June 25, 2024 • 71 mins
What's the best way to manage your enterprise's rugged Zebra devices effectively?
Join Brett Cooper, Mark Banks, and Patrick McGlynn as they unpack the most comprehensive Mobile Device Management (MDM) options for 2024. From mastering application deployment to ensuring robust security controls and real-time inventory tracking, this episode promises to arm you with the knowledge to make informed decisions about your enterprise's mobile devices. Discover why enterprises are increasingly choosing Zebra devices over consumer models like the Google Pixel and how these rugged devices provide advanced configuration capabilities tailored for rigorous business environments.
Curious about which MDM solutions can best handle legacy Android devices? We dissect popular options like AirWatch (Workspace ONE) and SOTI, focusing on their strengths and limitations. Learn how AirWatch's agent-based control can manage older Android versions and why SOTI is gaining traction in the rugged Android market. We also address the concerns surrounding Workspace ONE's future stability and the challenges posed by Microsoft's Intune, exploring how tools like OEMConfig and BlueFletch Playbook can bridge the gaps for Zebra device management.
Security and operational efficiency are paramount when evaluating MDM solutions. Our discussion covers the essentials of multi-factor authentication, single sign-on, and VPN support, along with the importance of real-time reporting capabilities. We also explore various EMM and MDM solutions such as Ivanti Neurons, Hexnode, Scale Fusion, and Cisco Meraki, each offering unique advantages and limitations. Whether you're managing a fleet of Zebra devices or considering BYOD scenarios, we compare the pros and cons of leading MDM solutions to help you navigate your options.
For more detailed information, don't hesitate to reach out to BlueFletch.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hello and welcome to another episode of the Blue
Fletch Enterprise MobilityRoundup.
I am Brett Cooper.
I'm joined by Mark Banks andPatrick McGlynn.
Today we're going to be talkingabout Zebra MDM options in 2024
.
In this podcast, we're going tocover topics on we've seen for
why you need a tool specific formanaging this and then also
what are the options out there.
So a couple of different MDMEMM solutions and pros and cons
(00:21):
around those, and then, ifyou're looking for an MDM
solution, what are the optionsout there?
So a couple of the differentMDM EMM solutions and pros and
cons around those, and then, ifyou're looking for an MDM
solution, what are the thingsyou should be looking at.
So we'll be covering that todayand let's hop into it again.
So, to start out, we're goingto do a bit about what
specifically is an MDM and whyyou might need one for your
Zebra devices.
So, mark, I'll throw this oneover to you.
(00:43):
Maybe you can talk a bit about.
You know, in your experiencemanaging devices over the last
decade, what are the things thatyou use in MDM for.
What's it most valuable for?
Speaker 2 (00:54):
So, overall, it's giving you control over your
devices and the user experience.
It's giving you the ability totrack your inventory and make
sure that your devices arecompliant with whatever security
policies you have.
Speaker 1 (01:14):
It's a good way to deploy applications, all right,
so Mark, tell me a little bitabout you know for your Zebra
devices.
Why would you want to have anMDM or EMM solution?
Speaker 2 (01:29):
So, overall, you need it to deploy applications to a
large device pool and it givesyou the control over security
features, restrictions over whatthe device can and cannot be
used for, and really just givesyou visibility into what's going
(01:51):
on with your devices Got it.
Speaker 1 (01:53):
So when you say visibility, that'd be reporting
that comes out of it on the backend and the ability to drill in
and do support andtroubleshooting on specific
devices.
Speaker 2 (02:02):
Correct yeah.
And troubleshooting on specificdevices Correct yeah.
And usually gives you anoverview of how your devices are
doing, a device summary so thatyou can look at the big picture
of your large device pool.
Speaker 1 (02:19):
Got it and Patrick.
So I guess, thinking in thecontext of Zebra devices versus
BYOED devices, can you dive intosome of the points around what
the differences would be betweenmanaging a fleet of rugged
handheld Zebra devices ormanaging a consumer Android
(02:39):
device?
Speaker 3 (02:41):
Sure Right.
So Zebra Android devices aregenerally used in dedicated
roles within a company, so theyare purpose devices for
operations, scanning, inventorycontrol and they're used very
differently than a BYOD device,which, when I think of BYOD, I
commonly think of bringing aSamsung or iOS device to work
(03:04):
and using it to check your emailand communicate on Teams or
Slack.
The difference here is thatZebra devices have built-in
scanners.
They're rugged so you can dropthem, and they are usually
deployed for those dedicatedpurposes within an organization,
like I talked about withinventory control dedicated
(03:25):
purposes within an organization,like I talked about with
inventory control.
Since those devices are purposedevices, you want more
structure and rigidity aroundthose devices.
So, zebra devices, you want tocontrol the OS updates and be
very cautious and manage anytime the OS is going to update,
because you don't want to haveany impact to your operations,
(03:46):
and you also wanna have advancedcontrols over exactly how those
Zebra devices are gonna work,such as how is the scanner gonna
trigger, what's gonna beblocked and restricted on that
device, whereas a BYOD deviceusually is more open for the end
user because, at the end of theday, it's their own device that
(04:06):
they need to do their personalthings on as well.
So you think of a Zebra devicereally as a corporate-owned
device that is truly dedicatedfor that worker and for that
function?
Speaker 1 (04:19):
So this is probably a full topic, but can you dive
into a bit about why somebodymight want to buy a Zebra device
instead of, say, a Google Pixelor a consumer device that's off
the shelf?
Speaker 3 (04:34):
Sure, and I'll start and turn over to you, mark,
because I know you have somegood experience with this as
well.
But from my perspective, zebradevices are truly purpose-built
for the enterprise.
They're extremely rugged andhave high drop ratings and
waterproof ratings.
They also have really advancedcontrols around exactly how the
(04:57):
device is going to be configured.
Zebra includes a configurationtool called StageNow.
You'll hear it called OEMconfig as well, going forward in
the future state with AndroidEnterprise.
But Zebra, when you comparethem to the rest of the industry
and the other OEMs makingEnterprise Android devices, they
(05:18):
provide the most control overthose devices.
So, exactly how a device isgoing to look and function, what
the scanner is going to do, asI mentioned earlier, and they're
going to give you additionalcontrols that are really going
to help you make that devicefunction exactly how you need it
to for your organization.
Speaker 1 (05:39):
I guess, mark, you have other thoughts on when
you're thinking about managingZebra devices.
What are the specific keyfeatures or things you think
about?
Are you seeing, as you've donethis in the last, you know all
the clients and companies you'veworked with, like?
What else is there to thinkabout when you think about the
difference between Zebra and aregular Android consumer phone?
Speaker 2 (05:59):
Yeah, so from a device administrator perspective
, what I'm looking for in adevice is something that I can
control and get the ability tomake any change that I need to
to the device so that I can lockit down, make sure that the
user gets the experience thatthey need to do on the device
(06:20):
and not anything extra.
They can't get around todifferent websites and that kind
of thing.
With the Zebra operating system, it checks all those boxes from
a device administrationperspective and it's gonna let
you control the different thingsthat operations may require for
(06:42):
streamlining the device use.
Speaker 1 (06:47):
And Mark just to follow up on that.
So I know one of the thingswe've talked about in the past
is deploying OS upgrades,managing those.
Is there a difference betweenmanaging applications and the OS
versions on Zebra devicesversus a consumer device, I
guess, say, an HTC or Pixel?
Speaker 2 (07:08):
Yeah, with the Google devices or Samsung's you're
usually stuck with the operatingsystem upgrades that come down
from Google or through theoperating system.
With Zebra you have to deploythose updates manually, but that
(07:36):
also gives you control overwhen those updates happen.
So there's a little bit of giveand take there.
Speaker 1 (07:44):
Your phones don't upgrade unexpectedly and break
your software if you have an OSupdate coming down.
And then is there, I guess,within the realm of MDM, so
mobile device managementsoftware.
Is there any specific keyfeatures, whether it's Zebra or
(08:06):
Rugga?
I know Patrick called a coupleof these Other things you guys
can think of around how tosupport and manage those devices
that are worth consideringbefore we start hopping into the
different options that you guyshave seen out there.
Maybe, Patrick, you can startwith us.
Speaker 3 (08:21):
Yeah, I'll start.
So I have seen that there aresome EMMs that have taken
Zebra's development tools, theirEMDK, their developer's kit,
and they've embedded some ofthat functionality into their
portal or their UI as well tomake it easier to use these
Zebra extended options in aneasy-to-use GUI instead of
(08:46):
having to run scripting or pushother files.
I've also seen some othercompanies out there that provide
MDMs and EMMs that have bettersupport for Zebra enrollment, be
that StageNow barcodes, or theyhave better support for remote
control on Zebra devices.
So there are things that arespecific to just Zebra, since
(09:09):
they are the industry leader inthis space, that some EMMs have
adopted and integrated intotheir own tools to make
supporting and managing thoseZebra devices just a little bit
more convenient for everyone.
Speaker 1 (09:22):
Mark touched on this earlier.
But the visibility piece andreporting piece.
I know Zebra has theirvisibility IQ and there's a
couple MDMs that specificallybuilt integration into that.
Can you talk?
You know why, why company mightwant that.
Maybe, mark, you can speak onthat one.
Speaker 2 (09:37):
Sure.
So there's a lot more metricsthat come with the zebra
operating system, like thingslike, uh, battery life, what,
how long is the battery lastingand what's the current charge
things that you wouldn'tnecessarily get with, uh, just
(09:59):
regular oem android o.
So with that you can automatethings with your ticketing
system to automatically generatea ticket when a device is
reaching a bad battery lifespanin its battery lifecycle.
(10:20):
So just having visibility andcontrol over those metrics is
pretty key got it.
Speaker 1 (10:29):
Yeah, I think um network's been another one.
I don't know.
Patrick, do you have anyexamples there for network data
and analytics you've seen?
Speaker 3 (10:37):
uh, specifically, specifically from zebra.
Yeah, they have their wi-fimanager tool that does a little
bit more polling and capturingof network speed and link speed
than is available for mostAndroid devices.
So we've seen customers usethat data to help identify poor
(10:57):
performing stores from a networkperspective.
It can be one thing to monitorthat type of data from an access
point or from your MDM EMM tool, but the data from the actual
handheld, the Zebra device bethat a tablet or a phone
handheld device that endpointdata is going to be what's
(11:21):
actually observed and whatactually happened for that end
user.
So having that rich data fromthe device itself is going to
give you the best visibilityinto that fleet.
So adopting that Zebra data isjust the icing on the top for a
lot of companies.
We found where they can reallyunderstand exactly how their
(11:44):
environment is performing got itand the dmdm options.
Speaker 1 (11:47):
I know I think the we'll hop into these here in a
second when we talk through thelist.
But the, I think the ones thathave integrated zebra analytics
I know I've seen it in sodi,I've seen it in the uh, that 42
gears, I believe workspace onehas that because those are the
primary three where they havereally deep, rich integrated
analytics for Zebra devices.
Would you say that's true?
Speaker 3 (12:08):
Yeah, I would say those are the three that I've
seen that have taken that extrastep to integrate with Zebra's
functionality more than the restout there.
Speaker 1 (12:17):
Got it and I know we'll get to this towards the
end.
But Bluefletch does have theirplaybook and support agent
analytics that, if you are usingIntune, it's a good option to
fill some of those gaps for thatMDM as well.
So I know, patrick, you weregoing to touch on that here in a
second.
So I guess, to start out theoptions and this is in 2024, so
(12:37):
it's always a changing landscapebut I would consider there's
three primary options for MDMs,the first being Workspace ONE,
the second being SODI and thethird being Intune.
I feel like those are the oneswe see most commonly amongst
enterprise clients, and when wesay enterprise clients, it's
clients that have 500 or moredevices and typically have
(12:58):
multiple apps, have multiplelocations.
So that's when I say enterprise, it's typically what I'm
referring to from multiplelocations.
So that's when I say enterprise, it's typically what I'm
referring to.
But for Workspace ONE, whichused to be AirWatch and it's
probably the oldest of the MDMsfrom an Android support
standpoint, I feel like that'shad a pretty long run.
I think it's been.
(13:18):
2013 is really when theystarted picking up Android
devices.
But, mark, maybe you can talk abit about with Workspace ONE.
What are the key features of it.
What are the things you've seenor you like about it that you
think might be useful forcompanies that are managing
Zebra devices?
Speaker 2 (13:36):
Sure.
So I really love the ability tocontrol devices as groups, with
their smart groups, orassignment groups, as they call
them, and categorizing deviceswith your organizational units.
They call them organizationalgroups, but being able to put
(13:58):
them into a bucket and dosomething with them easily is
great.
Speaker 1 (14:03):
So the example that would be like if I'm a company
and I have, you know, my Eastregion or specific States.
They could group devices basedon either that geographic or a
business hierarchy right.
Speaker 2 (14:15):
Correct.
Yeah, having the ability toroll things out that way is
super nice, and then they have alot of tools around application
management and devicemanagement that I haven't seen
with a lot of other MDMs, so itgives you the ability to take
(14:38):
advantage of all the differentfeatures in your Android
operating system.
The other really big thing thatI love about Workspace ONE is
the API, which allows you tointeract with the system on a
large scale, do big data pullsor make big changes across your
(15:02):
entire fleet quickly withoutexample, like I know I've seen
you do this mark.
Speaker 1 (15:07):
But like scripting, it's like building a script and
you could deploy to 10,000devices from a single script
using the API, without having togo to the consoles.
That that's a typical use caseyou're referring to.
You're in correct.
Speaker 2 (15:19):
yeah, just being able to make a mass change as
quickly as possible withouthaving a whole lot of manual
intervention Super nice.
Speaker 1 (15:29):
Got it.
And Patrick, what otherfeatures, anything else that
stands out to you, just based onyour experience with Workspace
ONE or AirWatch?
Speaker 3 (15:36):
Some of the things I like about Workspace ONE is
they've, as I mentioned, they'vetaken some of those Zebra
native features and rolled theminto their core product.
So if you're setting a profile,like a restriction profile, in
Workspace ONE, there'll beoptions that are specific for
Zebra and it'll call out whatversion of the Zebra MX system
(15:59):
is required, the minimum versionrequired for that.
