Enterprise Mobility and Security Blog

RSS

CTUC_banner

In most organizations, the first app that needs to be enabled for mobile users is e-mail.  It goes without saying (but here goes) that choosing which e-mail app/apps you’re going to enable and support for corporate e-mail is a very important decision – but it’s remarkable how often a major customer tells me that they really dislike the user experience on their e-mail app that’s created by one of the other EMM providers.

Depending on the device platform, there are several different e-mail apps available to your users – and these different apps come with a pretty wide range of capabilities.

The reason it matters so much is simple:  For every one of these e-mail apps, what do you know about it?  How reliable is it?  How secure is the code behind it?  What kind of integration does it have for your corporate e-mail system?  Is there an SLA for updates if a bug or exploit is found in the app?  Do you have to test and validate every new version of this app?  Do you have any data about fault tolerances?  How will your end users like/dislike the user experience?  The list goes on – and there’s a unique list for each app.

At the risk of sounding a bit cliché, always keep one thing in mind:  It’s all about the apps!  The decisions you make about the e-mail app/apps your organization will standardize on is a decision that will have an impact that stretches for years.  It (again) goes without saying that moving an organization from a standard e-mail app to a new one with a drastically different user experience is a gargantuan endeavor.  For those of you that have never undertaken something like this, as I write this I’m currently working with a number of financial organizations who intend to move from their current e-mail solution to Outlook – and they believe this move will take well over a year.

The challenges associated with all of this are, I believe, the reason why so many companies want to know more about Microsoft’s view of how the various corporate e-mail app scenarios will play out over the next several years.  When we dig into this question with these companies, we discover that most organizations (in my personal experience, I’d put the number at over 90% of the organizations I have discussed this with) come to the conclusion that, in the long term, most of their users will either be using the e-mail that comes with the device or they’ll be using the app that they’ve already been using for corporate e-mail for years (i.e. Outlook).  I agree that, long term, these are the two setups that really matter.

Increasingly, I am hearing organizations say that their plan is to standardize corporate e-mail on Outlook across all their devices.  This type of sentiment is rapidly growing:  Currently, Outlook is running on more than 30M iOS and Android devices, and it is the highest rated e-mail app on iOS and Android.  Keep in mind, of course, that these popular apps will continue to improve as we build more and more integration with the other Office mobile apps, as well as more corporate capabilities.

And, with all this in mind, it this brings up another great question:  What is the best way to deploy and manage Outlook and your other apps?

The simplest and most efficient answer: Microsoft Intune.

With Intune, you have the ability to deploy apps to Windows, iOS, and Android – and it gives you the power (as noted in the last post) to manage those apps with policies that control how they operate and how they use/distribute corporate data.  Remember that Outlook, Office 365, and the Enterprise Mobility Suite have been engineered to be used together to get the maximum amount of user empowerment while protecting the company assets.  Intune is especially valuable because it is directly integrated with Office 365 via Azure AD.

App deployment in the Enterprise is something that Microsoft does more of than any other organization in the world.  ConfigMgr manages more than 70% of the Enterprise PC’s, and over 90% of the organizations using ConfigMgr use Software Distribution.   These PC’s have their software lifecycle seamlessly and regularly managed through ConfigMgr, and now iOS and Android apps can benefit from this expertise by being managed with Intune.  If you’re already using ConfigMgr (which most of you are), then you can chose between using the ConfigMgr console or the Intune console for application management on mobile devices.

On a personal note, app deployment and management is something I personally have been building since the release of ZENworks 1.0 in early 1998, and with ConfigMgr since before the release of SMS 2003.  These management solutions, and the technology behind them, are just awesome.

Managing devices brings some additional challenges to the traditional PC management process, but these are things that we’ve accounted for in Intune.  Notable amongst these challenges is the fact that, while the app deployment lifecycle on mobile devices is much the same as PCs, there are several modern user-interactions that you must be able to address.  For example:  What happens when a user needs to leave the company and you have deployed corporate apps to their personal devices?

Whether a device is a corporate device or a personal device, you have to think about what apps and data are corporate and what apps and data are personal since most users use their devices in both their personal and work lives.  This was not something we had to worry about in the past with traditional PC management.  Now, however, we understand that any device will be used for both work and personal purposes – and that’s why IT can initiate a selective wipe or, in the case of MAM without device enrollment, wipe just the corporate app.  In the event that a company-owned device is lost or stolen, a full wipe is always an option.

The actual process of the app deployment is pretty user friendly.  Just like you’d expect, our app deployment installs the app to the device from the respective store or, if you have your own LoB app, you can upload that to Intune for deployment, too.  With Intune you can also tap into Apple’s Volume Purchasing Program (but this is a tangential point considering that this series is focused instead on e-mail and Outlook is a free app for personal use).  One additional tangential point:  If you’re deploying a lot of apps, its’ good to note that we support Apple’s Managed App Config on iOS.

One last note about solutions for this scenario:  When you’re evaluating your e-mail protection solution, you need to consider what apps you want your workforce to use when opening the files they’ll be sending to each other.  This is another scenario where app deployment is important, e.g. you might want to deploy the Managed Browser on iOS, or a PDF viewer on Android.  Planning for these types of apps will ensure that you can trust and set policy for the apps and files your users will need to use.

Additional Resources

 

In_The_Cloud_Logos