While Microsoft's "mobile first, cloud first" strategy is controversial in some circles, there's little doubt that the client computing market is moving away from powerful but complex PCs and towards simpler and highly mobile devices. As such, traditional PC management solutions will likewise give way to more Mobile Device Management solutions that are better suited to a wide range of business types. And guess which software giant is ideally positioned to take advantage of that change?
Will EMS be Fastest to Hit $1B in Revenue?
OK, right. It's Microsoft. But I find it interesting that Mobile Device Management, or MDM between us friends, is a new challenger to the throne of Microsoft's new-era billion dollar businesses. To date, we've seen Office 365 and Microsoft Azure rocket up the charts, but Enterprise Mobility Suite, or EMS—as Microsoft's MDM solution is called—is next. And no less than Brad Anderson, Microsoft's corporate vice president of Cloud & Enterprise, tells me that he expects EMS to become the firm's fastest to hit the $1 billion in revenues milestone, eclipsing current record-holder Office 365.
EMS has a more in common with Office 365 and Azure than success. You can think of each of these product lines as modern, "mobile first, cloud first" alternatives to some of Microsoft's most successful on-premises server solutions. And that speaks, I think, to the agility the company has shown in moving from its old business model to this new era.
EMS a Set of 3 Tools
Enterprise Mobility Suite (EMS) is a set of three tools—Windows Intune, Azure Active Directory Premium, and Azure Rights Management—that together provide the "modern core CAL," if you will. And while Mr. Anderson had keynoted our IT/Dev Connections 2014 conference in Las Vegas last month and discussed this solution, I had missed the talk thanks to a travel snafu (of my own making, unfortunately). But he was nice enough to make some time for me since then to discuss Microsoft's mobile device management efforts.
These newer efforts have roots in Exchange ActiveSync (EAS), of course, which dates back to the late 1990s, but picked up steam when Microsoft began licensing it in the early 2000s and evolved this method of synchronizing Exchange (and Exchange-like) email, calendar, contacts and tasks between a server and mobile devices with basic device management policies.
EAS was hugely popular—is in fact still technically the most popular MDM solution, with tens of millions of devices managed daily—but it's falling out of favor for a variety of reasons, the most important of which is that it's not extensible. So third parties such as Air Watch, Mobile Iron and others have started to fill in the gaps.
Intune Originally Targeted PC, Not Device, Management
Microsoft's original MDM product was called Windows Intune—it was just renamed last week to Microsoft Intune, by the way—but it originally targeted PC, not device, management. Intune was always designed as a cloud product—pretty forward-leaning for 2010—and provided policy-based PC management for mid-sized businesses or those mobile PCs in larger businesses that would rarely or never connect directly to the corporate network.
But as I do so often, I always viewed Intune through the lens of Microsoft's smallest businesses, knowing that the company would bring down prices—initially $11 per device per month, though that included a licensed copy of Windows 7 Enterprise—and open up this vital management technology—which usually required complex and expensive infrastructure to the masses.
That took a few years, but it did happen. Intune picked up software distribution capabilities, remote tasks, management delegation, and finally MDM capabilities over subsequent updates along the way, too, and at $6 per user per month, it dropped both the price and the per-device hit. (And also dropped the Windows Enterprise, of course.) Who knew? That cloud-based PC management solution was perfect for mobile devices too.
Modern MDM Solution
Today, Intune is a full-featured, modern MDM solution that works well across Android, iOS, Windows Phone and, now, Windows (version 8 and newer). It integrates with, and is newly complementary to, System Center Configuration Manager, so that larger environments can utilize a "single pane of glass" (in SCCM) to manage PCs, mobile devices, servers, and virtual machines, both on-premises and cloud-based.
(That last bit is an interesting change in strategy that occurred a few years back. Intune was originally seen a cloud-based alternative to SCCM, but Microsoft has since come to realize that on-premises management solutions make the most sense for on-premises machines, while a cloud-based solution like Intune is ideal for mobile device management.)
But here's where things get interesting. MDM, as it turns out, is only part of the puzzle when it comes to mobile device, um, management. That is, device-level management—MDM—is one thing. But businesses of all sizes have other needs when it comes to managing devices. Apps, for example. Documents and other files. And user identity.
This is where EMS comes in. Today, EMS is where Intune was four years ago, very much targeting Microsoft's largest business customers—hence the "Enterprise" in the name. But it's hard, as with Intune that early on, not to see how these technologies will make their way down-market and become more mainstream.
Intune obviously supplies the now-traditional, device-level MDM functionality. And it provides some app management capabilities—MAM, or mobile app management—today for Windows (non-MDM/Win32), Android, and iOS. Azure Active Directory can manage SaaS apps. And Azure Remote App (currently in preview) can deliver Windows apps to any mobile device, anywhere in the world.
Microsoft Uniquely Positioned Thanks to Azure Rights Management
For managing documents and other files, Microsoft is uniquely positioned thanks to Azure Rights Management, which brings its decades-old investments in technologies like Windows Rights Management (WRM, Windows Server) and Information Rights Management (IRM, Office) to the cloud. With this solution, files are self-provisioning and self-managing, and if an employee inadvertently sends a file to someone by mistake (or maliciously), it doesn't matter as the recipient won't be able to read it. Likewise, should that employee leave the company, they won't be able to access protected files anymore, as access is simply revoked.
Azure Active Directory also uses machine learning capabilities to protect your users' identities. Mr. Anderson used the example of an account logging in from Redmond and then again in Russia a few minutes later; since that is not physically possible, that account could be flagged for secondary authentication or automatic lockout, depending on the policies.
My experience with Intune suggests that this technology is suitable for businesses of all sizes, but Azure Active Directory Premium and Azure Rights Management are currently the province of larger businesses only. Together as EMS, they provide a nice leadership position for Microsoft in a crucial new market, one that I suspect the software giant will neatly wrap-up as surely as it did PC management over a decade ago. But the real beauty of MDM—and the wider capabilities of EMS—is that these solutions address modern use cases—BYOD, in particular, and the proliferation of mobile devices—and thus, a much bigger potential market. Maybe "mobile first, cloud first" isn't so bad after all.