So it's really clear it's builtinto that product.
So you know that this is aZebra-only feature and more
often than not they're featuresthat our clients end up
leveraging.
Other things that I thinkWorkspace ONE does well around
Zebra when you're setting up anenrollment profile, they give
(16:21):
you the option to go ahead andgenerate a stage now barcode
instead of having to go to aseparate PC, download the stage
now client, generate thatbarcode in that staging process.
Workspace ONE has taken thatfunctionality and built it into
their core product.
So that's great.
And then, lastly, we do seepeople also managing their Zebra
(16:45):
printers in Workspace ONE.
There's not the best data thatthey're retrieving from those
Zebra printers, but it doessupport Zebra printer management
so it can be really yourall-in-one Zebra endpoint
management tool.
Got it?
Speaker 1 (17:00):
And then back to the OS version.
I know we talked about this abit before, but like what OS
versions like Android flavorslike is it eight and above it
supports right now, or do youhave guidance around this?
I know a lot of enterprises dohave legacy Android devices they
have to manage.
For AirWatch, what specificallydoes it support?
Speaker 3 (17:21):
AirWatch and SOTY are a bit unique in that they have
their own agent.
So an agent is the applicationon a device responsible for
communicating to the MDM or EMMserver on the back end to
receive and execute the commandslocally on the device.
So since they have an agent,they have much more control over
(17:43):
commands and how things aregoing to process, which is great
if you're using legacy Androiddevices running Android 4, 5, 6.
We've seen clients that canstill manage those devices on
Workspace ONE or SODI.
With the announcement ofAndroid Enterprise back with
(18:08):
Android 8, I believe it wasthere's been a lot of different
functions that have been added,specific for Android Enterprise
versus the Android Legacy orAndroid Classic model.
So that does open up youroptions for more MDMs or EMMs.
That would be applicable to you.
But if you're stuck on thoseold A5 devices or operating
(18:32):
system, you're going to probablyneed to leverage a tool like a
Workspace ONE or SODI that hasan agent application on it that
is paired.
Speaker 1 (18:42):
Got it and with the agent.
The biggest difference there sowith Android Enterprise, google
has built this mechanism todeploy from the Play Store, so
you pull applications down fromthe Play Store with an agent.
So the AirWatch or WorkspaceONE can both do direct APK
installations from a relayserver from somewhere on-prem
and don't have to go to theGoogle Play Cloud and pull stuff
(19:04):
down.
Is that?
Speaker 3 (19:05):
how that works.
Yeah, that's a good summary ofthat.
So a couple of years ago,google actually stopped allowing
companies to build their ownagents.
So Sodium Workspace One aregrandfathered in.
They have the ability to dothose application installs,
application rollback, filemanipulation work.
Google is pushing everyonetowards leveraging only their
(19:29):
APIs for device management, andhence why they're blocking
companies from being able togenerate those agents going
forward.
So everything now goes through,as you called out, like a
device policy controller, whichis a system supported
application that comes out ofthe box on Android, which makes
(19:49):
things a little bit morelightweight, but, as we'll get
into with Intune is going todefinitely restrict what your
options are for managing devices.
Speaker 1 (19:58):
Got it.
We'll shift gears to Soggy now,but I guess, before we do that,
one of the things that I'veobserved and, patrick, I'd be
interested in your opinion onnow.
But I guess, before we do that,one of the things that I've
observed and, patrick, I'd beinterested in your opinion on
this.
But AirWatch got bought byVMware, which got bought by Dell
, which got bought by EMC, whichgot recently acquired by
Broadcom, and then Broadcomannounced a couple of weeks back
(20:20):
that they were spinning off theeuc, so the endpoint group
which is going to include what Iwould call like legacy airwatch
, spinning that off in into itsown group, which is owned by kkr
.
Now I feel like a lot ofcustomers have shied away from
that.
That shift in the market justconcerned who's going to own it,
where's it going to go?
Um, and have you know, the lastcouple years been going to sody
(20:44):
?
Is that the same thing you guysobserved?
I guess, patrick, maybe you cango first on that one.
Speaker 3 (20:49):
Yeah, I think there's some uneasiness with customers
about all that activity youmentioned with the acquisition
and spinning off.
I wouldn't say that the producthas fallen off in any way yet.
I think customers are justconcerned that pricing might
change.
They're concerned that theirsupport and service of that
(21:11):
application might falter.
So it's a lot of uneasiness,but I wouldn't say any of that
has actually come to fruitionyet.
So yeah, I've definitely seen alot of customers start
investigating alternatives toworkspace one.
I think you know I would sayfive years ago workspace one was
the clear favorite in the inthe space.
Speaker 1 (21:33):
But uh, things are starting to even out a bit more
yeah and mark, I know youprobably have the the most
experience workspace one out ofall of us, but would you say
that that, from your experience,mark, that workspace one is
still a great product and theinstability just comes from the
concerns on pricing andownership?
Speaker 2 (21:51):
Yeah, I think really it's the same quality of product
that you're getting withWorkspace ONE.
The question is, what's goingto happen in the future?
Are we going to keep gettingthe same amount of support?
Are they going to, you know,shift things down the down the
line?
Um, with any big uh acquisition, that's always a question.
(22:15):
So, um, I guess we'll just haveto wait and see yeah, all right
, wait and see.
Speaker 1 (22:20):
So shifting gears, so sody, I know sody.
I feel like around the timethat Intune got purchased by
VMware, I felt like there was abig uptick from SOTI where they
were trying to take market sharespecifically around rugged.
And you know they've definitelygrown a lot.
That product's gotten a lotbetter.
They had a lot more featuresand capabilities, patrick, from
(22:53):
your standpoint.
Speaker 3 (22:54):
what are the things you've seen on the clients where
you use SOTI or the things thatyou really like about that
product from an enterprisestandpoint?
Yeah, definitely so you calledit out.
I think SOTI's done a great jobat focusing on that rugged
Android and enterprise Androidspace.
They've won a lot of customersover with their feature sets.
Some of those things they doreally well are the ability to
(23:16):
create packages and run scripts.
So Workspace ONE also has thatfunctionality.
Soty does it a bit differently,where you bundle up a package
and then zip that file anddeploy it.
So that makes it really easyfor myself as a third-party
vendor to a lot of companies tobuild a package with
applications scripting and thenI can just send that to a
(23:37):
customer for them to import intotheir own SODI MOBI control
environment.
That's awesome.
That's really helpful.
I don't need access to theirSODI environment to do that to
transfer applications or code.
So I do really like thatfeature.
Also, their scripting is good.
I wouldn't say it's as good asWorkspace ONE with the APIs, but
(24:00):
they do have the ability to runscripts locally to devices,
which is great.
Be that stage now commands toconfigure the Zebra devices or
some of their own functions.
They've built like time sinksand resets and commands like
that that can be run really adhoc or scripted to run on some
(24:25):
type of deployment cycle orschedule Got it.
So they do a good job at givingyou options to manage those
Zebra devices.
Things that I also like aboutSOTI is that their file sync
option is really awesome.
They basically have created theability to sync devices and a
(24:47):
server with a file system.
So if you make any changes to afile system on a server, the
device will actually goautomatically, pull that updated
file and store it locally onthat device.
So you're not having toactually go deploy packages and
files every time you want topush a file out.
We've seen this be reallysuccessful for managing os
(25:11):
updates.
Also, it's just easier for anadministrator to manage the file
on a server, like aconfiguration file on a server,
and have all the devices pullthat file automatically without
having to worry about the goingthrough the deployment step as
well.
And I've even seen this used inreverse.
(25:32):
So you can also pull files offof devices.
We've seen customers that arewriting log files locally to
devices and then the file syncrule will grab those files from
the device and store them in aserver for analysis and some
other external tool like PowerBI.
So that is a great tool.
It's sort of a replacement forWorkspace ONE's relay servers,
(25:57):
but in my opinion, it's a muchbetter implementation of that
and yeah, you know SOTY, it'sbeen good.
They've definitely updated someof their UI lately to be a bit
more modern, which is alwaysappreciated, and they've also
given you the ability to uploadAPKs directly to the portal as
(26:19):
well, which was previouslymissing.
You had to go through thepackage manager option, as I
talked about at the beginning.
Speaker 2 (26:27):
But I guess Mark anything else to add around SODI
or things you like about SODI,I'd say out of all the
competitors on the market, SODIis the most comparable in
features to Workspace ONE andyou can virtually do everything
you need to do to control yourdevices.
Speaker 1 (26:50):
So a question for you , mark, on those the SODI versus
Workspace ONE.
It seems like both of those arevery Zebra-forward.
They have a lot of features andcapabilities for Zebra.
We're going to pivot here toIntune in a second.
But is there any big differencein relation to Zebra devices
that you can think of formanaging them that you would get
(27:10):
with one that you wouldn't getwith the other?
Speaker 2 (27:11):
Sure, Really just the difference in method.
I think the only thing that Iprefer is that on the Zebra
devices you're able to accessthe file system via Workspace
ONE, assist with Workspace ONEand in SOTY.
(27:33):
I don't know that there's a wayto do that.
Patrick, correct me if I'mwrong.
Speaker 1 (27:38):
You can, oh, you can.
Okay, that's through the remotecontrol, just delete that.
So that's the remote controloption.
You can get in there.
You can access file systems.
You actually look at files onthere.
This goes back to the file syncrules that Patrick had talked
about.
So I feel like both of thesetools great tools for managing
Ze devices, lots of features andcapabilities.
I'm going to go to the thirdoption, which I'm going to go
(27:59):
ahead and throw this out there.
It definitely has lesscapabilities for Zebra devices,
which is Intune and Patrick, Iknow you've probably done the
most Intune deployments andworked with them the most in the
last couple of years, but maybeyou can talk about what you've
seen with them and how you'veseen that change since you
(28:22):
started using them.
Speaker 3 (28:24):
Yeah, absolutely so.
Intune is Microsoft's endpointmanager solution, so this is a
UEM, if you would call it aunified endpoint management
system.
It was originally for managingWindows PCs and laptops and has
grown to be that all-in-one forAndroid devices, for Apple
(28:46):
devices, etc.
So this is the kind of the newkid on the block in the EMM
space.
Intune I hear about more oftenthan not.
In the last six months A ton ofcustomers are considering it or
have already made the jump toIntune.
The reasons they do that aremostly around cost savings and
(29:10):
integration with the Microsoftecosystem.
So, as you called out, brad,there's definitely less features
than SOTI and Workspace One,but the total cost of ownership
potentially is cheaper if you'rebundling some of your other
Microsoft solutions as well.
And they also have a fewadvantages in that they have a
(29:32):
tighter integration with a lotof the Microsoft features, like
intra ID, azure and all of theirmanaged access policies and
additional access policies.
So go ahead.
Speaker 1 (29:49):
Yeah, let me Mark.
You can talk about this forEMDK and stage now support.
What have you seen within tune,or what's, or what shortcomings
or gaps does it have therecompared to the other two?
Speaker 2 (30:02):
Yeah, it's pretty lackluster.
So because you're just usingthe device policy controller and
the Android Enterprise, you'rerestricted to those features
that are supported directlythere.
You don't have the agent, soyou can't control the behavior
(30:24):
of the device like you can withworkspace 100, sody can't, um,
well, you can't.
Sorry, you can control certainthings, but it's very, uh, small
, um, but it's very small orit's very light in comparison.
Speaker 1 (30:40):
So, Patrick, for you.
I know we have some tooling,but what have you seen around
clients trying to fill thosegaps that Mark just called down?
Speaker 3 (30:50):
Yeah, so, as Mark mentioned that stage.
Now XML and those ad hoccommands are not applicable to
Intune.
They simply just do not supportthat method.
So companies have had to startthinking a bit differently about
how they manage their Zebradevices.
Oem config is becoming one ofthose replacement options, and
(31:16):
what that is is it's anapplication that gets deployed
from the Play Store to Zebradevices and you set the
application's configurationsthat then apply to the device.
So instead of sending a commandto a device, it all now comes
from the Play Store.
The UI is completely different.
The way it gets delivered to adevice is sort of an all-in-one
(31:37):
delivery, or the UI iscompletely different.
The way it gets delivered to adevice is sort of an all-in-one
delivery versus being able tobatch things or run things in a
particular order.
So it's definitely causedcompanies to have to rethink the
way they do things, and it'sdefinitely a learning curve and
been painful for a lot of theMDM admins that I work with.
(31:58):
There's no task scheduling, noad hoc commands or scripts.
You really just have to have alot more patience if you're an
Intune admin, because we've seenbig latency in reporting as
well.
However, there are some optionsout there that make life a bit
easier.
Blue Fletch Playbook is a toolthat we specifically wrote for
(32:21):
this exact scenario.
So we talked a little bitearlier in this podcast about
agents on a device and having alocal agent on a device to run
commands and execute commands.
That is still an option withBluefletch Playbook, so we can
deploy our agent from the PlayStore and then you can send
(32:42):
those commands, those scripts,those stage now XMLs, file moves
and copies to the device fromour Playbook tool.
So it brings back a lot of thatfunctionality that you lose
when you migrated away from aSODI or Workspace ONE and gives
(33:03):
admins a lot more fine-grainedcontrol over their devices to be
able to do things that they'vedone in the past, basically as a
given, just by having one ofthose tools and one of those
agents out there.
I think about software rollbacks, a lot Intune makes it
extremely difficult for thatbecause really Android is making
(33:25):
it difficult for them to dothat.
So there's no way to roll backa version of an app unless you
go uninstall that applicationfirst and then reinstall it.
So having an agent basicallygives you the ability to do
things like that exact scenarioroll back software, install
third-party software from anoutside source and even remote
(33:51):
control your device is anotheroption that we provide for
Intune managed devices.
Intune does not provide aremote control solution out of
the box.
They've actually white-labeledTeamViewer and so that is an
additional add-on cost that alot of companies don't consider
when they first see the cost ofIntune.
(34:12):
So we do offer a remote controladd-on that brings a lot of
that functionality that youmight lose going to intune back
into play, got it and then forzebra specifically does.
