What’s going on in mobile app management? MAM has always been a bit tricky—it’s an essential part of EMM due to the nature of modern mobile devices, yet there are still tradeoffs and difficulties with various MAM technologies.
In the last few months there were significant MAM-related announcements from Microsoft, Citrix, and VMware, and we got platform updates at Google I/O and Apple WWDC. So did anything change?
The current MAM landscape
For some context, first let’s look at current landscape, which I outlined in my presentation at Citrix Synergy. (If you read my articles regularly, much of this should sound familiar.) The video is available on YouTube or you can check out the slides on Dropbox, but here are some bullets on what I covered:
- Why we need MAM and how MAM evolved: I talked about how we went from BlackBerrys versus iPhones to today’s variety of MAM options. Nowadays there’s a lot of back and forth about which MAM technology is best, and things can be quite confusing.
- I like to think of MAM in two basic categories: MAM that’s built into apps and MAM that’s built into mobile OSes. There’s no winner or loser—both types have their strengths, weaknesses, and tradeoffs.
- Different use cases will call for different types of MAM. I covered a variety of real world examples in the second half of the presentation.
Recent MAM developments
What’s going on now?
Both Google and Apple have publicly acknowledged (here and here) that they’re participating in the AppConfig Community. The AppConfig Community advocates for usage of the device-based MAM frameworks in iOS and Android for Work, and was launched earlier this year by VMware, MobileIron, IBM, and JAMF.
At the same time, there’s more interest in “stand alone MAM,” i.e. app-level MAM on top of (generally) unmanaged devices. Microsoft announced support for it late last year; Citrix made a push around Synergy; and even VMware has been talking about it more than they used to. Some people have been talking about stand alone MAM as if it’s a new concept, but of course it’s been around for years. There are also specialists like Apperian, Blue Cedar Networks, and various security vendors that concentrate on app-level MAM.
Citrix and Microsoft are planning integrations between Intune and XenMobile, but from the MAM angle, note that you still need Intune to do app-level management for the Microsoft Office mobile apps.
So in these regards, MAM is business as usual.
However, Android for Work is quickly going after very defined separation for work and personal usage. In Profile Owner mode (the Android for Work technique used for BYOD) enterprise MDM agents are fairly limited in what they can see and do with a user’s personal experience. For example, in Android N, users will be able to have a separate passcode for their work profile, and they can even turn the entire work profile off and on whenever they want (such as over the weekend). This could really change the MAM conversation, though Android for Work usage still isn’t widespread yet.
I was wondering if all these new Android for Work options would prompt Apple to make any sweeping changes in iOS management, but as we found out at WWDC, iOS 10 doesn’t have any earthshaking new features. (Apple is still busy, though—the new iOS VoIP API will be helpful, and there were a ton of new education features in iOS 9.3.)
Instead, Apple is refining MDM for BYOD gradually. Certain locked-down controls are getting moved from regular MDM to the special Supervised Mode, which is mostly for corporate-owned devices.
One interesting announcement came from VMware, who said that AirWatch will use the iOS MDM protocol in more nuanced ways—in some situations, the MDM server will not be given permission to perform certain device-wide management actions. This has always been a feature of the iOS MDM protocol, but generally it hasn’t been well known or commonly used. (JAMF has used it.) If this technique spreads, it could help make device-level MAM a bit easier and more flexible.
The wider context
Of course mobile app management is only one facet of modern end user computing, but it does carry a significant amount of weight—IT managing personal devices is still widely debated. As enterprise mobility spreads, more companies and users will be having this conversation.