News
        
        Tech-Ed Europe: Microsoft Demos Cloud-Based App Management
        
        
        
			- By Kurt Mackie
- June 27, 2012
Microsoft on Tuesday gave Tech-Ed Europe attendees a preview of how application management works using the Windows  Intune and Windows Azure Active Directory services.
Brad Anderson, Microsoft's corporate  vice president of the Management and Security Division,  delivered a  "sneak peak" of Microsoft's cloud-based application management concept  that will leverage Window RT ARM-based tablets and other "unmanaged"  devices. Anderson's  demo starts at about hour 2:09 in this Microsoft  Channel 9 recording.
Windows Azure Active Directory is now integrated with the latest  release of Windows Intune, which is a PC management service offered by  Microsoft. The integration helps support multiple device management by IT pros  by authenticating users and devices. This capability was something that Microsoft  had announced  earlier this month, but Anderson's  demo may have been the first to show it in action. 
 
IT organizations can point user devices toward apps using  Windows Intune (which is called "sideloading" apps) or they can do  that via the Windows Store (called "deep linking"), Anderson  explained. The process works with unmanaged Windows RT ARM-based tablets, as  well as with other mobile devices. In the demo, Anderson used an Apple iPhone. 
 While today there are corporate-managed and user-controlled  devices, future growth will come on the user-controlled devices side, Anderson contended. The  main point he made during the talk was that bring-your-own-device scenarios can  work in organizations if IT has both governance and control over the device. Organizations  don't actually need to own the device, he stressed. 
 The actual device management gets enabled through the use of  an agent, Anderson  explained.
 "You may have policies that may say, 'Hey, you can have  your own personal device, but it has to join the directory'," Anderson said. "And  as soon as it joins AD [Active Directory], we're going to push an agent down  and we're going to control the device, just like the devices we procure."
 Microsoft's traditional management approach with Systems  Management Server (now called System Center Configuration Manager) has been organized  around handling so-called "privileged apps." However, Anderson posited a new  world where most apps won't be privileged.
 "In traditional Windows, I can build an agent; I can build  a service. That service can have a global view of everything that's happening  on the device. That app is incredibly privileged," Anderson explained. "The right column, that's  Windows RT or iOS, where you can build an application but the application is its  own entity and it can't really see other applications. In an iOS, there is no  concept of building a scheduler; there's no concept of building a service. So  the app is not privileged."
 For this new world, Microsoft is adding governance and  control. Governance is about setting the policies for how users access their  apps and data, he explained. For instance, IT departments can enforce a "power-on  password" if the user wants to access company e-mail or corporate data. 
 "Whether your device is a Windows device or a  non-Windows device, everything that the user is going to do from that device is  going to be based on their Active Directory ID," Anderson explained. 
 Anderson  demonstrated using the Windows Intune service to authenticate via Windows Azure  Active Directory using a browser on the Apple iPhone. Following Active  Directory authentication, the device becomes trusted, he said. He then showed  the installation of an app on the iPhone from the Windows Intune service. 
 A Windows RT device is not Active Directory joined. Instead,  the device gets "enrolled into the service," Anderson explained. IT pros can use the  Windows Intune service to see all of the apps that have been activated for a  particular ID, including line-of-business apps and Windows Store apps. IT pros can  delete the device from the service or they remotely wipe the device, he  explained.
 Anderson  concluded the keynote talk by encouraging the Tech-Ed crowd to embrace  Microsoft's various "leading-edge technologies."
 In addition to this Windows Intune approach to getting apps,  Microsoft has previously  described a way of getting company-built Metro-style apps on a Windows RT  device via a "self-service" portal. 
        
        
        
        
        
        
        
        
        
        
        
        
            
        
        
                
                    About the Author
                    
                
                    
                    Kurt Mackie is senior news producer for 1105 Media's Converge360 group.