Friday Notebook, August 9: Microsoft licensing; Samsung DeX on PCs; Workspace ONE Access

Also: Ojas Rege on the podcast; BlackHat; WVD and Citrix Managed Desktops; iOS security; Google Cloud updates; BlackBerry and conditional access; and more!

This is our weekly log of desktop virtualization, enterprise mobility, and end user computing news.

Our blog posts

Jack: Ojas Rege on mobility, MobileIron’s early days, & what’s next for EUC – Podcast #141. Ojas has been the de facto face of MobileIron for years. He’s stepping back from the company now, so we take a look back at how the industry evolved and where it might go.

Kyle: I’m at Black Hat 2019 for the next couple days: Here’s what I hope to learn. My first multi-day conference on my own—and one dedicated to my focus no less!

Jack: When will Windows Virtual Desktop be GA? We don’t know, but there’s plenty to talk about. The buried lede is that Citrix Managed Desktops will go GA on August 20, six days before VMworld.

Industry news

After October 1, Microsoft will no longer let customers use on-premises licenses for software that’s hosted on Amazon AWS, Google Cloud, Alibaba, and Azure. (Here’s the announcement and FAQ. It doesn’t affect existing licenses, just new ones after that date.) Instead, customers will have to buy License Mobility through Software Assurance, Azure Hybrid Benefits, or buy cloud services that include the Microsoft licenses. Business Insider has a good write up. People seem to be up in arms about it, comparing it the Microsoft moves from the 90s.

Also in Microsoft licensing, apparently not quite everyone will get Access to FSLogix, something that I wasn’t aware of before. Per-device Windows 10 Enterprise Volume Licenses are left out, even if you have Software Assurance. (Via Aaron Parker and Wes Miller.)

Apple will be giving security reachers special iPhones that are essentially “jailbroken” to a certain degree, to enable research. The iOS Security Research Device program will include devices with ssh, a root shell, and “advanced” debug capabilities. This has long been a tricky spot—most people will agree that iOS puts us at a very good starting place for security, but to some degree we’re still trusting a black box, and mobile threat defense solutions have always had to find ways around that. So this is great news, and a lot of folks are excited. Next, I’m curious if any form of the new EndpointSecurity Framework, coming to macOS Catalina, will ever come to iOS.

Samsung had an event this week for their new Galaxy Note 10, and Kyle and I got to have a look ahead of time. (See photos at the end of this post.) One big new feature is support for DeX on PCs and Macs. You just plug in the Note 10 via USB, install an app on the host device, and then it becomes your display, keyboard, and mouse for the DeX environment. I’ve been following DeX for years, and while I’ve never been tempted to ditch my laptop, Samsung has been making a lot of progress. Recently I wrote up a case study about DeX in police cars, which is along the lines of the use cases where I always thought it would make sense. And this DeX on the PC is something that I think could be pretty convenient—I already use my phone all the time while I’m sitting at my desk, so having it right there in my desktop environment would make things even smoother. (And if they could do seamless apps someday... wow, that would be cool!) Also, this isn’t too far away from Apple’s idea of bringing iPad apps to the Mac. In other news, Samsung is also bundling the Microsoft “Your Phone” app, and is building OneDrive support into the Samsung photo gallery app.

At the same event, Samsung announced a new Windows laptop based on a Qualcomm (ARM) chip, which looks pretty cool. I’ve been wanting to test an ARM-based laptop for years, and we’ve tested other Samsung devices before, so this could be my chance.

Google Cloud Next Tokyo ran last week, and there were a couple of updates in our space: the Advanced Protection Program is coming to enterprise customers; G Suite has some new user behavior analytics features; and support for password vaulting is going GA. This week, we learned that some new Advanced Protection Program features are coming to Chrome.

BlackBerry has announced the latest version of their EMM platform, focusing on behavior analytics and other features for access control. In other words, this is squarely in the middle of the conditional access trends we’ve been following. Fellow TechTarget site SearchSecurity has a write up.

VMware Identity Manager is now Workspace ONE Access. Brian Madden (the person who works for VMware and is no longer associated with this site) wrote a great explanation of why the name change makes sense, and I agree. 

Other reads and notes

The videos from the 2019 TeamRGE online event are available now!

Check out “An Enterprise Security Roadmap for macOS,” by Jesse Endahl of Fleetsmith. (There’s also a MacAdmins Podcast episode version, which, by the way, you should subscribe to.) Basically, everything is going in a good direction, but there are still a lot of gaps in MDM. On macOS, some things still have to be scripted by an agent, and on iOS, some things still can only be done in the UI by hand. Personally, I’d like to refloat an idea that I wrote about earlier this year: Instead of building MDM APIs bit by bit, why not just expose all of the settings in the UI of the Settings apps via MDM-managed app configurations. This would only be acceptable for supervised devices, but it would solve a lot of problems all at once.

Both FIDO and WVD are buzzing in 2019, and Freek Berson wrote about how to use them together. Cool!

A look inside Carl Webster’s lab. I always like fun posts like this.

Gabe Knuth and Brian Madden are launching a VMware EUC Podcast—here’s the first episode.

Here’s Intune’s new console for OEMConfig.

Citrix announced a new documentation site for their Citrix Cloud APIs.

Our Samsung photos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.