Cloud Insights from Brad Anderson, Corporate Vice President, Enterprise Client & Mobility
I watched the Day 2 keynote from the US VMworld 2014 earlier today, and I wanted to share a few of my thoughts about the focus of the keynotes with respect to end-user computing and enabling Enterprise Mobility.
Perhaps it goes without saying up front that I love competition and believe that competition is good for everyone – especially customers.
The biggest thing I took away from today’s keynote was the stark difference between the approaches taken by Microsoft and VMware for enabling Enterprise Mobility. Much of what VMware spoke about today revolved around improving their VDI capabilities on top of their virtualization platform. This was pretty predictable since that’s right in VMware’s wheelhouse.
Right now, a lot of the vision from both Microsoft and VMware appears to be similar, e.g. enabling organizations around the world to embrace the trends of consumerization and mobility. From Microsoft’s perspective, our vision is to “Enable organization to enable their users to be productive on the devices they love, while helping the organizations be secure.” But how our two organizations are investing to deliver on this vision is very different.
At Microsoft, we are investing in a much broader set of capabilities than VMware – specifically, we are protecting at the device, app, data, and identity layers. If a solution is missing any of those four layers, you’re missing critical elements of a mobility solution. VMware is totally missing protection at the file and identity layers – and that’s a deal breaker.
Below, I’ll cover some of the key facts regarding the vast amount of work we’re doing here at Microsoft (with the Enterprise Mobility Suite and Microsoft Office) compared to the bets VMware is making.
Every organization needs to manage access to corporate assets based on the correct authentication of the user. Active Directory (AD) is the authoritative source of corporate identity (used by more than 90% of enterprises around the world), and AD has been extended to the cloud with Azure Active Directory (AAD). With AAD we are delivering a common and consistent identity/access solution that enables organizations to expand their use of AD across private and public clouds.
In terms of real world success stories, Office 365 is the most visible example of a cloud service based upon AAD for directory services. AAD handles more than 13 Billion authentications per week! In fact, during the VMworld keynote, AAD processed more than 70 million authentications.
If you’re looking for a comparable identity and access management solution from VMware/AirWatch, you’ll have better luck finding a unicorn. VMware/AirWatch simply do not have an identity and access management solution. Today’s keynote didn’t mention identity or access management once. That’s a big problem for IT.
Built on Azure AD, Azure AD Premium (part of the Enterprise Mobility Suite) provides key features for managing identities across on-premises and the cloud including Multi-Factor Authentication for increased security, pre-configured single-sign-on and identity provisioning to more than 2,000 of the most popular cloud apps, and self-service password reset + group management to empower your users and reduce calls to your IT help desk. In addition to all this, one of the most interesting values of AAD Premium and the Enterprise Mobility Suite is the machine learning in the solution which enables IT to detect and block abnormal access requests.
It seems like every week there is a report of a significant security breach somewhere in the industry, and the rich identity management solution in EMS could identify and block these attacks. It is important. Really important. And VMware doesn’t even mention it in their mobility strategy.
Office 365 and the Office apps are the gold standard for business productivity, and they represent some of the most critical workloads that IT Pros need secured across their users’ devices.
Time, after time, Office was front and center in today’s keynote demos, but there was a pretty big elephant in the room (stage?) each time: VMware/AirWatch are unable to deeply and fully manage the Office apps across Windows, iOS, and Android. Only Intune and the Enterprise Mobility Suite can fully manage Office.
Back in May at TechED, we announced that, going forward, Office apps would ship with native support to be managed by Intune. Later this year, we will also be updating both Intune and the Office apps in significant ways. Intune will also be updated this year to include mobile app management for iOS and Android devices. Back in June I wrote an entire post that went through all the details.
If you use VMware/AirWatch and you want deep management of the Office productivity apps, your users will be given the Word, PowerPoint, Excel, Outlook clones that AirWatch has built. These apps don’t operate like the real Office apps from Microsoft and they lack the rich, unmistakably Office experience. You can count on document compatibility and rendering issues. IT teams have to ask themselves if they want to take their chances with separate, unproven productivity (I use that term lightly) apps from VMware/AirWatch, or do they want to breathe easy with Office 365?
