The official hub of The Enterprise Mobility Foundation
Want more than just blog posts? Login or Sign up for a free acount and get research, videos, slide decks and more! Join the online social network for Enterprise Mobility.

The Evolution of Exchange ActiveSync in Mobile Device Management

I’ve been thinking about this issue for quite some time now….but candidly, I haven’t been necessarily able to put my thoughts to keyboard until today.  I guess my key theme is that I have been struck to a certain extent by the evolving role and position of Microsoft’s ActiveSync technology and its role in mobile device management.

Let’s take a quick walk down memory lane.  Circa 1995/96, Microsoft developed ActiveSync and its DirectPush technology as a clear response to Research in Motion’s push technology and smartly integrated it directly into Exchange, its dominant (at least in terms of market share) enterprise messaging solution.  Since then, Exchange ActiveSync has been licensed by every major mobile platform (other than RIM of course). EAS is used today on the iPhone, HP’s webOS, Symbian, and even Google’s Android platform…and of course the Windows Phone platform.

The cool thing of course is that Microsoft baked into EAS a number of IT policies, such as remote wipe and lock, to provide IT administrators a baseline level of mobile device management capabilities.  Eighteen months ago, I considered this Microsoft’s miracle Trojan Horse (not the virus) that would give the Company a dominant position in cross platform mobile device management.  There was only one problem with this theory.  While Exchange 2007 provides up to 50 different policies, the onus is on the platform manufacturers to actually support them.  You can see here how well that went.  Only Microsoft supported all 50 policies in Windows Phone 6.5 (for simplicity’s sake, let’s not talk today about the EAS IT policy support in Windows Phone 7).

Let’s jump to the present.  Apple announced with iOS 4 that it would have its own native device management APIs.  Mobility management vendors can partner with Apple (should Apple allow them to) and gain access to the core device APIs to build their own mobile device management solutions for iOS. Google’s EAS support is still weak in Android 2.2, but there are plenty of rumors out there that Google will follow Apple’s lead and provide its own mobile device management APIs when it releases the next version of Android currently known as “Gingerbread.”

So where does that leave EAS?  I’m not sure frankly.  There’s no question that Apple, Google, et al. will continue licensing EAS for Exchange synchronization (at least for the forseeable future).  However, where does this leave the IT manager?  S/He could very soon see a day when the platform manufacturers will say something to the effect of “We’re using EAS for DirectPush, but Exchange’s IT policies won’t provide you access or control of your employees’ devices (regardless of who owns them).”  Let’s not forget that even Microsoft had its own extended device management solution in the ill fated System Center Mobile Device Management – a.k.a. SCMDM – a.k.a. ScumDum – solution.

Like it or not and regardless of its strengths and weaknesses, EAS provides IT managers a baseline level of control of the mobile workforce with zero marginal cost.  As vendors continue to try to disassociate themselves from dependencies on 3rd parties, who’s going to win out in the end and who’s going to suffer?

13 Comments

  1. Posted October 25, 2010 at 14:52 | Permalink

    What is IT staff to do? They are soon going to have multiple management platforms, multiple policies, and decisions to make.

    What if one only cared about wiping the device and requiring strong passwords? Would that make things easier, harder, or the same?

    “As vendors continue to try to disassociate themselves from dependencies on 3rd parties, who’s going to win out in the end and who’s going to suffer?”

    Not sure regarding the actual vendors. It almost feels as if it does not really matter at the moment. I stress at the moment…

    It might be IT staff who actually win or loose in the end. The good news sounds like, if someone is going to invest in a third party to manage multiple-platforms, they don’t need to worry as much about how that vendor leverages each device. The vendor does the messy integration for a seamless “IT” user experience.

    In a session I sat in on at the 2010 Gartner’s Symposium, approximately 85% of people (that one distinguished analyst talks to), said all they (IT Staff) really care about today is that they are able to wipe a lost device and enforce passwords.

    I assume this will change two years from now as the management curve and technology mature.

    Thumb up 0 Thumb down 0

    • Posted October 25, 2010 at 17:24 | Permalink

      That’s the rub. Today they care about wipe and lock. Tomorrow will be very different as they continue the process of understanding that their mobile devices are just another IT endpoint.

