MJFChat: Licensing mistakes to avoid with Microsoft Endpoint Manager

  • Podcasts
  • MJF Chat
  • MJFChat: Licensing mistakes to avoid with Microsoft Endpoint Manager


We’ve got a handy, dandy twice-monthly interview show on Petri.com that is dedicated to covering topics of interest to our tech-professional audience. We have branded this show “MJFChat.”

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy technology folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.

We will ask for questions a week ahead of each chat. Readers can submit questions via Twitter, Instagram, Facebook and/or LinkedIn using the #AskMJF hashtag. Once the interviews are completed, we will post the audio and associated transcript in the forums for readers to digest at their leisure. (By the way, did you know MJFChats are now available in podcast form? Go here for Spotify; here for Apple Podcasts on iTunes; and here for Google Play.)

Our next MJFChat, scheduled for Monday, March 2, is all about Microsoft Endpoint Manager, the company’s new brand and console for its existing management services and software. My special guest is Wes Miller, Research Analyst with the Directions on Microsoft research firm.

We want you to submit your best questions for Wes ahead of our chat. If you’ve got questions about licensing of Configuration Manager, Intune and other related products, Wes is standing by. He’s ready to help you avoid licensing mistakes with the new Microsoft Endpoint Manager offering, which was introduced last fall. If there are any specific product features or specific scenarios you’d like him to cover, make sure to chime in ahead of time. (Wes might even provide one of his infamous “it depends” qualifiers. You don’t want to miss that!)

Also: If you know someone you’d like to see interviewed on the MJFChat show, including yourself, send me a note at [email protected]. (Let me know why you think this person would be an awesome guest and what topics you’d like to see covered.) We’ll take things from there….


Mary Jo Foley (00:04): Hi, you’re listening to the Petri.com MJF Chat show. I am Mary Jo Foley, AKA your Petri.com community magnet. And I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJF chat is going to be all about Microsoft Endpoint Manager. And my special guest today is Wes Miller research analyst with Directions on Microsoft. Welcome Wes. And thank you so much for doing this chat.

Wes Miller (00:35): Thanks for having me, Mary Jo. It’s great to be here.

Mary Jo Foley (00:37): Yeah. Awesome. So this is a very complicated topic, especially anything having to do with licensing is always a very complicated topic in my view. So maybe we should start with some definitions. Like exactly what is Microsoft Endpoint Manager.

Wes Miller (00:56): Sure. yeah, I think anytime you touch on licensing it gets really complicated very quickly. As you know, any person who is unfortunate enough to follow me. The hard part about licensing is, it’s like in order to understand, the first part you have to understand is you know, the part of that came before it. So what is Microsoft Endpoint Manager?

Basically we’re talking about the thing that is now an overarching console and a license that incorporates both what was and continues to be Microsoft Intune, the artist formerly known as Windows Intune and a System Center Configuration Manager on premises. So we’ve got two things coming at each other at high velocity, one with more velocity than the other, but Configuration Manager on prem and Intune as a hosted cloud. And so the end game is to have really one lowercase surface that you can use as a management point for all of your endpoints.

Mary Jo Foley (02:01): Hmm. Okay. So I also want to hear what you think on this. I remember when they announced this at Ignite in the fall last year. And I oversimplified this when I explained it. I said, any customer who owns Configuration Manager now automatically owns Intune. So that was kind of how I explained it in general, but I think that gets at the heart of why did Microsoft do this? Like what was the reason they created Endpoint Manager?

Wes Miller (02:29): Well that’s a great thought exercise and unfortunately it took quite a bit of work as you’ve seen for me to get to the answers that I’ve shared on our site for our readers, because initially that was their position as well that if you owned X, you now own Y and it’s not really true.

So basically the deal was if you own the Configuration Manager and you had Software Assurance and you’ve been keeping up the software because that’s a prerequisite to then you could hook this in and it would wire up to Intune. So you’d wind up having both of them together. What’s the end game? In my opinion, the end game is to again, have that one management surface that Intune. We’ve got the company updating it really at least twice a month. But it’s effectively a service in the sense of updating.

