Hope my American friends are having a wonderful Thanksgiving today.
IBM intends to acquire Enterprise Mobility Management vendor Fiberlink.
This will give IBM the Gartner MDM Magic Quadrant leader MaaS 360 which is a cloud-based SaaS solution. This leaves only AirWatch and MobileIron as the remaining pure-play EMM companies that haven’t been snapped up by larger enterprise companies. Like SAP, IBM has been scooping up various mobile startups to bolster the enterprise mobility offerings.
The Summer of 2013 was truly amazing for me with a wide range of travel and big events.
It seemed appropriate to jot everything down while the memories were still fresh:
- Wrote and then read the first chapter of my sequel to the Submarine Warriors novel to a great group of elementary school kids at Eagle Rock. Needless to say, the Underworlders Strike Back.
- I published my 5th computer book. This title is “Keeping Windows 8 Tablets in Sync with SQL Server 2012.” It covers the creation of virtualized SQL Server, Active Directory, and IIS instances in Hyper-V where they can be uploaded to Windows Azure IaaS to support cloud-based data sync operations. I describe DDL, DML & sync operations with SQL Server Compact as as how to build Modern tablet apps.
- I was a speaker at Microsoft TechEd North America in New Orleans where I presented three Windows Phone 8 sessions including:
- The Phone That Has Everything the Enterprise Needs: Windows Phone 8
- Developing Large-Scale Enterprise Mobile Apps for Windows Phone 8 and Windows Tablets
- The Future of HTML5 Mobile and Hybrid Web Apps for Windows Phone 8 and Windows Tablets
- I enjoyed the famous Jazz Brunch outside on the courtyard at The Court of Two Sisters in the French Quarter.
- I walked into Peaches Records to check out some vinyl. Since I was wearing my Microsoft speaker shirt, the owner thought I was there to help them with customer support. After uninstalling two anti-virus and firewall packages that were both running concurrently, I restored the owner’s faith in Windows 8.
- I had a wonderful dinner with old friends at Emeril Lagasse’s NOLA.
- I won a speaker award from the Microsoft Executive Briefing Center for providing Best Customer Focus. Believe it or not, I delivered over 50 Windows Phone 8 sessions to corporate executives visiting from all over the world in FY13.
- I was a speaker at Microsoft TechEd Europe in Madrid where I presented the same three breakout session as I did in New Orleans.
- Had a great dinner near the speaker hotel with my friend Jeff Prosise and decided to make training videos for WintellectNOW.
- Enjoyed being the loudest person at TechEd as I delivered over a dozen enterprise mobility sessions at the Windows Phone booth with dark sunglasses, a cigar, and a microphone. I had special guest appearances from will.i.am and Daft Punk.
- UK Country Drinks with Sarah Lamb and Andy Wigley and then a birthday party dinner for Raleigh in a cool part of Madrid.
- Flew to London to hang out with Vicky, Ken and their kids at their home in St. John’s Wood. When Julia and Rob arrived, we had a mini family reunion going.
- Via a FaceTime conversation, Vicky and I convinced Cathy to drop everything a make a last minute flight from Seattle to London the next day. Thanks Delta air miles!
- Bought Churchill’s “Their Finest Hour” at Hatchards bookstore in Piccadilly Circus that’s been around since 1797. Remarkably, when I was paying for the book and the woman at the counter noticed I was from Seattle, she asked how things were going at Elliot Bay Book Company? Ah, the small world of literature.
- Cathy and I spent a wonderful weekend walking along the Thames, crossed the Millennium Bridge to visit Shakespeare’s Globe, and trekked out to The All England Lawn Tennis Club.
- Walked across Abbey Road and had my picture taken.
- Had a fun dinner with Cathy, Vicky, Ken, Julia, and Rob at The Pig’s Ear in Chelsea.
- Took the Eurostar to Paris to ensure we were out of England and in France in time for the Fourth of July. There’s no better way to travel.
