Every 53 seconds, a laptop gets stolen. In 56% of the cases, the theft results in a data breach — costing the business an average of $47,000 per stolen device! On the other side, 61% of Gen Y and 50% of 30+ workers believe their personal devices are more effective and productive than those used in their work life. While 95% of organizations allow employees to bring their personal devices to work, only 39% of them have a formal Bring-Your-Own-Device (BYOD) policy. This means enormous security risks, potential inefficiencies, and unnecessary costs for the organization.
These are just some of the reasons why organizations are looking at Unified Endpoint Management (UEM) or Modern Device Management (MDM) as a solution. While the concept of MDM isn't a new one, it is currently increasing in popularity, causing many IT managers to ask whether or not now is the right time to invest in it.
Today, I want to tackle this question by first defining what Modern Device Management is, and then exploring the most popular options and briefly discussing the business case before looking at the implications and consequences of moving to MDM.
What is Modern Device Management?
End users constantly store and share confidential documents, browse the internet, install new apps, read and send email, and much more on their devices. Leaving those devices unsecured and unprotected can lead to data loss or even confidentiality breach.
Therefore, the goal of device management for any IT admin is to protect and secure the company's devices, the data stored and accessed through them, and any other resources associated with them. This is done by ensuring that only authorized users, services, and devices gain access to any proprietary data, while at the same time allowing employees to easily find, access, and work on their devices without feeling restricted. With the proliferation of device types, application availability and end user access requirements, the old management methods do not quite cut it. IT admins need a single solution for which to manage any device, whether it is a PC, a MAC, a tablet or mobile device. This is what modern management is all about.
For enterprises looking for Modern Device Management solutions, there are many options. Below, I have outlined the most common ones.
Microsoft's Modern Device Management Solution: Microsoft Endpoint (Configuration) Manager
For the past 25 years, many large organizations have used the Microsoft System Center Configuration Managers (SCCM or ConfigMgr) or equivalent to manage their on-premise devices. As more and more organizations moved to the cloud, Microsoft introduced Microsoft Intune, its cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).
For the past few years, the software giant has aggressively tried to move enterprises off SCCM and towards Microsoft Intune. For those organizations that did not want to part with their SCCM setup, Microsoft pushed a hybrid combination of both solutions, coined "Co-Management".
However, enthusiasm was much less than expected as enterprises were hesitant to rip out their ConfigMgr and replace it with Intune due to the much smaller available feature set in Intune vs SCCM. Consequently, during 2019, Microsoft started talking about Intune as an extension of rather than a replacement for ConfigMgr. Brad Anderson, Microsoft's CVP of the Commercial Management Experiences team within the Experiences & Devices Group, explained in an Endzone 1906 video:
"We don't think of Intune and ConfigMgr as two separate things. We think of Intune as the edge of your ConfigMgr deployment and the way we add cloud intelligence to ConfigMgr deployments is through Intune."
In November 2019, during Microsoft's annual Ignite conference, this was made official with the announcement of the Microsoft Endpoint (Configuration) Manager, a combination of Microsoft Intune, ConfigMgr, Desktop Analytics, Autopilot, and other services.
(Image Credit: Microsoft, 2019)
Essentially, enterprises who run on Microsoft technology have three options:
- Stay entirely on ConfigMgr,
- Move entirely to Intune, or
- Implement a co-management approach utilizing Microsoft Endpoint Manager.
In the long run, most organizations will adopt option number three because they will need on-premise, mobile, and cloud management, but it certainly helps that Microsoft has created more favorable licensing to lower the barriers to adoption!
VMware Workplace One
Workplace One Unified Endpoint Management by VMware (formerly VMware AirWatch) allows organizations to manage all devices — from mobile and desktops to rugged and Internet-of-Things (IoT) — in real-time across multiple operating systems. Essentially, as an IT admin, you can control the access and manage any app on any device from one cloud-based admin console. Workplace ONE allows you to quickly and efficiently onboard new employees, create and enforce access rules and data policies, provision new devices, and much more.
