MobileIron Builds an EMM 'Bridge' to Windows 10
Microsoft released a key updated figure among its many announcements at Microsoft Ignite late last month: 400 million devices worldwide are now running Windows 10. Yusuf Mehdi, Corporate Vice President of Microsoft's Windows and Devices Group, said enterprise adoption factors heavily into that number. Yet when it comes to the millions upon millions of businesses worldwide running fragmented versions of the stalwart operating system (OS), Windows 10 still has a long way to go.
Enterprise Mobility Management (EMM) and Mobile Device Management (MDM) provider MobileIron wants to fast-track that migration with MobileIron Bridge, a new product in the company's device management stack giving enterprises a single console from which to oversee desktop and mobile Windows 10 devices. For businesses still running Windows 7 or Windows 8.1, MobileIron Bridge leverages Microsoft expanded EMM resources in Windows 10 to let IT managers apply policies and scripts without requiring a systems image.
"The reason Bridge is important to our customers is it's the first solution to truly unify desktop and mobile operations," Ojas Rege, Chief Strategy Officer at MobileIron, told PCMag. "What it will let people do is modernize security management specifically for Windows 10 without sacrificing any of the granular policy action they've set up over the years using Microsoft System Center."
Rege talked about four main IT use cases for MobileIron Bridge: setting granular policies, viewing and managing an enterprise file system, editing and managing registries like Active Directory (AD) or the cloud-based Azure Active Directory (AAD), and distributing both Windows 10 universal apps and legacy MSI (Windows Installer) apps in the same enterprise app store. He called Bridge an extension on MobileIron's core policy engine, re-architected away from traditional systems management and toward the script-based EMM deployment model in Windows 10.
"What Windows 10 makes really evident is that the mobile model is subsuming the desktop. Windows 10 architecture is the catalyst for desktop modernization, and Microsoft has made deep investments to finally allow this transition to happen," said Rege. "We want organizations to have a tangible place to get started to identify where the value is going to be for them in moving to an EMM model."
Unified Windows 10 EMM…If You're Already a MobileIron CustomerThe existing MobileIron EMM suite offers some good default functionality for system management, spanning a wide set of what would be a significant number of third-party purchases. Combined with Bridge, the company is providing a straightforward way to transition off a legacy OS and build a unified EMM strategy running on Windows 10. The catch: MobileIron explained that Bridge is primarily geared toward existing MobileIron customers as part of the company's larger technology stack.
Rege said MobileIron has a customer base of more than 12,000 organizations and 10 million seats, though that number includes Android, iOS, and Windows devices. As such, the IT value in Bridge for enterprises may have an expiration date. Most organizations will eventually (probably) migrate to Windows 10, but there's also no guarantee that Microsoft's own EMM product suite will not overtake MobileIron when it comes to the overall functionality offered.
MobileIron Bridge is built on top of the Windows EMM stack, and leverages that protocol and application programming interface (API) to communicate with client systems. Bridge's primary offering is to augment that functionality through Windows PowerShell scripting allowing IT to apply "policies" similar to group policy objects (GPOs) on the desktop. Bridge seems to be a stopgap measure to get administrators to move toward EMM, until certain Windows features catch up.
Still, it's fair to say the ability to apply policies to non-AD devices or domain joined devices that aren't on the corporate virtual private network (VPN) is a great way to close at least some of the gap that exists with bring-your-own-device (BYOD) policies. At the very least, enforcing some degree of corporate policies on previously untouchable user devices reduces the surface area of potential threats. It also offers some promise for controlling rogue road warriors who rarely sync with the domain controller.
Another intriguing feature of MobileIron Bridge is how it handles the enterprise app store. Bridge offers some intriguing possibilities in scenarios requiring deploying legacy Win32 applications. While this is a new technology and some bugs are to be expected, this could be a significant time saver for teams routinely applying difficult-to-configure applications. The ability to define installation scripts in advance, and make application installation a self-service (but IT-approved) action, is an attractive one from an IT perspective.
"What our customers want is one unified enterprise app store with modern apps, MSI apps, legacy apps—all the apps they wish to provide the user. MobileIron Bridge fills that gap," said Rege. "It lets you integrate those non-MSI apps into the app store on the device."
Examining the IT ValueMobileIron states that through MobileIron Bridge, CIOs can save up to 80 percent of their enterprise's total cost of ownership (TCO) of Windows 10 using EMM versus using traditional software like Microsoft's System Center. Along with the Bridge announcement, the company released a TCO Toolkit white paper helping businesses calculate EMM cost models across hardware, software, operations, and help desk expenses in modern and legacy models.
The TCO value is undeniably there, but the idea that the era of the domain-joined PC is coming to a close is also a bit misleading. One of the primary advantages of Active Directory is the ability set policies in one spot that work across all kinds of platforms, including server environments. Some kinds of applications make domain membership mandatory for single sign-on (SSO). IT still prefers system images in many cases for a number of reasons, including removing typical junkware on a system, ensuring the proper Windows edition, and making certain a user is not starting with a compromised system. There's no guarantee that MobileIron could remove new malware, or that buggy Windows 10 code doesn't permit a threat to go unnoticed.
IT can't make the assumption that the Windows 10 architecture or platform rules out traditional types of threats. Downplaying the need for system images also conflates BYOD PCs with corporate-owned PCs. The two should not be considered synonymous, and have different expectations of privacy and level of control.
Keeping these caveats in mind, Bridge is a useful EMM tool for businesses in the MobileIron ecosystem making the Windows 10 switch. MobileIron has worked with Windows devices for years, but until recently Bridge the company focused far more prominently on EMM in Android and iOS. Rege said Microsoft's commitment to a modern architecture in Windows 10 finally gave the company the confidence in Microsoft to invest in a connective product like Bridge.
"We've always been focused asking questions like what does the enterprise need? What can we expose?" said Rege. "Microsoft didn't have the luxury of not worrying about the past like Android and iOS because there's so much legacy capability built into Windows.
"In Windows 10, you can upgrade the OS without reworking the apps," Rege added. "We've got this core set of EMM APIs exposed the same way Apple, Google, and Samsung do. It gives IT the ability to take security-based policy actions on a device and the business data associated with it."
This article originally appeared on PCMag.com.