As a Core Infrastructure Architect at the Microsoft Technology Center (MTC) in Atlanta, Georgia, I focus on Devices, Systems Management, and Deployment. Because of my focus area, I have the opportunity to have some really interesting conversations with our customers about how they keep their users productive.

Many of my conversations with customers are about deploying new tablets or laptops, purchased by the enterprise. But recently, I’ve been having more discussions about bring-your-own-device (BYOD) programs. It has been amazing to see the enthusiasm that our enterprise customers have for keeping their users productive on new devices. 

In this blog post, I will focus on some of the things to consider when considering a BYOD initiative and some of the Microsoft technologies available to make your deployment successful. After all, if BYOD is successful in your enterprise, your team can take the credit for a happy group of users.

What is BYOD?
The concept of BYOD is simple: allowing employees to work from devices that are not owned by the organization. Most commonly, we see this when employees can send and receive email from their personal smartphones.

Because BYOD programs expand beyond just smartphones to tablets and laptops, employees are offered a new freedom of choice for their work PCs. Some employees may prefer an Ultrabook with great battery life, while others feel they can accomplish all of their work on a device like a tablet.

BYOD: A brief history lesson
When Microsoft was founded in 1975, the vision was to put a PC on every desk. Today, that vision has been expanded to include every briefcase, backpack, and pocket.

BYOD emerged as a solution to the ever-increasing rise of technology and demands of employees. Because many organizations moved slowly to provide new services or upgrade hardware and software, employees began using their own devices in the workplace, without the approval of IT.

Where to start
Start by asking if your company is a good candidate for BYOD. Regulatory compliance issues may determine whether BYOD is a possibility and should be carefully considered. Think about how you will need to deliver applications, perhaps by using something like a virtual desktop infrastructure (VDI) to prevent users from storing sensitive data locally. Alternatively, Windows Server 2012 R2 offers the ability to classify data and apply additional restrictions based on a detected pattern in data. The Dynamic Access Control feature in Windows Server 2012 R2 works with your local file servers and Work Folders, which I will explain in a moment.

You should also think about your policies and communication with users. As an IT professional, you need users to understand your concerns regarding application access, data storage, and the risks that accompany BYOD. It is critical for users to understand appropriate boundaries on devices that are attached to the corporate network. After all, users are entering into an agreement, which grants IT some control over those personal devices.

Finally, rethink the systems you deploy today. If you are deploying Microsoft Office and several other common applications, how will you deliver these applications? You may want to start using Microsoft Application Virtualization (App-V) and the Configuration Manager component of Microsoft System Center to deliver different package types to the appropriate endpoint. For example, Microsoft Visio is deployed on my desktop PC, but my Surface 2 uses an ARM processor, so the application is delivered using Remote Desktop Services.

Delivering a consistent experience
If you have decided to implement BYOD for your organization, then consider how you’ll plan to deliver components of BYOD for a consistent user experience.

Ensuring that users have access to their application data is vital. You need to make sure that data is available everywhere. For BYOD, we have a few tools:

  • Work Folders is a feature of Windows Server 2012 R2 that allows systems to enroll for a compartmentalized file store. This store is protected by the Encrypting File System (EFS) and if a user’s account is terminated, access is revoked and data is rendered useless.
  • SkyDrive Pro is a great extension to Microsoft Office 365 and offers enterprise-grade cloud storage, which works with Microsoft SharePoint. If you are deploying Office 365, SkyDrive Pro is a wonderful complement; your users can include this tool anywhere they install office.

Application delivery
Next, you should determine how to deliver applications to your users. Configuration Manager is typically used on company-owned devices. However, you need to consider that certain applications should not run locally to avoid the risk of data being stored locally. Or perhaps you want to make an application available to alternate platforms. In this scenario, you may want to consider a Remote Desktop Services farm.

If the application you want to deliver is already mobile, you can deep-link to the application and provide users access to a company portal, where they can download the device to whichever platform they choose. Best of all, if the user’s account is de-provisioned those applications are also de-provisioned.

Now that we have talked about storing data and securing and delivering applications, how do we get BYOD machines provisioned? The Configuration Manager component of System Center 2012 R2 plus Windows Intune handles this job. Within Configuration Manager, we can define certificates to be distributed, indicate preferred Wi-Fi access points, and even distribute applications using Remote Desktop Protocol (RDP)!

Best of all, in a scenario where we have physical PCs, VDI, and BYOD assets, applications can be deployed to the user and made available anywhere. With the combination of Windows Server 2012 R2 and System Center with Windows Intune, you can deploy BYOD in a way that delights your customers and improves productivity.

This post provides just a few ideas and approaches to BYOD. If you would like to talk more about BYOD, contact your Microsoft sales representative to schedule an engagement at your local MTC.










Tyler Cooper is a Core Infrastructure Architect at the Atlanta MTC. His expertise centers on Microsoft client and server management, operations and deployment technologies. At the MTC, Tyler works with customers to help envision and prove solutions using Microsoft products.

Before joining the MTC, Tyler was a consultant with Microsoft Consulting Services, where he was worked with many large enterprise customers, including Fortune 50 companies, to drive the envisioning, planning and delivery of IT transformation solutions. In many of these engagements, he has used his knowledge of industry best practices to help customers mature as IT organizations. Tyler also has a strong interest in working with customers to transform fully developed technology concepts into long term tangible solutions.