Wes Miller (03:20): So, you don’t pay attention to what the features are. There’s just, Hey, there’s new features there. And then Configuration Manager, which has been probably Microsoft’s poster child for a strong reliable update cadence that we’ve seen these three updates per year, same month, every year for at least three years now I think.

So you’ve seen the two starting to harmonize and, my guess is that the company really saw the need to even to have customers who were going to be longer-term on-premises customers have one point to go into so they could more easily swing things between on-premises and Intune.

Mary Jo Foley (04:04): And this was an interesting statistic. Brad Anderson shared at Ignite, he said of the 190 million devices now managed by this thing called Endpoint Manager, only single digits of those are actually managed exclusively by Intune. So I also felt like part of the reason they did this was Intune didn’t really take off the way they thought it might. Do you think that’s accurate as well or no?

Wes Miller (04:28): I think that’s actually very accurate, particularly when we think about Intune as two things. Intune when it originally came out was just a Windows management platform and it was not what it is today. It was not mobile device management because that was not really a thing yet. That piece will pass away into the great beyond ironically this year. But most customers didn’t really adopt it because it wound up being more of a small, mid sized business target at best. And then Intune pivoted towards being honestly a first-class iOS citizen, iOS management citizen, Android, et cetera.

And in general, it is a mobile device management platform. And so when I look at Intune and when I talk to customers, that’s absolutely what I see is customers have looked at third-party tools for MDM in general. And if they’ve taken on Intune, they’re probably using it more for MDM of what you’d think of as mobile devices and not MDM of Windows. So I think in some ways we sort of see this harmonization where they’re trying to make SCCM lean towards into and help make Intune stronger, but also, yeah, help make it into that MDM platform for Windows that it’s not as strongly today.

Mary Jo Foley (05:45): Okay. That’s good. In general, what would you say in terms of the types of customers that Microsoft Endpoint Manager makes sense for and then the ones it makes the least sense for?

Wes Miller (05:58): Oh, I’m going to start with the second question first. Who it makes the least sense for are people who haven’t invested in Configuration Manager on-premises.

Mary Jo Foley (06:10): Okay.

Wes Miller (06:10): Because if you haven’t, then it doesn’t make sense for you to sort of latch onto that concept. You might wind up using Configuration Manager for certain things, in particular for server management, which ironically Microsoft Endpoint Manager can do whilst Intune cannot. So that’s where this one console starts to play together. That you could use it for both.

The other end, who is it interesting for? I think it’s interesting for any customer who has a strong Configuration Manager presence on premises and wants to move more towards Intune and take advantage of the things that Intune can do and what seems to be a likely future where Intune can do a lot more things that you could do them with Configuration Manager, but you better be using MEM to do it because you really need the whole thing in order for it to work.

Mary Jo Foley (07:06): Okay. That’s good. So one of the things Microsoft claims they did when they introduced Microsoft Endpoint Manager was “simplify the licensing”. Do you agree? Or are you going to say it depends, As I’ve seen you say many a time on Twitter.

Wes Miller (07:26): They actually didn’t, I won’t even say it depends. This is one of those unique times where I think they had the best intentions and I think it was a good message. And I think it’s a really good benefit for customers who get it.

But this is one of those unique cases where I actually think if you look at it, they didn’t simplify in the sense that they didn’t take anything away. Like I know the other day that this one’s product terms actually did simplify something. So I specifically said Microsoft simplified licensing cause it’s actually kind of rare that you get to take away a key thread of something like that.

Wes Miller (08:00): And the problem with Microsoft Endpoint Manager is that it didn’t change Intune licensing. And that’s really a key thing to understand is people are talking about Microsoft Endpoint Manager and they’re using it as a noun to now replacement for Intune. Intune continues to exist and Intune is only licensed as Intune. There’s no name change or anything.

