As we’ve been discussing for the last several months, Windows 10 can be managed using mobile device management APIs, and it has a lot of other features that make it much more like a mobile device.
For example, there’s work and personal data separation through Enterprise Data Protection; more frequent, smaller updates through Windows as a Service; and the Retail out of Box experience, where new device are immediately enrolled into management without wiping them or installing your corporate image. (And there are plenty more. I wrote about some of the other new features recently, plus you can read the full list of Windows 10 MDM APIs.) Most important is the concept that MDM is designed for devices that are remote—there’s no need for a VPN and it happens in real time.
All of these concepts have been common in enterprise mobility management for iOS and Android for a while now, and though many products have tackled remote laptop management for years, many of these EMM concepts are new to Windows.
There really are some good reasons why you might want to use these features—they’re faster, more lightweight, and more appropriate for devices that are mobile or personalized. This could be a big change for devices that are out in the field; Windows tablets; embedded, ruggedized, and kiosk devices; and even standard laptops. And just think what they could do for BYO PC.
Of course the challenge is that for many IT shops these concepts are a huge change—they’re new, different, still unproven, and may not satisfy current needs depending on the scenario. One big obstacle is classic desktop apps (or Classic Windows Apps, as Microsoft has taken to calling them). The new Windows MDM APIs just aren’t very good with them—they can deploy simpler MSIs, but we all know how complex desktop apps really are.
But here’s the good news: it doesn’t have to be all or nothing for EMM-style management and features in Windows 10. There are actually several ways to combine it with existing client management techniques
First, it is possible to enroll Windows 10 in MDM and also do standard domain-joined client management at the same time. This might sound cumbersome, but consider that some management products are already starting to combine both of these together.
Second, it’s also possible to control the MDM APIs through a traditional client management agent, using the MDM Bridge WMI Provider.
Another option is to manage the device with MDM, but use one of the newer desktop application management offerings to deal with all the classic Windows apps. This is VMware’s plan using Project A². (Since Gabe and Brian know the crop of new desktop app management products better than I do, I’ll have to check with them to see who else could be working on similar concepts that would work with MDM.)
The final option is assume that your MDM-managed Windows devices are just like all your other non-Windows devices, and figure out a way to just not have locally-installed classic Windows apps. This means using desktop virtualization/VDI/DaaS/remote apps etc.; app transformation; SaaS and web apps; or mobile apps (well, in the cases where somebody’s actually built a Windows Store App). Another option could be using Project Centennial, the Universal Windows Platform Bridge for classic Windows apps.
Regarding this final option, treating Windows clients like non-Windows devices may seem a bit odd at first. But isn’t this the direction we’ve been heading in anyway now that we have more non-Windows devices in the enterprise every year? If, as Brian and Gabe are fond of saying in their presentations, Windows applications indeed become middleware, then the future of Windows client device management will be with MDM.
But I digress... My point for today is that for the near future, even in cases where you can’t go all in on EMM-style management for laptops (and let’s face it, that’s probably most situations for right now) you can still get usage and value out of at least some of the new EMM-style features by combining them with what you’re already doing.