Moving to modern device and application management

Enterprises planning to move from a traditional to a modern management style have several factors to consider, decisions to make and roadblocks to overcome. This paper will help you determine which approach to take, what tools to use and how to deal with legacy applications. The ultimate goal is managing, securing and delivering modern applications to employees while providing a rich user experience across multiple devices and platforms.

The modern enterprise

Today’s modern enterprise is “mobile first” from a device and user perspective, with a heavy emphasis on user self-service. The majority of applications and services reside in the cloud, with minimum on-premises infrastructure or reliance on traditional domain authentication.

In this environment, modern workplace management — also known as “modern management,” a term coined by Microsoft that is being accepted in the market — is about simplifying device management. Cloud-based mobile device management (MDM) tools can now manage both mobile and desktop devices, broadening the management reach. When modern management is implemented, user identities reside in the cloud so devices can be quickly enrolled from the internet with security policies and applications, providing users with secure and productive devices while also meeting business needs.

Enterprises planning a migration to Windows 10 should review their management strategies and decide whether now is the time to take a new approach. Enterprises already using cloud services, such as Microsoft Office 365, will see the most benefits. We believe that most enterprise customers will initially use a blend of traditional and cloud-based workplace management, with the latter becoming the dominant management solution over time.

Enterprises should be taking steps now to embrace this shift. They should start looking for ways to move their workloads to new cloud-based management using analytics tools such as Microsoft Operation Management Suite (OMS). This will provide valuable insight into the current environment and will help determine the best path to a new environment.

Paths to modern management

Microsoft has outlined four paths to modern management :

“Cloud first.” New organizations or spin-offs can go straight to modern management because they can create a cloud-first approach for all workloads.

“Big switch” transition. Enterprises with legacy components in their IT infrastructure may consider a “big switch” approach. This means transforming to a modern style all at once. This approach may suit smaller enterprises but prove too complex for larger enterprises.

Group-by-group transition. A group-by-group transition profiles users and determines the order in which each group will transition. Analytics tools, such as Microsoft Operations Manager (MOM), can help with profiling users for each group.

Co-management. In this approach, devices are managed with traditional (System Center Configuration Manager) and modern management (Intune) tools. This means organizations can take an iterative approach. Workloads are modernized over time, providing a bridge to full modern management. Many enterprises take this approach, as it delivers the best of both worlds until a full transition is completed.

Regardless of the path chosen, traditional workloads need to be evaluated and moved to modern management. In this paper, the main workload we focus on is applications. At a basic level, we need to identify the modern applications that can go straight to modern management and find the best approach for managing legacy applications.

What are modern applications?

In the context of Windows 10, we define a modern application as one that is cloud managed from an administration and distribution perspective. The application is typically consumed by users through self-service. Modern applications are also easy to update and maintain, which simplifies application delivery. Modern applications are designed to adapt dynamically to different device form factors. These applications are typically integrated with public or private cloud back-end services and designed to provide a powerful and rich user experience.

This shows different types of modern applications consumed by a modern managed device, including the cloud services on which these applications depend.

There are two main categories of Windows 10 modern applications:

• Universal Windows Platform. Microsoft introduced the Universal Windows Platform (UWP) in Windows 8. With Windows 10, UWP enables a mobile app experience that is consistent across all form factors. UWP (uses .appx format) makes it easier for developers to design apps to reach all Windows 10 devices via the Microsoft Store. Legacy applications (Win32 are typically .msi/.exe formats) are slowly moving to this format; however, some lack full functionality.
• Cloud, web and SaaS applications. These applications are normally hosted on cloud infrastructure and accessed over the internet. They are typically web- based apps that run in a browser, but they can sometimes be UWP applications. Microsoft has announced that Progressive Web Apps (PWA) will soon be supported on Windows 10; PWA is gaining momentum across platforms, providing the best aspects of web and native mobile applications.

Modern application distribution

Modern management applications are managed through cloud-based MDM solutions; corporate line-of-business and public applications are distributed through a corporate application store. Application policies are used to secure the application and data while also providing access controls to corporate resources.

There are two options for a corporate application store across Windows 10 form factors:

• Native MDM store. This store provides an application delivery platform that allows users to browse and download approved applications, as well as provide feedback to IT. The store also helps consolidate different application types that originate from different sources. In addition to legacy, cloud, web and SaaS applications natively supported by the MDM store, enterprises must consider integration with Microsoft Store for Business and virtual applications.
• Microsoft Store for Business. This is a private Windows store available only to enterprise employees. An administrator can find, acquire, manage and distribute Microsoft Store and line-of-business applications to Windows 10 devices. Business users can access their assigned applications through a private store or web-based portal, which lends itself nicely to modern management.

Modern application management provides the best available unified application store experience. Microsoft Store for Business has public APIs that allow integration with enterprise mobility management (EMM) solutions. This means that Windows store applications can now be deployed using the native MDM stores alongside MDM-supported applications.

Are legacy applications supported in modern management?

