Many organizations are focusing now on Windows 10.
The upgrade brings with it new options for managing experiences by enabling an enterprise mobility management (EMM) approach. EMM allows organizations to secure enterprise content on partially managed devices and sits alongside full device management. Within each management approach, there are several device ownership options:
- Enterprise owned, fully managed
- Enterprise owned, fully managed, personally enabled
- Enterprise owned, partially managed
- Personally owned, partially managed
To make the decision about which methods to deploy, the enterprise must consider a number of factors:
The Enterprise Standard Operating Environment (SOE) Image
Increasingly maligned, the SOE is still key to delivering Windows to enterprise clients today. The trouble is, it’s a bit like myself — aging and in need of getting fitter and trimmer.
With Windows 10, there is a perfect opportunity to start from scratch and build an ultra-thin image that supports a stateless device experience (or as close to that as possible). How you build and rebuild devices can be factored into the design process. Ultimately, the goal should be a highly reliable and responsive image that never requires IT touching the device (aside from break/fix). New SOE models allow for more innovative approaches to device refresh and build (but that’s for the next blog post!).
The SOE approach offers the highest level of app compatibility. Note that with Windows 10, your Enterprise processes need to be ready for many more Windows upgrades and features, in addition to the usual patching regime. Most enterprises will likely adopt Microsoft Current Branch for Business with Windows 10.
Personally Enabled SOE
The SOE also can offer, through privileges, the ability to allow users to self-install software. Security folks reading this are sighing and raising their eyebrows at this point. Flexibility is important in user experience, and if you want to enable personally enabled devices, then user agreements and tools can be used to reduce risk (i.e. privilege elevation and application control and software asset management). Personally enabled devices can be just as secure as fully managed devices with today’s security tools, providing more real-time contextual security policies.
Enterprise Mobility Management (EMM) for personal images
EMM allows enterprises to identify user groups who would benefit from BYO. The user owns the device and allows the enterprise to manage a container of corporate apps and data on the device, while also allowing the enterprise to ensure the device meets minimum standards.
Questions to ask of the EMM BYO approach:
- If the device fails, how quickly can users get themselves working again? (This can be easily countered by user policy for warranty repairs.)
- Have all the apps needed to operate from the EMM layer been validated?
- Have you configured your webstore to recognize users of EMM devices and show them relevant apps in the app store? And have you integrated the webstore with the EMM tool?
EMM with an enterprise image
EMM — isn’t that just for iPhones? Well not anymore. With Windows 10, this new approach could manage a device and allow you to re-evaluate your corporate image, perhaps even hand the responsibility for imaging engineering to your OEM (being wary to stipulate images that you authorise without bloatware).
The concept is what we’ve coined a “trusted image” approach. That trusted image could come from your build teams, your system integrator or the OEM. Apps and data are then layered onto this image, which allows and supports personal productivity apps alongside enterprise apps.
Questions to ask of the EMM Trusted Image approach:
- How are builds performed?
- Is enrollment required (i.e. device management) or is application management sufficient?
- How do you provide an enterprise device in this mode without increasing cost (i.e. perform builds, rebuilds etc.)?
At this point, enterprises have the perfect opportunity to improve the perception of IT by enabling a model that supports the latest generation of devices and results in a user experience you and your business can be proud of.
Today’s businesses are now being judged, in part, by the devices workers use. In refreshing thinking on device management, enterprises can provide a flexible architecture that delivers a stateless experience, allows new device form factors and supports all the delivery models described in this blog. The advantage of this approach is that enterprises will maximise productivity and satisfaction with device services and provide a new platform for the hyper-productive digital workplace; this in turn can reduce cost.
The other beautiful result of this architectural approach is that you will deliver a unified device experience for users and manage all device classes, not just Windows devices, through a single architecture. This enables more efficient operations, delivery and, more importantly, responds to the need for a continuum of experiences across devices.
CSC MyWorkStyle Device and Mobility Management enables the techniques described in this post.
Stu Downes is a solution lead within the CSC MyWorkStyle offering group. Stu’s role working with product management, industry analysts, key clients and partners gives him a unique view of market trends and client needs. Since joining CSC in 1999 Stu has had a number of roles delivering, designing and leading solutions and products. Stu is now shaping workplace products that enable the hyper productive digital workplace.