Part I of III: MobileIron and Microsoft Strategy

This three-part video blog series is my perspective on Microsoft’s strategy, the evolution of Microsoft Intune, and the critical role MobileIron plays in a Microsoft shop. My opinions are based on publicly available and third-party data plus my analysis of Microsoft’s actions. Part II of this series provides a high-level comparison between MobileIron and Microsoft Intune, while Part III provides technical details on that comparison.

Like almost every infrastructure software company in the world, MobileIron is both partner and competitor with Microsoft. Most of our customers are also Microsoft customers.

I believe Microsoft’s future depends on the success of three initiatives:

  • Migrate compute workload quickly to Azure
  • Don’t lose the battle for identity
  • Win back the developer

Three product solutions provide the underlying pillars for these three initiatives.

1. All roads lead to Microsoft Azure

For Microsoft to win, enterprise workload must move to Microsoft Azure instead of Amazon Web Services (AWS) or Google Cloud Platform. Azure consumption is a central metric Microsoft can measure to gauge whether its strategy is working. Each month, compute cycles, data storage, and transactions in Azure must increase at a rate higher than the rest of the market.

Will it increase Azure workload?” is a simple litmus test to predict Microsoft’s actions.

2. All roads start from Microsoft Azure Active Directory

Microsoft cannot afford to lose its position as the system of record for identity. I believe Microsoft Azure Active Directory is the most important product in the Microsoft stack. Microsoft has been very public that “identity is the control plane.” As a result, Azure services are all tightly tied to the identity services that Microsoft provides.

If a Google or an Okta starts taking over identity within a customer, Microsoft loses its most important architectural control point. Office 365 is not only a productivity suite, but also a forcing function to drive identity into the Microsoft Cloud.

3. All roads are built on Microsoft Graph

Before we talk about Microsoft Graph, let’s first turn the clock back 20 years. Microsoft became the largest software company in the world because it won the hearts and minds of developers. Customers go where developers are, and developers were inevitably on Microsoft platforms. Both server-side and client-side developers built on Windows. Microsoft Developer Network (MSDN) was the center of the universe because almost everyone used Microsoft tools.

Then Linux matured and many new developers, like MobileIron, chose it as their server platform. At the same time, client applications on the desktop moved into the browser. In 2010, iOS and Android adoption exploded and, as always, developers followed their customers and started building native apps for those OS platforms. Meanwhile, cloud became the primary infrastructure choice of startups, and AWS quickly established a leadership position.

Now it is 2017. A new startup, funded today, will most likely run in AWS, with Android, iOS, and web apps on the front-end. There is a good chance that the startup will not use any Microsoft development technologies even if the service is consumed on Windows devices. That was infeasible 15 years ago, but practical now.

Microsoft must win back the developer. Winning with Office 365 but losing the developer is not an option.

Microsoft Graph is the centerpiece of the Azure developer strategy. It is the API stack for Azure, and Microsoft needs as many developers to use it as possible.

The Role of MobileIron and Microsoft Intune

At MobileIron, we’ve seen Microsoft’s strategy evolve over the last few years. Microsoft Intune is a perfect example. Because of the strong position Microsoft System Center Configuration Manager (SCCM) has held in the traditional desktop management market, I believe Microsoft assumed Intune could easily achieve a similar position in the enterprise mobility management (EMM) market.

But it didn’t work out that way. Intune struggled with capability breadth, depth, and maturity against the more established EMM players. Intune lacked the fundamental advantage of SCCM – control of the operating system. Apple and Google, not Microsoft, were the primary OS vendors in mobile.

Intune needed a product advantage and it came in the form of Office 365 controls. Microsoft decided not to use the native frameworks for app configuration and security that Apple and Google had built into their operating systems (, even though that was the preference of many Microsoft customers. Instead Microsoft built a proprietary set of controls for Office 365 apps and only exposed them to their EMM product, Intune. This meant that other EMM products could not leverage incremental security functions for Office apps, like preventing copy / paste or ensuring that a document was not saved to a consumer storage service.

The Microsoft sales team starting pitching that “only Intune secures Office 365.” They tried to convince customers to uproot their entire existing EMM infrastructure and switch to Intune to access a handful of Office configurations. Customers pushed back and the common outcome was not that they switched to Intune, but rather that they lived without these additional, useful configurations.

In January 2017, Microsoft changed course and exposed these functions through new Microsoft Graph APIs. Access to these APIs still requires the customer to buy Microsoft’s Enterprise Mobility + Security (EMS) suite, which includes Intune, so the Microsoft sales team does not lose a revenue opportunity. However, to me it indicates that Microsoft realized adopting a closed approach to Office security was not in the customer’s or Microsoft’s best interests.

I believe that, over time, product economics and strategy alignment will naturally shift the focus of Intune from trying to compete head-to-head for EMM business to instead providing Azure policy middleware that other EMM products can leverage. The middleware model better meets customer requirements and, more importantly for Microsoft, drives adoption of Microsoft Graph. Microsoft has a tremendous incentive to secure Azure services but none to secure Android or iOS as OS platforms.

The true battle for Microsoft is not EMM. It’s winning back the developer through Microsoft Graph and moving enterprise workload to Azure with identity at the core.

Please read Part II of this series, “MobileIron and Microsoft Intune,” for more details on these two products.

Any information concerning products and services other than MobileIron’s comes from public and third-party sources. Although we believe it to be accurate, we have not independently verified it and we cannot guarantee its accuracy.

Ojas Rege

Chief Strategy Officer

About the author

twitter icon



Ojas Rege's perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, Forbes, and Reuters. He coined the term “Mobile First” on TechCrunch in 2007, one week after the launch of the first iPhone, to represent a new model of personal and business computing. He is co-inventor on six mobility patents, including the enterprise app store and BYOD privacy. Ojas is also a Fellow of the Ponemon Institute for information security policy. Ojas has a BS/MS in Computer Engineering from M.I.T. and an MBA from Stanford. Ojas is also Board Chair for Pact, a non-profit in Oakland, California that provides adoption services for children of color and their parents.