Speaker 1 (34:27):
Does intune have any printer management right now, or
is that something that they'rethat you guys have seen anywhere
?
Speaker 3 (34:33):
I'm not seeing that I don't know if that's in their
roadmap.
Speaker 2 (34:39):
Don't believe it is.
Peripheral device management,as far as I've seen, is not
really a part of Intune'sfeature set.
Speaker 1 (34:50):
Got it.
So you need to look to someother solutions like Zebra's
device or Zebra's printermanagement solution.
Mark, I know you've been usingIntune or looked at it for quite
a while.
How have you seen it grow overthe last couple of years?
Speaker 2 (35:03):
Yeah, I think there's a big drive towards it because
of how many Microsoft shopsthere are out there.
A lot of offices already havetheir Microsoft licenses and
Intune is just a part of that,so they're switching over to
just using it instead of payingfor an additional license.
So as far as growth goes, it'sI think the tool has been, it's
(35:32):
become more usable, just not asZebra features Zebra-specific
features have not grown in anyway.
Speaker 1 (35:44):
Got it.
So for Zebra, so in WorkspaceONE, are still stronger.
And then, patrick, you touchedon the application.
Like the Microsoft apps, canyou talk a bit about?
You know why Intune has beenuseful specifically for those
shared devices.
Speaker 3 (36:02):
Yeah, so Intune offered in the last.
It's probably been a year nowsince they announced their
shared device mode and it'sdefinitely grown and matured
since that time.
But the idea here is that youhave these shared Android
devices we've talked about in aworkplace.
You have a user log into thatdevice and once they're logged
(36:26):
in, you want them to have theexperience of if that device
truly belonged to them.
So you open up your email andyou're automatically logged in
with your email in a nativeapplication.
Same with Teams, sharepoint,power Apps, things of that
nature.
Microsoft has built basicallythe roadmap and infrastructure
(36:48):
to allow you to do that now, andthat is not specific to Zebra
devices at all.
That's something that you can doon other device types, other
Android models as well, butthey've really integrated that
into their EMM to allow you toset up devices in that exact
model the shared device mode Italked about.
(37:10):
So they were the first to offerthat.
Of course, they make it theeasiest to set that up and
integrate that shared devicemode.
However, there has been anannouncement that they have
brought that same integrationover to SODI and Workspace ONE.
Most customers are going toIntune if they're going to use
(37:31):
that model instead of having tobasically manage two different
systems to achieve that sameresult having to basically
manage two different systems toachieve that same result.
But it is interesting thatthey've started to open that up
to other external EMMs as well.
So shared device mode is greatIf you're heavy on the Microsoft
applications, if you alreadyhave licenses for frontline
(37:51):
workers, intra-id accounts,things like that.
Intune makes it really easy togive you a native experience on
shared devices.
Speaker 1 (38:02):
Got it.
So the big three Workspace ONE,which was really the first
entrant into the Zebra devicemanagement space, sodi
definitely took a lot of marketshares, definitely huge players.
Workspace ONE and SODI have agreat Zebra-centric
functionality.
And then Intune I think one ofyou guys called it.
(38:24):
But then you get on the walk.
It's definitely taking a lot ofmarket share, just based on A
pricing and then the Microsoftecosystem integration.
So those are the big three.
I know we see those the mostand wanted to pivot into what I
call the secondary options, notnecessarily because they're
inferior, but for other devices,what we've seen for MDMs, and
(38:47):
you know, I think, a lot.
The first one is might be a bitcontroversial for this, but
we've seen this a lot with a lotof customers, which is Samsung
Knox.
We've seen this a lot with alot of customers, which is
Samsung Knox, and it's mainlySamsung support.
Only I believe they have someZebra functionality.
Speaker 3 (39:05):
Patrick, do you want to touch on that at all?
Yeah, so Samsung Knox Manage isa EMM from Samsung.
Of course, that waspurpose-built for Samsung
devices, more or less, sothey've taken all of their
developer kit and integratedthat into the UI for managing
devices.
However, it is still an AndroidEnterprise EMM, so it is
(39:29):
certified for Android EnterpriseAPI calls, meaning a Zebra
device could theoretically beenrolled in Samsung Knox.
I would not recommend thatscenario, but we do come across
a lot of customers that havemixed device fleets.
They're using Samsung devicesin the retail store, maybe Zebra
(39:49):
devices in the distributioncenter, and they've already
standardized on Samsung Knox,for example.
Theoretically, you could keepeverything under one roof and
use Samsung Knox for that, but Iwould look at some of the other
options out there that we'vealready discussed and some we're
about to discuss next.
Speaker 1 (40:09):
So the next one on my list was 42 gears or Shure MDM,
and I feel like this one we'veseen it.
I think it's getting pushed byZebra.
Maybe, Mark, you can talk a bitabout 42 Gears and what we've
seen with it and how it's takingsome market share away from
SOTI.
Speaker 2 (40:25):
Sure, as far as the Zebra device side of things,
it's got some really goodfunctionality.
It's on par with SOTI andWorkspace ONE.
As far as what you can do asfar as the interface, the
grouping and that sort of thingand the ability to manage a
(40:47):
large device fleet, I'd say thatit's lacking a little bit,
Definitely needs some work inthat department.
But overall, if you're tryingto manage Zebra devices, you'll
be able to get everything donethat you want to do in SureMDM.
Speaker 1 (41:03):
Got it and it's.
I believe we're starting to seea lot more of.
I think Zebra has an alliancewith them, so I think they're
able to skew it and sell it, sothat's probably the reason why
you see a lot of Zebra devicesrunning it.
The next one on the list I hadwas Manage Engine, and I know
(41:25):
I've had some customers ask meabout this, but I guess, Mark,
maybe you could talk about it.
Is this something you've seenout in the field?
I know I've seen it covered inGartner, but I've actually never
seen we've never had a customeruse it other than the ones that
have just casually asked usabout it.
Speaker 2 (41:36):
Yeah, so it's strange .
I have seen it in the past.
This was a long time ago, about10 years ago, and it it was
very under developed.
I think.
At the time we were comparingit to um workspace one and it
had none of the features that weneeded.
(41:57):
However, I haven't seen it inthe recent years, so I can't
speak towards that where it isnow on the market.
Speaker 1 (42:10):
But it does appear to be a competitor.
Patrick, do you have anyexperience, I guess, with Zebra
devices?
I've not seen it runninganything Zebra-centric.
Speaker 3 (42:18):
No, I have not either .
Speaker 1 (42:20):
All right.
Next on the list I mightbutcher the name here, but
Ivanti Neurons for MDM, whichwas formerly known as MobileIron
.
So Ivanti had purchasedMobileIron and there was another
product they had as part of theWavelength portfolio called
Avalanche that theydecommissioned.
I think everything is going forneurons for MDM.
(42:42):
But, patrick, I know you'vedone some training and working
with this and integration wise,maybe you can talk a bit about
what you've seen with neuronsfor MDM, how it stacks up
against some of the other ones.
Speaker 3 (42:53):
Sure, yeah.
So Avanti good friends of oursare really big in the warehouse
and logistics space, so thisproduct I would say I see most
often applied in that thatvertical customers that are
already using velocity ofAvanti's velocity for terminal
(43:13):
emulation or connecting to SAP,for example.
They've also adopted their MDMfor device management.
Neurons was released last year,rebranded last year 2023.
And some of the nice featuresabout it are that they've really
gone headfirst into the, Iguess, the machine learning and
(43:37):
AI story.
So they're being very forwardwith their proactive reporting,
alerting, analytics and insightsinto devices.
So I do like that approach thatthey're taking.
However, I haven't seen a hugeinstall base on this yet, I
(43:58):
think probably because of thefocus of where they are as a
company.
But we have definitely set upBlueFletch software, deployed it
through Avanti Neurons andreally no issues with that.
So I think this coulddefinitely suffice for managing
your Zebra devices.
Speaker 1 (44:18):
Got it.
The next one on my list wasHexnode, and I guess Mark or
Patrick, have any of you guysseen clients with Zebra hardware
running Hexnode?
Speaker 2 (44:32):
I have not.
Speaker 3 (44:34):
I have not either.
I'm definitely aware of thiscompany and I see their brand
out there a lot.
I think they do a really goodjob of advertising and marketing
, but in this specific scenario,we're talking about rugged
Zebra Android devices.
I do not see a big adoption ofHex, no, no.
Speaker 1 (44:55):
Got it and the next one on the list was Meraki by
Cisco.
So Meraki was, I believe Ciscopurchased them and I know I've
had two specific clients thathave used you know they're a
pretty Cisco heavy shop andwanted to use Meraki for
managing devices.
I mean, I think it's similar toIntune in the aspect that it's
(45:16):
right now it's pretty muchAndroid enterprise forward and
doesn't have any like detailedDPC.
Patrick, have you seen Merakiused anywhere for fleets of
large Zebra devices?
Speaker 3 (45:30):
No, you know, just really access point.
Yeah, that's what I was goingto say Just really access point.
Speaker 2 (45:35):
Yeah, that's what I was going to say.
I thought Meraki was onlyaccess points, but I didn't know
.
Speaker 1 (45:41):
They do have Android Enterprise functionality.
I do have two clients that areusing it for that.
Yeah, it was new to me, butit's definitely something I've
seen this year, but definitelynot a very common solution.
The next one, which I've seen alot of advertisements similar
to Hexnode is Scale Fusion, andhave you guys seen that or seen
(46:03):
Scale Fusion anywhere, or playedwith it at all?
Speaker 2 (46:06):
Nope, put it on the list of things I got to play
with.
Speaker 1 (46:11):
All right.
So Scale Fusion's out there Ifyou're interested.
I'd love to hear comments fromfolks.
And then the last one I was ina partner demo day with Zebra
last year up in Chicago and oneof the things they had was, with
Zebra DNA Cloud, the ability tomanage devices, and I'm
assuming this is for smallerdevice fleets.
I've not seen any enterprisecustomers, but definitely it's a
(46:34):
tool I've seen that can use.
The Ziba EMTK really relies onthat.
But I think if you're a smallercompany that's looking for
something that you can get builtin and not have to spend a lot.
I think it's similar to Intune,where it's low cost or no cost.
You know Ziba DNA Cloud andPatrick, have you seen anybody
actually use this out in thefield that's of size?
Speaker 3 (47:03):
No, I've seen demos like yourself at sales kickoff
meetings and some of theirmaterials around it, but I've
never actually had to put thisto the test or have customers
that had to.
So I can't comment on where itmight shine or fall short on
where it might shine or fallshort, but you know it's
probably going to be full.
It's going to take advantage ofthe EMDK as much as possible,
(47:25):
since it is a Zebra product.
Speaker 1 (47:27):
Got it and the last one on the list and Patrick, I'd
like you to talk about this.
You mentioned this before, butBluefletch has a tool called
Playbook that is specificallyfor managing shared Android
devices in the enterprise and Iknow Zebra is really our biggest
use case.
I think, zebra, we have fullfunctionality across that, but
can you talk a bit aboutBluefletch Playbook and where it
(47:50):
might be used for managingdevices, as opposed to just
being used on top of Intune used?
Speaker 3 (47:56):
for managing devices as opposed to just being used on
top of Intune, Sure.
So we do have customers thatleverage BlueFletch, our EMM and
Playbook tools solely as theirdevice management tool.
So they're not pairing us withIntune.
They're coming to BlueFletch toenroll their device with our
EMM and our Android EnterpriseEMM and then use Playbook to
(48:21):
bring back a lot of thatfine-grained control like
sideloading applications,managing files locally, running
stage-now XML.
So we've kind of tried to bringthe best of both worlds.
We have the EMM, where you candeploy apps from the Google Play
Store.
You can leverage all theAndroid Enterprise APIs that are
(48:42):
made publicly available, andthen we also bring some of that
legacy nice-to-havefunctionality as well with our
Playbook MDM.
So they are slightly differenttools but when they're paired
together they really are a greatoption for managing your
devices.
And then not only that, thereare additional BlueFletch
(49:03):
Enterprise tools, for we thinkabout how an end user actually
interacts and experiences theirdevice.
Experiences their device.
You can think of an MDM and EMMsort of as the guy behind the
curtains pulling the strings andmaking everything happen and
sync and be compliant with theright software.
But what is the end useractually seeing?
(49:25):
Experience.
And that's where BluefletchEnterprise comes in.
Our enterprise launcher isreally the first screen a user
would see.
It's going to limit what theuser can do and access.
It's going to restrict securityand settings on the device.
It's going to allow them to login with single sign-on and have
a role-based experience, verymuch like that shared device
(49:50):
mode from Microsoft, which wealso play nicely with as well.
So this is an Android-onlysolution.
It works great for Zebra, as wementioned with the Playbook
add-on tool.
But if you guys, you know, ifyou're looking for one solution
that really can do everythingfrom staging and enrolling your
(50:12):
device all the way to providinga single sign-on experience for
each user out in the field, wehave an awesome option for you
guys.
Speaker 1 (50:21):
Got it.
And then the last thing I had anote on my notes was I'm going
to call this an honorablemention, but it's not actually
device management, it's printermanagement.
So Zebra has their ZebraPrinter Profile Manager.
So Zebra has their ZebraPrinter Profile Manager and this
is a standalone product thatcan be used for managing Zebra
printers when MDF doesn'tsupport.
(50:41):
So if you have an Intune, youcan use Zebra Printer Profile
Manager for managing a fleet ofprinters separately.
I know SOTY and AirWatch bothinclude integrated printer
management and I'm not positive.
I believe I know Avalanche usedto have it.
Do you guys know if Neuronsincludes printer management?
And I'm not positive.
I believe I know Avalanche usedto have it Does.
Do you guys know if neuronsincludes printer management?
Speaker 3 (50:59):
I don't.
I assume they would, but Idon't know for sure.
Speaker 1 (51:03):
Got it Awesome.
So that's the list of secondaryoptions and there's.
You know, if you search in MDMs, there's probably a slew of 20
or 30 other ones.
These are the ones we comeacross most commonly and some of
them to Patrick and Mark's lastpoint we've heard a lot about
them.
