2. Table of contents
1 Disruption of mobility
1 A potential solution
2 HPE+Microsoft—a case history
2 Enterprise Mobility Suite
3 Windows 10
4 Office 365
4 Your journey
5 HPE management services for the Microsoft ecosystem
6 A new world
6 About the author
Technical white paper
3. Disruption of mobility
Smartphones and tablets, while major innovations, have proven to cause huge disruptions to the
IT world. The value and difficulties presented by these mobile devices somewhat parallel the situation
that surrounded the introduction of PCs decades before. At that time, mainframe computing was
the safe, secure, and compliant domain of what would become IT departments. PCs introduced the
potential of sharing data on floppy or portable drives, posing risks to control and secure data.
Mobility, too, is a double-edged sword, having the potential of unprecedented accessibility and
risk of hyper vulnerability to intended and unintended data breaches. Such risks are significantly
aggravated by the bring your own device (BYOD) trend. Now, it’s not just the PC in the office
that is disrupting IT’s legitimate concerns for security and compliance. It is the convenience
and seamless accessibility of the mobile device that goes everywhere the user goes, such as
parks and airports—where it is vulnerable to being lost or stolen. It is also sometimes used as a
babysitter—played with by children who may inadvertently compromise data.
Despite these risks, the value of mobility is widely acknowledged for benefits that start with the
flexibility and productivity gains available to anytime and anywhere users. It goes much beyond
this, however, to context-based computing that can help your employees do their jobs, support
new business models, and radically transform and deepen relationships with your customers.
Even many highly risk-adverse companies and governmental organizations have realized they cannot
stop mobility and BYOD. There are those users who, while not supported by their organizations
with BYOD and a consumer-type user experience, will frequently find ways to get around IT controls,
exposing their organizations to dire risks. Organizations that do not engage their employees with a
friendly, flexible IT experience—that users have come to expect from their personal smartphones
and tablets—will find themselves unable to hire or retain millennials. More than 36 percent of the
U.S. workforce comprises millennials, and by 2020, this will be closer to half.1
Most companies
recognize that they must transform themselves to provide a digital employee experience. If not,
their company will be surpassed by competitors transforming themselves into digital enterprises.
While institutional acceptance of mobility is high, the ability to do so is often problematic. Many
IT departments are under resource and budget constraints while demands continue to grow.
One simple example is that the workplace resources of a typical IT department were once
a matter of managing a number of desktop and laptop PC units equaling, or less than, the
number of their employees. By contrast, they must now accommodate the same employee base
using multiple devices per user. By the end of 2014, it was estimated that 12 billion Internet-
connected devices were used worldwide—that’s an average of 1.7 devices for every person on
the planet. Strategy Analytics forecasts that number hitting 33 billion devices by 2020, when
the number of connections per person will more than double to 4.3 devices.2
Adding to the complexity: Devices consist of multiple operating systems—Windows®, Android,
and iOS—and many differing device types.
The good news is that a new ecosystem model is emerging that can satisfy the productivity
and flexibility requirements of users, streamline IT requirements, simplify CISO security
requirements, and potentially do it all within the cost constraints of the business.
A potential solution
Today, a wall exists between the desktop/laptop PC world and the mobility world. Each device
is managed separately by IT—and, of course, BYOD requires some level of IT management.
Learn how an ecosystem approach can help you realize the
vision of seamless connectivity of mobility and the workplace.
Technical white paper Page 1
Wouldn’t it be nice to melt the wall
between your PC and your mobile
devices? Users could easily switch
between devices with seamless access
to context, information, and applications.
IT could manage at the user level versus
each device separately. Security leads
could secure information based on user
permissions—whether on a PC, tablet,
smartphone, the cloud, a USB drive, or
in-transit between them.
1
https://www.pwc.com/m1/en/services/consulting/
documents/millennials-at-work.pdf
2
MobileWorldLive, http://www.mobileworldlive.
com/featured-content/home-banner/connected-
devices-to-hit-4-3-per-person-by-2020-report/
4. Security is similarly handled separately for each device. Users have a certain level of sharing
between the devices for email and calendar, but applications are different and the experience
is hardly seamless. Melting the wall between a PC and mobile devices would enable users to
switch between devices with seamless access to context, information, and applications. IT could
manage at the user level rather than separately manage each device at the platform level.
Security leads could secure information based on user permissions regardless of whether it was
on a PC, tablet, smartphone, the cloud, or USB drive, or in-transit between them.
The question becomes: How do you make it all work given the increasingly complex user
environment in enterprises? The upfront and ongoing integration necessary to support
this with a best-of-class, multivendor environment is daunting. The task grows significantly
easier and less costly by adopting one user ecosystem model to meet user, IT, and security
requirements in an integrated fashion.
HPE+Microsoft—a case history
Probably the most complete user computing ecosystem in existence is offered jointly by
Hewlett Packard Enterprise (HPE) and Microsoft®. From an enterprise perspective, Microsoft
is ideally suited to leverage its strong position in enterprise desktop/laptop computing to also
encompass enterprise mobility requirements. Complementing their strengths, HPE has deep
experience and expertise in transforming complex, enterprise user computing environments.
