Centrify Express Mobile Taps Microsoft AD for Painless MDM

Who says Active Directory integration is only for desktop computing environments? Centrify believes that’s the old way of thinking, so enter “Centrify for Mobile,” a cloud-based management solution promising to bring unified management of mobile devices floating around your network. The VAR Guy spoke to Tom Kemp, Centrify’s CEO, and David McNeely, senior director of project management, about the new offering. Could Active Directory be a solution to mobile device management (MDM) woes?

iOS and Android devices have been welcomed to the Centrify fold, and it couldn’t be simpler, thanks to Active Directory. Download Centrify Express for Mobile (it’s proxy server software) and start provisioning devices right away. It also happens to be absolutely free and supports more than 1,000 devices. There is a catch, however: If you want to receive updates on the software along with Centrify’s support, you have to sign up for a subscription (about $24 a device.) But Centify believes making the initial offering free can help SMBs who just need to manage a few devices, while making it frictionless for VARs to upsell bigger business since there’s no cost barrier to try it out. Plus, users don’t need to have existing Centrify software for Centrify Express Mobile to work.

So how does it work? Part of it is a cloud-based service, allowing for provisioning even when the mobile device is away from the corporate network. It also doesn’t require any special holes poked in firewalls or on-device software installation. But the real secret sauce is how Centrify links the device and to Active Directory — it’s all through security profiles. Both Android and iOS support these profiles, which allow a deeper level of control over the device, such as enforcing passcode use.

Android control seems simple enough for The VAR Guy, but the Apple iOS tends to be locked down. The VAR Guy queried McNeely for a little more information.

“Apple publishes a set of APIs to allow 3rd parties to communicate via security profiles. [Security profiles] have to be signed by a certificate with a trust model. We tie them heavily back to Active Directory. We exposed the group policy interface and all the settings Apple allows us to control. We just have to push those [security profiles] to the device, so we built a cloud service. This makes it very simple.”

Alrighty then. Added bonus? Rooted Android devices and jailbroken iOS devices can be detected for rejection, auto de-provisioning or simply noted to IT management. McNeely stressed that this solution needs no data center add-ons or appliances and IT admins will not have to deal with another management console since Active Directory is the hub.

So what about the channel and the future of MDM? Kemp offered his thoughts:

The mobile device management market is very crowded, but there’s a complete lack of differentiation [partly because] of how Apple limits what you can do. We think that having this unique approach of levering Active Directory and having the “fremium” model changes the market dynamics. We think that this free approach works very well … [and] channel partners will appreciate it. It’s frictionless MDM, existing technology offering and you can seamlessly move up with us.

The VAR Guy finds “free” to be a compelling argument, so you can get your hands on Centrify Express Mobile here. Be sure to also out Centrify’s recent moves, including enhanced Mac OS X AD integration and FIPS certification.