What will it mean to 'manage' Windows on ARM tablets?

What will it mean to 'manage' Windows on ARM tablets?

Summary: Will Windows on ARM devices find an accepting home in the corporate world? Microsoft has some manageability plans to try to keep consumers and IT admins both happy.


There's been a debate raging for the past few months among Microsoft watchers and enthusiasts about how and if Microsoft planned to allow businesses to manage Windows on ARM tablets and PCs.

Many of us had been assuming that Microsoft might attempt to leverage the ability to manage Windows on ARM devices as a way to differentiate these coming tablets and PCs from iPads. But in February of this year, a Microsoft white paper made it seem the plan was to exclude Windows on ARM tablets from joining Active Directory domains -- as is true for iPads.

This week, when announcing the Windows 8 SKU line-up, Microsoft officials confirmed that Windows on ARM devices -- running an operating system version that Microsoft has officially christened "Windows RT" -- would not support domain join. (PCs and tablets with x86/x64 processors running Windows 8, the consumer version of Windows 8, also are not going to be allowed to join domains, for what it's worth.)

But there will still be ways for business customers to "manage" line-of-business (LOB) apps on Windows on ARM devices, according to an April 19 blog post on the Microsoft "Building Windows 8" blog. LOB apps can be anything from a corporate e-mail client, to custom-built apps specific to a company's business.

Windows 8 on x86/x64 will be able to be managed using System Center Configuration Manager and Windows Intune. But "(s)ince WOA PCs only support third-party code through the Windows Store and WinRT-based applications, we set out to develop industry-leading management capabilities that support BYO (bring your own) or company-deployed WOA PCs," said Windows President Steven Sinofsky in an introduction to the latest blog post.

I believe -- after several re-readings of the blog post -- that Microsoft is planning to make the coming version of Windows Intune (which went to beta this week) the way it manages WOA tablets and PCs. The post, authored by Jeffrey Sutherland, a Program Manager Lead in Microsoft's Management Systems Group, never quite spells this out, however. Here's what it does say:

"For WOA, we have integrated a new management client that can communicate with a management infrastructure in the cloud to deliver LOB apps to users. "You’ll hear more about this management infrastructure at a later date from our friends on the System Center blog, so this post will focus on the benefits and capabilities of the WOA management client itself."

(I'm thinking the reason this isn't called out as the coming version of Intune might be because Microsoft still isn't officially supporting Windows 8 or Windows on ARM/Windows RT devices with the beta of the so-called Windows Intune 3. It is, however, supporting iPads, iPhones, Windows Phones, Windows PCs and Android devices with the beta.)

Because Windows Intune 3 is based around an Exchange ActiveSync model, there's no obvious reason it couldn't manage Windows on ARM devices. In fact, Mary Branscombe over on ZDNet UK made a compelling, albeit it speculative, case for the new Intune being the vehicle for managing Windows RT systems.

The new WOA management offering will include  a built-in Metro-style client app called an agent, and a a Metro-style app, known as the  self-service portal (SSP) that consumers can use to browse for and install LOB apps. So if a user brings a WOA tablet/PC to work, administrators will be able to control which business apps they will allow them to install on their PCs using the SSP.

There are four kinds of business apps that admins can make available via the portal:

  • Internally-developed Metro style apps that are not published in the Windows Store
  • Apps produced by independent software vendors that are licensed to the organization for internal distribution
  • Web links that launch websites and web-based apps directly in the browser
  • Links to app listings in the Windows Store

The coming "management infrastructure" for Windows on ARM devices will go beyond Intune itself to include  activation keys, certificates, and other safeguards. So maybe Microsoft still does have some designs on getting Windows on ARM devices into businesses/enterprises, after all -- and isn't going to position them as consumer/media tablet type devices only, as some of us have been surmising.

That said, I'm sure there's no thought in Redmond that anything running Windows RT should be held up as a PC replacement, either -- despite the fact that iPads are increasingly finding their way into businesses as PC alternatives. ...