Figure 1 shows key products and services that make up HPE Services for the Microsoft
Ecosystem. The following sections show how these highly interrelated technologies and
services help melt the wall between mobile devices and PCs.
Technical white paper Page 2
Advisory
services
Transformation
services
Integration
services
Management
services
HPE Services for the Microsoft Ecosystem
HPE Software Licensing and Management Solutions
HPE Services for
Office 365
HPE Mobility
Services for
Microsoft
HPE Services
for Skype for
Business
HPE Services
for Dynamics
and CRM
HPE Services for
Windows 10
Microsoft cloud offerings
Windows 10
Office 365
Enterprise Mobility Suite
Microsoft Dynamics
Skype for Business
+
Figure 1. HPE and the Microsoft ecosystem
Enterprise Mobility Suite
Microsoft Enterprise Mobility (EMS) Suite is a bundle of three components: Intune, Azure Active
Directory Premium, and Azure Rights Management. Each is cloud-based, provides management and
security across all device types, and has a strong integration with Office 365 and Windows 10.
Intune
Microsoft Intune provides mobile and PC device management together with mobile application
management from the cloud. Most importantly, integration with the Microsoft System Center
lets an administrator—from a single console—manage mobile devices including iOS, Android,
and Windows tablets and smartphones; Windows PCs; and Macs. This lowers the wall for IT
administrators between mobile devices and PCs, using tools that are an evolution from the
system center that is well known to IT managers.
5. Intune provides standard mobile device management (MDM) functions like passcode reset,
device lock, and corporate data wipes or full wipes for lost or stolen devices. Intune also enables
self-registration and enrollment of mobile devices, minimizing IT’s workload.
From an enterprise standpoint, it provides a corporate application (app) store that lets users
install corporate apps. Perhaps most importantly, it is the only mobile application manager that
can manage and secure Microsoft Office for iOS and Android devices. This is critical for the
security it provides, and also because it gives users consistent cloud-based office productivity
software across PCs and mobile devices.
For companies that have an MDM that provides some of these functions, Intune can be used
side-by-side with these existing technologies during a transition period to supplement them
with its more holistic user-device focus.
Azure Active Directory Premium
Microsoft Azure Active Directory (AD) Premium provides robust cloud-based identity
and access management in-sync with your existing on-premises Active Directories. User
information, such as name, organization, and privileges, is stored as directory objects and
associated attributes. Based on this information, Azure AD Premium issues security tokens on
behalf of each authenticated user. Your identity and privileges reside in the Azure cloud, but
are managed on premise. This is crucial because your workforce, whether on premise or mobile,
will always use one set of business credentials to determine what business systems, data, tools,
SaaS applications, and enterprise on premise applications they can access and update. This
is foundational for the strategic objective of providing seamless access to the same data and
applications regardless of where you are or what device you are using.
Another key aspect of Azure AD Premium is its ability to support single sign-on for Office
365, and thousands of popular SaaS applications like salesforce.com, Workday, SAP®, Concur,
DocuSign, Google® Apps, Box, ServiceNow, Dropbox, and more. Single sign-on is a huge
element of the consumer-type experience that users crave. Through Azure AD Premium, single
sign-on can be made available across all mobile devices and PCs.
Azure Rights Management
Microsoft Azure Rights Management is another foundation piece to mobility and the workplace.
Fundamentally, it enforces the user-based security privileges contained in Azure AD Premium. It
lets data move freely among mobile devices, PCs, the cloud, and even USB drives with no security
concerns. The reason: The document is secured—not the location where it resides. Wherever the
data moves, only users with the appropriate privileges will be permitted to access or change it. This
is a fundamental underpinning to a connected mobile and PC world. For database information,
Hewlett Packard Enterprise can extend this model even further with HPE Attalla and HPE
Voltage, for example, encrypting and securing individual fields, like Social Security numbers or
personal healthcare information, without modifying applications that access the fields.
Together, the three components of the Enterprise Mobility Suite—Intune, Azure AD Premium,
and Azure Rights Management—provide much of the middleware and management capabilities
to bring together the disparate worlds of mobile devices and PCs. Now let’s take a look at two
other key components of our ecosystem: Windows 10 and Office 365.
Windows 10
Microsoft Windows 10 offers a single environment for business-oriented mobile and desktop
devices. The Windows 10 user interface is a major step forward from Windows 8, which had
different user interfaces for the metro and standard modes. In contrast, Windows provides
resizable windows and a “start” menu for old and new applications. Crucial to users and IT
departments, Windows 10 will be familiar to users coming from Windows 7 and 8—enabling a
fast learning curve and simpler administration.
Technical white paper Page 3
6. Windows 10 complements and integrates the Enterprise Mobility Suite by building, directly into
the operating system, digital rights management, and containerization for keeping business and
personal data separate. Particularly, the digital rights management capabilities complete the
vision of Azure AD Premium.
One of the more interesting ways in which Windows 10 melts the wall between PCs and mobile
devices is a feature called “Continuum.” Continuum supports hybrid tablet/laptops that can swivel
their keyboard to be behind their screen, or easily separate the screen—at any time—from the
keyboard. These devices are expected to heavily replace business laptops over the next few years.
