Success with Enterprise Mobility: Empowering SCCM Admins

First published on CloudBlogs on Jun, 17 2014
Update: Check out Brad’s podcast about this post here . This is a message to the SCCM administrators who are looking to expand their influence and improve their organization. Right now, a lot of SCCM admins are wary of using the cloud, and I’m dedicating this post to them. I want to help these IT Professionals see a way to use the cloud that isn’t overwhelming or counterintuitive or contrary to the work they do on-prem. I’ve written this post to show what information is actually stored in the cloud, how the cloud enables them to be more impactful, and how to take advantage of the cloud’s strengths to empower their companies and their personal careers. Whenever I get a request to meet with CxO’s from around the world, the conversation always revolves around mobility and BYOD. I have these meetings at least once a week at Microsoft’s Executive Briefing Center , and, prior to the visit, teams from both companies work on the agenda for our discussions. After so much preparation, it’s easy to see the topics that are most important to these senior leaders. Without fail – every single time – these discussions heavily emphasize Enterprise Mobility and how these companies can embrace and succeed with the growing mobility trends (like enabling BYOD). I want SCCM administrators to know about these discussions because now (rather than a year from now) is the right time to start thinking about how to deliver what the leaders of your organization are going to need.

The Numbers Don’t Lie

To begin with, consider BYOD by the numbers: What we see in this graph from IDC is that the mix of devices being purchased today (as well as the forward-looking projections) make it obvious that all the growth is in phones and tablets. Most of these devices are purchased by consumers and then brought to work (aka BYOD). What we see here represents an “and” body of work that SCCM admins are going to need to be ready to tackle. In other words, you are going to and want to be responsible for PC’s and devices. To make this “and” possible for you, Microsoft will continue to invest and innovate in SCCM’s capabilities and the hybrid integration with Intune. These innovations will continue to add to the heavy-duty PC management that all SCCM admins use broadly today, while extending SCCM to the cloud with Intune for mobile devices.         Earlier in this series I mentioned that our Enterprise Mobility vision was to “enable users to be productive on the devices they love while keeping the company secure.” “Devices they love” covers everything – PC’s through tablets, servers through smartphones, and this will continue to expand to wearables. Right now there is a giant, positive opportunity for SCCM admins around the world to expand the size and the nature of their impact and really lead their companies into this world of mobility.

Whose Responsibility is Mobility Management?

If we can agree that BYOD is a real trend that needs real, robust management attention – who should be responsible for it? This is a question we’ve spent a lot of time researching, and we’ve looked at how customers all over the world have approached this. In that research we’ve discovered that the SCCM team is the most common team assigned responsibility for mobility management, followed by the e-mail team. In the cases where mobility management isn’t assigned to the SCCM admins, those admins still have a heavy influence on those management decisions. In the previous post I walked through some of the integration we are doing with the Office apps – and this integration demonstrates how closely we are working with them. At times there are other teams managing mobility, such as a central security team, and in some cases the networking team. Since MDM/MAM/EMM is such a young market, however, the capabilities are still not broadly deployed – for now. Despite this early stage and the technical challenges at work, as I talk to the senior leaders of various companies, there is a general agreement about the need for a single team that focuses on delivering an incredible end-user experience across PCs, tablets, phones, and beyond. That team is going to be absolutely critical to the success of the company. That team is the SCCM team!

The Plan to Empower SCCM Admins

Based on all the available evidence, we firmly believe that Enterprise Mobility should be delivered from the cloud. Amidst all of the rapid change in the IT industry, the role of the cloud is going to be the constant . There’s no arguing that the job of the average IT Pro is pretty challenging. It wasn’t all that long ago that you only needed to concern yourself with the Windows roadmap and its accompanying updates. Now you have to monitor Windows, iOS, and Android (and the various flavors of Android). What can put an admin underwater is that all of these sources are constantly coming out with updates and upgrades that need to be managed and mastered. The good news is that on our end we can make the changes and updates to our cloud-based products and then seamlessly update what you’re using. This means that the same day OS updates are available and you can start using them – but you don’t have to worry about constantly updating your infrastructure or learning the new intricacies of the platform. This is a massive advantage. If the cloud performed no other service for IT, this might be enough. :) This cloud-based advantage is also a huge help when it comes to managing the modern mobile devices. All of these new mobile devices were built to consume cloud services and their value increases exponentially when they are attached to the cloud. When you use a cloud-based service for your Enterprise Mobility solution, these devices can be managed and updated from anywhere on earth as long as they have an internet connection. These updates can be extended without the need to setup gateways that expose servers in your datacenters, and every aspect of the admin role becomes progressively less cluttered with these chronic, manual tasks. Delivering policy from the cloud does not mean all of your administration has to be from the cloud – we think about Intune as the edge to your SCCM deployment . Intune provides a global, highly available solution for your mobile devices which is connected back to your on-prem SCCM deployment. All your administration and reporting can then be done from the SCCM console.

Lingering Concerns about the Cloud

When the IT Pros I meet with at events and customer visits tell me that they have concerns about moving to the cloud, I totally understand where they’re coming from. When I started my career, I was up close and personal with the move from mainframe to x86 – and I can still vividly remember the pain and struggle we all went through during that huge industry-wide transition. When I talk with these IT Pros, one of the most common questions I get is, “What information is stored in the cloud, and how do we decide what gets stored there?” The answer is really straightforward:
  • First , Intune relies on Azure Active Directory (AAD). You obviously don’t want to have to manage two sets of identities, and AAD allows you to extend your investments in AD to the cloud.
  • Second , Intune only needs to have the username and four attributes of the user synced from AD to AAD. Thus, the passwords are not needed in AAD.
  • Third , when a user authenticates to AAD they can be redirected to your on-prem AD and the actual authentication occurs against AD.
Once I’ve explained these simple steps, IT Pros (and the security teams) immediately become a lot less concerned about AAD (and the cloud in general), and they start to think through the possibilities of what they can do with the cloud. When you are running in the Hybrid SCCM/Intune mode, policy is synchronized from SCCM to Intune, then as the status, inventory, etc. are reported back to Intune, the data essentially passes through Intune and is all stored in SCCM. Understanding this detail of the infrastructure is also a huge source of confidence for SCCM admins. One other interesting note: In my conversations with the analysts who work in this area, their feedback has been that well over 50% of customers are now opting for the SaaS/hosted model rather than deploying EMM in their data centers. Not only has this model been widely adopted, it’s accelerating!

Not All Change is Bad

Industry wide changes like this aren’t always easy to work through, but avoiding these changes as long as possible, isn’t a viable solution. For SCCM admins dead-set against using the cloud, I would say you are missing out – but for admins who can see the opportunity within this change, there are some very exciting developments afoot. Microsoft is committed to empowering current SCCM admins with the tools to extend their current skillset into the cloud-based future of IT. Right now (literally right now ) is an opportunity for SCCM admins around the world to use this technology to take a strategic position within their organization by enabling mobility and embracing the BYOD trend. We have built the hybrid SCCM/Intune solution to provide the SCCM teams with a single end-user experience and a single IT Professional experience across PCs and mobile devices. With these resources available, SCCM admins can use their existing skills to really make an impact. Like I said at TechEd: I believe IT has a bright future !