We've not actually seen themused in larger enterprise
(51:23):
customers.
So definitely, if you'relooking for the big three, the
workspace one, sodi and Intuneare probably the three most
commons.
And then if you have specificniches, 42 gears, the Ivanti
neurons is, we've seen those.
And then, you know, for Samsungdevices, we've seen it but
(51:43):
we've not actually seen it usedfor Zebra specific devices.
So for the last segment, Iwanted to talk through with you
guys specifically around.
You know, if somebody islooking at an MDM solution, what
they should be thinking aboutfor evaluating, what are the
requirements you need to go lookat and we've done assessments
(52:05):
for companies and wanted to runthrough it.
You guys had sent over yournotes on a couple of the key
things and we'll start with thefirst, I guess, bucket, which is
, you know, if you're looking atMDM solutions, understanding
your infrastructure limitationsand, patrick, I know you had a
lot of items on your list whenwe talked through this.
Do you want to go through whatthe key considerations you have
(52:28):
for this are?
Speaker 3 (52:30):
Sure.
So thinking of infrastructure,usually my mind first goes to
network limitations andrestrictions.
So what does your network looklike in a store?
Do you have servers set upalready?
Do you have access to theexternal Internet?
Those are all considerationsthat you need to understand
(52:53):
before you select a tool.
Those are all considerationsthat you need to understand
before you select a tool,because some of these options we
discussed are cloud only andwould require network connection
to that cloud.
Some options, like Workspace,one and SODI, actually offer
what they call an on-premisesolution, which they'll give you
the code and you can installthat on your own servers and run
(53:15):
that locally within yournetwork.
That's a great option forcompanies that don't want to
have to traverse the Internet toget updates.
For companies that want to havea more restricted network and
firewalls in place, they havemuch more control over that
network traffic.
So that's a big thing tounderstand.
(53:36):
At first, there are somedownsides to going on-prem.
It's going to be harder for anyof your support staff to access
that unless they're on yournetwork or on a VPN, which in a
way is also an advantage becauseit's a security control in
place.
But it is also going to beslower to take updates and have
(53:58):
less new product or featuresupport, because you'll probably
always be a version or twobehind with that on-prem install
.
So that's one of the kind ofthe big forks in the road that
we see companies come across.
First is you know, does itoffer an on-prem solution or not
?
Intune does not offer on-prem,so companies are having to say,
(54:22):
ok, well, that's fine, we'llmake network exceptions for that
traffic there.
Speaker 1 (54:27):
Got it and then, I guess, from infrastructure
limitations, mark, maybe youwant to talk about the hardware
limitations.
Mark, maybe you want to talkabout the hardware.
I think one of the things I wasthinking of for this discussion
.
We're primarily talking aboutZebra devices, but I know
hardware and other OSs and youmentioned this earlier like the
Windows managing Windows devicesand iOS.
Mark, do you want to talk aboutwhat you think about when
(54:49):
you're evaluating MDM?
Speaker 2 (54:51):
Yeah, sure.
So the main thing you'd have tothink about is what other
devices do you have in yourfleet and if you're already
using a different mdm for those,are you going to move them into
this new mdm for your zebradevices, or are you going to try
to make it work with yourcurrent mdm to move all your
(55:14):
zebrabra devices in there, orare you okay with having them
all separate?
So that's a key consideration.
If you have iOS or Mac devicesor Windows, you're probably
going to have to look for one ofthe bigger players in this
market, because the smaller onesjust don't have the feature set
(55:39):
support for all the differentoperating systems.
Speaker 1 (55:44):
Got it.
And then the next bucket I hadin my list that we talked about
was when you're looking at MDMsyour security requirements.
Patrick, do you want to talkabout what your list to be, or
things that companies shouldthink about evaluating when they
think about securityrequirements?
Speaker 3 (56:03):
Sure.
So you know, multi-factorauthentication is a big one for
a lot of companies.
Do you want to enforce MFA ifyou're seeing some unexpected
traffic from outside yournetwork et cetera, things like
that?
So being able to integrate withyour system for that, be that
(56:27):
your access management tool,like Okta, or IntraID, which is
Azure AD rebranded, or intra-ID,which is Azure AD rebranded
that is awesome integration.
If you can build that pipe inso that you can enforce MFA and
apply that from.
You know, based on a devicebeing managed or not, a device
(56:49):
being compliant with the latestlifeguard version or not, and
then have that user be promptedfor MFA, depending on those
different criteria that arebeing assessed, also other
security requirements.
Single sign-on is not reallyonly just a nice-to-have feature
(57:09):
for the end user where theyonly have to log on once.
It's actually a bettermechanism for managing access
because you have a singleaccount, a user account that you
can control permission and roleand access for that user from
one single management tool.
So you know, does your EMM orMDM support single sign-on to
(57:34):
your access management tool?
Does your EMM or MDM supportsingle sign-on to your access
management tool?
Will these devices be shared orare they going to be personally
assigned and delivered to theend user, with Zebra, I would
say, 90% of the time, if notmore, see these devices used in
a shared mode.
They're not really designed tobe personally owned or personal
(57:58):
carry devices.
Other security considerationsare you going to be deploying
Wi-Fi certificates for, you know, pci type of transactions on
your devices?
Well, you need to make sureyour EMM is going to support
pulling from a certificateauthority, be that device-based
certificate or what have you fordeploying that to devices.
(58:21):
What about VPN support?
We talked about that a littlebit.
With MFA Intune, you can deploythe Microsoft Defender
application and have that reallytightly integrated with your
application management policiesas well.
So those are justconsiderations that we come
(58:45):
across just a small handful.
It is really important, though,to understand what Android
Enterprise is making availableto you and making sure that you
are ensuring your requirementsmeet up with those options out
there.
Got it and this?
Speaker 1 (59:03):
sort of goes back to the Intune and a lot of these
vendors that are reallycompliant to Google's Android
Enterprise standards, and thenthe SODI and 42 Gears and one
that's that adds in a lot ofthose capabilities based on the
pieces that zebra exposesspecifically for their devices.
Speaker 3 (59:24):
Yep, exactly, and yeah, I.
I think, as we mentioned, sodyand workspace one go above and
beyond what android enterprisemakes available out of the box.
Not all corporations orcompanies need those features
and functionalities available tothem.
Many companies could get byjust with the pure Android
(59:47):
Enterprise options out there.
So definitely worth doing thatanalysis on your own and
ensuring that you have the rightsolution for you.
Speaker 1 (59:55):
Got it.
And the last big category orbucket of things, if you're
running an evaluation, pre-mdmwe had was like what we
categorize as operational usecases and, mark, maybe you can
talk to this.
I think the first one we hadwas just about, like that,
setting up devices and how youdeal with that.
Do you want to talk throughjust mere experiences with that?
Speaker 2 (01:00:15):
yeah, just think around what kind of enrollment
process you're going to do.
Are you going to have a depotset up all of your devices for
you and roll them out?
Um, they're going to havebetter luck with certain uh
systems where they have morecontrol and can automate some of
(01:00:36):
that for your depot, so you'renot spending a whole lot of
money on each device to get itup and rolling the other things.
Can you do some of that insidethe four walls of your stores or
your deep or your warehouses?
Speaker 1 (01:01:00):
When somebody goes from one MDM to another.
I feel like I've not seen these.
What is the typical path youhave to do when you go, let's
say, from a workspace one overto an Intune?
What does that look like?
What are the steps involved inthat setup and provisioning from
one MDM to another?
Speaker 2 (01:01:21):
Yeah, first you have to transfer all of your policies
and settings and everything,build out your whole new
environment assuming that youcan get one-to-one and then
after that all the devices needto be re-enrolled, so they have
to be wiped and then enrolledinto the new environment.
Speaker 1 (01:01:47):
Got it, so you'd actually have to physically
reset the devices to re-enrollthem in Android Enterprise for a
new MDM.
There's no way to cut it overfrom one to another.
Speaker 2 (01:01:58):
Correct.
Yeah, they do have to be wiped.
Speaker 1 (01:02:02):
The next operational bucket we had in the ops was
around reporting.
Maybe, patrick, you can talkabout some of the key
requirements or things you thinkabout when you're looking at
MDM and looking at a company.
Speaker 3 (01:02:15):
Yeah, reporting is huge, or things you think about
when you're looking at MDM andlooking at a company yeah, so
reporting is huge.
Any MDM administrator orendpoint management team is
going to need that, those KPIsand those dashboards to track
their deployments and theirrolling software updates.
So for me, this is one of thebiggest criteria when evaluating
(01:02:36):
MDM or EMM is how real time isthat data?
How accurate is that data?
Multiple devices at each site Iwant to have a really clear
picture of what my run rate or Iguess my uptake rate is of that
(01:03:05):
, what my compliance rate is andhow close I am to hitting that
100% mark.
So that to me is a big one.
Understanding compliance withoperating systems and security,
patches, application versions,network profiles that's all
really important data that, ifit's not seen, means that you
(01:03:26):
have sort of a you know just awild west of devices out there
where devices are strayed andthey're not matching the desired
setup of a device.
Timeliness and latency of thatreporting is very important as
well.
Intune has some built-inreporting but you got to be an
(01:03:49):
extremely patient person to getany value out of it.
It's extremely slow for thatfeedback loop to understand if
something was successful or not.
I would say SOTY and WorkspaceONE have slightly better support
for that, but there arethird-party tools that are
specifically designed aroundthat that I would say do a
better job.
(01:04:10):
I think Splunk has one of theirown Android agents.
Bluefletch also has an agent aswell that is responsible for
collecting all of that data andtelemetry data and sending that
up to a cloud for analysis, likea Power BI or a Splunk.
(01:04:30):
But you think about when thesedeployments happen.
Usually they're overnight.
You've got a team that'smanaging that and making sure it
goes well.
You want to give them as goodof a picture as possible to see
that progress in that fleet andreact really if anything starts
going wrong.
So that's what I think aboutwhen I think about reporting.
(01:04:51):
It gets forgotten about a lot.
I would say, uh, reporting it's.
It gets forgotten about a lot,I would say.
But once everything is deployedand out there, it's really your
only way to understand.
You know how healthy are these,these devices that are spread
across the country or spreadacross the world?
Speaker 2 (01:05:07):
got it sorry, just real quick on that.
Um the, I think when I'mthinking about what I want to
buy in a software as far asreporting goes, I want something
that gives me the big pictureview and also lets me get real
granular and detailed in it so Ican figure out what's going on
(01:05:28):
when something is going wrong.
Speaker 1 (01:05:31):
Back to the API and individual device level pieces
you talked about earlier, right,mark?
Yep, mark, I know you've done alot of work with supporting
devices I think another categoryand you'd mentioned this before
when we put together some notesfor this but the technical
support and training anddocumentation is definitely
(01:05:52):
important to guys like us thathave to do boots on the ground
and managing these devices.
What are the things you lookfor in those areas as you think
about the MDMs and tools thatare out there?
Speaker 2 (01:06:04):
Yeah.
So most of these companies havemost of these MDM companies
have their own.
They have public documentationand so you can actually go pour
through it a little bit, see howdetailed it gets, how granular
it gets.
Are they giving youstep-by-step instructions for
things or are they just kind oftalking about things in like a
(01:06:25):
very high level way, if that cankind of give you a good idea of
how committed they are tosupporting their, their software
and how what kind of helpyou're gonna get when you get on
the phone with somebody,because usually when you're
talking to somebody on the helpdesk you're usually just getting
(01:06:45):
somebody reading through thetraining documents so in the
next category is sort of theflip side of that as as
administrator of the MDM thatyou choose, I think, the
understanding what your adminsand your help desk need.
Speaker 1 (01:07:03):
What are the categories Mark you look for in?
I'm going to call it likeinternal support tools or help
desk support tools for theseproducts.
Speaker 2 (01:07:12):
Right, and that's going to be what you have
control over per device.
So when I'm on a call withsomebody at a store or warehouse
and they have a device in frontof them and they need help
right now, can I get on thatdevice?
Can I interact with that devicein every way that I need to?
(01:07:34):
Can I quickly resend anapplication to it, uninstall,
reinstall that kind of thing?
If some of them are better atthat than others, I'd say
Workspace ONE and SODI give youthat kind of control, and even
SureMDM 42-Gear SureMDM willgive you that kind of control.
(01:07:56):
It's harder to get that kind ofstuff in Intune.
You need some helperapplications like Blue Fletch,
playbook, team Viewer, somethinglike that.
Speaker 1 (01:08:09):
So you think about your help desk.
They need to remote in devices,like you mentioned, file
management.
So pull files in devices, likeyou mentioned, like file
management, so pull files, pushfiles, run stage now, run
intents and then install,uninstall applications.
So those are really useful foryour help desk to be able to
troubleshoot and mediate deviceswithout having to bring them
back into your depot.
And then Patrick back to theIntune piece and Patrick back to
(01:08:42):
the Intune piece.
I think from an operationalrequirement standpoint your
application landscape seems likea really important thing.
When you talk with clients orgive them recommendations around
app landscape, what are the keypoints you think about there or
ask them?
Speaker 3 (01:08:50):
Yeah.
So for me it really comes downto single sign-on is the first
question.
So everyone wants singlesign-on, but it's not as easy to
implement as people might like.
On shared device modes Sorry,on shared devices, as we talked
about, microsoft has made that abit easier with shared device
(01:09:12):
mode and if you're using theMicrosoft native apps like Teams
and Outlook and Edge.
So that's one of the bigconsiderations that actually can
help drive your choice of anEMM.
If you're not a Microsoft shop,I would say there's no true
advantage of Intune for youexcept for potential pricing.
(01:09:35):
I would then maybe consider aSODI or a Workspace one for that
additional control that yourendpoint management team is
going to appreciate.
Speaker 1 (01:09:47):
Awesome.
All right, so that's a wrap forthe items.
I'll do a quick recap here.
So we talked about what is anEMM MDM solution, the
differences for Zebra versusBYOD and then the I would call
them the big three options.
So Workspace ONE, sodi, intune,the pros and cons of those.
Yeah, I think Workspace ONE andSODI definitely have a lot more
(01:10:08):
capabilities specific to Zebra.