- My good friend Arnaud let Cathy and I stay at his apartment while he was out of town. I loved how the bed is pulled down from the ceiling to sleep in it.
- Dinner with Thierry, Cathy, and David at Le Café du Commerce in the 15th arrondissement. We sat on the third floor and dined under the stars because of the cool retractable roof.
- Scotch at Harry’s New York Bar near Place de Vendome is my regular hangout when I’m in Paris.
- Cathy and I spent several hours roaming around the grounds of Roland-Garros and immersed ourselves in French Open history. We actually got to walk on the hallowed clay courts themselves.
- I created the official Seattle Bumbershoot app for Windows Phone 8 to provide festival goers with a schedule of events. I worked with the One Reel folks and wrote all the code outside sitting on my deck over a weekend.
- At MGX in Atlanta, I enjoyed sitting at the counter at the Waffle House in Centennial Olympic Park teaching fellow Microsofties how to sell mobile solutions while they ate waffles and sausage. You never know where you’re going to be able to help someone. BTW, have you ever tried their hashbrowns with cream gravy?
- Had lots of fun with all my Windows Phone friends outdoors at the Pitbull + Usher concert in Centennial Olympic Park.
- I was a speaker at TechReady in Seattle where I delivered the same content as I did for the previous two TechEd events.
- My favorite highlight of the summer was when I slept under a tree one afternoon at Madison Park.
- Had a nice time hanging out with Jeff and shopping for waterfront homes on Bainbridge Island.
- Cathy and I made our annual trek to my spirtual home of Walla Walla to taste great wines. We stayed at Walla Faces Inn at the Vineyard which is our favorite spot.
- Cathy and I enjoyed in immersive, 2-hour wine tour at Long Shadows Vintners where we learned alot about the art and science of winemaking. The The Chihuly tasting room was just beautiful.
- One of the evenings Cathy and I had dinner in the vineyard with a French baguette, Brie, spicy Soppressata, and a crisp, Walla Walla Rose. Memorable.
- Packed up the kids and drove up to our home away from home, Whistler/Blackcomb in beautiful British Columbia. The scenery along the the Sea to Sky Highway is hard to beat.
- Everyone was thrilled that my Mom flew up to join us in Whistler.
- We went to Cows for ice cream every night in Whistler Village.
- Cathy and I ventured into the Belvedere Ice Room for a chilly Vodka tasting wearing heavy coats. Definitely a super-cool moment!
- I volunteered my time to develop a grant submission and reporting website for the Riverview Education Foundation running in Windows Azure.
- Created my first WintelllectNOW video that covers Windows Phone 8 in the enterprise. Go check it out at wintellectnow.com and use my promo code TIFFANY-13 to view all the great training content.
- Joined the Windows Intune team to help grow Microsoft’s Mobile Device Management (MDM) business.
- My blog http://robtiffany.com was named one of BizTech Magazine’s 50 Must-Read IT Blogs for 2013.
I am grateful.
I’m pleased to announce the release of Microsoft’s Enterprise Mobility Management (EMM) solution comprised of Windows Server 2012 R2, System Center Configuration Manager 2012 R2 and Windows Intune.
In this article, I’ll walk you through each EMM component and illustrate the respective Microsoft capabilities.
Mobile Device Management (MDM)
This is the most general type of management where IT can apply policies, configurations, provisioning, and settings to mobile devices enrolled with an on-premise MDM server or cloud-based service.
The Microsoft MDM solution interfaces with the management APIs exposed by the various mobile operating systems. As with all MDM offerings on the market, this means there are variations in management capabilities across operating systems since each exposes a different set.
