BYOD

Handle BYOD in your enterprise.

 

BYOD

How to handle BYOD questions in your enterprise

  • May 31, 2013

Working as an infrastructure architect for a Microsoft Partner, I’m obviously doing a lot of evangelism around Windows 8 deployments the last few months. During these customer visits, the word BYOD – Bring Your Own Device – pops up about every time. If you are not that familiar with BYOD and the concerns it brings to enterprises, let me explain by giving you a few examples…

  • Do you allow access to your network from employers’ home PC’s?
  • Do you get consultants in the office using their own laptops when doing consulting on your IT infrastructure?
  • Having managers using their personal iPhones and iPads for reading corporate emails, as they don’t want to use the 5-year old company cellphone anymore?
  • Struggling with giving access to LOB-applications to your sales people who are carrying the latest ultra-light personal Android tablet or slick Microsoft Surface with them when going to their customers, as they don’t want to bring the 5 pound weighing XP-based laptop with them?
  • Hiring “Millenials” (junior staff, born in the early 90’s) who are using their own full-of-apps loaded mobile device for connecting to social media, texting to their friends, playing games,… but also storing corporate documents on it?

Now you know the context and some of the challenges, let me start with giving you an overview of the possible Microsoft solutions to the BYOD concerns in your company; I personally classify them in 3 categories:

  • Network layer/connection solutions
  • Server-based computing solutions
  • Mobile device management solutions

To be honest, category 1 and 2 do exist already a long time, and probably will stay here for another few years. The good thing is, these solutions are continuously improving. The last category is a rather new one, I’d say about 5-7 years, and of course, due to the high speed of how mobile devices are changing, bringing more functionalities, becoming more complex, and maybe the most important one in this BYOD context, having a very thin line between personal and corporate usage, I dare to say this is the most important category to focus on.


Table 1: BYOD solutions

Network Layer/Connection Server-Based computing Mobile Device Management
Dial-up VPN + SSL VPN Remote Desktop Services System Center Configuration Manager 2012
DirectAccess Virtual Desktop Infrastructure Windows Intune
Windows To Go

So let us retake some of the examples I mentioned at the beginning of this article, detailing some of the concerns around that context, followed by possible Microsoft solutions:

Scenario 1: Do you allow access to your network from employers’ home PC’s?

Concern: PC’s are not managed, antivirus might not be up-to-date;

Resolution: If consultants are physically coming in to your office, I would propose letting them use a company owned device, as this is completely managed by your IT. If consultants are connecting remotely, I would provide them a VDI-solution to a virtual desktop will all required tools installed for them.

Scenario 3: Having managers using their personal iPhones and iPads for reading corporate emails, as they don’t want to use the 5-year old company cellphone anymore?

Concern: From the end-user perspective, he really doesn’t want to be bothered by using a 5 year old device anymore, that’s for sure. From an IT perspective, you want to keep control of what the end user does with its device, what data is stored on it,…

Resolution: This scenario is all about MDM – Mobile Device Management. By using SCCM 2012 or Windows Intune, or both, you as an organization keeps full control of the functionalities and possibilities of the device. Allow/Block apps installation, remote wipe, force PIN authentication,… are just a few policy examples in both products.

Scenario 4: Struggling with giving access to LOB-applications to your sales people who are carrying the latest ultra-light personal Android tablet or slick Microsoft Surface with them when going to their customers, as they don’t want to bring the 5 pound weighing XP-based laptop with them?

Concern: This scenario contains a few issues. 1st one is the need to run LOB-applications; 2nd is request for mobile device / tablet; 3th question is about corporate connectivity.

Resolution: In this scenario, my first answer would be to have sales people being migrated to a Windows 8 Enterprise device. This device is probably capable of running LOB-applications (natively or by using application virtualization), a large number of vendors have ultrabooks / tablet / convertible hardware available to tackle the question about heavy devices. As Windows 8 has DirectAccess functionality available, this is the easiest way of allowing connections into your corporate network. Lastly, management can be done by SCCM 2012 or Windows Intune, or both.

Scenario 5: Hiring “Millenials” (junior staff, born in the early 90’s) who are using their own full-of-apps loaded mobile device for connecting to social media, texting to their friends, playing games,… but also storing corporate documents on it?

Concern: This scenario is somewhat identical to the C-level people in our organization using their personal mobiles instead of 5y-old corporate cellphones. An additional concern however is that one could ‘assume’ C-level management are aware of the risks involved in storing corporate emails and data on their personal devices.

Resolution: This scenario is all about MDM – Mobile Device Management. By using SCCM 2012 or Windows Intune, or even a combination of both, you as an organization keeps full control of the functionalities and possibilities of the device. Allow/Block apps installation, remote wipe, force PIN authentication,… are just a few policy examples in both products.

To summarize the article, I’m quite sure you now have a good understanding of BYOD and some of the concerns and challenges it might bring to your enterprise. By detailing some of the Microsoft solutions available in this context, it should be clear BYOD is not something to be scared about.

This article has been written by P.Tender and was originally published as part of the Microsoft Technical Springboard Series Newsletter.

 

Long Beach Compuer Service

If you are still having issues give us a call at 562-366-4177

.