Intune is getting a lot ofmarket share for a lot of the
reasons.
Patrick just mentioned thesecond tier of MDMs.
You know, based on your need orspecific use case, you might
want to take a look at those andthen, you know, evaluating the
things that you look at orshould be looking at as you look
at it.
I think we talked about theinfrastructure, the security
(01:10:29):
requirements, and then theoperational use cases were the
big buckets to think about asyou're looking at MDM, and then
the operational use cases werethe big buckets to think about
as you're looking at MDM.
If you do have furtherquestions around MDM options for
Zebra devices, definitely feelfree to reach out to us at info
at bluefletchcom and if you haveother questions, feel free to
let us know.
But, patrick and Mark, thankyou very much for walking us
through this today.
I appreciate it and have a goodone.
Hello and welcome to another episode of the Blue
Fletch Enterprise MobilityRoundup.
I am Brett Cooper.
I'm joined by Mark Banks andPatrick McGlynn.
Today we're going to be talkingabout Zebra MDM options in 2024
.
In this podcast, we're going tocover topics on we've seen for
why you need a tool specific formanaging this and then also
what are the options out there.
So a couple of different MDMEMM solutions and pros and cons
(00:21):
around those, and then, ifyou're looking for an MDM
solution, what are the optionsout there?
So a couple of the differentMDM EMM solutions and pros and
cons around those, and then, ifyou're looking for an MDM
solution, what are the thingsyou should be looking at.
So we'll be covering that todayand let's hop into it again.
So, to start out, we're goingto do a bit about what
specifically is an MDM and whyyou might need one for your
Zebra devices.
So, mark, I'll throw this oneover to you.
(00:43):
Maybe you can talk a bit about.
You know, in your experiencemanaging devices over the last
decade, what are the things thatyou use in MDM for.
What's it most valuable for?
Speaker 2 (00:54):
So, overall, it's giving you control over your
devices and the user experience.
It's giving you the ability totrack your inventory and make
sure that your devices arecompliant with whatever security
policies you have.
Speaker 1 (01:14):
It's a good way to deploy applications, all right,
so Mark, tell me a little bitabout you know for your Zebra
devices.
Why would you want to have anMDM or EMM solution?
Speaker 2 (01:29):
So, overall, you need it to deploy applications to a
large device pool and it givesyou the control over security
features, restrictions over whatthe device can and cannot be
used for, and really just givesyou visibility into what's going
(01:51):
on with your devices Got it.
Speaker 1 (01:53):
So when you say visibility, that'd be reporting
that comes out of it on the backend and the ability to drill in
and do support andtroubleshooting on specific
devices.
Speaker 2 (02:02):
Correct yeah.
And troubleshooting on specificdevices Correct yeah.
And usually gives you anoverview of how your devices are
doing, a device summary so thatyou can look at the big picture
of your large device pool.
Speaker 1 (02:19):
Got it and Patrick.
So I guess, thinking in thecontext of Zebra devices versus
BYOED devices, can you dive intosome of the points around what
the differences would be betweenmanaging a fleet of rugged
handheld Zebra devices ormanaging a consumer Android
(02:39):
device?
Speaker 3 (02:41):
Sure Right.
So Zebra Android devices aregenerally used in dedicated
roles within a company, so theyare purpose devices for
operations, scanning, inventorycontrol and they're used very
differently than a BYOD device,which, when I think of BYOD, I
commonly think of bringing aSamsung or iOS device to work
(03:04):
and using it to check your emailand communicate on Teams or
Slack.
The difference here is thatZebra devices have built-in
scanners.
They're rugged so you can dropthem, and they are usually
deployed for those dedicatedpurposes within an organization,
like I talked about withinventory control dedicated
(03:25):
purposes within an organization,like I talked about with
inventory control.
Since those devices are purposedevices, you want more
structure and rigidity aroundthose devices.
So, zebra devices, you want tocontrol the OS updates and be
very cautious and manage anytime the OS is going to update,
because you don't want to haveany impact to your operations,
(03:46):
and you also wanna have advancedcontrols over exactly how those
Zebra devices are gonna work,such as how is the scanner gonna
trigger, what's gonna beblocked and restricted on that
device, whereas a BYOD deviceusually is more open for the end
user because, at the end of theday, it's their own device that
(04:06):
they need to do their personalthings on as well.
So you think of a Zebra devicereally as a corporate-owned
device that is truly dedicatedfor that worker and for that
function?
Speaker 1 (04:19):
So this is probably a full topic, but can you dive
into a bit about why somebodymight want to buy a Zebra device
instead of, say, a Google Pixelor a consumer device that's off
the shelf?
Speaker 3 (04:34):
Sure, and I'll start and turn over to you, mark,
because I know you have somegood experience with this as
well.
But from my perspective, zebradevices are truly purpose-built
for the enterprise.
They're extremely rugged andhave high drop ratings and
waterproof ratings.
They also have really advancedcontrols around exactly how the
(04:57):
device is going to be configured.
Zebra includes a configurationtool called StageNow.
You'll hear it called OEMconfig as well, going forward in
the future state with AndroidEnterprise.
But Zebra, when you comparethem to the rest of the industry
and the other OEMs makingEnterprise Android devices, they
(05:18):
provide the most control overthose devices.
So, exactly how a device isgoing to look and function, what
the scanner is going to do, asI mentioned earlier, and they're
going to give you additionalcontrols that are really going
to help you make that devicefunction exactly how you need it
to for your organization.
Speaker 1 (05:39):
I guess, mark, you have other thoughts on when
you're thinking about managingZebra devices.
What are the specific keyfeatures or things you think
about?
Are you seeing, as you've donethis in the last, you know all
the clients and companies you'veworked with, like?
What else is there to thinkabout when you think about the
difference between Zebra and aregular Android consumer phone?
Speaker 2 (05:59):
Yeah, so from a device administrator perspective
, what I'm looking for in adevice is something that I can
control and get the ability tomake any change that I need to
to the device so that I can lockit down, make sure that the
user gets the experience thatthey need to do on the device
(06:20):
and not anything extra.
They can't get around todifferent websites and that kind
of thing.
With the Zebra operating system, it checks all those boxes from
a device administrationperspective and it's gonna let
you control the different thingsthat operations may require for
(06:42):
streamlining the device use.
Speaker 1 (06:47):
And Mark just to follow up on that.
So I know one of the thingswe've talked about in the past
is deploying OS upgrades,managing those.
Is there a difference betweenmanaging applications and the OS
versions on Zebra devicesversus a consumer device, I
guess, say, an HTC or Pixel?
Speaker 2 (07:08):
Yeah, with the Google devices or Samsung's you're
usually stuck with the operatingsystem upgrades that come down
from Google or through theoperating system.
With Zebra you have to deploythose updates manually, but that
(07:36):
also gives you control overwhen those updates happen.
So there's a little bit of giveand take there.
Speaker 1 (07:44):
Your phones don't upgrade unexpectedly and break
your software if you have an OSupdate coming down.
And then is there, I guess,within the realm of MDM, so
mobile device managementsoftware.
Is there any specific keyfeatures, whether it's Zebra or
(08:06):
Rugga?
I know Patrick called a coupleof these Other things you guys
can think of around how tosupport and manage those devices
that are worth consideringbefore we start hopping into the
different options that you guyshave seen out there.
Maybe, Patrick, you can startwith us.
Speaker 3 (08:21):
Yeah, I'll start.
So I have seen that there aresome EMMs that have taken
Zebra's development tools, theirEMDK, their developer's kit,
and they've embedded some ofthat functionality into their
portal or their UI as well tomake it easier to use these
Zebra extended options in aneasy-to-use GUI instead of
(08:46):
having to run scripting or pushother files.
I've also seen some othercompanies out there that provide
MDMs and EMMs that have bettersupport for Zebra enrollment, be
that StageNow barcodes, or theyhave better support for remote
control on Zebra devices.
So there are things that arespecific to just Zebra, since
(09:09):
they are the industry leader inthis space, that some EMMs have
adopted and integrated intotheir own tools to make
supporting and managing thoseZebra devices just a little bit
more convenient for everyone.
Speaker 1 (09:22):
Mark touched on this earlier.
But the visibility piece andreporting piece.
I know Zebra has theirvisibility IQ and there's a
couple MDMs that specificallybuilt integration into that.
Can you talk?
You know why, why company mightwant that.
Maybe, mark, you can speak onthat one.
Speaker 2 (09:37):
Sure.
So there's a lot more metricsthat come with the zebra
operating system, like thingslike, uh, battery life, what,
how long is the battery lastingand what's the current charge
things that you wouldn'tnecessarily get with, uh, just
(09:59):
regular oem android o.
So with that you can automatethings with your ticketing
system to automatically generatea ticket when a device is
reaching a bad battery lifespanin its battery lifecycle.
(10:20):
So just having visibility andcontrol over those metrics is
pretty key got it.
Speaker 1 (10:29):
Yeah, I think um network's been another one.
I don't know.
Patrick, do you have anyexamples there for network data
and analytics you've seen?
Speaker 3 (10:37):
uh, specifically, specifically from zebra.
Yeah, they have their wi-fimanager tool that does a little
bit more polling and capturingof network speed and link speed
than is available for mostAndroid devices.
So we've seen customers usethat data to help identify poor
(10:57):
performing stores from a networkperspective.
It can be one thing to monitorthat type of data from an access
point or from your MDM EMM tool, but the data from the actual
handheld, the Zebra device bethat a tablet or a phone
handheld device that endpointdata is going to be what's
(11:21):
actually observed and whatactually happened for that end
user.
So having that rich data fromthe device itself is going to
give you the best visibilityinto that fleet.
So adopting that Zebra data isjust the icing on the top for a
lot of companies.
We found where they can reallyunderstand exactly how their
(11:44):
environment is performing got itand the dmdm options.
Speaker 1 (11:47):
I know I think the we'll hop into these here in a
second when we talk through thelist.
But the, I think the ones thathave integrated zebra analytics
I know I've seen it in sodi,I've seen it in the uh, that 42
gears, I believe workspace onehas that because those are the
primary three where they havereally deep, rich integrated
analytics for Zebra devices.
Would you say that's true?
Speaker 3 (12:08):
Yeah, I would say those are the three that I've
seen that have taken that extrastep to integrate with Zebra's
functionality more than the restout there.
Speaker 1 (12:17):
Got it and I know we'll get to this towards the
end.
But Bluefletch does have theirplaybook and support agent
analytics that, if you are usingIntune, it's a good option to
fill some of those gaps for thatMDM as well.
So I know, patrick, you weregoing to touch on that here in a
second.
So I guess, to start out theoptions and this is in 2024, so
(12:37):
it's always a changing landscapebut I would consider there's
three primary options for MDMs,the first being Workspace ONE,
the second being SODI and thethird being Intune.
I feel like those are the oneswe see most commonly amongst
enterprise clients, and when wesay enterprise clients, it's
clients that have 500 or moredevices and typically have
(12:58):
multiple apps, have multiplelocations.
So that's when I say enterprise, it's typically what I'm
referring to from multiplelocations.
So that's when I say enterprise, it's typically what I'm
referring to.
But for Workspace ONE, whichused to be AirWatch and it's
probably the oldest of the MDMsfrom an Android support
standpoint, I feel like that'shad a pretty long run.
I think it's been.
(13:18):
2013 is really when theystarted picking up Android
devices.
But, mark, maybe you can talk abit about with Workspace ONE.
What are the key features of it.
What are the things you've seenor you like about it that you
think might be useful forcompanies that are managing
Zebra devices?
Speaker 2 (13:36):
Sure.
So I really love the ability tocontrol devices as groups, with
their smart groups, orassignment groups, as they call
them, and categorizing deviceswith your organizational units.
They call them organizationalgroups, but being able to put
(13:58):
them into a bucket and dosomething with them easily is
great.
Speaker 1 (14:03):
So the example that would be like if I'm a company
and I have, you know, my Eastregion or specific States.
They could group devices basedon either that geographic or a
business hierarchy right.
Speaker 2 (14:15):
Correct.
Yeah, having the ability toroll things out that way is
super nice, and then they have alot of tools around application
management and devicemanagement that I haven't seen
with a lot of other MDMs, so itgives you the ability to take
(14:38):
advantage of all the differentfeatures in your Android
operating system.
The other really big thing thatI love about Workspace ONE is
the API, which allows you tointeract with the system on a
large scale, do big data pullsor make big changes across your
(15:02):
entire fleet quickly withoutexample, like I know I've seen
you do this mark.
Speaker 1 (15:07):
But like scripting, it's like building a script and
you could deploy to 10,000devices from a single script
using the API, without having togo to the consoles.
That that's a typical use caseyou're referring to.
You're in correct.
Speaker 2 (15:19):
yeah, just being able to make a mass change as
quickly as possible withouthaving a whole lot of manual
intervention Super nice.
Speaker 1 (15:29):
Got it.
And Patrick, what otherfeatures, anything else that
stands out to you, just based onyour experience with Workspace
ONE or AirWatch?
Speaker 3 (15:36):
Some of the things I like about Workspace ONE is
they've, as I mentioned, they'vetaken some of those Zebra
native features and rolled theminto their core product.
So if you're setting a profile,like a restriction profile, in
Workspace ONE, there'll beoptions that are specific for
Zebra and it'll call out whatversion of the Zebra MX system
(15:59):
is required, the minimum versionrequired for that.
So it's really clear it's builtinto that product.
So you know that this is aZebra-only feature and more
often than not they're featuresthat our clients end up
leveraging.
Other things that I thinkWorkspace ONE does well around
Zebra when you're setting up anenrollment profile, they give
(16:21):
you the option to go ahead andgenerate a stage now barcode
instead of having to go to aseparate PC, download the stage
now client, generate thatbarcode in that staging process.
Workspace ONE has taken thatfunctionality and built it into
their core product.
So that's great.
And then, lastly, we do seepeople also managing their Zebra
(16:45):
printers in Workspace ONE.
There's not the best data thatthey're retrieving from those
Zebra printers, but it doessupport Zebra printer management
so it can be really yourall-in-one Zebra endpoint
management tool.
