taken yesterday from the pre-production O365 service) of some of the MDM settings that can be configured from within the Office 3656 console.

Cap2

Is there a Simple Upgrade to the Full Intune/EMS?

Absolutely!

The MDM capabilities being delivered through Office 365 are a great start for organizations embracing Enterprise Mobility Management. This is a very simple way to get started and put additional layers of protection around corporate e-mail and corporate files being accessed on mobile devices. This is perhaps the fastest way to get started and add additional protection.

For the 100’s of millions of devices being managed through EAS, this is a huge step-up in functionality. As these capabilities are delivered in Q1 to customers already using Office 365, you will have a pretty straight forward process to upgrade from EAS to the MDM functionalities. For customers that are looking to move to Office 365 (just about every customer I meet with is in the process of considering this move), you will have a rich subset of the MDM solution waiting there for you.

Just last week I was in meetings with the CIO’s of 3 big organizations and, just to gauge their reaction, I gave each of them a heads up about this announcement as well as the next announcement we will be making (stay tuned). The level of interest that was expressed was incredible and, for the next hour, the conversation revolved around the deep integration we have done across AAD, Intune, and Office 365. All three of these CIOs had deployed other EMM solutions, and, by the end of our conversation, all 3 were saying the same thing: “I can clearly see why I will want to use the integrated solution from Microsoft.”

With that in mind, we started planning the migration from their “existing EMM solution” to the combination of Office 365 and the Enterprise Mobility Suite (EMS).

Getting specific, the following is a chart that demonstrates at a high level the Intune capabilities that are not included inside of O365. We believe many organizations will want the full Intune capabilities – especially around managing and securing Office mobile apps, selective wipe for all corporate content, and integrated PC management. The key here is you have a simple place to start with the MDM capabilities included in O365 and a clear/simple upgrade path to the full Intune/EMS solution.

Chart2

Why is this Announcement a Game Changer?

We talk a lot in the industry about the “infrastructure” that is used to deploy, secure, and protect company assets. All of the work we do as an industry is ultimately targeted at protecting the apps and the data that is getting created, accessed, and used. It’s all about the apps! When looking at Enterprise Mobility Management (EMM), it’s no big secret what app everyone wants to protect first. E-mail!

With today’s announcement, the first app every organization wants to secure and protect now comes with MDM capabilities natively built into it. These MDM capabilities can be applied to Outlook running on mobile devices, as well as the in-box e-mail applications (e.g. the in-box e-mail app that ships on iOS devices). As organizations start their EMM journey, most begin with applying settings (MDM) to devices and then proceed to managing applications (starting with e-mail). Now all of that can be done natively from Office 365.

We expect that there will be 10’s of millions of devices under management via the new MDM capabilities included in Office 365. One of the big benefits (which may not come to mind immediately) you get from that kind of volume has to do with the benefits of massive scale. Intune will become the most commonly used MDM/EMM solution on the market, and, as that usage scales, we will constantly be learning from that volume of usage. These learnings will all us to constantly improve the scenarios that are enabled and the capabilities of the service as we monitor our telemetry and react daily to that data and feedback from around the world.

Pretty incredible, right?