Exec Brad Anderson says partners can help clients shift from perimeter-based defense to zero-trust security models.

Jeffrey Schwartz

June 27, 2019

10 Min Read
Desktop computer
Shutterstock

Microsoft says its cloud-hosted Intune endpoint configuration and administration offering now manages 175 million computing devices. Developed originally to manage only Windows devices, the company decided to extend Intune – now a core component of Microsoft 365, to manage Macs, iOS and Android devices – several years ago.

Intune also includes Microsoft’s System Center Configuration Manager, known by administrators as ConfigMgr for provisioning, securing and management of Windows PCs. Intune’s hockey-stick growth has occurred primarily over the past three-plus years since Microsoft extended it beyond Windows. Brad Anderson, corporate VP overseeing Microsoft 365, launched Intune five years ago, and noted the threshold in a blog.

Anderson-Brad_Microsoft.jpg

Microsoft’s Brad Anderson

Anderson has also played a central role in extending the Intune APIs with ecosystem partners such as Citrix, VMware and others. At last month’s Citrix Synergy conference in Atlanta, Anderson revealed the latest plan to broaden the Intune APIs. After joining Citrix CEO David Henshall during the keynote session at the Synergy conference, Anderson sat down with Channel Futures to discuss that relationship, Microsoft’s effort to advance Intune, the forthcoming Windows Virtual Desktop and the Microsoft Managed Desktop service.

Channel Futures: What’s your take on the on where Citrix is taking its Cloud Workspace?

Brad Anderson: Organizations are beginning to understand that the experience they give their users is meaningful. And it’s meaningful in terms of not just productivity, but also in terms of the war on costs. It’s not that they didn’t care about the experience, but security always took precedence over what the experience was for the user. It’s still pretty common for a commercial PC to have a 5-minute boot time because of all the things that IT puts on the device in the name of management and of security. Business leaders are now recognizing the experience that they give their users is one of the biggest things that drives and impacts culture. What I love about the Citrix Workspace is it provides one place, where everything is just right there so users can just get their job done. It’s a simple, elegant, rich workspace that is also secure and it’s what every organization is looking for.

CF: What are the implications of the agreement you announced with Citrix to publish more Intune APIs. What will this enable?

BA: The world of mobile devices and cloud services is fundamentally changing the way that organizations secure data. Organizations have got to move from a perimeter-based security model to what we call an identity-based security model. It’s based on a zero-trust model where the user verifies and you validate that the user is trusted, and that the device is trusted. And then you allow access.

CF: How will these APIs address that?

BA: We really pioneered conditional access in a world of mobile devices and cloud services. Within Microsoft 365, there are different data feeds that we collect, and then we analyze; it gives us a view of trust of the device. One of those data feeds is the configuration and the settings on the device. The new APIs that we are developing will allow other mobile device management (MDM) solutions to be able to give us information around configuration and device compliance and health data that will come into the Intune cloud service. And that will then be used as …

… Intune does its analysis to determine if the device trusted, which we then use inside of Microsoft 365. In our zero-trust model, it is the user and device, a trusted combination. Citrix will be able to integrate with that cloud service to send us information about the device configuration, the settings that we will then use as we determine trust of the device.

CF: How does that build on the Intune APIs Microsoft released about a year ago?

BA: What we published a couple of years ago was the Intune Graph APIs. And what that allows is any administrative console to make graph calls in order to be able to set the Intune mobile application management controls (MAM), which is then how you set the data-loss prevention policies for apps, such as Office. And so that covered the MAM layer. Now what we are doing is at the device layer, which is additive. Customers who are already using the Citrix capabilities for managing their mobile devices will be able to take advantage of Intune MAM, as well as the capabilities for being able to identify device trust. It’s a deepening of the partnership. And it’s a deepening of the integration that we do across our device management.

CF: How far along are you into this?

BA: Literally, we signed the paperwork [May 18-19] with Citrix. The APIs are in development right now. And, you know, we hope you’ll cut them out by the end of the year.

CF: What does that ultimately mean, in terms of how it changes the way devices are trusted in secured?

BA: What we are seeing right now across the industry is that organizations are trying to identify what their policies are for corporate devices, and bring your own (BYO) devices. And in the world of corporate devices, of course, they’re going to take control of the device. They are going to lock it down because the company owns the device. But in the BYO arena, users can get pretty uncomfortable with IT taking over their personal devices. Because these phones become intensely personal. What we see in the industry is increasingly BYO solutions; organizations are moving to just using MAM policies without taking over the entire devices using MDM. For corporate devices, we certainly see MAM and MDM both being used. So what this solution allows us now to do is whether it’s a corporate device, we want to use MDM, and MAM and if it’s a BYO device; maybe you just want to use MAM, there’s now a way for us to integrate with partners like Citrix in both models and add an MDM layer to the MAM layer.

