Last week at Synergy the big news was a renewed broad partnership between Citrix and Microsoft. Key components to the partnership are:
- Citrix committed using to Azure for cloud services.
- Microsoft will allow Windows 10 VDI on Azure using XenDesktop.
- Integration between NetScaler and Microsoft Enterprise Mobility Suite (EMS).
- Integration between XenMobile and Microsoft Intune / EMS
- The previously-announced Skype for Business Optimization Pack for XenDesktop and XenApp.
Brian and Gabe will provide analysis of the desktop virtualization announcements and the general direction of Citrix later this week; today I’m going to cover the XenMobile and Intune integration.
Most of the components of this partnership involve products that obviously complement each other and are “better together.” However with XenMobile and Intune, at first glance it appears that there’s a lot more direct competition. This has lead a lot of people to wonder what the future holds for XenMobile, and how much EMM market share and functionality Citrix could concede to Microsoft.
I watched both of the Synergy keynotes, I was able to talk to Kirill Tatarinov, Brad Anderson, and Rajiv Taori (Citrix VP of product management for the mobile platforms group), and I went through about a dozen articles and videos that Citrix and Microsoft put out to put together a picture of what XenMobile and Intune integration means. (You can find key blog posts and videos here, here, here, and here.)
First, let’s look at the actual announcements from the week of the show. We know that in general the road maps for XenMobile and Intune will be aligned, and there will be ongoing collaboration and integration.
Specifically, Citrix’s iOS and Android apps are going to incorporate the Intune SDK. This means they’ll have MAM capabilities that can be managed directly by Microsoft Intune. The Citrix apps that were mentioned are WorxMail, Secure Forms (formerly Worx Forms), ShareFile, and Receiver. This integration is expected in the second half of the year.
NetScaler will have a role here, too. Microsoft is building NetScaler capabilities into the Intune SDK, so that apps can connect to on-premises resources without using a VPN. NetScaler will also be able to pull compliance data from Intune and EMS, enabling conditional access policies.
Citrix is going to use Azure AD to provide some new identity capabilities in XenMobile, including self-service password resets and multi-factor authentication.
Finally, and perhaps most important, Citrix is going to build a brand new EMM service in Azure, and it will provide back end with Intune and EMS. One important use case will be coordinating compliance for regulated industries.
(There were also other new and recent XenMobile announcements, but I’m going to cover them in a separate article.)
Competition or better together?
One important thing to know about this partnership is that even though Microsoft will be able to directly manage Citrix apps using Intune, Citrix will not be able to directly manage Microsoft apps using XenMobile—instead, that’s what the backend integration with Intune is for. A lot of people noticed this last week, prompting questions about the future of XenMobile: If you have to use Intune no matter what to manage Outlook and all the other Office apps for iOS and Android, where does XenMobile come in?
But going a level deeper, there’s a lot that Citrix brings to the table that Intune doesn’t do yet. XenMobile is much stronger when it comes to compliance, certifications, and regulated environments, and farther along with app-level management features. XenMobile also supports Android for Work and a wider variety of other Android OEM MDM APIs.
Citrix and Microsoft are planning for scenarios where XenMobile provides compliant app and device-level security policies, and Intune provides management of certain Office app features. These plans came together quickly and recently, so how exactly everything will work together hasn’t been determined yet and there’s no full feature-by-feature list of what each platform will provide. However, both sides are adamant that Citrix’s new Azure-based EMM platform will take care of all the integration required to make this work.
Furthermore, Citrix’s new Azure-based EMM platform will be a modern multi-tenant service, and bedsides handling the Intune integration, Rajiv Taori told me that it will also provide all the MDM and MAM capabilities that XenMobile currently has.
There’s no doubt Microsoft Intune and EMS will be big. The latest numbers are that EMS is up to 27,000 customers. (These numbers have been somewhat suspect in the past since we weren't sure how Microsoft was counting customers, however I just learned that this number comprises sales of Intune alone, the full EMS suite, and the Enterprise Cloud Suite; and that it does not include the free Intune functionality that comes with Office 365. There was also a lot of buzz about Intune on the ground at BriForum.)
This is also happening in the context of the accelerating spread of Office 365 and the Office Mobile apps, as well as the expanding Intune SDK ecosystem (it now includes SAP, Adobe, and Box).
Given all this, Citrix is smart to partner closely with Intune and EMS—now Citrix customers will have an easier route to Office 365 on mobile devices. This move also could help re-invigorate XenMobile, and unite Citrix and Microsoft against competitors like AirWatch and MobileIron.
Execution will be key, though. Plenty of companies use one vendor’s MAM on top of another vendor's MDM, but with all the moving parts and different options between Citrix and Microsoft, this sounds very complex. They need to make good on their promise of an integrated admin experience, so that policies can automatically be applied across all combinations MAM and MDM from XenMobile and Intune.
Aside from the Intune integration, Citrix’s new Azure-based EMM platform will be quite welcome on its own. XenMobile 10 finally united MDM and MAM into a single server, but still the words I hear used most often to describe it are “complicated” and “fragile.” A brand new platform could give XenMobile another boost.
Overall, Citrix and Microsoft have a good plan for today. But I still wonder what will happen if and when Intune catches up to XenMobile’s capabilities. Will the classic “embrace and extend” strategy work for mobility the same way it’s worked for remote desktops for years? Or will Microsoft want to continue the rapid progress on Intune, possibly reducing the need for XenMobile features? On the other hand, XenMobile and Intune is just one part of a larger, broad strategy, so there are other forces at work. We’ll have to watch this closely for more signs of future directions.
(UPDATE: This article was updated at 1pm PDT on May 31 to reflect additional information about Microsoft licensing numbers.)