Got it?
Speaker 1 (17:00):
And then back to the OS version.
I know we talked about this abit before, but like what OS
versions like Android flavorslike is it eight and above it
supports right now, or do youhave guidance around this?
I know a lot of enterprises dohave legacy Android devices they
have to manage.
For AirWatch, what specificallydoes it support?
Speaker 3 (17:21):
AirWatch and SOTY are a bit unique in that they have
their own agent.
So an agent is the applicationon a device responsible for
communicating to the MDM or EMMserver on the back end to
receive and execute the commandslocally on the device.
So since they have an agent,they have much more control over
(17:43):
commands and how things aregoing to process, which is great
if you're using legacy Androiddevices running Android 4, 5, 6.
We've seen clients that canstill manage those devices on
Workspace ONE or SODI.
With the announcement ofAndroid Enterprise back with
(18:08):
Android 8, I believe it wasthere's been a lot of different
functions that have been added,specific for Android Enterprise
versus the Android Legacy orAndroid Classic model.
So that does open up youroptions for more MDMs or EMMs.
That would be applicable to you.
But if you're stuck on thoseold A5 devices or operating
(18:32):
system, you're going to probablyneed to leverage a tool like a
Workspace ONE or SODI that hasan agent application on it that
is paired.
Speaker 1 (18:42):
Got it and with the agent.
The biggest difference there sowith Android Enterprise, google
has built this mechanism todeploy from the Play Store, so
you pull applications down fromthe Play Store with an agent.
So the AirWatch or WorkspaceONE can both do direct APK
installations from a relayserver from somewhere on-prem
and don't have to go to theGoogle Play Cloud and pull stuff
(19:04):
down.
Is that?
Speaker 3 (19:05):
how that works.
Yeah, that's a good summary ofthat.
So a couple of years ago,google actually stopped allowing
companies to build their ownagents.
So Sodium Workspace One aregrandfathered in.
They have the ability to dothose application installs,
application rollback, filemanipulation work.
Google is pushing everyonetowards leveraging only their
(19:29):
APIs for device management, andhence why they're blocking
companies from being able togenerate those agents going
forward.
So everything now goes through,as you called out, like a
device policy controller, whichis a system supported
application that comes out ofthe box on Android, which makes
(19:49):
things a little bit morelightweight, but, as we'll get
into with Intune is going todefinitely restrict what your
options are for managing devices.
Speaker 1 (19:58):
Got it.
We'll shift gears to Soggy now,but I guess, before we do that,
one of the things that I'veobserved and, patrick, I'd be
interested in your opinion onnow.
But I guess, before we do that,one of the things that I've
observed and, patrick, I'd beinterested in your opinion on
this.
But AirWatch got bought byVMware, which got bought by Dell
, which got bought by EMC, whichgot recently acquired by
Broadcom, and then Broadcomannounced a couple of weeks back
(20:20):
that they were spinning off theeuc, so the endpoint group
which is going to include what Iwould call like legacy airwatch
, spinning that off in into itsown group, which is owned by kkr
.
Now I feel like a lot ofcustomers have shied away from
that.
That shift in the market justconcerned who's going to own it,
where's it going to go?
Um, and have you know, the lastcouple years been going to sody
(20:44):
?
Is that the same thing you guysobserved?
I guess, patrick, maybe you cango first on that one.
Speaker 3 (20:49):
Yeah, I think there's some uneasiness with customers
about all that activity youmentioned with the acquisition
and spinning off.
I wouldn't say that the producthas fallen off in any way yet.
I think customers are justconcerned that pricing might
change.
They're concerned that theirsupport and service of that
(21:11):
application might falter.
So it's a lot of uneasiness,but I wouldn't say any of that
has actually come to fruitionyet.
So yeah, I've definitely seen alot of customers start
investigating alternatives toworkspace one.
I think you know I would sayfive years ago workspace one was
the clear favorite in the inthe space.
Speaker 1 (21:33):
But uh, things are starting to even out a bit more
yeah and mark, I know youprobably have the the most
experience workspace one out ofall of us, but would you say
that that, from your experience,mark, that workspace one is
still a great product and theinstability just comes from the
concerns on pricing andownership?
Speaker 2 (21:51):
Yeah, I think really it's the same quality of product
that you're getting withWorkspace ONE.
The question is, what's goingto happen in the future?
Are we going to keep gettingthe same amount of support?
Are they going to, you know,shift things down the down the
line?
Um, with any big uh acquisition, that's always a question.
(22:15):
So, um, I guess we'll just haveto wait and see yeah, all right
, wait and see.
Speaker 1 (22:20):
So shifting gears, so sody, I know sody.
I feel like around the timethat Intune got purchased by
VMware, I felt like there was abig uptick from SOTI where they
were trying to take market sharespecifically around rugged.
And you know they've definitelygrown a lot.
That product's gotten a lotbetter.
They had a lot more featuresand capabilities, patrick, from
(22:53):
your standpoint.
Speaker 3 (22:54):
what are the things you've seen on the clients where
you use SOTI or the things thatyou really like about that
product from an enterprisestandpoint?
Yeah, definitely so you calledit out.
I think SOTI's done a great jobat focusing on that rugged
Android and enterprise Androidspace.
They've won a lot of customersover with their feature sets.
Some of those things they doreally well are the ability to
(23:16):
create packages and run scripts.
So Workspace ONE also has thatfunctionality.
Soty does it a bit differently,where you bundle up a package
and then zip that file anddeploy it.
So that makes it really easyfor myself as a third-party
vendor to a lot of companies tobuild a package with
applications scripting and thenI can just send that to a
(23:37):
customer for them to import intotheir own SODI MOBI control
environment.
That's awesome.
That's really helpful.
I don't need access to theirSODI environment to do that to
transfer applications or code.
So I do really like thatfeature.
Also, their scripting is good.
I wouldn't say it's as good asWorkspace ONE with the APIs, but
(24:00):
they do have the ability to runscripts locally to devices,
which is great.
Be that stage now commands toconfigure the Zebra devices or
some of their own functions.
They've built like time sinksand resets and commands like
that that can be run really adhoc or scripted to run on some
(24:25):
type of deployment cycle orschedule Got it.
So they do a good job at givingyou options to manage those
Zebra devices.
Things that I also like aboutSOTI is that their file sync
option is really awesome.
They basically have created theability to sync devices and a
(24:47):
server with a file system.
So if you make any changes to afile system on a server, the
device will actually goautomatically, pull that updated
file and store it locally onthat device.
So you're not having toactually go deploy packages and
files every time you want topush a file out.
We've seen this be reallysuccessful for managing os
(25:11):
updates.
Also, it's just easier for anadministrator to manage the file
on a server, like aconfiguration file on a server,
and have all the devices pullthat file automatically without
having to worry about the goingthrough the deployment step as
well.
And I've even seen this used inreverse.
(25:32):
So you can also pull files offof devices.
We've seen customers that arewriting log files locally to
devices and then the file syncrule will grab those files from
the device and store them in aserver for analysis and some
other external tool like PowerBI.
So that is a great tool.
It's sort of a replacement forWorkspace ONE's relay servers,
(25:57):
but in my opinion, it's a muchbetter implementation of that
and yeah, you know SOTY, it'sbeen good.
They've definitely updated someof their UI lately to be a bit
more modern, which is alwaysappreciated, and they've also
given you the ability to uploadAPKs directly to the portal as
(26:19):
well, which was previouslymissing.
You had to go through thepackage manager option, as I
talked about at the beginning.
Speaker 2 (26:27):
But I guess Mark anything else to add around SODI
or things you like about SODI,I'd say out of all the
competitors on the market, SODIis the most comparable in
features to Workspace ONE andyou can virtually do everything
you need to do to control yourdevices.
Speaker 1 (26:50):
So a question for you , mark, on those the SODI versus
Workspace ONE.
It seems like both of those arevery Zebra-forward.
They have a lot of features andcapabilities for Zebra.
We're going to pivot here toIntune in a second.
But is there any big differencein relation to Zebra devices
that you can think of formanaging them that you would get
(27:10):
with one that you wouldn't getwith the other?
Speaker 2 (27:11):
Sure, Really just the difference in method.
I think the only thing that Iprefer is that on the Zebra
devices you're able to accessthe file system via Workspace
ONE, assist with Workspace ONEand in SOTY.
(27:33):
I don't know that there's a wayto do that.
Patrick, correct me if I'mwrong.
Speaker 1 (27:38):
You can, oh, you can.
Okay, that's through the remotecontrol, just delete that.
So that's the remote controloption.
You can get in there.
You can access file systems.
You actually look at files onthere.
This goes back to the file syncrules that Patrick had talked
about.
So I feel like both of thesetools great tools for managing
Ze devices, lots of features andcapabilities.
I'm going to go to the thirdoption, which I'm going to go
(27:59):
ahead and throw this out there.
It definitely has lesscapabilities for Zebra devices,
which is Intune and Patrick, Iknow you've probably done the
most Intune deployments andworked with them the most in the
last couple of years, but maybeyou can talk about what you've
seen with them and how you'veseen that change since you
(28:22):
started using them.
Speaker 3 (28:24):
Yeah, absolutely so.
Intune is Microsoft's endpointmanager solution, so this is a
UEM, if you would call it aunified endpoint management
system.
It was originally for managingWindows PCs and laptops and has
grown to be that all-in-one forAndroid devices, for Apple
(28:46):
devices, etc.
So this is the kind of the newkid on the block in the EMM
space.
Intune I hear about more oftenthan not.
In the last six months A ton ofcustomers are considering it or
have already made the jump toIntune.
The reasons they do that aremostly around cost savings and
(29:10):
integration with the Microsoftecosystem.
So, as you called out, brad,there's definitely less features
than SOTI and Workspace One,but the total cost of ownership
potentially is cheaper if you'rebundling some of your other
Microsoft solutions as well.
And they also have a fewadvantages in that they have a
(29:32):
tighter integration with a lotof the Microsoft features, like
intra ID, azure and all of theirmanaged access policies and
additional access policies.
So go ahead.
Speaker 1 (29:49):
Yeah, let me Mark.
You can talk about this forEMDK and stage now support.
What have you seen within tune,or what's, or what shortcomings
or gaps does it have therecompared to the other two?
Speaker 2 (30:02):
Yeah, it's pretty lackluster.
So because you're just usingthe device policy controller and
the Android Enterprise, you'rerestricted to those features
that are supported directlythere.
You don't have the agent, soyou can't control the behavior
(30:24):
of the device like you can withworkspace 100, sody can't, um,
well, you can't.
Sorry, you can control certainthings, but it's very, uh, small
, um, but it's very small orit's very light in comparison.
Speaker 1 (30:40):
So, Patrick, for you.
I know we have some tooling,but what have you seen around
clients trying to fill thosegaps that Mark just called down?
Speaker 3 (30:50):
Yeah, so, as Mark mentioned that stage.
Now XML and those ad hoccommands are not applicable to
Intune.
They simply just do not supportthat method.
So companies have had to startthinking a bit differently about
how they manage their Zebradevices.
Oem config is becoming one ofthose replacement options, and
(31:16):
what that is is it's anapplication that gets deployed
from the Play Store to Zebradevices and you set the
application's configurationsthat then apply to the device.
So instead of sending a commandto a device, it all now comes
from the Play Store.
The UI is completely different.
The way it gets delivered to adevice is sort of an all-in-one
(31:37):
delivery, or the UI iscompletely different.
The way it gets delivered to adevice is sort of an all-in-one
delivery versus being able tobatch things or run things in a
particular order.
So it's definitely causedcompanies to have to rethink the
way they do things, and it'sdefinitely a learning curve and
been painful for a lot of theMDM admins that I work with.
(31:58):
There's no task scheduling, noad hoc commands or scripts.
You really just have to have alot more patience if you're an
Intune admin, because we've seenbig latency in reporting as
well.
However, there are some optionsout there that make life a bit
easier.
Blue Fletch Playbook is a toolthat we specifically wrote for
(32:21):
this exact scenario.
So we talked a little bitearlier in this podcast about
agents on a device and having alocal agent on a device to run
commands and execute commands.
That is still an option withBluefletch Playbook, so we can
deploy our agent from the PlayStore and then you can send
(32:42):
those commands, those scripts,those stage now XMLs, file moves
and copies to the device fromour Playbook tool.
So it brings back a lot of thatfunctionality that you lose
when you migrated away from aSODI or Workspace ONE and gives
(33:03):
admins a lot more fine-grainedcontrol over their devices to be
able to do things that they'vedone in the past, basically as a
given, just by having one ofthose tools and one of those
agents out there.
I think about software rollbacks, a lot Intune makes it
extremely difficult for thatbecause really Android is making
(33:25):
it difficult for them to dothat.
So there's no way to roll backa version of an app unless you
go uninstall that applicationfirst and then reinstall it.
So having an agent basicallygives you the ability to do
things like that exact scenarioroll back software, install
third-party software from anoutside source and even remote
(33:51):
control your device is anotheroption that we provide for
Intune managed devices.
Intune does not provide aremote control solution out of
the box.
They've actually white-labeledTeamViewer and so that is an
additional add-on cost that alot of companies don't consider
when they first see the cost ofIntune.
(34:12):
So we do offer a remote controladd-on that brings a lot of
that functionality that youmight lose going to intune back
into play, got it and then forzebra specifically does.
Speaker 1 (34:27):
Does intune have any printer management right now, or
is that something that they'rethat you guys have seen anywhere
?
Speaker 3 (34:33):
I'm not seeing that I don't know if that's in their
roadmap.
Speaker 2 (34:39):
Don't believe it is.
Peripheral device management,as far as I've seen, is not
really a part of Intune'sfeature set.
Speaker 1 (34:50):
Got it.
So you need to look to someother solutions like Zebra's
device or Zebra's printermanagement solution.
Mark, I know you've been usingIntune or looked at it for quite
a while.
How have you seen it grow overthe last couple of years?
Speaker 2 (35:03):
Yeah, I think there's a big drive towards it because
of how many Microsoft shopsthere are out there.
