The Enterprise Mobility Roundup
The Enterprise Mobility Roundup
Managing Zebra Devices in 2024: Top MDM Options and Considerations
What's the best way to manage your enterprise's rugged Zebra devices effectively?
Join Brett Cooper, Mark Banks, and Patrick McGlynn as they unpack the most comprehensive Mobile Device Management (MDM) options for 2024. From mastering application deployment to ensuring robust security controls and real-time inventory tracking, this episode promises to arm you with the knowledge to make informed decisions about your enterprise's mobile devices. Discover why enterprises are increasingly choosing Zebra devices over consumer models like the Google Pixel and how these rugged devices provide advanced configuration capabilities tailored for rigorous business environments.
Curious about which MDM solutions can best handle legacy Android devices? We dissect popular options like AirWatch (Workspace ONE) and SOTI, focusing on their strengths and limitations. Learn how AirWatch's agent-based control can manage older Android versions and why SOTI is gaining traction in the rugged Android market. We also address the concerns surrounding Workspace ONE's future stability and the challenges posed by Microsoft's Intune, exploring how tools like OEMConfig and BlueFletch Playbook can bridge the gaps for Zebra device management.
Security and operational efficiency are paramount when evaluating MDM solutions. Our discussion covers the essentials of multi-factor authentication, single sign-on, and VPN support, along with the importance of real-time reporting capabilities. We also explore various EMM and MDM solutions such as Ivanti Neurons, Hexnode, Scale Fusion, and Cisco Meraki, each offering unique advantages and limitations. Whether you're managing a fleet of Zebra devices or considering BYOD scenarios, we compare the pros and cons of leading MDM solutions to help you navigate your options.
For more detailed information, don't hesitate to reach out to BlueFletch.
Hello and welcome to another episode of the Blue Fletch Enterprise Mobility Roundup. I am Brett Cooper. I'm joined by Mark Banks and Patrick McGlynn. Today we're going to be talking about Zebra MDM options in 2024.
Speaker 1:In this podcast, we're going to cover topics on we've seen for why you need a tool specific for managing this and then also what are the options out there. So a couple of different MDM EMM solutions and pros and cons around those, and then, if you're looking for an MDM solution, what are the options out there? So a couple of the different MDM EMM solutions and pros and cons around those, and then, if you're looking for an MDM solution, what are the things you should be looking at. So we'll be covering that today and let's hop into it again. So, to start out, we're going to do a bit about what specifically is an MDM and why you might need one for your Zebra devices. So, mark, I'll throw this one over to you. Maybe you can talk a bit about. You know, in your experience managing devices over the last decade, what are the things that you use in MDM for. What's it most valuable for?
Speaker 2:So, overall, it's giving you control over your devices and the user experience. It's giving you the ability to track your inventory and make sure that your devices are compliant with whatever security policies you have.
Speaker 1:It's a good way to deploy applications, all right, so Mark, tell me a little bit about you know for your Zebra devices. Why would you want to have an MDM or EMM solution?
Speaker 2:So, overall, you need it to deploy applications to a large device pool and it gives you the control over security features, restrictions over what the device can and cannot be used for, and really just gives you visibility into what's going on with your devices Got it.
Speaker 1:So when you say visibility, that'd be reporting that comes out of it on the back end and the ability to drill in and do support and troubleshooting on specific devices.
Speaker 2:Correct yeah. And troubleshooting on specific devices Correct yeah. And usually gives you an overview of how your devices are doing, a device summary so that you can look at the big picture of your large device pool.
Speaker 1:Got it and Patrick. So I guess, thinking in the context of Zebra devices versus BYOED devices, can you dive into some of the points around what the differences would be between managing a fleet of rugged handheld Zebra devices or managing a consumer Android device?
Speaker 3:Sure Right.
Speaker 3:So Zebra Android devices are generally used in dedicated roles within a company, so they are purpose devices for operations, scanning, inventory control and they're used very differently than a BYOD device, which, when I think of BYOD, I commonly think of bringing a Samsung or iOS device to work and using it to check your email and communicate on Teams or Slack.
Speaker 3:The difference here is that Zebra devices have built-in scanners. They're rugged so you can drop them, and they are usually deployed for those dedicated purposes within an organization, like I talked about with inventory control dedicated purposes within an organization, like I talked about with inventory control. Since those devices are purpose devices, you want more structure and rigidity around those devices. So, zebra devices, you want to control the OS updates and be very cautious and manage any time the OS is going to update, because you don't want to have any impact to your operations, and you also wanna have advanced controls over exactly how those Zebra devices are gonna work, such as how is the scanner gonna trigger, what's gonna be blocked and restricted on that device, whereas a BYOD device usually is more open for the end user because, at the end of the day, it's their own device that they need to do their personal things on as well. So you think of a Zebra device really as a corporate-owned device that is truly dedicated for that worker and for that function?
