Yesterday, Microsoft upgraded its Office 365 service to add some mobile device management (MDM) features at no cost, fulfilling a promise made back in January. Several of the features already exist for free in Exchange, but Microsoft is also providing IT a way to manage Office 365 documents on mobile devices, such as to wipe them from a user's device without wiping the entire unit, and to require the use of PINs to access them.
That sounds great, until you look closer at how this works. It's actually a ploy by Microsoft to get you to abandon your existing MDM provider in favor of Microsoft's own Intune. In essence, Office is being used as a weapon to eliminate Microsoft's MDM competitors.
Office is the gold standard for productivity work on PCs; the recent Office 365 for iOS and Office 365 for Android tablet versions are well on their way to making it the gold standard on mobile devices, too. That gives Microsoft the power to use Office as a wedge to separate IT from its existing MDM tools.
Intune, which is available separately and as part of Microsoft's Enterprise Mobility Suite, supports the standard iOS and Android content and app management APIs, so it can manage other apps' content. (In iOS, the APIs let you control copy and paste, data sharing, and so forth for individual apps on managed devices. In Android for Work, the APIs let you manage similar sharing between apps in corporate containers and apps in personal containers.)
An explicit strategy to tie Office management to Intune
But Microsoft isn't using those standard iOS and Android APIs in its own Office 365 apps. Thus, MDM competitors can't manage Microsoft's Office apps. Only Intune can.
That won't change. A spokeswoman confirmed to InfoWorld: "Third-party MDM integration with Office mobile applications such as OWA, OneDrive, Word, PowerPoint, and Excel is not on the current road map. Obviously, this is important benefit of Intune/Enterprise Mobility Suite, given Office 365 continues to be the gold standard in productivity."
It's crystal clear in that statement what I had suspected when I asked Microsoft about this issue: that Microsoft intends to use Office 365 as a weapon against its MDM competitors.
The Office 365 management capabilities available to Office administrators extend to more than what most people think of Office -- Word, Excel, and PowerPoint. They also cover the OneDrive cloud storage service and the OWA Exchange client; at some point, they may also include the not-very-functional Microsoft Outlook app, which I suspect will replace OWA within a year once it's reworked.
Today, OWA and OneDrive are frustratingly limited apps on mobile devices (OneDrive is quite limited in OS X as well), but Microsoft says it is on a path to making them nearly comparable to the Windows versions.
If it delivers on that promise, Microsoft is betting that IT departments will begin requiring the extended Office's use over components from competitors like Dropbox and Box, as well as over native applications like iCloud Drive, Mail, Reminders, Notes, Contacts, and Calendar in iOS and OS X, and Drive, Email or Gmail, Contacts, and Calendar in Android.
This time, IT may accept the lock-in
In its comments to me, Microsoft also made a dig at the proprietary office apps that the various MDM providers offer, insinuating they're not as good as the extended Office. That's debatable, given the poor quality of OWA, Outlook, and OneDrive. But it's certainly true for Word, Excel, and PowerPoint.
Those MDM vendors provide such proprietary apps both to separate business data from personal data and to tie customers to their particular MDM server. They also provide proprietary app-wrapping technology that lets IT create its own applications manageable only by that MDM server.
The lock-in issue has limited the adoption of MDM vendors' app management tools. In fact, that avoidance has encouraged the rise of iOS's server-neutral management APIs and the server-neutral container strategy used by Google's Android for Work.
Now, Microsoft is taking a lock-in strategy similar to that of the MDM vendors, both with Office and its own Intune-tied app-wrapping technology for IT-created apps. But Microsoft has a suite of apps that IT and many users are all but certain to use, so they can rationalize away the lock-in price.
Will Office hegemony replace Microsoft's Windows hegemony?
For several years, many pundits like me have wondered what the self-inflicted decline of Windows would do to Microsoft's strategy, as mobile devices ended the near-ubiquity of Windows in corporate and personal computing. Now we know: The extended Office suite is Microsoft's attempt to be its new Windows, from client to server.
Sadly, I expect many IT organizations -- who prefer a single vendor and suite wherever possible -- to happily join in the Office hegemony.
Users may not be so happy. After all, those who've moved beyond Windows did so for a reason, and Microsoft's huge mistakes with Windows and its poor treatment of non-Windows users makes many of us very nervous about a return to a Microsoft-centered computing environment.
Certainly, MDM vendors like Citrix Systems, Good Technology, IBM, MobileIron, and VMware AirWatch will be in trouble if Microsoft makes the rest of mobile Office as good as Word, Excel, and PowerPoint.
However, four details may buy time for worried users and targeted MDM vendors:
- Microsoft's slow progress in creating good apps for iOS, OS X, and Android. Its target for delivering decent versions of those extended apps seems to be a good year away.
- An apparent desire in much of Microsoft to keep non-Windows versions of its apps inferior but usable enough may delay or limit Microsoft's advances. Right now, Office for iOS is very good, the Android tablet version a little less so, and the beta Mac version a mixed bag. All are better than they used to be, but they still feel intentionally constrained. But OneDrive, OWA, and Outlook are mediocre at best on iOS, OS X, and Android.
- Intune's lack of support for the new Android for Work containers means that the Office apps can't run in a secured container with everything else that IT wants to control and still be managed by Intune. iOS is unaffected, but with Android's domination (especially in Europe), Intune may not fit the corporate Android mold.
- The complexity of managing multiple servers. Using the Office 365 policies today sets up a possible conflict with your existing MDM server, because Intune manages not only the Office 365 apps but also basicExchange ActiveSync policies like remote wipe -- which your existing MDM tool also manages. If they conflict, who knows what will happen? (Microsoft couldn't tell me.)
But short of another Windows Vista- or Windows 8-style disaster, Microsoft's dogged progress and the 800-pound carrot of Office everywhere could well replace its Windows hegemony with an Office hegemony in 2016 or 2017.
Lose the battle, win the war?