And in fact on-premises Configuration Manager actually continues to be part of the System Center family. I anticipate that one in particular will change. But see both of those pieces stayed in play while we now have this, this interesting join between the two. And that’s really what Microsoft Endpoint Manager was. Where if you had the on-premises thing with software assurance, now you can access the cloud based thing. But this is where my infamous, it depends comes in because you’re only allowed to do Windows management with it.

Mary Jo Foley (08:55): Mmm, okay. Yeah, so you’re bringing up an interesting thing about the branding, so it’s not just licensing that changed, but a lot of brands changed and some didn’t change. Right? Like the rest of System Center isn’t getting rebranded as part of this, just Configuration Manager.

Wes Miller (09:12): That’s correct. The System Center suite, which in particular is useful for servers hasn’t changed and we don’t anticipate it changing, but it’s, as the person who’s been covering it for a long time at Directions, it’s actually been kind of weird for me because System Center accelerated to a certain cadence and then they completely backed off of it.

So it’s now on the same cadence as Windows while Configuration Manager has continued on this hyper aggressive cadence and then we’ve got this sort of branding rift between the two where Configuration Manager is turning into much more of a client management tool. Yes, you can use it for server management, but it first focuses is definitely on client management.

Mary Jo Foley (09:51): Okay. Any other branding changes that were introduced around Endpoint Manager that are worth pointing out?

Wes Miller (10:00): I think the biggest one is you’ll see people use, even people within Microsoft use Microsoft Endpoint Manager when they’re referring to Intune and less any sort of further clarification from Microsoft, I think it’s important to call that out just because customers need to know, did I license, am I using it through my rights to Microsoft Endpoint Manager or did we actually license Intune?

Because if we license Intune, we get a whole lot more, we’re going to pay a little bit more, but there’s some other licensing benefits for it. So it becomes complicated. But that’s I think the biggest thing that people have to watch out for.

Mary Jo Foley (10:35): Okay. Another term that came up at Ignite quite a bit around this whole Endpoint Manager discussion was co-management. Could you give a fairly succinct definition of what co-management means? Because I feel like every time I explain it, I kind of make it even more complicated than it actually is.

Wes Miller (10:58): Well, see there, you sounded like you work at Microsoft because when they’ve explained co-management, I felt the same way.

Mary Jo Foley (11:03): No, no, I think it should be a simple concept, but then when I try to put it into words in a blog post or something, I get all tied up in what I’m trying to say,

Wes Miller (11:14): Well it hasn’t been made easy because again, there’s been multiple epochs of what you could sort of revert to as mobile device management. In fact, there’s almost three. There’s one early on, which was I gave you a glance at MDM on premises through Configuration Manager. The second one, which is I can join the two and Configuration Manager or Intune, and you have to decide the life of this device. And then what we had most recently, which is this idea of a certain set, a certain area of tasks belong to Intune or belong to Configuration Manager for a device that’s managed by this management plane from Microsoft.

And I think if you look at that closely, you can start to see why Microsoft almost had to merge the two because it was really difficult as you saw trying to explain, okay, so it’s co-management, but it’s this cloud surface thing or it’s on premises, so it’s Configuration Manager, but I need to understand both in order to make this work. And so you can see them wanting to harmonize those two both from a licensing perspective and the technology slash branding perspective. Does that help?

Mary Jo Foley (12:25): It does. So how does co-management fit in with Endpoint Manager?

Wes Miller (12:30): Endpoint Manager, in my opinion, is the start. It’s the beginning of the end of co-management as we knew it in the sense that it’s now a one stop shop. It’s Microsoft’s goal to have this one console where you go in and you can do a task in Configuration Manager or in Intune. But the point is you’re doing it all through the Endpoint Manager front end. The infrastructure is being handled in the backend, and really as an administrator you don’t care what plumbing it’s using. The point is it could verb the noun you’re talking about.

Mary Jo Foley (13:06): Mmm. So co-management as the thing we’ve heard quite a bit about is just going to be subsumed under Endpoint Manager.

