As Microsoft sets to deliver its own managed desktop services, VMware has doubled down in its effort to broaden the endpoint security options available with its Workspace One end-user computing (EUC) portfolio.

Competition for managed EUC and security services is expected to heat up in 2019 as migrations to Windows 10 continue to accelerate, giving customers more reason to provided unified management and security of desktops and mobile devices.

VMware’s Workspace One portfolio includes Horizon 7, the company’s virtual desktop and app offering, and AirWatch, its device and application management solution. Workspace One is widely regarded as one of the leading virtual EUC offerings. While VMware and Citrix have strong positions, in the emerging market for cloud-based digital workspaces, Microsoft makes no secret that it doesn’t believe its customers need third-party EUC solutions.

Microsoft has maintained a position for several years that its Enterprise Management and Security (EMS) bundle, available to many of its enterprise Office 365 customers at little or no extra cost, is all customers and service providers need to deliver a secure EUC environment. EMS provides security services and is now available as a service with Microsoft 365, often as an add-on option to Office 365.

CCS Insight’s Nicholas McQuire

“Microsoft is saying, ‘We can be your best of breed security provider around Microsoft 365,’” said industry analyst Nicholas McQuire, VP of enterprise research for enterprise research at CCS Insight. “Their stance is that you don’t need to go out and get all these different antivirus and point security products with identity or MDM or systems management because EMS will integrate all that together. And they argue that by working with a single provider, then they will give you all this other stuff like cloud security, security graphs, security intelligence and integrat[ion] into a multifactor authentication environment as well.”

VMware is well aware of those assertions, and to counter, the company last year added AppDefense, an endpoint security solution that runs in the hypervisor based on technology VMware gained from last year’s acquisition of Apteligent.

AppDefense uses machine learning to capture the intended state of an application. Because it’s based on the hypervisor, AppDefense isolates the application runtime, which VMware says makes it better suited to detect anomalies and provide automated alerts and responses.

Looking to build an ecosystem with Workspace One and AppDefense, the company earlier this year launched its Workspace One Trust Network, consisting of various security providers including Carbon Black, Lookout, Netskope and Okta. In September, VMware announced four additional partners: Check Point, Palo Alto Networks, Trend Micro and Zscaler.

Among the alliances that has drawn the most attention so far is Okta, known for its popular cloud-based identity and access management (IAM) service that provides federated single sign-on authentication. The partnership between the two companies, announced in May, gives both providers a boost in their respective efforts to compete with Microsoft on its turf: the directory.

Over the past two decades, Microsoft’s Active Directory, built into Windows Server and Exchange, has become a de facto source of creating and managing enterprise credentials for authentication and policy management.  Microsoft has extended upon that with Azure Active Directory, which is also required for authentication into Office 365 and is a core component of EMS.

Microsoft has long emphasized to partners that winning the identity battle is key to the appeal of many of its solutions including Office 365 and its new Microsoft 365 user management service. While many organizations use Azure Active Directory, quite a few augment it with third-party IAM offerings from the likes of Centrify, Okta, OneLogin, Ping, SailPoint and more. Okta, which went public last year, is regarded as a leading provider.

VMware has its own identity-management offering, VMware Identity Manager, but it turns out that many enterprises that now use Workspace One have Okta. In addition to the Okta Identity Cloud, which now is available with more than 5,000 offers native authentication connectors to third-party on-premises and SaaS applications and services, Okta offers its own API access management suite.

Last month at VMworld Europe in Barcelona, VMware announced that the latest release of Workspace One now has the native integration with Okta. The bidirectional integration provides access to Okta applications from Workspace One.

Likewise, administration of Workspace One from the Okta interface is now an option.

“With this integration you don’t have to flip back and forth within the Okta console and the Workspace One console,” said Jeff McGrath, VMware’s senior director of product marketing for EUC.

Tech Orchard’s Phil Poje

Phil Poje, CEO of Tech Orchard, a managed services provider specializing in mobility management, and a VMware partner, said many of his clients use Okta as their authentication provider.

“Okta does integrate very well with Workspace One and offers some advanced features for identity reporting that certain clients like,” Poje said.

Looking ahead, the two companies revealed at VMworld Europe that they are integrating more specific features, such as the ability to reset passwords, implement multifactor authentication and bring Workspace One’s conditional access to Okta. The two companies are also bringing Workspace One’s integrated policy, application configuration, permissions and synchronization into Okta.

“We enforce the additional device posturing so that we can control what gets pushed to a user’s device,” said Stephen Lee, Okta’s senior director of business development and partner solutions. “Those could actually be mobility applications that are built by partners or built in-house. Those apps need to communicate with the backend services’ APIs, and the [Okta] API Gateway will need to understand the context of the user.”