A lot of offices already havetheir Microsoft licenses and
Intune is just a part of that,so they're switching over to
just using it instead of payingfor an additional license.
So as far as growth goes, it'sI think the tool has been, it's
(35:32):
become more usable, just not asZebra features Zebra-specific
features have not grown in anyway.
Speaker 1 (35:44):
Got it.
So for Zebra, so in WorkspaceONE, are still stronger.
And then, patrick, you touchedon the application.
Like the Microsoft apps, canyou talk a bit about?
You know why Intune has beenuseful specifically for those
shared devices.
Speaker 3 (36:02):
Yeah, so Intune offered in the last.
It's probably been a year nowsince they announced their
shared device mode and it'sdefinitely grown and matured
since that time.
But the idea here is that youhave these shared Android
devices we've talked about in aworkplace.
You have a user log into thatdevice and once they're logged
(36:26):
in, you want them to have theexperience of if that device
truly belonged to them.
So you open up your email andyou're automatically logged in
with your email in a nativeapplication.
Same with Teams, sharepoint,power Apps, things of that
nature.
Microsoft has built basicallythe roadmap and infrastructure
(36:48):
to allow you to do that now, andthat is not specific to Zebra
devices at all.
That's something that you can doon other device types, other
Android models as well, butthey've really integrated that
into their EMM to allow you toset up devices in that exact
model the shared device mode Italked about.
(37:10):
So they were the first to offerthat.
Of course, they make it theeasiest to set that up and
integrate that shared devicemode.
However, there has been anannouncement that they have
brought that same integrationover to SODI and Workspace ONE.
Most customers are going toIntune if they're going to use
(37:31):
that model instead of having tobasically manage two different
systems to achieve that sameresult having to basically
manage two different systems toachieve that same result.
But it is interesting thatthey've started to open that up
to other external EMMs as well.
So shared device mode is greatIf you're heavy on the Microsoft
applications, if you alreadyhave licenses for frontline
(37:51):
workers, intra-id accounts,things like that.
Intune makes it really easy togive you a native experience on
shared devices.
Speaker 1 (38:02):
Got it.
So the big three Workspace ONE,which was really the first
entrant into the Zebra devicemanagement space, sodi
definitely took a lot of marketshares, definitely huge players.
Workspace ONE and SODI have agreat Zebra-centric
functionality.
And then Intune I think one ofyou guys called it.
(38:24):
But then you get on the walk.
It's definitely taking a lot ofmarket share, just based on A
pricing and then the Microsoftecosystem integration.
So those are the big three.
I know we see those the mostand wanted to pivot into what I
call the secondary options, notnecessarily because they're
inferior, but for other devices,what we've seen for MDMs, and
(38:47):
you know, I think, a lot.
The first one is might be a bitcontroversial for this, but
we've seen this a lot with a lotof customers, which is Samsung
Knox.
We've seen this a lot with alot of customers, which is
Samsung Knox, and it's mainlySamsung support.
Only I believe they have someZebra functionality.
Speaker 3 (39:05):
Patrick, do you want to touch on that at all?
Yeah, so Samsung Knox Manage isa EMM from Samsung.
Of course, that waspurpose-built for Samsung
devices, more or less, sothey've taken all of their
developer kit and integratedthat into the UI for managing
devices.
However, it is still an AndroidEnterprise EMM, so it is
(39:29):
certified for Android EnterpriseAPI calls, meaning a Zebra
device could theoretically beenrolled in Samsung Knox.
I would not recommend thatscenario, but we do come across
a lot of customers that havemixed device fleets.
They're using Samsung devicesin the retail store, maybe Zebra
(39:49):
devices in the distributioncenter, and they've already
standardized on Samsung Knox,for example.
Theoretically, you could keepeverything under one roof and
use Samsung Knox for that, but Iwould look at some of the other
options out there that we'vealready discussed and some we're
about to discuss next.
Speaker 1 (40:09):
So the next one on my list was 42 gears or Shure MDM,
and I feel like this one we'veseen it.
I think it's getting pushed byZebra.
Maybe, Mark, you can talk a bitabout 42 Gears and what we've
seen with it and how it's takingsome market share away from
SOTI.
Speaker 2 (40:25):
Sure, as far as the Zebra device side of things,
it's got some really goodfunctionality.
It's on par with SOTI andWorkspace ONE.
As far as what you can do asfar as the interface, the
grouping and that sort of thingand the ability to manage a
(40:47):
large device fleet, I'd say thatit's lacking a little bit,
Definitely needs some work inthat department.
But overall, if you're tryingto manage Zebra devices, you'll
be able to get everything donethat you want to do in SureMDM.
Speaker 1 (41:03):
Got it and it's.
I believe we're starting to seea lot more of.
I think Zebra has an alliancewith them, so I think they're
able to skew it and sell it, sothat's probably the reason why
you see a lot of Zebra devicesrunning it.
The next one on the list I hadwas Manage Engine, and I know
(41:25):
I've had some customers ask meabout this, but I guess, Mark,
maybe you could talk about it.
Is this something you've seenout in the field?
I know I've seen it covered inGartner, but I've actually never
seen we've never had a customeruse it other than the ones that
have just casually asked usabout it.
Speaker 2 (41:36):
Yeah, so it's strange .
I have seen it in the past.
This was a long time ago, about10 years ago, and it it was
very under developed.
I think.
At the time we were comparingit to um workspace one and it
had none of the features that weneeded.
(41:57):
However, I haven't seen it inthe recent years, so I can't
speak towards that where it isnow on the market.
Speaker 1 (42:10):
But it does appear to be a competitor.
Patrick, do you have anyexperience, I guess, with Zebra
devices?
I've not seen it runninganything Zebra-centric.
Speaker 3 (42:18):
No, I have not either .
Speaker 1 (42:20):
All right.
Next on the list I mightbutcher the name here, but
Ivanti Neurons for MDM, whichwas formerly known as MobileIron
.
So Ivanti had purchasedMobileIron and there was another
product they had as part of theWavelength portfolio called
Avalanche that theydecommissioned.
I think everything is going forneurons for MDM.
(42:42):
But, patrick, I know you'vedone some training and working
with this and integration wise,maybe you can talk a bit about
what you've seen with neuronsfor MDM, how it stacks up
against some of the other ones.
Speaker 3 (42:53):
Sure, yeah.
So Avanti good friends of oursare really big in the warehouse
and logistics space, so thisproduct I would say I see most
often applied in that thatvertical customers that are
already using velocity ofAvanti's velocity for terminal
(43:13):
emulation or connecting to SAP,for example.
They've also adopted their MDMfor device management.
Neurons was released last year,rebranded last year 2023.
And some of the nice featuresabout it are that they've really
gone headfirst into the, Iguess, the machine learning and
(43:37):
AI story.
So they're being very forwardwith their proactive reporting,
alerting, analytics and insightsinto devices.
So I do like that approach thatthey're taking.
However, I haven't seen a hugeinstall base on this yet, I
(43:58):
think probably because of thefocus of where they are as a
company.
But we have definitely set upBlueFletch software, deployed it
through Avanti Neurons andreally no issues with that.
So I think this coulddefinitely suffice for managing
your Zebra devices.
Speaker 1 (44:18):
Got it.
The next one on my list wasHexnode, and I guess Mark or
Patrick, have any of you guysseen clients with Zebra hardware
running Hexnode?
Speaker 2 (44:32):
I have not.
Speaker 3 (44:34):
I have not either.
I'm definitely aware of thiscompany and I see their brand
out there a lot.
I think they do a really goodjob of advertising and marketing
, but in this specific scenario,we're talking about rugged
Zebra Android devices.
I do not see a big adoption ofHex, no, no.
Speaker 1 (44:55):
Got it and the next one on the list was Meraki by
Cisco.
So Meraki was, I believe Ciscopurchased them and I know I've
had two specific clients thathave used you know they're a
pretty Cisco heavy shop andwanted to use Meraki for
managing devices.
I mean, I think it's similar toIntune in the aspect that it's
(45:16):
right now it's pretty muchAndroid enterprise forward and
doesn't have any like detailedDPC.
Patrick, have you seen Merakiused anywhere for fleets of
large Zebra devices?
Speaker 3 (45:30):
No, you know, just really access point.
Yeah, that's what I was goingto say Just really access point.
Speaker 2 (45:35):
Yeah, that's what I was going to say.
I thought Meraki was onlyaccess points, but I didn't know
.
Speaker 1 (45:41):
They do have Android Enterprise functionality.
I do have two clients that areusing it for that.
Yeah, it was new to me, butit's definitely something I've
seen this year, but definitelynot a very common solution.
The next one, which I've seen alot of advertisements similar
to Hexnode is Scale Fusion, andhave you guys seen that or seen
(46:03):
Scale Fusion anywhere, or playedwith it at all?
Speaker 2 (46:06):
Nope, put it on the list of things I got to play
with.
Speaker 1 (46:11):
All right.
So Scale Fusion's out there Ifyou're interested.
I'd love to hear comments fromfolks.
And then the last one I was ina partner demo day with Zebra
last year up in Chicago and oneof the things they had was, with
Zebra DNA Cloud, the ability tomanage devices, and I'm
assuming this is for smallerdevice fleets.
I've not seen any enterprisecustomers, but definitely it's a
(46:34):
tool I've seen that can use.
The Ziba EMTK really relies onthat.
But I think if you're a smallercompany that's looking for
something that you can get builtin and not have to spend a lot.
I think it's similar to Intune,where it's low cost or no cost.
You know Ziba DNA Cloud andPatrick, have you seen anybody
actually use this out in thefield that's of size?
Speaker 3 (47:03):
No, I've seen demos like yourself at sales kickoff
meetings and some of theirmaterials around it, but I've
never actually had to put thisto the test or have customers
that had to.
So I can't comment on where itmight shine or fall short on
where it might shine or fallshort, but you know it's
probably going to be full.
It's going to take advantage ofthe EMDK as much as possible,
(47:25):
since it is a Zebra product.
Speaker 1 (47:27):
Got it and the last one on the list and Patrick, I'd
like you to talk about this.
You mentioned this before, butBluefletch has a tool called
Playbook that is specificallyfor managing shared Android
devices in the enterprise and Iknow Zebra is really our biggest
use case.
I think, zebra, we have fullfunctionality across that, but
can you talk a bit aboutBluefletch Playbook and where it
(47:50):
might be used for managingdevices, as opposed to just
being used on top of Intune used?
Speaker 3 (47:56):
for managing devices as opposed to just being used on
top of Intune, Sure.
So we do have customers thatleverage BlueFletch, our EMM and
Playbook tools solely as theirdevice management tool.
So they're not pairing us withIntune.
They're coming to BlueFletch toenroll their device with our
EMM and our Android EnterpriseEMM and then use Playbook to
(48:21):
bring back a lot of thatfine-grained control like
sideloading applications,managing files locally, running
stage-now XML.
So we've kind of tried to bringthe best of both worlds.
We have the EMM, where you candeploy apps from the Google Play
Store.
You can leverage all theAndroid Enterprise APIs that are
(48:42):
made publicly available, andthen we also bring some of that
legacy nice-to-havefunctionality as well with our
Playbook MDM.
So they are slightly differenttools but when they're paired
together they really are a greatoption for managing your
devices.
And then not only that, thereare additional BlueFletch
(49:03):
Enterprise tools, for we thinkabout how an end user actually
interacts and experiences theirdevice.
Experiences their device.
You can think of an MDM and EMMsort of as the guy behind the
curtains pulling the strings andmaking everything happen and
sync and be compliant with theright software.
But what is the end useractually seeing?
(49:25):
Experience.
And that's where BluefletchEnterprise comes in.
Our enterprise launcher isreally the first screen a user
would see.
It's going to limit what theuser can do and access.
It's going to restrict securityand settings on the device.
It's going to allow them to login with single sign-on and have
a role-based experience, verymuch like that shared device
(49:50):
mode from Microsoft, which wealso play nicely with as well.
So this is an Android-onlysolution.
It works great for Zebra, as wementioned with the Playbook
add-on tool.
But if you guys, you know, ifyou're looking for one solution
that really can do everythingfrom staging and enrolling your
(50:12):
device all the way to providinga single sign-on experience for
each user out in the field, wehave an awesome option for you
guys.
Speaker 1 (50:21):
Got it.
And then the last thing I had anote on my notes was I'm going
to call this an honorablemention, but it's not actually
device management, it's printermanagement.
So Zebra has their ZebraPrinter Profile Manager.
So Zebra has their ZebraPrinter Profile Manager and this
is a standalone product thatcan be used for managing Zebra
printers when MDF doesn'tsupport.
(50:41):
So if you have an Intune, youcan use Zebra Printer Profile
Manager for managing a fleet ofprinters separately.
I know SOTY and AirWatch bothinclude integrated printer
management and I'm not positive.
I believe I know Avalanche usedto have it.
Do you guys know if Neuronsincludes printer management?
And I'm not positive.
I believe I know Avalanche usedto have it Does.
Do you guys know if neuronsincludes printer management?
Speaker 3 (50:59):
I don't.
I assume they would, but Idon't know for sure.
Speaker 1 (51:03):
Got it Awesome.
So that's the list of secondaryoptions and there's.
You know, if you search in MDMs, there's probably a slew of 20
or 30 other ones.
These are the ones we comeacross most commonly and some of
them to Patrick and Mark's lastpoint we've heard a lot about
them.
We've not actually seen themused in larger enterprise
(51:23):
customers.
So definitely, if you'relooking for the big three, the
workspace one, sodi and Intuneare probably the three most
commons.
And then if you have specificniches, 42 gears, the Ivanti
neurons is, we've seen those.
And then, you know, for Samsungdevices, we've seen it but
(51:43):
we've not actually seen it usedfor Zebra specific devices.
So for the last segment, Iwanted to talk through with you
guys specifically around.
You know, if somebody islooking at an MDM solution, what
they should be thinking aboutfor evaluating, what are the
requirements you need to go lookat and we've done assessments
(52:05):
for companies and wanted to runthrough it.
You guys had sent over yournotes on a couple of the key
things and we'll start with thefirst, I guess, bucket, which is
, you know, if you're looking atMDM solutions, understanding
your infrastructure limitationsand, patrick, I know you had a
lot of items on your list whenwe talked through this.