Topics: Software, Apps, Tablets, Processors, Operating Systems, Mobility, Microsoft, Laptops, Hardware, Windows


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Great analysis as always MJ :)

    I think your analysis is spot-on. Microsoft is pretty fanatical about making its products easy to manage. Practically every product Microsoft ships supports and engages with its management infrastructure.

    Whilst it was a little surprising that WindowsRT devices can't be joined to domains, on reflection, I think this actually makes sense. Domain management features work well for machines that are connected to and reachable via corporate networks. Since WindowsRT tablets will likely spend a great deal of their time outside the corporate firewall and will often be connected to the internet via cellular data plans, the additional domain network traffic burden could well become an issue for those using tablets as a portable accompaniment to their primary desktop/laptop.

    Having said that, providing a lightweight management facility via Microsoft's cloud services would be VERY attractive for many businesses - especially if such a facility also integrated with SystemCenter etc.

    At the end of the day though, I think it's clear that iOS and Android devices being adopted within businesses prove that businesses ARE willing to forego their usual control over their devices if there's a compelling benefit to users or if new experiences and opportunities are uncovered.

    I think if Microsoft balance these two factors, they could be onto a winner, creating a tablet platform that's manageable *enough* but not too much!
    • I don't think so

      "Whilst it was a little surprising that WindowsRT devices can't be joined to domains, on reflection, I think this actually makes sense. "

      That should be the choice of the company whether or not they allow it, not the OS vendor.
      • Choice?

        They do have a choice.
        Windows 8 Pro on an x86 Tablet.
    • tablets or netbooks don't need to join a domain. they can control it.

      ipad and even android tablets have remote desktop apss. The idea is that with RDP, pretty much manage any windows server infastructure remotely. The only purpose of AD is to place security, distrobution, shareing policies accross the network. It is also used to authenticate users. tablets and net boks are mainly mobile devices wich would not be connected directly to the network.

      Ipad supports vpn technology which will work just fine for authentication, it can connect to an exchange server and get email, you can RDP to manage your infastructure, plus 3rd party app makers probably have other neat utillities that can be used. In essence the tablet will start off as the nexgen console for IT early adopters other than a main stream entertainment device.
      • Well said

        Reading this topics I just can't rule out, that majority of writers know zip about AD, why, how, what and when...
        it's like joining smartphone to a AD. Can be done, but what did you achieve? It's quite enough to active sync email. Other than that - remote desktop is the name of the game in today's networks with virtualization etc...
        Besides grunts about W8Arm not beeing able to join domain (it goes the same with home versions ow any windows) I'd like to read, what is the benefit of tablet or smartphone joining a domain. management? what and how? application management? security - what security? with Active sync you can erase lost or stolen remote device without AD management...
  • System Center and Intune

    Microsoft keeps linking them when they talk about this here at MMS, with Metro provisioning from Config manager and the support for managing and provisioning iOS and Android apps in Intune. I can't believe Intune won't support that for Windows 8/RT in time, even though the kimono is padlocked shut on talking about that now.
  • BYO

    From WinRT tablet owner's aspect, joining a domain will give full access of your tablet (personal photos, files and info) to the admins. This new model only allows limited administration rights to admins.

    Windows 8 pro is still available to enterprises which want to provide the tablet and retain full control.

    Again WinRT is the ARM equal of the Windows 8 consumer (used to be called Windows Home edition).
    • Re: BYO

      I fully agree. If you bring your own device to work you do not want it to be domain joined or have any management agents installed on your machine. If you do, it's not your own device anymore.

      The ActiveSync policies strike just the right balance: If you want company data on your device, you need to agree on some basic policies like screen locking, password protection or enryption.

      Companies that want to deploy managed tablets can turn to Intel tablets. The upcoming SoC devices should also deliver pretty good battery life etc.
    • BYOK

      Raspberry Pi
  • Monetize your time spent online!

    Monetize your time spent online! This great site gives you the opportunity to make extra income doing very easy online jobs! I myself earned over $1000 just last week and it keeps growing! Only basic typing skills required. Here you can find all necessary information's at MakeCash25.com
  • What's the gameplan, Microsoft?

