User Centric App Deployment Part 1: Thinking User First

Author’s Note - Special thanks to Craig Morris at Microsoft who really was the "Usurper of User/Device Affinity" and a key part of our User Centric work the past years. He's now off lending his expertise to our Windows Intune team to achieve the same results for our customers!

One of the key goals we set for ourselves with Configuration Manager 2012 (ConfigMgr) was to really allow an administrator to “think user first” in everything he or she does. In Part 1 of this blog, I’m going to discuss the challenges of thinking user first.  In Part 2, I’ll identify how ConfigMgr solves those challenges.

Thinking user first – this means far more than just replacing “machine targeting” with “user targeting.” It means how do I measure compliance on resource delivery to a user across multiple devices? (NOTE: I use “resource” generically here, but in ConfigMgr 2012, the resources we focused on are applications). It also means making sure that all the controls I have honor certain user desires in how resources are delivered to them (yes - those pesky notifications and reboots!).   

Why is think user first such a challenge? In working in our more than 100 customer-focused design visits, almost EVERY application request came in as "user X needs app Y", but rarely do the tools allow them to easily deliver on that goal. Why not?

  1. Users roam around to different devices. Back when I was a trainer, I used to joke that you "manage user accounts and objects - you can't manage users". And, if I target a resource (application, data sync policies, etc.) that resource follows that user EVERYWHERE! You can easily imagine a situation for one user where they log into a server to check an application setting, then log into a laptop to load some data, and then log into a kiosk to check email. Not having a way to recognize what device the user is accessing creates bad user login experiences, asset management challenges, and more chances for complex applications to destabilize systems they don't belong on. Non-toxic deliveries like Remote Desktop Services, MS Application Virtualization, and Citrix XenApp help with this somewhat, but the vast majority of applications our users still need are physical local installs. 
  2. Coordinated application deliveries when no user is present. Some applications still require coordination with their install around backend application changes. I will update my ERP system in my maintenance window on Saturday, then I need to make sure that's successful and force-install the client components. To avoid interrupting the user with a long install or install + reboots, I may want to do this in off hours when no user is logged in. It's kind of hard to execute a policy for a user, if they're not logged in.

With this in mind, we set off to create a way in ConfigMgr 2012 by which we could leverage the user’s relationship to the device to either automate or restrict the delivery of user-targeted resources. We call this feature User/Device Affinity (yeah - kind of jargony - sorry!). To read more about User/Device Affinity, see my next article: User Centric App Deployment Part 2: User/Device Affinity.

Bill Anderson
Principal Program Manager Lead
System Center Configuration Manager

Comments (0)

Skip to main content