I am writing this blog on a slate device from my favorite coffee shop in Seattle. And I don't just use my slate at home when I act in the role of a "consumer". I find this form-factor ideal for carting around to meetings in the office, and I use it almost exclusively when working away from the office to keep up on emails, do research, and (if I drag along a bluetooth keyboard) even for document authoring. And, most relevant to the topic at hand, I fully expect and demand my IT department to embrace my use of this device for those work activities. In other words, I'm exactly the type of annoying end-user who has foisted "consumerization" on IT departments around the world. 🙂 So it's a good thing I work on the System Center Configuration Manager (ConfigMgr) team, because we love you IT guys and gals and our entire purpose in life is to make your lives better.
Admittedly, the main use case for "consumer" devices in the enterprise still revolves around email, and there are all kinds of studies and research articles backing up that claim (go Bing for yourself, if you don't believe me). Simply put, the overwhelming majority of us who use our smartphones and slates for work is using them to do email or calendar (and sometimes for other stuff). Fortunately, Microsoft Exchange has long included basic mobile device management features built-in with Exchange ActiveSync (EAS). The problem is that the Exchange administrator is the wrong person to be worrying about security and policy management for mobile devices. The Exchange admin's day job is to keep the mail servers up and running. If you're anything like the IT organizations I've spoken to in the past 5+ years, the folks whose day job is to worry about the security and configuration of mobile devices are most often the same people who are worrying about that for traditional desktops and laptops. That means you have to rely on another team (the messaging support guys) to get your job done. And for them, your needs are probably not priority 1.
With ConfigMgr 2012, we wanted to address this tools mismatch so you can consolidate all of your security and configuration management under a "single pane of glass", no matter what types of devices are at the end of the line. Simply specify the connection properties so ConfigMgr can talk to your Exchange 2010 "organization" and begin managing any EAS-connected device directly from ConfigMgr. And it all works whether you have Exchange deployed internally or you're using Office 365.
The features that come with ConfigMgr 2012 for managing non-traditional, "consumer" devices include:
- Asset inventory and reporting - ConfigMgr automatically discovers all those devices that have connected through EAS and collects basic inventory, so you can view them directly in the ConfigMgr console, build device collections and queries, and run asset reports. We also have a bunch of reports built-in to help you analyze the use of mobile devices at your company, such as a useful summary report that breaks out the devices by operating system. And we can even automatically associate the devices to the users, so you can pull lists of just the users who are affected by a policy change or whose chosen device may need to be updated to a newer version of its mobile operating system.
- Settings policy management - Define the default settings policy applied to devices connecting to EAS. Within seconds the policy will be pushed to Exchange and applied to mobile devices the next time they sync. There are close to 50 different policies that may be configured through EAS. Most common, and the most important ones in my humble opinion, are the use of strong PIN, required device encryption and remote wipe. These can ensure that your company's data is reasonably protected regardless of the mobile device choices made by your users.
- Remote wipe - I am calling this one out separately from the rest of the policy management as I believe it has the greatest end user impact, but it’s a critical feature to deal with lost or stolen devices or similar situations. And, if ConfigMgr has the user association information, the end user can self-service this action from the new ConfigMgr Software Catalog (stay tuned for future blogs and demos about the Software Catalog).
That's it for now. I hope you like what you see in System Center Configuration Manager 2012.
Lead Program Manager
System Center Configuration Manager