Policy settings for enrolled devices include:
- Requiring passwords and associated configurations and restrictions
- Enforcing device encryption
- Allowing cameras, web browsers on iOS and Android
- Allowing iCloud backup and document sync on iOS
- Content ratings on iOS
- Allowing cloud settings and credential sync on Windows 8.1
- Internet Explorer settings on Windows 8.1
- Allowing voice and data roaming on iOS
- Deployment of user and device certificates for managed devices by using the Simple Certificate Enrollment Protocol (SCEP). These certificates can be used to support Wi-Fi and VPN connections. Supported devices include those running iOS, Windows 8.1 and Windows RT 8.1, and Android. Learn more on TechNet: http://technet.microsoft.com/en-us/library/dn261202.aspx
- Deployment of VPN profiles that provision devices with the settings and certificates that they need to access corporate networks. Supported devices include those running iOS, Windows 8.1, Windows RT and Windows RT 8.1. Learn more on TechNet: http://technet.microsoft.com/en-us/library/dn261217.aspx
- Deployment of Wi-Fi profiles that provision devices with the settings and certificates that they need to access corporate Wi-Fi hotspots. Supported devices include those running iOS, Windows 8.1, and Windows RT 8.1, and Android. Learn more on TechNet: http://technet.microsoft.com/en-us/library/dn261221.aspx
- Jailbroken iOS devices and rooted Android devices are detected
A comprehensive matrix of supported policies per device can be found on TechNet:
In addition to Remote Wipe which removes everything from a device, we also have Selective Wipe which removes company apps, data and management policies from the mobile device while leaving personal apps and data untouched. Learn more on TechNet: http://technet.microsoft.com/en-us/library/jj884158.aspx#bkmk_dev
Mobile Application Management (MAM)
A more specific type of management, MAM focuses on delivering native apps from a corporate app catalog to an employee device while giving IT the power to selectively remove downloaded apps and associated data without touching personal apps and data.
Microsoft provides a Company Portal (Self Service Portal) that is downloadable from the Windows Store, Apple App Store, and Google Play. Windows 8/RT, Windows 8.1/RT/Pro/Enterprise, Windows Phone 8, Android 4 and higher as well as iOS 6 and higher are all supported. Users can download corporate apps to their device from the portal.
Corporate apps can also be pushed (user consent may be required) and remotely uninstalled from all devices except Windows Phone 8. Public apps made available by IT can deep linked to their respective public stores via the portal. Remote apps can also be made available and accessed across mobile platforms via Remote Desktop Services (RDS) for high-security scenarios. Administrators can view an inventory of installed corporate apps on the devices while not seeing the personal apps.
A new Identity and Access feature is Workplace Join which makes your mobile device known to your IT department by creating an object in Active Directory. Employees can access applications and data everywhere, on any device. Employees will get single sign-on when using browser applications or enterprise applications.
Single Sign On (SSO) is facilitated via the new Web Application Proxy which securely publishes corporate resources out to mobile devices without the need for VPN. Active Directory Federation Services (ADFS) simplifies access to systems and applications using a claims-based access (CBA) authorization mechanism to maintain application security. ADFS supports Web single-sign-on (SSO) technologies that help information technology (IT) organizations collaborate across organizational boundaries. Multifactor authentication boosts the level of secure access to corporate resources.
Mobile Information Management (MIM)
This is the most granular type of management where IT policies are assigned directly to the data to ensure security no matter where it resides, flows to, or which app is using it.
Active Directory Rights Management Services protects and encrypts documents and Exchange email by identifying the rights a user has to a given file and removes the option to perform actions outside those rights. This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and data from being uploaded to 3rd party cloud file sharing providers. Using our rights management technology means your mobile data is secure wherever it goes.
Mobile Content Management (MCM)
Secure distribution and mobile access to documents for employees.
Secure mobile file synchronization is facilitated by Work Folders. This is a secure share on Windows Server 2012 R2 that is made available to individual mobile devices that are Workplace joined. In order to say “Goodbye” to Dropbox and “Hello” to corporate file sync, you’ll have to accept some security policies on your device. Your IT department can encrypt the Work Folders on your device, require a password to sign in, and erase all the files in your Work Folders if you lose your device.
Our Dynamic Access Control technology can be used with the server share to provide automatic document classification and protection based on their content. Using Work Folders is a great way to make your work files available to all your devices, even when you’re offline. You can even control if files are synched over metered connections or while roaming.