    I always assumed that Microsoft's strategy for making Windows 8 ARM tablets attractive to the marketplace would revolve around two factors:

    1) A full featured (or relatively full featured) version of Office
    2) The ability to join a Windows Domain

    Now, reports that Microsoft is developing an Office Suite for iOS and that Domain Join will not be a fueature of Win 8 for ARM has me scratching my head.

    I guess Microsoft is simply assuming that enterprise customers who want to hand out tablets to their users will go for Intel tablets. The question is: can intel based tablets be engineered to provide the three features that have made the iPad (and to a lesser extent Android tablets) succesful? Can Intel based tablets be made:

    a) Extremely thin and lightweight
    b) 8+ hour battery life
    c) instant on/off

    Because if Intel tablets can be engineered to provide the above features, then concerns about Win 8 for ARM not offering Enterprise customers anything they can't get from iOS or Android would be purely academic.
    • They actually only need 2 of your three features

      A) Lightweight -- thin is not really a goal in itself, that's just a fashion statement.

      B) 8+ hour battery -- yes, please. :)

      C) Instant on/off -- For a given value of "instant", I believe Win 8 boots extremely quickly compared to Win 7.

      Of these, only the battery life is *really* killer.
      • Everything about W8 tablets is fast, including both cold/warm boot.

        Even on the lower end arms they are much faster than ipads at everything. On x64 tablets they are 10x better.
        Johnny Vegas
      • The trade-off for battery life is weight. My nine-cell battery ...

        ... gives my 14" notebook plenty of battery life but it weights a lot! Windows 8 will not be able to deliver the battery life that Windows RT will provide but hopefully, with SSDs, it will be close enough to be acceptable. I am assuming that Windows RT will be loaded on entirely solid state ARM devices.
        M Wagner
    • Why?

      Would you like to join a domain with tablet? Any particular reason? You want company security policy that forces you to unlock your tablet every few minutes, you want to restrict yourself with data, that can be on a tablet, with all kinds of security checks, password and complexity changing policies etc.. to achive what? having underpowered PC?
  • This statement stuns me

    Mary Jo said:

    "That said, I???m sure there???s no thought in Redmond that anything running Windows RT should be held up as a PC replacement, either."

    Did she read the same post I read? The title of the post is "Managing "BYO PCs". Not tablets. PCs. Sinofsky says the management tools will "support BYO or company-deployed WOA PCs". For the last 8 months, Microsoft has been clear that they are all-in on Metro. In Windows 8, there will be virtually no enhancements to the development platform for the desktop side of the PC. The anti-trust consent decrees tie Microsoft's hands wrt old-style PC's but not ARM devices. Is it not obvious? How can this *not* be seen as Microsoft seeing ARM devices as being a PC replacement for a lot of people in enterprises?

    I think corporate IT should be salivating over the idea that many of their rogue PC's that users can so easily cause malware to be installed on can be replaced by an ARM device that can only have software on it that either came from either the Windows Store or that was installed by the enterprise. This is a huge manageability win for enterprises. And it's a huge win for Microsoft if it happens, because on ARM devices Microsoft once again has complete control of their products.

    The next 3-5 years are going to be *incredibly* interesting . . . . .

    • PCs and/or tablets

      You're right. In this post I emphasized the Windows on ARM tablet implications. And MS and partners have said there also will be ARM PCs coming.

      I was attempting to make the point that even though MS keeps saying "tablets are PCs," they don't really want folks to think of tablets as replacements for their PCs. They want them to think of them as auxiliary devices. Kind of PC complements... but not as PC alternatives.

      Thanks. MJ
      Mary Jo Foley
      • I think the reasoning...

        is that they don't want to defer away from the statement that "Windows 8 (not Windows RT) is a no-compromise solution". I don't think it's any coincidence that they made sure ARM devices aren't called "Windows 8 PC's".
      • In effect, then. Windows RT is an "iPad killer" ...

        ... and a Windows 8 tablet is a notebook replacement. Correct?
        M Wagner
  • Exchange Active Sync

    System Centre Configuration Manager 2012 also 'imports' EAS managed devices and can provide the same functionality for corporates that InTune does.

    InTune has the benefit of managing with Office 365 Exchaneg Active Sync devices