‘Microsoft is still evil..’
MobileIron’s former Chief Strategy Officer, Ojas Rege, has blogged about a Microsoft and MobileIron co-operation that integrates their solutions.
The three-part blog is based on publicly available and third-party data, customer and partner feedback as well as ongoing analysis of Microsoft’s actions.
It culminates with the conclusion that while MobileIron and Microsoft’s Intune App Protection work together to secure Office 365 apps, there is a broader enterprise strategy at play here.
This broader enterprise strategy came to light nearly a year later in April 2019.
About a year later, Ojas has come forward with his opinions about Microsoft’s power play. His tone is different from 2018’s and it holds back no punches.
In the April post , Ojas observed that Microsoft is using Office 365 to try force customers to use other Microsoft products over best-in-class non-Microsoft products.
Let’s take a quick look at what these technical integrations are all about.
Microsoft Intune – open, not open
By virtue of being the dominant operating system for desktops and laptops, Microsoft is in the mobility space. They enhanced this with Office 365 mobile apps, that not only works on machines with their operating system (OS), but even other non-Microsoft OS machines/devices, as long it has connectivity to the Internet.
This downloadable, subscription-based, cloud-based productivity suite could effectively turn every desktop or laptop in offices and organisations, into captive audience for the Redmond software makers.
Because after deploying the operating system, and the productivity apps, IT departments want to be able to control them all as well.
Enter Microsoft Intune, which has the main function of providing policy control for Office 365 apps and manage endpoints (laptops, desktops, tablets, mobile devices etc).
Over 20 Microsoft mobile apps are supported, along with a handful of third-party non-Microsoft apps.
The bottom line is this: A majority of MobileIron customers are also Microsoft customers.
And technical integration is to the point that control policies can be set through a MobileIron console.
Microsoft just stops short of being really, really interoperable-friendly by using native app security frameworks (www.appconfig.org) for integration. They opted for proprietary APIs and SDKs as the way for third-party developers to integrate with Office apps, instead.
Ojas, who has recently moved to an advisory role within MobileIron, views this Microsoft strategy as their way to force adoption of Microsoft’s own Unified Endpoint Management (UEM) solution.
He shared, “In the UEM industry, Microsoft is telling customers that they must use Microsoft’s UEM solution, Intune, if they want to access certain important features of Office 365 and Azure Active Directory.
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It provides secure access to an organisation’s internal resources by authenticating authorised users at the log-in page.
Since most large enterprises have already chosen a best-in-class UEM solution, Microsoft is trying to deprive them of UEM choice and force them to migrate to Intune by blocking them if they don’t.”
App protection and conditional access for Office 365 are two examples, of Microsoft’s block-and-lock strategy. That said, App Protection finally opened up to the UEM ecosystem, but conditional access hasn’t.
What this means is that another UEM solution will not be able to flag a non-compliant device for devices that are not Microsoft-based.
Ojas pointed out, “Microsoft’s message to the customer is that if you want conditional access for Office 365 through Azure AD, you must give up your chosen UEM solution and instead use Microsoft.”
Replacing your current UEM solution with Microsoft’s just may be a very unwise thing to do.
Tom Smith, Research Analyst at Dzone.com, observed, “The ManageEngine Conference I just attended talked about the number of attacks taking place through PowerShell and Office365, and that Microsoft’s constantly playing catchup to secure vulnerabilities.”
Manage Engine is a provider of high-end functionality of large network management frameworks. They serve 3 out of every 5 Fortune 500 company worldwide.