Wes Miller (13:14): Yes. Which is really where it should have been all along because really all co-management is, is plumbing and your administrator doesn’t want to care about plumbing. They just want to get things done.

Mary Jo Foley (13:23): Right. Right. So this is another word game that I got caught up in when I was trying to write about this Endpoint Manager. Microsoft Endpoint Manager adds a new licensing option that allows some configuration management customers, sorry, configuration manager customers to manage windows client devices through Intune for no additional charge. The word I’m keying on there is some, which ones can do that. And which ones can’t.

Wes Miller (13:57): So this has actually been one of the more complicated parts for me to unwind. I believe I have this correct and I’m sure Microsoft will let me know if I have made a mistake, but as I understand it, it is the customers who have user licenses, user client management licenses on Configuration Manager on premises. As you’ve mentioned, licensing is really complicated and part of the confusion comes in that Configuration Manager has a bunch of different licensing models, all of which you can add Software Assurance onto.

And the Software Assurance for those not scaled in the unfortunate arts of licensing is just this idea of I’m going to pay a percentage year after year after year and I get ongoing rights both to new software, but more importantly in Microsoft’s world now, I get special dispensation to do certain things. And one of those things now is Microsoft Endpoint Manager, so as we understand it. If you had user-based client management licenses with Software Assurance, then you can take advantage of the Microsoft Endpoint Manager benefit for managing Windows.

So it’s that convergence of that specific type of on premises license and now the Intune management of Windows. If you had a different on-prem license as far as we can tell, you don’t qualify. And this is not spelled out very carefully in Microsoft’s licensing rules, which they usually are spelled out pretty carefully. And you’re only entitled to Windows client licensing in the cloud, not any other device.

Mary Jo Foley (15:30): Okay. So it’s a fairly limited subset of people who can do this.

Wes Miller (15:36): It is, but it aligns really well with both the concept of streamlining co-management and simplifying this overall concept of having people use one place to do all this work.

Mary Jo Foley (15:47): Okay. So there were a lot of things that didn’t really change licensing wise. When Endpoint Manager got introduced, like you pointed out, Intune still can be licensed independently sometimes at least, right. I mean it doesn’t go away. What else didn’t change? Around MDM and co-management. Were there other things that just stayed the same even after Endpoint Manager came into existence in terms of licensing?

Wes Miller (16:17): Sure. Well, I think that first part is really pivotal that the Microsoft Intune can still be licensed to independently or in suites. Again, a lot of people thought Intune died and became Microsoft Endpoint Manager and it didn’t. Endpoint manager became this this sort of patina over Intune, so if you want the full value of Intune and really you want the full value of both what Microsoft sells as EMS or the entire Microsoft 365 suite, you have to get all of the pieces.

You can’t just use SCCM now, MEM, to put these pieces together for you. And that’s sort of the next two pieces that if you want to manage another platform, which a lot of people have focused in on MobileIron, AirWatch or another third party already. And that’s one of the reasons why Intune might be a little laggy there is because people had invested pretty heavily before Intune could do native MDM. You still need a license that includes Intune in some form. And then most importantly, and there was some confusion around all of these things as well, is that if you want to do these things that are special in Microsoft’s world like conditional access or autopilot and desktop analytics, there’s still licensing qualifiers you have to have for both of those to work. And really you have effectively have to license Microsoft 365 E3 to even get out of the starting gate with either one of those.

Mary Jo Foley (17:45): Okay. So, it’s not correct to say Intune as a brand is going away,

Wes Miller (17:53): I believe, at least at this point, that to be very correct, that Intune is not going away. And in fact the company seems to still be investing pretty heavily in it. We’ll see later on this year if they, if they go through and clean it up or tidy it up. I actually think that’d be kind of unfortunate because Intune does have a reasonably strong brand.