Speaker 1:So this is probably a full topic, but can you dive into a bit about why somebody might want to buy a Zebra device instead of, say, a Google Pixel or a consumer device that's off the shelf?
Speaker 3:Sure, and I'll start and turn over to you, mark, because I know you have some good experience with this as well. But from my perspective, zebra devices are truly purpose-built for the enterprise. They're extremely rugged and have high drop ratings and waterproof ratings. They also have really advanced controls around exactly how the device is going to be configured. Zebra includes a configuration tool called StageNow. You'll hear it called OEM config as well, going forward in the future state with Android Enterprise. But Zebra, when you compare them to the rest of the industry and the other OEMs making Enterprise Android devices, they provide the most control over those devices. So, exactly how a device is going to look and function, what the scanner is going to do, as I mentioned earlier, and they're going to give you additional controls that are really going to help you make that device function exactly how you need it to for your organization.
Speaker 1:I guess, mark, you have other thoughts on when you're thinking about managing Zebra devices. What are the specific key features or things you think about? Are you seeing, as you've done this in the last, you know all the clients and companies you've worked with, like? What else is there to think about when you think about the difference between Zebra and a regular Android consumer phone?
Speaker 2:Yeah, so from a device administrator perspective, what I'm looking for in a device is something that I can control and get the ability to make any change that I need to to the device so that I can lock it down, make sure that the user gets the experience that they need to do on the device and not anything extra. They can't get around to different websites and that kind of thing. With the Zebra operating system, it checks all those boxes from a device administration perspective and it's gonna let you control the different things that operations may require for streamlining the device use.
Speaker 1:And Mark just to follow up on that. So I know one of the things we've talked about in the past is deploying OS upgrades, managing those. Is there a difference between managing applications and the OS versions on Zebra devices versus a consumer device, I guess, say, an HTC or Pixel?
Speaker 2:Yeah, with the Google devices or Samsung's you're usually stuck with the operating system upgrades that come down from Google or through the operating system. With Zebra you have to deploy those updates manually, but that also gives you control over when those updates happen. So there's a little bit of give and take there.
Speaker 1:Your phones don't upgrade unexpectedly and break your software if you have an OS update coming down. And then is there, I guess, within the realm of MDM, so mobile device management software. Is there any specific key features, whether it's Zebra or Rugga? I know Patrick called a couple of these Other things you guys can think of around how to support and manage those devices that are worth considering before we start hopping into the different options that you guys have seen out there. Maybe, Patrick, you can start with us.
Speaker 3:Yeah, I'll start. So I have seen that there are some EMMs that have taken Zebra's development tools, their EMDK, their developer's kit, and they've embedded some of that functionality into their portal or their UI as well to make it easier to use these Zebra extended options in an easy-to-use GUI instead of having to run scripting or push other files. I've also seen some other companies out there that provide MDMs and EMMs that have better support for Zebra enrollment, be that StageNow barcodes, or they have better support for remote control on Zebra devices. So there are things that are specific to just Zebra, since they are the industry leader in this space, that some EMMs have adopted and integrated into their own tools to make supporting and managing those Zebra devices just a little bit more convenient for everyone.
Speaker 1:Mark touched on this earlier. But the visibility piece and reporting piece. I know Zebra has their visibility IQ and there's a couple MDMs that specifically built integration into that. Can you talk? You know why, why company might want that. Maybe, mark, you can speak on that one.
Speaker 2:Sure. So there's a lot more metrics that come with the zebra operating system, like things like, uh, battery life, what, how long is the battery lasting and what's the current charge things that you wouldn't necessarily get with, uh, just regular oem android o. So with that you can automate things with your ticketing system to automatically generate a ticket when a device is reaching a bad battery lifespan in its battery lifecycle. So just having visibility and control over those metrics is pretty key got it.
Speaker 1:Yeah, I think um network's been another one. I don't know. Patrick, do you have any examples there for network data and analytics you've seen?
Speaker 3:uh, specifically, specifically from zebra. Yeah, they have their wi-fi manager tool that does a little bit more polling and capturing of network speed and link speed than is available for most Android devices. So we've seen customers use that data to help identify poor performing stores from a network perspective. It can be one thing to monitor that type of data from an access point or from your MDM EMM tool, but the data from the actual handheld, the Zebra device be that a tablet or a phone handheld device that endpoint data is going to be what's actually observed and what actually happened for that end user. So having that rich data from the device itself is going to give you the best visibility into that fleet. So adopting that Zebra data is just the icing on the top for a lot of companies. We found where they can really understand exactly how their environment is performing got it and the dmdm options.
