Microsoft RDS updates and Ignite preview - Friday Notebook, September 22

Also including more on iOS 11, Citrix WEM Application Security, Android zero-touch, iOS “virus scanners,” talk of RMAD roles, Citrix LTSR, Windows AutoPilot, and Aaron Parker.

This is our weekly log of everything that’s happened in the EUC, EMM, and desktop virtualization space, collected and co-written by Jack and Gabe.

News we covered at

Android is getting a key new enterprise provisioning tool. Zero-touch enrollment means time saved and a more secure provisioning process. Similar programs have been a hit with Apple and Samsung, so this is good news for Android enterprise.

More Industry news

Microsoft released some more information on additions to RDS in the form of a demonstration video with Simon May and Scott Manchester. Some of the new changes include things like conditional access policies, integration with Azure AD, and multi-factor authentication. These changes help make RDS roles like Web, Gateway, and the Connection Broker multi-tenant, so it’s integrated into Azure more than ever. Microsoft also demonstrated their HTML5 client that allows you to access Windows apps from any browser.

Last September, Citrix acquired Norskale and turned it into Citrix Workspace Environment Management, or WEM. This week, they announced a new product in the WEM family: WEM Application Security. Where WEM allowed you to whitelist and blacklist applications across the board, WEM Application Security allows you to allow or deny applications based on users and groups, and it integrates with Microsoft AppLocker. Follow the link above for more info and a video demo.

The new Apple App Store Review Guidelines (via Hacking with Swift) have language that say no app may market itself as an iOS-based “virus or malware scanner.” We’ve covered the nuanced discussion of mobile threat defense products before; the bottom line is that there’s definitely a role for them, but Apple’s stance is that agents apps should not be polling the device for a list of installed apps—instead, you need MDM for that. Some MTD apps used private, undocumented APIs to do the app polling, but I’ve heard from an industry source that this route has been closed in iOS 11.

Microsoft Ignite starts on Monday, and we expect a bit of news around Windows 10 device management. If you look at Microsoft’s existing guidance on when to use MDM and when to use traditional management, that dates to March 2016, it’s quite a bit more conservative than many UEM providers (most notably, VMware). From what I’ve heard, this is going to change! Plus there are other indications of what’s coming.

Many of the Ignite sessions will be streamed on Channel 9, and here are a few of the ones we’ll watch on Monday:

Other things that are coming up:

More of our blog posts

Deep dive on iOS 11 in the enterprise - Podcast #131. Aaron Freimark, Russell Mohr, and Jack Madden talk iOS 11 MDM, iOS tethering and caching, kiosk and BYOD use cases, iPhone X, Face ID, and Apple Watch Series 3.

Are EUC IT admins using RMADs, or mostly developers? Rapid mobile app development products promise fast apps, but who owns the implementations? This is one of the open questions on my mind right now.

Put your Windows 10 deployments on AutoPilot. Aaron Parker talks cloud management, MDM, and provisioning for Windows 10.

Is Citrix XenApp / XenDesktop 7.15 the last version you'll roll out yourself? With XenApp and XenDesktop 7.15, Citrix has released an LTSR build that they'll support well beyond 2022. Will this be the last on-premises platform you deploy?

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I haven't noticed anyone else commenting on this, but I'm disappointed that the Windows Server 1709 (2016) release that's due in the next few weeks isn't going to be for RDS users/customers.

As I understand it, there'll be no new "Windows Server with Desktop Experience" (what we used to just call Server, because that moniker now belongs to Server Core) until 2019. I'm getting this from the image/table here:

That means that building a Win10 desktop experience on RDS is going to be stuck in 2016, and lacking the features that were removed prior to launch (Edge, Cortana...) and the stuff that has been added since.

This seems a big deal to me - does anyone else feel the same?

If not, are you happy that your Windows 10 RDS desktop will look 'stale' (as well as being harder to manager) until then?