Modern application distribution methods have limited out-of-the-box support for legacy (Win32) applications; noncompliant legacy applications can be enabled for modern management distribution through techniques such as repackaging, virtualization and conversion. However, they are not considered truly modern, because they were designed for the Windows desktop and may have usability and compatibility issues on some form factors. If you choose to deploy legacy applications in this way, you must carefully consider how the application is consumed.

Major roadblocks for legacy applications

The application distribution mechanisms for modern management are among the major roadblocks for legacy applications today. For example, Microsoft Store for Business has no support for legacy Win32 applications, and MDM providers have limited support. Microsoft is trying to address this with additional tools and capabilities.

Some of the main challenges are legacy applications hosted on-premises that use traditional authentication mechanisms such as NT LAN Manager (NTLM) and Kerberos. Dependency on older operating systems also poses a real threat when moving applications to modern management.

Paths to a modern application portfolio

Modernizing the application portfolio is key to having a fully modern enterprise, since employees can’t be productive without having the applications they need when they need them.

A detailed assessment will help you discover whether your organization already has applications that fit the modern style of management. Those that don’t can be reviewed, and a path to modernization can be determined.

Below are some of the typical decisions required and the paths to take to identify legacy applications:

Decide

• What applications can be retired or replaced?
• How critical is the application to the business? Is it worth investing to update the application?
• Is the application still secure?
• Is there a budget to modernize the application?
• Is the application dependent on traditional authentication mechanisms?

Path to modernization

• Is there an existing SaaS alternative?
• Is there a UWP version and does it provide the functionality needed?
• Can the application be redeveloped as a UWP-type application?
• Can conversion tools be used to convert applications to a UWP-type application?
• Can the application be migrated to the cloud and accessed accordingly?
• Are there services that will make the application available externally, such as Azure Active Directory or Capriza?
• Can a virtualization application delivery platform be used to virtualize the application?

A survey from CCS Insight  shows that the top trend in mobility and workplace is the increase in cloud productivity and collaboration applications, mainly fueled by the rapid growth of cloud-based mobile applications.

Enterprises with reservations about using cloud-based applications or storing their sensitive data outside the corporate environment should consider solutions such as Azure AD and Capriza, which provide different options to publish internal web applications externally. Application virtualization is also an option for apps that handle sensitive data, as the data remains within the secure corporate environment. But apps delivered virtually don’t always translate well to small screens. Ultimately, there is no one solution that fits all; you must weigh the options on an application-by-application basis.

Another option for legacy applications is to enable them for distribution through modern management but without any modernization; however, this approach will not change the legacy look and feel, and the application will not be truly modern. This option can be used as an interim solution until a full modernization approach for the application is determined.

Tools and approaches for legacy applications

Here are some of the approaches and tools used to enable legacy applications for modern distribution.

Straight to modern. Modern applications can be consumed without any modification. If you are considering a group-by-group transition, you can profile the users that consume only modern applications and move those first. Other groups can transition as more and more applications are enabled.

Enable for modern. Legacy applications that are not compatible with modern deployment or consumption will need to go through some form of remediation.

Management extensions. Intune has a new set of capabilities to make deploying existing Win32 and .exe applications easier. The source for the legacy application is delivered to the device by Intune; a PowerShell script can now be used to execute the installation upon delivery. Other MDM vendors such as AirWatch have similar solutions.

Repackaging. If suitable, the application can be repackaged using a tool such as AdminStudio to comply with modern management distribution rules.

Virtual applications. Virtual application delivery solutions such as Citrix XenApp or VMware Horizon can be used. Applications are delivered on demand to users in a secure and optimized manner. The app and data are typically hosted on a back-end virtual infrastructure, and users interact with the application via the virtual customer.

Desktop Bridge. This tool automatically converts legacy applications (Win32 MSI/EXE) to use the Universal Windows Platform (.appx format) to enable distribution through modern deployment methods. In addition to conversion with Desktop Bridge, you can continue the migration by enhancing the converted application with UWP APIs to add features such as live tiles and push notifications.

Co-management. According to Microsoft, it will soon be possible to have a Windows 10 device managed by both ConfigMgr and Intune simultaneously, effectively providing a bridge for enterprises to migrate from traditional to modern management by transitioning workloads over time. Applications that are already modernized can be deployed in a modern fashion; legacy applications still can be delivered in the traditional way until they are enabled. This helps enterprises move to modern management in a controlled fashion over time, minimizing risk while still meeting business needs.

Move to modern management and have the applications you need

There are many paths to modern management, whether you are planning cloud-first management, transitioning or using an iterative approach. DXC Technology can help customers on their modern management journey. Our Workplace and Mobility offerings
include solutions that will help you reach your goals while ensuring that your users have the applications they need when you get there.

DXC can help you rationalize and modernize your application portfolio so that your applications can be managed and secured via modern management.

Visit DXC Workplace and Mobility for more information on our offerings, or let DXC Advisory Services help determine the best solution to fit your requirements.

Download the full paper