Do you want to go through whatthe key considerations you have
(52:28):
for this are?
Speaker 3 (52:30):
Sure.
So thinking of infrastructure,usually my mind first goes to
network limitations andrestrictions.
So what does your network looklike in a store?
Do you have servers set upalready?
Do you have access to theexternal Internet?
Those are all considerationsthat you need to understand
(52:53):
before you select a tool.
Those are all considerationsthat you need to understand
before you select a tool,because some of these options we
discussed are cloud only andwould require network connection
to that cloud.
Some options, like Workspace,one and SODI, actually offer
what they call an on-premisesolution, which they'll give you
the code and you can installthat on your own servers and run
(53:15):
that locally within yournetwork.
That's a great option forcompanies that don't want to
have to traverse the Internet toget updates.
For companies that want to havea more restricted network and
firewalls in place, they havemuch more control over that
network traffic.
So that's a big thing tounderstand.
(53:36):
At first, there are somedownsides to going on-prem.
It's going to be harder for anyof your support staff to access
that unless they're on yournetwork or on a VPN, which in a
way is also an advantage becauseit's a security control in
place.
But it is also going to beslower to take updates and have
(53:58):
less new product or featuresupport, because you'll probably
always be a version or twobehind with that on-prem install
.
So that's one of the kind ofthe big forks in the road that
we see companies come across.
First is you know, does itoffer an on-prem solution or not
?
Intune does not offer on-prem,so companies are having to say,
(54:22):
ok, well, that's fine, we'llmake network exceptions for that
traffic there.
Speaker 1 (54:27):
Got it and then, I guess, from infrastructure
limitations, mark, maybe youwant to talk about the hardware
limitations.
Mark, maybe you want to talkabout the hardware.
I think one of the things I wasthinking of for this discussion
.
We're primarily talking aboutZebra devices, but I know
hardware and other OSs and youmentioned this earlier like the
Windows managing Windows devicesand iOS.
Mark, do you want to talk aboutwhat you think about when
(54:49):
you're evaluating MDM?
Speaker 2 (54:51):
Yeah, sure.
So the main thing you'd have tothink about is what other
devices do you have in yourfleet and if you're already
using a different mdm for those,are you going to move them into
this new mdm for your zebradevices, or are you going to try
to make it work with yourcurrent mdm to move all your
(55:14):
zebrabra devices in there, orare you okay with having them
all separate?
So that's a key consideration.
If you have iOS or Mac devicesor Windows, you're probably
going to have to look for one ofthe bigger players in this
market, because the smaller onesjust don't have the feature set
(55:39):
support for all the differentoperating systems.
Speaker 1 (55:44):
Got it.
And then the next bucket I hadin my list that we talked about
was when you're looking at MDMsyour security requirements.
Patrick, do you want to talkabout what your list to be, or
things that companies shouldthink about evaluating when they
think about securityrequirements?
Speaker 3 (56:03):
Sure.
So you know, multi-factorauthentication is a big one for
a lot of companies.
Do you want to enforce MFA ifyou're seeing some unexpected
traffic from outside yournetwork et cetera, things like
that?
So being able to integrate withyour system for that, be that
(56:27):
your access management tool,like Okta, or IntraID, which is
Azure AD rebranded, or intra-ID,which is Azure AD rebranded
that is awesome integration.
If you can build that pipe inso that you can enforce MFA and
apply that from.
You know, based on a devicebeing managed or not, a device
(56:49):
being compliant with the latestlifeguard version or not, and
then have that user be promptedfor MFA, depending on those
different criteria that arebeing assessed, also other
security requirements.
Single sign-on is not reallyonly just a nice-to-have feature
(57:09):
for the end user where theyonly have to log on once.
It's actually a bettermechanism for managing access
because you have a singleaccount, a user account that you
can control permission and roleand access for that user from
one single management tool.
So you know, does your EMM orMDM support single sign-on to
(57:34):
your access management tool?
Does your EMM or MDM supportsingle sign-on to your access
management tool?
Will these devices be shared orare they going to be personally
assigned and delivered to theend user, with Zebra, I would
say, 90% of the time, if notmore, see these devices used in
a shared mode.
They're not really designed tobe personally owned or personal
(57:58):
carry devices.
Other security considerationsare you going to be deploying
Wi-Fi certificates for, you know, pci type of transactions on
your devices?
Well, you need to make sureyour EMM is going to support
pulling from a certificateauthority, be that device-based
certificate or what have you fordeploying that to devices.
(58:21):
What about VPN support?
We talked about that a littlebit.
With MFA Intune, you can deploythe Microsoft Defender
application and have that reallytightly integrated with your
application management policiesas well.
So those are justconsiderations that we come
(58:45):
across just a small handful.
It is really important, though,to understand what Android
Enterprise is making availableto you and making sure that you
are ensuring your requirementsmeet up with those options out
there.
Got it and this?
Speaker 1 (59:03):
sort of goes back to the Intune and a lot of these
vendors that are reallycompliant to Google's Android
Enterprise standards, and thenthe SODI and 42 Gears and one
that's that adds in a lot ofthose capabilities based on the
pieces that zebra exposesspecifically for their devices.
Speaker 3 (59:24):
Yep, exactly, and yeah, I.
I think, as we mentioned, sodyand workspace one go above and
beyond what android enterprisemakes available out of the box.
Not all corporations orcompanies need those features
and functionalities available tothem.
Many companies could get byjust with the pure Android
(59:47):
Enterprise options out there.
So definitely worth doing thatanalysis on your own and
ensuring that you have the rightsolution for you.
Speaker 1 (59:55):
Got it.
And the last big category orbucket of things, if you're
running an evaluation, pre-mdmwe had was like what we
categorize as operational usecases and, mark, maybe you can
talk to this.
I think the first one we hadwas just about, like that,
setting up devices and how youdeal with that.
Do you want to talk throughjust mere experiences with that?
Speaker 2 (01:00:15):
yeah, just think around what kind of enrollment
process you're going to do.
Are you going to have a depotset up all of your devices for
you and roll them out?
Um, they're going to havebetter luck with certain uh
systems where they have morecontrol and can automate some of
(01:00:36):
that for your depot, so you'renot spending a whole lot of
money on each device to get itup and rolling the other things.
Can you do some of that insidethe four walls of your stores or
your deep or your warehouses?
Speaker 1 (01:01:00):
When somebody goes from one MDM to another.
I feel like I've not seen these.
What is the typical path youhave to do when you go, let's
say, from a workspace one overto an Intune?
What does that look like?
What are the steps involved inthat setup and provisioning from
one MDM to another?
Speaker 2 (01:01:21):
Yeah, first you have to transfer all of your policies
and settings and everything,build out your whole new
environment assuming that youcan get one-to-one and then
after that all the devices needto be re-enrolled, so they have
to be wiped and then enrolledinto the new environment.
Speaker 1 (01:01:47):
Got it, so you'd actually have to physically
reset the devices to re-enrollthem in Android Enterprise for a
new MDM.
There's no way to cut it overfrom one to another.
Speaker 2 (01:01:58):
Correct.
Yeah, they do have to be wiped.
Speaker 1 (01:02:02):
The next operational bucket we had in the ops was
around reporting.
Maybe, patrick, you can talkabout some of the key
requirements or things you thinkabout when you're looking at
MDM and looking at a company.
Speaker 3 (01:02:15):
Yeah, reporting is huge, or things you think about
when you're looking at MDM andlooking at a company yeah, so
reporting is huge.
Any MDM administrator orendpoint management team is
going to need that, those KPIsand those dashboards to track
their deployments and theirrolling software updates.
So for me, this is one of thebiggest criteria when evaluating
(01:02:36):
MDM or EMM is how real time isthat data?
How accurate is that data?
Multiple devices at each site Iwant to have a really clear
picture of what my run rate or Iguess my uptake rate is of that
(01:03:05):
, what my compliance rate is andhow close I am to hitting that
100% mark.
So that to me is a big one.
Understanding compliance withoperating systems and security,
patches, application versions,network profiles that's all
really important data that, ifit's not seen, means that you
(01:03:26):
have sort of a you know just awild west of devices out there
where devices are strayed andthey're not matching the desired
setup of a device.
Timeliness and latency of thatreporting is very important as
well.
Intune has some built-inreporting but you got to be an
(01:03:49):
extremely patient person to getany value out of it.
It's extremely slow for thatfeedback loop to understand if
something was successful or not.
I would say SOTY and WorkspaceONE have slightly better support
for that, but there arethird-party tools that are
specifically designed aroundthat that I would say do a
better job.
(01:04:10):
I think Splunk has one of theirown Android agents.
Bluefletch also has an agent aswell that is responsible for
collecting all of that data andtelemetry data and sending that
up to a cloud for analysis, likea Power BI or a Splunk.
(01:04:30):
But you think about when thesedeployments happen.
Usually they're overnight.
You've got a team that'smanaging that and making sure it
goes well.
You want to give them as goodof a picture as possible to see
that progress in that fleet andreact really if anything starts
going wrong.
So that's what I think aboutwhen I think about reporting.
(01:04:51):
It gets forgotten about a lot.
I would say, uh, reporting it's.
It gets forgotten about a lot,I would say.
But once everything is deployedand out there, it's really your
only way to understand.
You know how healthy are these,these devices that are spread
across the country or spreadacross the world?
Speaker 2 (01:05:07):
got it sorry, just real quick on that.
Um the, I think when I'mthinking about what I want to
buy in a software as far asreporting goes, I want something
that gives me the big pictureview and also lets me get real
granular and detailed in it so Ican figure out what's going on
(01:05:28):
when something is going wrong.
Speaker 1 (01:05:31):
Back to the API and individual device level pieces
you talked about earlier, right,mark?
Yep, mark, I know you've done alot of work with supporting
devices I think another categoryand you'd mentioned this before
when we put together some notesfor this but the technical
support and training anddocumentation is definitely
(01:05:52):
important to guys like us thathave to do boots on the ground
and managing these devices.
What are the things you lookfor in those areas as you think
about the MDMs and tools thatare out there?
Speaker 2 (01:06:04):
Yeah.
So most of these companies havemost of these MDM companies
have their own.
They have public documentationand so you can actually go pour
through it a little bit, see howdetailed it gets, how granular
it gets.
Are they giving youstep-by-step instructions for
things or are they just kind oftalking about things in like a
(01:06:25):
very high level way, if that cankind of give you a good idea of
how committed they are tosupporting their, their software
and how what kind of helpyou're gonna get when you get on
the phone with somebody,because usually when you're
talking to somebody on the helpdesk you're usually just getting
(01:06:45):
somebody reading through thetraining documents so in the
next category is sort of theflip side of that as as
administrator of the MDM thatyou choose, I think, the
understanding what your adminsand your help desk need.
Speaker 1 (01:07:03):
What are the categories Mark you look for in?
I'm going to call it likeinternal support tools or help
desk support tools for theseproducts.
Speaker 2 (01:07:12):
Right, and that's going to be what you have
control over per device.
So when I'm on a call withsomebody at a store or warehouse
and they have a device in frontof them and they need help
right now, can I get on thatdevice?
Can I interact with that devicein every way that I need to?
(01:07:34):
Can I quickly resend anapplication to it, uninstall,
reinstall that kind of thing?
If some of them are better atthat than others, I'd say
Workspace ONE and SODI give youthat kind of control, and even
SureMDM 42-Gear SureMDM willgive you that kind of control.
(01:07:56):
It's harder to get that kind ofstuff in Intune.
You need some helperapplications like Blue Fletch,
playbook, team Viewer, somethinglike that.
Speaker 1 (01:08:09):
So you think about your help desk.
They need to remote in devices,like you mentioned, file
management.
So pull files in devices, likeyou mentioned, like file
management, so pull files, pushfiles, run stage now, run
intents and then install,uninstall applications.
So those are really useful foryour help desk to be able to
troubleshoot and mediate deviceswithout having to bring them
back into your depot.
And then Patrick back to theIntune piece and Patrick back to
(01:08:42):
the Intune piece.
I think from an operationalrequirement standpoint your
application landscape seems likea really important thing.
When you talk with clients orgive them recommendations around
app landscape, what are the keypoints you think about there or
ask them?
Speaker 3 (01:08:50):
Yeah.
So for me it really comes downto single sign-on is the first
question.
So everyone wants singlesign-on, but it's not as easy to
implement as people might like.
On shared device modes Sorry,on shared devices, as we talked
about, microsoft has made that abit easier with shared device
(01:09:12):
mode and if you're using theMicrosoft native apps like Teams
and Outlook and Edge.
So that's one of the bigconsiderations that actually can
help drive your choice of anEMM.
If you're not a Microsoft shop,I would say there's no true
advantage of Intune for youexcept for potential pricing.
(01:09:35):
I would then maybe consider aSODI or a Workspace one for that
additional control that yourendpoint management team is
going to appreciate.
Speaker 1 (01:09:47):
Awesome.
All right, so that's a wrap forthe items.
I'll do a quick recap here.
So we talked about what is anEMM MDM solution, the
differences for Zebra versusBYOD and then the I would call
them the big three options.
So Workspace ONE, sodi, intune,the pros and cons of those.
Yeah, I think Workspace ONE andSODI definitely have a lot more
(01:10:08):
capabilities specific to Zebra.
Intune is getting a lot ofmarket share for a lot of the
reasons.
Patrick just mentioned thesecond tier of MDMs.
You know, based on your need orspecific use case, you might
want to take a look at those andthen, you know, evaluating the
things that you look at orshould be looking at as you look
at it.
I think we talked about theinfrastructure, the security
(01:10:29):
requirements, and then theoperational use cases were the
big buckets to think about asyou're looking at MDM, and then
the operational use cases werethe big buckets to think about
as you're looking at MDM.
If you do have furtherquestions around MDM options for
Zebra devices, definitely feelfree to reach out to us at info
at bluefletchcom and if you haveother questions, feel free to
let us know.
But, patrick and Mark, thankyou very much for walking us
through this today.
I appreciate it and have a goodone.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.