CF: What are the implications of this for partners such as managed service providers who are doing offering various desktop management services?

BA: I am a believer that most organizations are looking for help in what the right way to empower and enable their users on all of their devices in a way that the user love and IT trusts. Managed service providers have got a great deal of experience to share to help and I’m a big fan of that. In fact, we at Microsoft have launched our own solution where we are …

… taking over the responsibility for managing and securing Windows and Office for our customers, called the Microsoft Managed Desktop.

CF: Yes, we’ve covered that. What is the partner model for MMD?

BA: We’ve announced that HP is integrating with it and there are a number of partners; we’ve announced on it. But let’s talk about how we think management is going to change over the next couple of years. And what I think is happening right now is both management and security are moving to a world where insights that are delivered from the cloud are now able to automate or help IT focus where they should spend their time in the way that is the most impactful. Today at Microsoft, we are now getting telemetry back from over 800 million Windows 10 PCs, from over 180 million monthly active users of Office 365. And we service 8 billion corporate or commercial authentications a day through Azure Active Directory. Just think about that data set for a minute: we now get a chance to see every hardware configuration, every driver. And we can actually have a point of view now, on the stability, reliability, performance, compatibility of Windows drivers and applications from the global scale that we provide a view of. Likewise, we get a chance to see all of the phishing attacks that are happening around the globe as people try to attack email boxes through Office 365. Or attacks that grab identities. Now we can also do this on a global scale, and we are able to give back to IT a prioritized list of the things that they should do to make their environment more secure.

CF: Is the message to MSPs that they need to embrace this?

BA: If you think about the MSP business for a minute, most of them have got a fixed cost per month that the customer is paying to them in order to deliver the service. So anything that we can do that automates and decreases the amount of cost it takes for the MSP in order to support that customer, it just increases their profit and increases the number of customers that they can service. And so, as we are communicating that the modern way to manage, this is being able to take advantage of these insights. What we will do is surface this for MSPs so they can prioritize actions that they should take for individual tenants and for all the tenants that they are managing.

CF: While I’m sure you know, a lot of MSPs are concerned that Microsoft may be competing with them with this offering. How do you reconcile that?

BA: What I see with MMD is taking that knowledge and experience in terms of insights, then reflecting that back to customers and partners the way that they can build services around it. I think MSPs will be able to build rich services that do more than just what I have this unique knowledge of and then go to market with MMD being an offering inside of their offerings.

CF: Can they offer this now?

BA: Absolutely. There are APIs that exist. This is what HP, as example, talked about when we announced MMD. HP has a hosted DaaS service. And that hosted DaaS service is much broader than what the …

… MMD offering offers. And so MMD just as a part of the HP DaaS offering, and it’s a way that they can go to market that delivers the best experience for users, but takes all the expertise – the unique expertise that HP has – and wraps around what Microsoft has unique knowledge about.

CF: So MSPs can offer MMD?

BA: The APIs exist in order for people to be able to call into MMD and the intent is we don’t think about MMD going to market by itself. It’s about having a service that reflects this unique knowledge we have in ways that a partner can then embed into what they do. And they can add their unique value their unique relationships, their unique services on top of it.

CF: Will it be offered with Windows Virtual Desktop?

BA: Customers will be able to choose between the modern workplace distributed or virtualized, and there’ll be multiple price points. Obviously, if you’re running with Windows Virtual Desktop, it’ll be a little bit more expensive. But as Windows Virtual Desktop goes to [general availability], that will roll into the Microsoft Managed Desktop.

CF: Are you seeing high demand for Windows Virtual Desktop?

BA: Already 4,500 unique tenants have been provisioned since we went into the public preview. The interest is literally off the charts. It’s been fascinating. If you think about the journey that we’ve been on with, say Exchange Online, if you go back to 2006 and 2007, we had at that time one customer, Energizer. Now look at where we are to date. The world has recognized it’s not their core competency to host and run Exchange — let Microsoft do that. It’s the same thing with Windows Virtual Desktop. Why build out all of the infrastructure in your own data centers to run Windows when Microsoft can do it in our public cloud? We’re going to be able to do it better. Microsoft has made it very attractive from both the packaging, pricing and SLA capability. So I think you’ll see a significant portion of virtualization, whether it’s a full desktop or app that’s on premises today, move into the cloud over the next five years, in the same way that email has moved into the cloud with Exchange Online and Office 365.

Read more about:

MSPs

About the Author(s)

Jeffrey Schwartz

Jeffrey Schwartz has covered the IT industry for nearly three decades, most recently as editor-in-chief of Redmond magazine and executive editor of Redmond Channel Partner. Prior to that, he held various editing and writing roles at CommunicationsWeek, InternetWeek and VARBusiness (now CRN) magazines, among other publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like