      Thumb up 0 Thumb down 0

      • Posted October 25, 2010 at 21:59 | Permalink

        I’m quite sure that IT understands the mobile handsets are another IT endpoint. I think the issue is that beyond Blackberries (which have a boatload MDM tools ) the EAS need beyond strike/whipe just has not hit critical mass yet. As you point out Andriod is far firm enterprise ready even for email & calendar. Nokia, not a factor in the U.S, though they squandered great assets they bought in MDM. Apple certainly a growing problem but most of the enterprise apps are not fully native on the handset (aka salseforce, sap etc), they’re in the cloud, thus strike/whipe is “good enough”. Keep in mind, we’re talking about the total cost of enterprise ownership here and not user convenience.

        The trigger point I think may well happen on two fronts;
        1) regulators start fining companies that don’t meet data conformance guidelines that extend to mobile devices.
        2) meaningful penetration of non BB devices into verticals including healthcare, retail and property & casualty insurance.

        Thumb up 2 Thumb down 0

  2. Posted October 25, 2010 at 14:54 | Permalink

    There is a perception problem with EAS in the enterprise – it is either perceived to be simply a stop gap measure to true security capabilities (hmm, that damn executive wants to use that damn iPhone – I’ll have to settle for ActiveSync – ah well, at least Apple has some support now); or it is really just a sync manager and has no business actually providing security policies – they belong somewhere more appropriate; Apple and Google can now force things on Microsoft rather than the other way around – because Microsoft has screwed up its mobile strategies for far longer than was its available margin of error for doing so (WP7 is still a long shot) so who’s going to trust Microsoft with what is an inherently mobile issue?

    No wonder Ray Ozzie retired – it was all about the mobile failure (ok, that’s not true, I just tossed that in there).

    A baseline – as you refer to it – isn’t enough for real enterprise security. You either have to look into the sorts of things MobileIron (and its competitors – yeah, yeah, the over the top Afaria as well) provides, or look into building on a MEAP/MCAP for true enterprise-grade security.

    Tony

    Thumb up 0 Thumb down 0

    • Posted October 25, 2010 at 17:25 | Permalink

      “A baseline – as you refer to it – isn’t enough for real enterprise security.” Agreed. I believe that companies will need a combination of both application and device security solutions.

      Thumb up 0 Thumb down 0

  3. Posted October 25, 2010 at 21:48 | Permalink

    I have said it for years and this article alludes to how lacking EAS has been for years now. Going back to like 2003 or so when the Treo’s were really pushing us to support mobility at the scale we were with Blackberry / BES it was just painful trying to keep track of which device has which OS and this OS needed this version of Exchange for X policy. Not much changed with Exchange 2007 which IMO they needed at that point to build way more management into Exchange. Instead they spun the even lamer Mobile Middleware they had into System Center. The final nail was iPhone supporting a small handful of EAS policy, Exchange 2010 hardly even adding new EAS options.

    In early 2009 we had enough and disabled EAS globally. Until this year it was Blackberry only. We are now in the secondary middleware world (Good Tech) and though it too has much work to do it’s WAY more then EAS ever was. For any enterprise that wants to manage a few thousand mobile devices it’s really the best thing to do. EAS does have some perks but in the end its too much of a headache and offers security that is basic for the state mobility is maturing too. You shouldn’t need a flowchart to determine how (if) a device can support for Security / Compliance needs.

    I think a large percent of enterprise will move to a secondary middleware route (which when speaking to many of my peers appears to be the case) Microsoft will need to buy some middleware vendor get back into enterprise mobility.

    Thumb up 0 Thumb down 0

  4. Posted October 26, 2010 at 07:38 | Permalink

    @Bob Egan – You’d be surprised. When I was at Interop last week, some people “knew that they were IT endpoints” but didn’t fully appreciate what that meant. There’s still a lot of room for education.

    Thumb up 0 Thumb down 0

  5. Posted October 26, 2010 at 10:22 | Permalink

    EAS’s primary goal is to serve 1 purpose, sync email, cal, pim. MS bolted on other functions to satisfy some enterprise needs such as wipe and policies. I feel email sync belongs with the email platform, they serve up MAPI, POP3, etc now. EAS is not designed to help manage devices outside email nor should it. IBM screwed (sorry) themselves by not developing a wireless sync platform with Notes/Domino. If they did that right we wouldn’t even need BES today. But don’t get me going Blue’s mistakes.

    For Exchange, I don’t see the need for third party email syncing solutions, especially since native functions will continue to get better. However, managing devices is a different story.