Continuum enables automatic switching between touch and desktop-friendly modes, depending
on whether the device is acting as a laptop or a tablet. For example, with the touch mode, menus
and buttons will be spaced farther apart to better support finger-based selections.
For administrators, Windows 10 makes updates on the PC much more like mobile device updates.
In particular, for most modern apps, Windows 10 eliminates wipe and reload and gold disks. This
simplifies IT management in a major way, making it much easier for users to select devices of their
own choosing, rather than being required to select one of several corporate-approved PC models.
For users, Windows 10 provides Cortana, a voice-activated personal assistant (similar in concept
to iPhone®’s Siri) as part of mobile and PC versions of Windows.
Overall, Windows 10 provides a substantial step forward for users and administrators in bringing
together the desktop/laptop, and mobile worlds.
Office 365
Microsoft Office 365 provides office and collaboration capabilities that users and IT are familiar
with, doing so through the cloud. It includes Exchange Online, SharePoint Online, Skype
for Business Online (formerly Lync), and OneDrive for Business. A key benefit for users is
full compatibility between Microsoft Office for the desktop and Microsoft Office for mobile
devices—including iOS and Android. This full compatibility for desktop and mobile versions of
Office contrasts with the usually helpful, but occasionally troubling 97 percent or 98 percent
compatibility provided through other email, calendaring, and collaboration client interfaces.
OneDrive for Business also plays a key role in providing consistent access to files regardless of
the user device. This in itself lowers the wall for users.
Use of a cloud-based model for Office provides IT with easier provisioning and greater agility.
In particular, it helps administrators and users avoid disruptive migrations when moving to
newer releases.
Gartner states the value of cloud-based office systems as follows:
“Benefits include … greater agility (via faster availability of new features); lower overheads (by
replacing capital investment requirements with operating expenses, smoothing cash flow, and
cutting dedicated IT resources); easier provisioning; … improved user experience; and financial
incentives from the service providers.”3
Your journey
It’s great to talk about an integrated solution that provides improved productivity, simplified
IT administration, tighter security, and cost containment—the challenge is getting there.
Transforming a complex, enterprise workplace IT environment is anything but simple.
The first step on your journey should typically be a strategy or transformation workshop,
focused on the area that you determine to be of highest impact to your organization. This
could begin with an assessment of your current desktop and/or mobility environment, including
one or more of the following: mobile device use, BYOD, office productivity applications,
3
Hype Cycle for Cloud Computing,
Gartner, July 24, 2014
Technical white paper Page 4
7. security, or wired/wireless network infrastructure. The focus can be on mobility and workplace
infrastructure or may be at a higher level—helping you determine business needs for enhanced
customer/citizen experience and new business models.
If you don’t already have consensus on the first key areas of focus, a transformation workshop
with key stakeholders in your organization can help them collaboratively determine key
business objectives, which can be turned into a transformation roadmap.
Following a strategy development workshop, deployment planning and migration services
for individual technology components, such as Azure Active Directory, Intune, Digital Rights
Management, Office 365, Windows 10, or Mobile Applications, are needed.
A small sampling of questions and issues these advisory and transformation services deal with
includes the following:
• How do you move to, synchronize, and manage hybrid Active Directory environments
involving on premise and Azure cloud Active Directory?
• How quickly should you move to Windows 10, based on types of users, regulatory and
compliance issues, and so forth?
• Given Microsoft’s three update options for Windows 10, which one or ones should you adopt?
• How do you migrate existing users and mailboxes from Exchange 2007+, Notes, or other
messaging environments to Exchange Online?
• How do you handle change management in moving to Enterprise Mobility Suite, Windows 10,
and Office 365?
• How should a messaging environment be structured to support cloud-based Exchange
Online and on-premises Exchange?
• Where should your data be located to support local security regulations and data residency
requirements?
Transformation occurs over time, with a carefully managed set of sub-projects. The process
is necessarily collaborative, and needs to ensure your IT environments keep operating even
as they are being rebuilt. While this may seem a daunting task—and it is—it is one HPE has
successfully completed many times for large and small enterprises.
The objective of these services is to successfully transform your complex workplace
environment into a much simpler, more productive New Style of Business.
HPE management services for the Microsoft ecosystem
Once your transformation is complete—whether for a particular area or your full workplace,
how will you administer and manage it? Enterprise Mobility Suite and Office 365 are both
Software as a Service (SaaS). SaaS gives you software with a user-based procurement model
delivered out of the cloud. It expects, however, that someone will actively manage that software.
Administration and management is not part of the SaaS model.
Some of issues to be considered as part of this stage include:
• End-to-end service accountability and incident resolution for the integrated solution
• Operation synchronization maintained between cloud-based portions of the solution and on-
premises portions (if any)
• Active Directory management of groups and policies
• Service auditing and other compliance functions including service/disaster recovery reviews
3
Hype Cycle for Cloud Computing,
Gartner, July 24, 2014
Technical white paper Page 5