Enterprise Mobility and Security Blog


I just returned from Europe where I spent a couple days in Barcelona presenting at the Gartner Symposium, and then a few days in London visiting customers using Microsoft solutions for managing their mobile devices.

As an engineer, there is nothing quite as rewarding as sitting down with the people who are using the solutions that you build and seeing the impact of the work you’re doing. It is absolutely one of my favorite things to do. In total, these customers were managing 10,000s of mobile devices through SCCM and Intune.

London included a really unique set of customer visits. Along with the majority of my leadership team, we met with more than 10 customers and had multi-hour, in-depth conversations with them about how they are using our solutions, the challenges they are tackling, and areas where we can improve.

These meetings included organizations from just about every industry – retail, manufacturing, government, transportation, banking, real estate, and more. The goal of these meetings was to dive into some very specific topics, e.g. places where we felt we could help organizations “get to value” faster. I really appreciate the time each of these organizations was willing to spend with us – we learned a ton.

When I speak with media and analysts, I often get asked about the common uses of our technology and the most common ways customers are using Microsoft products/services. Here are a couple of commonalities that I saw across all of these customer meetings:

  • Secure e-mail is the most common scenario.
    Most of these customers rolled out Intune to enable secure e-mail on their user’s mobile devices. This was common on both BYO and corporate-procured devices. Every one of these customers is looking forward to the integrated Office and Enterprise Mobility Suite (EMS) capabilities which will start rolling out over the next couple weeks. The integrated solution we are delivering across identity (AAD), productivity (Office), and management (Intune) will be the best experience for this. Period.
  • Single pane of glass for PCs and devices.
    Every single one of these customers has a vision of a single console for managing PCs and mobile devices. Every single one of these customers was also already using SCCM (or was in the process of migrating to SCCM) to take advantage of the hybrid SCCM/Intune capabilities. One of the most impressive meetings was where the resident SCCM guru talked about getting Intune up and running in about an hour and then integrating it with SCCM. This has been foundational to our strategy since day one: Empowering the SCCM administrators to expand their influence and impact. One piece of feedback we received was to provide more documentation on when a customer should go hybrid vs. when they should think about a cloud-only solution.
  • Conditional Access is a killer, killer feature.
    The concept behind conditional access is to set policy that enables access based on a device being compliant with a set of policies. It is an effective carrot and stick that encourages end-users to keep their devices compliant. A great example of this is that most organizations would like to set a policy that e-mail is not allowed to flow to device if the device has been jail broken. What was perhaps most impressive in a number of these conversations was the ingenuity of the IT Professionals who have effectively built their own conditional access with Intune. At the end of each meeting we provided a deep-dive into the SCCM/Intune roadmap and shared some insight into the pre-production Intune console with the conditional access capabilities – as well as how it integrates with Exchange and SharePoint for conditional access to e-mail and files. The feedback on what is coming (soon!) in Intune for conditional access was applause and big smiles. Watch for it.
  • Focus on Enrollment and make sure it as simple as possible.
    A number of the customers walked us through their enrollment processes to bring devices under management. My biggest piece of advice for everyone is to make this as simple as possible. This advice applies just as much (if not more) to everyone here at Microsoft building these experiences. The place we all want to get to is an interface where a user simply inputs their e-mail address and password and then the device is brought under management, the appropriate policies are set, and e-mail/files start to flow. This is the bar to which we all need to aspire. This is yet another place where the kind of integration that we at Microsoft are doing across identity (AAD), productivity (Office), and management (Intune) is set apart from anywhere else in the industry. The upcoming “Architecture Matters” blog series will dive into this in great detail.

I love these on-site visits. Looking forward to the next set!