You may have heard that Windows 8.1 includes a new option for mobile device-style management. Great! But does that mean that we can get out of the business of traditional desktop management? Probably not yet. Let’s take a look at this.
Windows 8.1 MDM
Windows 8 introduced touch-based Windows Store apps, which are as well-behaved and sandboxed as iOS and Android apps. We should all love these new apps because they install and remove with ease, they don’t mess with the operating system or each other, they have well-defined techniques for sharing data, and in general, they’re free from the headaches that come with managing traditional Windows desktop apps.
Windows 8.1 introduced support for a mobile device management protocol. Much lighter than traditional Windows management, it really is very similar to the MDM that for iOS and Android. When the apps are well-behaved and sandboxed and everything, this just the type of management tool we need.
Enter traditional desktop apps
Last week, Brian wrote an article titled, As more apps move off Windows, a "well managed" desktop is worth less and less. As time goes by, we’re simply getting more work done with web apps and mobile apps.
In the last few weeks I’ve been spending a lot of time digging into Windows 8.1 MDM, so the idea that immediately entered my head read Brian’s article was, “Hey, we’re coming to an historic confluence where MDM will be all we need for our Windows devices!” (Cue grandiose background music.)
Of course for right now we still need traditional desktop apps, too. That got me thinking about how we could “containerize” desktop apps, so that they would be well-behaved and secured just like mobile apps, so that we could get by with just MDM-style management. And then I had a reality check.
The problem is that no matter how you look at it, running local copies of Windows desktop apps requires a lot of management. Sure, you could get traditional Windows apps to behave like mobile apps, but to do that you’d have to combine together about 5 different products to get the functionality—app virtualization, some sort of DLP or security product (like AFORE CypherX), management from the likes of AppSense or RES, and so on. By the time you do all that work... eh... you might as well just go back to whatever management you were doing before.
To make MDM alone work for Windows, we have to truly abstract all of our remaining traditional Windows apps, either via remote desktops or type-2 client hypervisors, or we need to be able to replace them all with Windows Store apps or web apps.
That may be around the corner or or far off depending on your situation, or maybe you could just use this this new MDM-style of management for a certain subset of users. But when these do happen, then MDM for Windows client devices will be perfect, and we’ll be able to treat Windows devices just like iOS and Android devices.