Cloud Insights from Brad Anderson, Corporate Vice President, Enterprise Client & Mobility
In any enterprise mobility management system, the most commonly used capabilities are the settings management (MDM) functions. Once the settings are all calibrated to the needs of the organization, the next step is managing apps. Without fail, the first app that gets managed and secured is corporate e-mail.
The need to protect corporate e-mail is obvious. Every day countless items containing confidential data pass through inboxes all over the world – and in many inboxes there are opportunities for data leakage everywhere. This threat is compounded in a BYOD environment where each new form factor, platform, and mail client further complicates things. To enable BYOD but maximize security, we need to create a boundary between the corporate apps/data (financial info, strategy docs) and the personal content (cat pictures, Buzzfeed quizzes, etc.).
To do this, a common strategy is the use of “containers” to contain the corporate applications and data in a secure place on the devices. This secures the corporate data and keeps it separate from the personal data. From an actual implementation standpoint, this means controlling and limiting things such as where attachments or files can be saved to, and constraining where corporate content can be copied and pasted.
To address the challenges of e-mail management and security, there are currently a number of mobility vendors who have built e-mail apps of their own. These apps come policy-enabled to participate in the vendor’s container, and provides IT with the ability to separate out the corporate content and then protect it.
Although the security features may be good, the consistent feedback I hear very clear: Users are not delighted with the e-mail experience. I can’t count the number of times I’ve had a CIO who’s using one of these apps tell me how much they wish their devices were running Outlook.
The good news is that the device-based Outlook option is available and will come policy-enabled for management by Windows Intune.
The feedback from CIO’s about their desire for Outlook is based on three key things:
As I have visited organizations and asked them to show me what IT is currently delivering for secure e-mail across devices, this is what I see:
An employee uses Outlook on his PC whenever he’s in the Office, but when he heads home and checks his e-mail on an iPad he has to hurdle to a different e-mail experience. The problem is that his company uses Airwatch to manage their iOS devices – and that means using their e-mail app featuring an entirely different user experience. The next morning, this employee meets with customers before heading to work and he brings along his work-issued Android tablet. Now he has to switch gears again when he encounters yet another e-mail UX. All told, this employee has to juggle between three very different e-mail experiences (with very different capabilities) just to stay connected during a timespan stretching less than one day. Furthermore, this scenario doesn’t even include the other massive issue of being able to use productivity apps like Office across all of these devices – something that other management products simply cannot provide.
Even for tech savvy employees, this is exhausting. There is a better way.
The simple answer is Office + Intune.
The Intune team is working closely with the Office team as they are building all their iOS and Android apps (and Windows, obviously). Within Intune we are building a container solution for iOS (wrapper and management API) that will ship later this calendar year. We’ll follow that up with similar capabilities for Android. Later this year there will also be Office apps available for iPad – which will come with these management API’s natively built-in. This will make all of the Office apps natively manageable by Intune. This enablement is something far beyond e-mail management – with Intune your users have access to the entire Office suite, aka “the gold standard of productivity.”
With Office and Intune, end users are using the same apps across all their devices – and they get the same user experience every time. This kind of functionality – the kind which is so seamlessly delivered that the end users don’t notice – is a top request from customers all over the world. Enterprises need the same rich experience across all their devices – whether those devices are Windows, iOS and Android. That is exactly what we are delivering with Office + Intune.
Perhaps the best way to describe why the combination of Office and Intune delivers the best solution for your users is to include a few screen shots and talk about why this is just the better solution. Included below is an end-to-end scenario of a typical end-user – and I’ll point out a few things along the way.
For demonstration purposes, I’ll use an iPad for this walkthrough.
Seen here is an iPad with the upcoming version of Office installed on it. Apparently the user deployed the applications from the Intune iPad Self Service Portal. J
To start the scenario the user goes into Outlook (in this case she goes into Mobile Outlook Web Access or MOWA). MOWA delivers a wonderful experience with full caching capabilities so that it can run completely disconnected.
Here you can see what MOWA looks like on an iPad. This functionality is already available today.
With MOWA you have the capabilities you would expect from Outlook, and, as you can see, it has been optimized for the information architecture of an iPad while remaining distinctly Outlook. This gives the user that sought-after consistent experience across all their devices.
Here is where you’ll notice the first big difference:
Have you ever opened an Office document on an iPad (or other device) and, once it finishes opening, the reader or editor that ships with that device and/or management solution presents an image like the one you see here?
This situation is all too common. What you see in this image is the default iOS Excel reader trying to render a spreadsheet. It’s not exactly ideal when you’re in the middle of a meeting or trying to prepare for a discussion with your boss.
The bad news is that images like this are very common with the editors/readers shipped by many of the MDM vendors.
The good news is that when an iPad is running Excel, that same spreadsheet looks like this:
There’s no other way to say it: It looks beautiful.
Because this is “just Office” the document is properly rendered and the user can start working immediately.
Here are where a couple big differences have a big impact:
First, with the Office + Intune solution is that the users will always have their Office documents rendered properly.
The second big difference is consistency. When a user that has been operating Excel on a PC for years opens up Excel on an iPad they’ll immediately notice that what they’re seeing is unmistakably Office! It has the look and feel of the Office they have been using (right down to the ribbon bar) while being optimized for touch.
One of the controls enabled in Office + Intune is the “Open In” capabilities of iOS. This enables IT to express policy that, whenever an Excel spreadsheet is opened, it should be opened “in” a specific app. In the case – always open Excel spreadsheets in Excel for iPad.
The usability of Office + Intune also extends to the IT team.
IT will have the ability to express policy regarding where users can save corporate documents to – e.g. from within Outlook, in the Office apps, and from any app that is wrapped with the App wrapper than will be released later this year as a part of Intune. This allows IT to enforce policy on corporate documents so that they can only be saved to OneDrive for Business or SharePoint.
IT is also well served by the fact that the Office apps will come policy enabled to enable IT to manage the copy and paste of content between apps.
A common use case here will be to only allow copy and paste between those applications that are participating in the corporate container. Office will come with these capabilities built in and we will deliver a wrapper that IT can use to wrap any apps that need to participate in the same container as the Office apps.
For example: If I copy content from the spreadsheet and try to paste that into a personal app (not wrapped) this is what happens:
First, the user attempts to paste the corporate data from the spreadsheet into a personal e-mail. Notice that the Paste option is not presented. Because the corporate data is being protected, it automatically cannot be copied and pasted into non-corporate apps.
However, if the user attempts to paste the content into a corporate e-mail (MOWA), the paste option is readily available and the user is off and running.
* * *
If you want to see what the future of mobile productivity looks like, skip ahead to 1:37:48 in the TechEd 2014 keynote below. Julia White’s demo of Office on iPad is simply amazing – and what you’ll see is something that cannot be replicated by any other MDM vendor.
And, of course, all of this integrates back into your SCCM infrastructure. That means if you want to use the SCCM admin console to do all of your configuration for modern devices and apps, you can do that with the connection we’ve established between SCCM and Intune. This connection syncs your policy configurations to the cloud and extends them to every device. THE SCCM administrator should really think of Intune as the edge of their SCCM deployment.
Secure e-mail, delivered through the combination of Office and Intune is the absolute best experience possible for your end-users. We have announced that these capabilities will be coming to Office 365 and Intune before the end of this year. I’ve already demo’d these capabilities to 100’s of customers and the response is always the same: “I love this! How fast can I get this for my users?”
It’s coming soon!