Mary Jo Foley (18:16): Okay. And just to reiterate this point Configuration Manager still has a future now that we have Endpoint Manager, right? Like Microsoft’s gonna continue with the regular cadence as far as we know, and releasing new versions of Configuration Manager for the foreseeable future.

Wes Miller (18:36): Also believe that to be correct. I think when we look at Configuration Manager, it continues to have this strong story. And you can, I catch grief from a certain few people on Twitter when I talk about this, but a lot of Microsoft’s on premises servers are evolving to focus first and foremost on being a hybrid citizen to their cloud cousin. And that’s where Configuration Manager is to Intune as. And when we see that, that sort of concept, it does start to make sense.

Oh, okay. That’s why they’re converging the two because it’s really they’re hybrid cousins or siblings and SCCM. Now Microsoft Endpoint Configuration Manager, it just rolls off the tongue that software looks to continue to exist. They’ll probably continue the cadence. In fact, they could even accelerate it if it starts to depend more on Microsoft Endpoint Manager, the console and framework. And the other pieces that it still is useful for server management if that’s the tool you’ve been using for server management. I do have customers reach out to me periodically and say, is Intune dead? Is Configuration Manager dead? And I think it’s important to clarify that neither is dead, but they definitely have a future where if you have one you should understand the other because there’s a better together story for certain scenarios.

Mary Jo Foley (20:02): Wow. You just said better together. That brings back so many memories mostly, bad memories.

Wes Miller (20:07): I know. It’s almost exactly when I left Microsoft was that whole concept of better together. And it definitely has some political baggage, but it was such a good idea and you know, actually, well, one of the things that I wanted to also clarify is that people should understand that often when, so here we’re talking about if I buy Configuration Manager on-premises with SA, I get rights to pieces of Intune.

I think it’s really important that people understand the opposite is even more true that if you license Intune as a suite, you get on-premises rights to both Configuration Manager and Endpoint Protection. So don’t go this route just because, Hey, I get quote Intune for free. You should be carefully looking at what you get because if you’re going into the Microsoft 365 realm, you probably get Configuration Manager for free as a part of that anyway.

Mary Jo Foley (21:08): Ah, that’s a good tip. Very good.

Wes Miller (21:10): It’s something we don’t see people drop Software Assurance on when they should

Mary Jo Foley (21:15): Last but not least, any resources or accounts or anything you would suggest people follow who are trying to keep up with Endpoint Manager besides obviously you on Twitter and Directions on Microsoft in general? Anything that you would say, make sure you’re watching this or looking at this?

Wes Miller (21:40): You know, I think the key thing to watch for is with Configuration Manager in particular, it again is that poster child for the way that honestly software releases at Microsoft should be done. And I think that you should be watching preview releases.

You should be doing technical preview releases if you’ve got a big infrastructure that you’re trying to manage so you have an idea of what’s coming because they give you better indicators than almost any other team of where things are headed. So just honestly watch Microsoft sites first and foremost because they’re pretty transparent versus some other teams. So I think that’s, that’s actually the first place I would start.

Mary Jo Foley (22:19): Yeah, I know, I agree. They are really very dependable, very regular and very upfront about what’s going on with Configuration Manager. So it is helpful. We won’t name some other teams who are not quite as helpful, but you know, they’re out there.

Wes Miller (22:36): We don’t have to open Windows into that kind of conversation.

Mary Jo Foley (22:40): Nice one. Nice one. Well thanks Wes. This was really helpful, especially for me because I know we’re going to be covering this topic a lot more in the future as we move forward, especially this year. So thanks for all the explanations. That was great.

Wes Miller (22:54): You bet. I hope it’s helpful to your listeners.

Mary Jo Foley (22:57): Thanks. And for everyone else listening to this podcast, all you MJF Chat readers and listeners, I’ll be posting more information soon on Petri about who my next guest will be. Once you see that you can submit your questions on Twitter directly for the guest. In the meantime, if you know of anyone else or even yourself who might make a good guest for one of these chats, please do not hesitate to drop me a note. All my contact information is available on Petri.com. Thank you very much.