How Windows 10 changes enterprise mobility management
Since its release 21 months ago, Windows 10 has forced companies to rethink how enterprise mobile management (EMM) is handled in their corporate environments.
Unlike its predecessors, Windows 10 comes with EMM tools, allowing enterprises to deploy and configure PCs and other Windows devices using so called “modern management” approaches that include mobile device management (MDM) API hooks and controls.
Many of the basic application and system provisioning functions required for business laptops and PCs running Windows 10 can now be done through the OS’s EMM control consoles, said Phil Hochmuth, IDC’s Program Director of Enterprise Mobility.
That means organizations with more recent Windows PC deployments can take advantage of consolidated management tools and unified policy and configuration platforms via unified endpoint management (UEM), Hochmuth said.
“Organizations that still have a large legacy Windows 7 deployment, or rely heavily on legacy Win32/64 applications will require legacy PC life-cycle management and software distribution tools, such as Microsoft SCCM, Quest KACE and LANDESK, among others,” Hochmuth said.
The new MDM functions are based on Microsoft’s Intune protocol, which was launched in 2011 and enabled UEM.
UEM allows all corporate devices to be managed across a variety of platforms, theoretically, at least, making it easier to lockdown devices and protect critical data.
Dave Johnson, a principal Forrester analyst covering infrastructure and operations, said he’s spoken with numerous IT pros who are trying to get their organizations out of the PC management business — and they’re asking if Windows 10 offers enough improvement to allow them to overhaul their PC management approach. In short, they want to know if they can get away with using an EMM platform to manage PCs instead of using conventional tools like Microsoft SCCM (System Center Configuration Manager).
“Over the next five years, we believe that Microsoft Intune and EMM offerings from other vendors such as VMware, MobileIron and Citrix will gradually displace conventional PC management tools like SCCM for PC management in large enterprises,” Johnson said via email.
Unlike previous Windows versions, Windows 10 was designed as an OS that gets regular feature upgrades – not just security and bug fixes — that are handled by enterprises on a monthly basis when “Patch Tuesday” updates arrive. Those once-or-twice-a-year updates have made it more difficult for companies to coordinate which version of Windows 10 their corporate environment uses.
In the past, one of the issues that made Windows upgrades painful was the vast tapestry of legacy apps that companies only revisited every three to five years for updates, “if that,” according to Johnson.
More frequent Windows releases, Johnson said, will push users to either update their applications more often, or choose new solutions from third-party vendors who can keep their commercial offerings up to date.
Andrew Hewitt, also an infrastructure and operations analyst at Forrester Research, said the he’s already seeing evidence that third-party EMM vendors are starting to focus on use cases that aren’t handled by Windows 10.
For example, VMware AirWatch, in partnership with Dell, recently released a slew of new functions for PC management, which include allowing IT admins to query and retrieve key system attributes and configure critical BIOS settings.
“MobileIron, too, is building out the number of GPOs [group policy objects] they manage, and they can also do other fairly mundane but important things, like change the desktop background or remove bloatware,” Hewitt said.
From an MDM perspective though, there will be more pressure to use MDM/EMM tools to keep PCs updated over the air, whenever possible.
“The challenge with that, though, is that there are still some functions, like re-imaging a PC that can’t be done over the air, so companies will still need to hang on to their conventional PC management tools, even as they start leveraging their EMM tools more in their day-to-day PC management activities,” Johnson added.
Additionally, Windows updates are large, requiring significant bandwidth to update large fleets of PCs — a challenge that many corporate networks aren’t yet up to meeting. Conventional PC management tools often offer clever solutions like peer-to-peer software distribution that can reduce network traffic, another reason MDM/EMM tools are only viable for a subset of enterprise PCs for now.
At its Build developer conference last month, Microsoft claimed 500 million devices are running Windows 10. Conversely, IDC has estimated that 162 million commercial licenses have been rolled out. IDC continues to predict strong growth for Windows 10 deployments in the enterprise, especially as the 2020 end-of-support date for Win7 gets closer.
“With Windows 10, Microsoft made an important and credible effort to improve the manageability of Windows. It’s a significant challenge because part of what makes Windows so powerfully attractive to IT pros is its flexibility and manageability,” Johnson said