    We work with the new iOS 4.0 MDM functionality and this is how it should be. Device management should be outside of email sync. You have stand alone devices (no email) and other email patforms like GMail, are you going to setup dummy Exchange Accounts just to manage those devices? Android 2.2 has new Device Admin functionality that is heading in the same direction.

    Thumb up 0 Thumb down 0

    • Posted October 26, 2010 at 10:29 | Permalink

      So Custie – should Microsoft take out the IT policy management from Exchange and make it a separate console/tool?

      Thumb up 0 Thumb down 0

      • Posted October 26, 2010 at 11:32 | Permalink

        Well they tried that and that went over GREAT, LOL! Certain policies/actions should remain such as controlling the PIM data, ability to wipe PIM data etc. Disallowing a camera, PKI mgt, hardware control? I don’t think those belong in EAS. So yes, if MS was serious about device mgt, they would pull it from EAS AND they would support more than their own OS.

        Thumb up 0 Thumb down 0

  6. Posted October 28, 2010 at 15:08 | Permalink

    As they guy who had just a wee little bit of involvement in System Center Mobile Device Manager (oh I can sense the invectives heading my way already) I’ll be the first to say that it’s not an either-or world. Exchange, as the most common enterprise mail infrastrucutre, can and should provide lightweight management for organizations that don’t want more (especially smaller enterprises). Email and PIM is almost always the first enterprise “app” to be mobilized. Exchange makes it easy to do so. Devices that don’t support certain policies don’t get to sync, and IT can decide how broad (and weak) a set of devices to allow based on policy implementation (and yes, at the basic level it’s all about password enforcement and remote wipe).

    Since System Center MDM functionality is being subsumed into the larger System Center family (which never have required a crystal ball to predict) I expect there will be an opportunity for partners to create connectors to support multiple devices. This will be necessary for the more complex situations that EAS can’t handle (and for organizations that don’t deploy Exchange).

    One size does not fit all. Exchange EAS policy management is size “small”. System Center and competing products are size “large”. There is no reason to rip EAS policy management out of Exchange, and there is no reason to not implement a more capable solution if needed.

    P.S. If I could do it again, SCMDM would have a different name with a sweeter-sounding acronym. But is it any worse than Windows Update Services? Now THERE’S a sad acronym.

    Thumb up 0 Thumb down 0

    • Posted November 4, 2010 at 13:47 | Permalink

      So first off, Microsoft has never been known to have the catchiest product names. ;-) Now on to more important matters.

      While I appreciate what you’re saying re: EAS being size small, isn’t it still at the mercy of the platforms supporting those policies?

      That’s why I like Custie’s idea of having EAS focus more on the email management and less on the device management…all that stuff, to your point, can and should be in products like System Center.

      Thumb up 0 Thumb down 0

5 Trackbacks

  1. [...] This post was mentioned on Twitter by Philippe Winthrop and Mobile Data Services, Brandon Herrin. Brandon Herrin said: EAS is trying to be passive mid-ware; it won't work RT @biz_mobility: The Evolution of EAS in Mobile Device Management http://bit.ly/94tYVv [...]

    Thumb up 0 Thumb down 0

  2. [...] This post was mentioned on Twitter by Mobile Data Services, The EMF.org. The EMF.org said: Philippe Winthrop commented on the blog post The Evolution of Exchange ActiveSync in… http://goo.gl/fb/u5OdE #TheEMF [...]

    Thumb up 0 Thumb down 0

  3. [...] This post was mentioned on Twitter by The EMF.org, Mobile Data Services. Mobile Data Services said: Bob Egan commented on the blog post The Evolution of Exchange ActiveSync in Mobile Device Management http://ow.ly/19Ds8s [...]

    Thumb up 0 Thumb down 0

  4. [...] This post was mentioned on Twitter by Mobile Data Services, The EMF.org. The EMF.org said: Philippe Winthrop commented on the blog post The Evolution of Exchange ActiveSync in… http://goo.gl/fb/8BHnE #TheEMF [...]

    Thumb up 0 Thumb down 0

  5. [...] This post was mentioned on Twitter by Suresh, The EMF.org. The EMF.org said: Philippe Winthrop commented on the blog post The Evolution of Exchange ActiveSync in… http://goo.gl/fb/wdOaQ #TheEMF [...]

    Thumb up 0 Thumb down 0

Post a Comment

You must be logged in to post a comment.