(Image Credit: VMware, 2019)
Citrix Endpoint Management
Citrix Endpoint Management is a comprehensive, integrated UEM solution that allows IT admins to manage multiple platforms, such as desktops, notebooks, Chromebooks, and even IoT tools and devices (e.g., Citrix Workspace Hub and Alexa for Business) on various operating systems. Because it is part of the overarching Citrix Workspace solution, it "combines UEM with apps and desktop virtualization, file sync and share, secure network gateway services, plus security and productivity enhancements to Office 365."
(Image Credit: Citrix, 2019)
Modern Device Management Business Case Considerations
Almost every IT manager has encountered a stolen or lost laptop in their organization before. The majority of organizations have no clear picture of how many and which types of devices they have in house at any point in time. Therefore, the primary goal for investing in a Modern Device Management solution is to have one method to manage all of your devices. It really is that simple.
However, in reality most of these MDM solutions don't contain a full feature set that can allow that to happen, resulting in a hybrid solution for most large enterprises. This presents a challenge; if we now need more tooling to manage our environment, then the business case for adoption isn't one based around resource reduction, but one of security and end user experience. Both of these are somewhat intangible benefits.
Therefore, when creating the business case, we need to carefully investigate if we
- Can save money and how it is being saved (e.g., resources, technology)
- Need to invest to save long-term (e.g., prevent data breaches or security issues)
- Can generate revenue through increased productivity (e.g., employees having access to a mobile device tend to work an extra 240 hours per year),
- Will improve the end user experience (e.g., using different devices and platforms while having a consistent experience) leading to higher productivity and better employee retention
Practical Considerations Before Moving To Modern Device Management
Besides a solid business case, there are also practical considerations to think about. We need to ask ourselves: "What's involved? How would I actually move to these platforms?"
One of the most important requirements for managing your devices is assessing your application compatibility, application availability (e.g., some apps might not be available on the iOS which becomes a problem if iPads are your target platform) as well as your application and device performance. Depending on this assessment, you will need to think about whether or not your team can manage those different platforms.
In addition, you will need to update your security policies and change the methods used to enforce them. This also might impact your access protocols and procedures and, of course, the devices themselves as you might have to move from a desktop to a roaming device or support the same user accessing both.
You will possibly also change your on-boarding process. According to a ServiceNow study entitled "The Employee Experience Imperative", only 41% of employees feel it was easy to choose their equipment before their first day! This difficulty causes not only a bad user experience but also puts a huge damper on the employee's enthusiasm for the job and the employer.
Before you can move you will need to assess user compatibility and readiness. This includes understanding your user personas (e.g., in the field sales person) and whether they're suitable for each target platform. You will also need to determine whether the performance of that platform is good enough for that user persona's requirements. For example, you would not necessarily move a trader to a non-PC platform because it's potentially not going to provide the flexibility or performance that they need.
Last but not least, you need to decide on your KPIs, such as ticket volumes, user experience, cost of supporting the infrastructure, and licenses involved. This allows you to measure how successful your program is and whether or not in the Business-as-Usual scenario you have to invest more or less due to the multi-platform environment.
Consequences & Conclusion
While there is great technology available today, the solutions are still maturing — as we see with Microsoft's flip-flopping Modern IT Management Vision. If you're sold on the move to MDM, I recommend that you start by extensively assessing the current user environment, and only migrating the people who are extremely suitable for the target platform.
But most importantly, do not do this in isolation, but rather in conjunction with the standardization at the back-end. In other words, move your applications to a standard delivery mechanism at the same time that you start supporting the hybrid environment. Many organizations are guilty of a "build it and they will come" attitude, rushing to put people on the new platform because they have been sold a great story by the vendor. What was undersold is typically the complexity of the move itself. Consequently, migrations can be slow as a result of missing project management tooling and frameworks that provide the rigorous and yet flexible and agile workflows to support what is a major transformation.
Another pitfall I have seen quite often is that the chosen KPIs do not add up, particularly around the business case. Often, MDM business cases center around user experience and supportability, so we have to carefully monitor whether or not we are actually getting the results that we set out to achieve.
I believe Modern Device Management is the future, but my advice would be to evaluate all solutions carefully, move only as part of a larger Evergreen IT strategy, and pace yourself as you implement it. Many MDM solutions today are relatively immature compared to your existing technology, and some obviously have a focus on mobile devices that is being ported to the PC devices but simply is not as functional yet. Investigate thoroughly, there are a number of pitfalls for those rushing in right now.
