Things certainly are changing at Microsoft these days. It used to be that they'd wait, sometimes several years, on the side of a certain market before jumping in feet first and making waves. The most recent incident that comes to mind is Hyper-V, which really started picking up steam in 2012 despite having been around since 2008 (or, depending on how you keep score, 2003). Last week at Ignite, though, we saw Microsoft near the front of the pack when they debuted co-management of Windows 10 devices with both SCCM and Intune.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
With this announcement, Microsoft catapulted themselves into a Unified Endpoint Management discussion that is not much more than a year old, right on the heels of VMware and MobileIron, not to mention PolicyPak, which we wrote about recently. And though the three configuration areas that Microsoft showed at Ignite (Compliance, Resource Access, and Windows Update) don’t comprise the same breadth of configurations that AirWatch and MobileIron do, it paves the way for future product enhancements while giving enterprises time get some experience with some of the more low-hanging fruit.
The co-management that Microsoft showed at Ignite is limited to environments running SCCM and Intune, however as Jack describes in his post today, the underlying framework that allows SCCM and Intune to coexist opens the door for other MDMs to do co-management as well. So, even in situations where Intune falls short (things like regulated industry-oriented features, deeper tie-ins with iOS and Android, Micro-VPN support, and Secure Mail), there will still be co-management options available to you. At the moment, Intune is more of an 80% kind of solution, and it doesn't take much to tip the scales in favor of something more comprehensive.
Autopilot is similar to Apple’s DEP (Device Enrollment Program) and Android’s Zero Touch, which allow you to ship devices to end users that automatically enroll in your company’s MDM platform when they are first powered on. The user goes through a few steps to get connected to the internet, at which point the device automatically connects to your MDM. From there, Intune can push down the config profile and any applications, including the SCCM client. (You can read a bit more about AutoPilot in Aaron Parker’s recent post.)
The newest Intune Management Extension represent a catch-all for everything not covered by the co-management features, allowing you to push PowerShell scripts to endpoints via Intune. Using these scripts, you can accomplish many tasks that fall into the “advanced” bucket. It gives admins a way, even if it’s not the most ideal way, to migrate from SCCM to Intune without making too big a leap.
Where do we go from here?
As far as VMware and MobileIron are concerned, they're still at the top of heap, though they might be feeling a breeze as Microsoft starts breathing down their back. On one hand, they have the most feature-rich UEM platforms available right now, plus all the extra features that place them ahead of Intune in general. On the other, though, they're now faced with competing directly with Microsoft's platform, which you pretty much just get with a Microsoft 365 subscription. It's a tough, but navigable, spot.
Citrix, on the other hand, might have just gotten the keys to Dad's car. So far, the most UEM-like thing Citrix has said is that XenMobile supports Windows 10 MDM, which is a far cry from something that can help bridge traditional and modern management. Perhaps they're too busy with other issues to put resources behind it, or perhaps they were privy to information that Microsoft was already working on it and decided to wait until they made their move.
The Citrix partnership with Microsoft is all about "embrace and extend," which is no different than it has been over the last 20-some years. Microsoft builds something for the majority of customers, Citrix adds on the rest of the features that make it applicable to everyone. The same strategy has been used with Intune, which has most of the features people need, and XenMobile, which has the advanced features that customers are eventually going to need.
Could Microsoft run away with this?
Another option that comes to mind is that Microsoft could be poised to just break away from the same-old embrace and extend relationship and simply run with this. Normally I wouldn't think so, but there are two things that lead me to this option. First, this is Windows 10, not RDS or Windows Server. There are millions—billions even—of potential endpoints at stake, and who knows better how to manage them than the creator of the OS itself? Second is the aforementioned timing of Microsoft's involvement. It's rare to see them this bullish on a technology so early in the technology's life.
Granted, they have a ways to go to compete on the MDM level with the likes of VMware, MobileIron and Citrix. They may not want to be involved at that level, either, choosing instead to let the third-party platforms handle relationships with Apple, Google, Samsung, and others while they stick to Windows.
No matter the direction Microsoft goes with this, their involvement at this early stage of Unified Endpoint Management is a clear indicator that it is here to stay. So far, nobody has said that you're a dinosaur if you continue to use SCCM, but that day is coming. You can bet that it will coincide with the end of life for Windows 7 (January 14, 2020), because that's the last day an OS that can't be managed with MDM will be supported by Microsoft.
With just over two years to go until that day, you can bet a lot of maturing will happen. You don't have to plan a strategy right now, but keep an eye on what develops and know that in a year's time you may have to actually start planning.