News

Microsoft Stumps for EMS over Third-Party Mobility Management Tools

• By Jeffrey Schwartz
• March 28, 2017

One of Microsoft's top executives last week made the case for the company's Enterprise Mobility + Security (EMS) service, touting its growing user base and feature set.

In a 35-minute video called "Everything You Want to, Need to, and/or Should Know About EMS in 2017," Corporate Vice President Brad Anderson said EMS is the most widely used enterprise mobility, application and device management offering in the market. Anderson gave demonstrations of the new EMS portal and features such as conditional access, ties with the new Microsoft Security Graph, integration with Azure Information Protection and the recently released Windows Information Protection in Windows 10, and the ability to embed EMS controls in apps via mobile application management (MAM) SDKs.

The video follows a blog post by Anderson two weeks earlier that highlighted the growing overlap between PC and device management through the use of mobile device management (MDM) approaches. In that post, Anderson pointed to the results of a recent survey of 400 IT decision makers by analyst firm CCS Insight that found that 83 percent had plans to converge PC and mobility operations into a single team within the next three years, with 44 percent doing so by the end of this year. Worth noting is that 86 percent reported plans to upgrade their PCs to Windows 10 within three to four years, and nearly half (47 percent) expect to make the move this year.

In the past, Microsoft has said that over 41,000 customers use EMS -- more than double the installed base of VMware AirWatch and triple that of MobileIron, according to Anderson. While Microsoft has entered into strategic partnerships with vendors offering rival solutions, including VMware, SailPoint and Ping Identity, Anderson stresses that Azure Active Directory (AD), Microsoft's identity management solution that's offered for both EMS and Office 365, should obviate the need for third-party identity management-as-a-service (IDMaaS) offerings.

"There are more than 85 million monthly active users of Office 365. Just shy of 84 million of them use the Microsoft solution to manage and synchronize all of their identities into the cloud," Anderson said in reference to the CCS survey. "What that means [is] just a little over 1 percent of all of the monthly active users of Office 365 use competing identity protection solutions. EMS is the solution that you need to empower your users to be productive how, where and when they want, and give them that rich, engaging experience."

Asked if he agrees with Anderson, CCS analyst Nick McQuire responded that Microsoft Intune and EMS have had quite a large impact on the market over the past year, fueled by interest in Windows 10 and Office 365's growth.

"Perhaps the biggest impact is the pause that it has generated with existing AirWatch, BlackBerry and MobileIron customers," McQuire said. "The enterprise mobility management [EMM] market is slowing down and penetration rates of EMM into their customer bases is low, and this is a challenge they need to address. Microsoft has contributed to this slowdown in the past 12 months, without question."

However, McQuire isn't saying that it's game-over for the other providers. "At the moment, there is a real mix," he said. "Some customers are making the switch to Microsoft. Others may not have made the switch but are absolutely kicking the tires on the product and waiting to see if Intune and EMS becomes the real deal, given that it arrived late to the market and is playing catch-up."

McQuire also noted that switching EMM products is not straightforward and churn rates in the industry, although unreported, are very low. "This is evidenced in the renewal rates across all the longstanding EMM players which are high [averaging between 80 and 90 percent], indicating that when EMM is deployed, it sticks and it becomes very hard to ask customers to rip and replace," he said.

The release of the Microsoft Graph and Intune APIs for Office 365 will help customers who don't want to move to EMS, he noted. Because EMS is offered with Microsoft Enterprise Agreements, using it with other tools will become more practical and make more customers open to using it in concert with those offerings.

"At the moment, we don't see many customers with a production environment under the co-existence model, but we do see this growing rapidly this year," McQuire noted. "Microsoft's strategy here is not to concede these accounts, but to land and expand."

Why does it make sense for rivals such as VMware or MobileIron to use the APIs? Ojas Rege, MobileIron's vice president of strategy, said there are two sides to the EMS equation. One is the EMS-Intune console on the front end and the other is a set of middleware services on the back end based on the Microsoft Graph.

"If other consoles like MobileIron want to leverage them, they can," Rege said. "What does matter are these additional, proprietary Microsoft features. It doesn't make sense for us to use the Graph API to activate an Intune function to lock an iOS device because we just lock the iOS device directly, but it does make sense to use the Graph API to set a security control on Office 365."

Adam Rykowski, VMware's vice president of unified endpoint product management, agrees that traditional desktop PC management and MDM are coalescing and it's fueling growth. "We are actually some seeing some pretty major customers ramp up even sooner than we had expected," Rykowski said.

Andrew Conway, general manager for EMS marketing at Microsoft, posted a brief update last week on EMS and Microsoft Graph APIs, describing them as a gateway to various offerings ranging from Azure AD, Outlook, OneDrive, SharePoint and Intune. "The Microsoft Graph API can send detailed device and application information to other IT asset management or reporting systems," Conway noted. "You could build custom experiences which call our APIs to configure Intune and Azure AD controls and policies and unify workflows across multiple services."