While so much of the conversation today is about mobile devices (and despite VMware's bold projections of a near-term future featuring mostly "just in time" desktops), let’s not forget that the majority of users in an Enterprise are using mobile devices and PCs – this is why it’s so important to ensure that PCs continue to be included in device management conversations.
Two out of three enterprise PC’s around the globe are managed via System Center Configuration Manager. Today, VMware talked a lot about desktop management – but only in the context of VDI. The keynote completely glossed over the need to manage the PCs and laptops that are in your user’s hands right now. The various presenters all made statements about VMware managing “all of your devices” – but they probably should have mentioned the asterisk to that statement which clarifies: “Unless you need to manage the distributed desktops and laptops in your organization.”
With Microsoft’s Enterprise Mobility solutions you can use the tools you have today, leverage the investments you’ve already made in Active Directory and System Center Configuration Manager (ConfigMgr) for years to come, and build a reliable foundation for the future of your business.
With Intune we have built the Mobile Device Management capabilities you would expect (e.g. full and rich support for managing Windows, iOS, and Android devices) and we’re delivering these capabilities from the cloud – but you can choose to do all your administration from the familiar ConfigMgr console you already know.
To learn more about how we have brought ConfigMgr and Intune together – I recommend checking out this post.
Application and device management can only provide so much protection for company resources. The next layer of management to consider is at the file level. To protect at the file level, you need different capabilities entirely: Tools that embed the access privileges right in the file itself. In other words, the ability to make the file self-protecting.
To enable this level of file protection, we have developed Azure Rights Management Services (Azure RMS), another component of the Enterprise Mobility Suite. With Azure RMS, the File/Save action can grant access rights to the file and those rights can be written into the file itself. In other words: The file protects itself. Microsoft is unique in being able to provide this level of protection.
When I wrote previously about Azure RMS, one of the data points I called out was that more than 70% of all the attachments that flow through Office 365 are files created from Microsoft Office or Adobe Acrobat. I didn't see this kind of capability even hinted at in today’s keynotes. If you believe that files need to be self-protecting in the future (and I sure do), then you need the EMS – it’s the only solution on that market delivering this value.
The bottom line here is simple: You need to compare Microsoft’s Enterprise Mobility Suite & Office with what VMware announced today (the VMware Workspace Suite). I strongly believe that the value being delivered through the Enterprise Mobility Suite is far greater that what VMware can deliver.
Our customers’ enterprise mobility challenges – as well as the strategy elements discussed above – are top of mind here at Microsoft, and this is why we have developed our comprehensive, cost effective enterprise mobility offering. You can read about the components and practical applications of Microsoft’s mobility strategy in great detail in my ongoing “Success with Enterprise Mobility” series.
We believe these three elements are foundational to your Enterprise Mobility strategy. And I believe that Microsoft is the only organization investing in and delivering integrated solutions in all of them.
Our aggressive investment and innovation strategy will make Microsoft the clear leader in the enterprise mobility industry – both for end users and the IT Pros.
Did you watch the same keynote?
I'd say Mobileiron is the leader in the enterprise mobility industry.
In your article you write "You need to compare Microsoft’s Enterprise Mobility Suite & Office with what VMware announced today (the VMware Workspace Suite".
How does the price compare?
No IT pro trusts Microsoft implicitly to get an end user scenario for IT pros right. Have you seen your last 2 attempts (8 and 8.1) to make a desktop friendly tablet OS... We will never manage server OS from a tablet without a keyboard and mouse and u
can't seem to get that.
Additionally, VMware stick to what they do best and offer solid products, if that doesn't incorporate every possible requirement that usually means they recognise someone do certain parts better than them and you will need that product too. Why reinvent the
Not sure what that office clone malarkey is about, their heads gone there!
Actually Chris I am managing my server just fine from a tablet OS... I just extended drive space on an older hyperv image from my Lumia 1020... So yes WE can easily manage servers from devices without keyboards... .
As for prices... I have always got more and paid alot less with MS solutions. I'll bet my life VMware is more expensive and it offers less...