BYOD - Bring Your Own Device - Coming to a Workplace Near You
It’s called the “consumerization of IT,” and if you haven’t heard the term yet, you’ve surely seen it firsthand. Phones and tablets are getting so useful and personal, that they are being preferred over a typical workplace computer.
You can’t keep them out — the devices are already there. And you surely can’t fight it — it’s usually the bosses and executives that are the first to bring in the devices and demand that they be made to work on the network. Instead of trying to hold back the tide, it’s time to realize that the consumerization of IT is here, and it gives the power to the people.
Ten years ago, end users did what they were told (at least that’s the way we remember it). They got a company-owned computer and ran company-owned software on a desktop computer. Most users rarely checked their work email from home. Even fewer actually worked from home, and when they did, it would be a simple remote connection to that already controlled desktop computer.
The end users of ten years ago are as long gone as a Palm Pilot, and if IT departments don’t keep up with them, they will turn into a dinosaur — just as useless. This article discusses some of the advances made that allows Windows on ARM (WOA) installations that your users bring into your organizations to not only be useful, but safe.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Can Your IT Department Handle Installing Apps on Users’ Devices?
Windows 8 on ARM (WOA) does not run all of the software that you can run on a full version of Microsoft Windows. WOA can only run apps such as those installed through the Windows Store. However, you can still take advantage of tools provided for managing those devices.
Windows 8 on ARM has two tools that work in conjunction to facilitate the installation of apps created by your company. Through the use of an agent and a self-service provider, your users can authenticate using their email credentials to a management infrastructure in the cloud that offers your users whichever apps you want to make available to them.
Once connected to the management infrastructure, the WOA device can install apps. Additionally, the company has other management options which can be set. For example, since a company app may require that certain security measures be in effect, the management infrastructure can both verify that certain requirements are met, or they can automatically make the changes on the device itself.
Some of the options that can be verified or set at the management infrastructure level are:
- Password Enabled
- Password History
- Minimum Password Length
- Maximum Failed Password Attempts
- Maximum Inactivity Time Lock
- VPN Connections (automatically establish)
- Drive Encryption
- Antivirus Status
After making an initial connection to the management infrastructure, the Windows 8 on ARM device then checks in with the management infrastructure once a day to ensure that device compliance is maintained. The user can specify which time of day they want it to check in. The device will also check in with the management infrastructure when a new app is installed from it.
Benefits of Having Your Own Company Software Store for Windows 8 on ARM Devices
You can use the agent and self service provider to get access to your apps, and also maintain security on the devices. However, you can also publish apps in the management infrastructure that provide links to an already existing web-based application. Finally, administrators can publish links to already existing apps that are in the Windows Store – so if you want to set up your users with a set of apps that are tested and known to work well, you can have that functionality.
Another great feature of managing the apps in this way is that since the users are authenticating, they also only get the apps that they need. You could publish an app for just the help desk people, or just to accounting if those are the only people that need it. Restricting apps to only certain users is a great way to prevent people that don’t need access, or cannot properly run the app anyway, from even seeing it in the first place.
And When it’s Over, it’s Over
Just as those devices came into your company, and onto your network, so quickly – they can leave so quickly, too.
When a Windows 8 on ARM device is no longer supposed to connect to the management infrastructure, it is easy to disconnect, and it can be a decision that either the user or the administrator can make.
When disconnecting, a device loses its ability to install apps from the management infrastructure. All apps installed from the management infrastructure are deactivated. It no longer enforces the security requirements that were maintained while it was being managed. The agent removes any certificates that were set up during management. Finally, the agent removes the automated task of checking in with the management server. Then, the agent lies dormant until once again connected to a management infrastructure.
The consumerization of IT is upon us, and will continue to spread. More and more people will prefer to use their own devices, including tablets and phones, to connect to their workplace and even to run their Line-of-Business apps.
Using features built into Windows 8 on ARM (WOA) and a cloud-based management infrastructure set up by your company’s administrator, your users can have access to Line-of-Business apps, links to existing web apps, and even a selection of apps available on the public Windows Store.
Using an agent and a self-service provider, users can authenticate with their Microsoft Exchange credentials. Once connected, users can install apps and maintain proper security requirements established by an administrator and enforced by the management infrastructure.
When no longer needed due to a worker changing jobs or changing devices, the connection to the management infrastructure is easily removed by either the user themselves or by the company administrator, leaving the apps disabled, the security requirements no longer enforced, and an agent lying in wait for the next management infrastructure to connect to.