Speaker 1:I know I think the we'll hop into these here in a second when we talk through the list. But the, I think the ones that have integrated zebra analytics I know I've seen it in sodi, I've seen it in the uh, that 42 gears, I believe workspace one has that because those are the primary three where they have really deep, rich integrated analytics for Zebra devices. Would you say that's true?
Speaker 3:Yeah, I would say those are the three that I've seen that have taken that extra step to integrate with Zebra's functionality more than the rest out there.
Speaker 1:Got it and I know we'll get to this towards the end. But Bluefletch does have their playbook and support agent analytics that, if you are using Intune, it's a good option to fill some of those gaps for that MDM as well. So I know, patrick, you were going to touch on that here in a second. So I guess, to start out the options and this is in 2024, so it's always a changing landscape but I would consider there's three primary options for MDMs, the first being Workspace ONE, the second being SODI and the third being Intune.
Speaker 1:I feel like those are the ones we see most commonly amongst enterprise clients, and when we say enterprise clients, it's clients that have 500 or more devices and typically have multiple apps, have multiple locations. So that's when I say enterprise, it's typically what I'm referring to from multiple locations. So that's when I say enterprise, it's typically what I'm referring to. But for Workspace ONE, which used to be AirWatch and it's probably the oldest of the MDMs from an Android support standpoint, I feel like that's had a pretty long run. I think it's been. 2013 is really when they started picking up Android devices. But, mark, maybe you can talk a bit about with Workspace ONE. What are the key features of it. What are the things you've seen or you like about it that you think might be useful for companies that are managing Zebra devices?
Speaker 2:Sure. So I really love the ability to control devices as groups, with their smart groups, or assignment groups, as they call them, and categorizing devices with your organizational units. They call them organizational groups, but being able to put them into a bucket and do something with them easily is great.
Speaker 1:So the example that would be like if I'm a company and I have, you know, my East region or specific States. They could group devices based on either that geographic or a business hierarchy right.
Speaker 2:Correct. Yeah, having the ability to roll things out that way is super nice, and then they have a lot of tools around application management and device management that I haven't seen with a lot of other MDMs, so it gives you the ability to take advantage of all the different features in your Android operating system. The other really big thing that I love about Workspace ONE is the API, which allows you to interact with the system on a large scale, do big data pulls or make big changes across your entire fleet quickly without example, like I know I've seen you do this mark.
Speaker 1:But like scripting, it's like building a script and you could deploy to 10,000 devices from a single script using the API, without having to go to the consoles. That that's a typical use case you're referring to. You're in correct.
Speaker 2:yeah, just being able to make a mass change as quickly as possible without having a whole lot of manual intervention Super nice.
Speaker 1:Got it. And Patrick, what other features, anything else that stands out to you, just based on your experience with Workspace ONE or AirWatch?
Speaker 3:Some of the things I like about Workspace ONE is they've, as I mentioned, they've taken some of those Zebra native features and rolled them into their core product. So if you're setting a profile, like a restriction profile, in Workspace ONE, there'll be options that are specific for Zebra and it'll call out what version of the Zebra MX system is required, the minimum version required for that. So it's really clear it's built into that product. So you know that this is a Zebra-only feature and more often than not they're features that our clients end up leveraging.
Speaker 3:Other things that I think Workspace ONE does well around Zebra when you're setting up an enrollment profile, they give you the option to go ahead and generate a stage now barcode instead of having to go to a separate PC, download the stage now client, generate that barcode in that staging process. Workspace ONE has taken that functionality and built it into their core product. So that's great. And then, lastly, we do see people also managing their Zebra printers in Workspace ONE. There's not the best data that they're retrieving from those Zebra printers, but it does support Zebra printer management so it can be really your all-in-one Zebra endpoint management tool. Got it?
Speaker 1:And then back to the OS version. I know we talked about this a bit before, but like what OS versions like Android flavors like is it eight and above it supports right now, or do you have guidance around this? I know a lot of enterprises do have legacy Android devices they have to manage. For AirWatch, what specifically does it support?
Speaker 3:AirWatch and SOTY are a bit unique in that they have their own agent. So an agent is the application on a device responsible for communicating to the MDM or EMM server on the back end to receive and execute the commands locally on the device. So since they have an agent, they have much more control over commands and how things are going to process, which is great if you're using legacy Android devices running Android 4, 5, 6. We've seen clients that can still manage those devices on Workspace ONE or SODI. With the announcement of Android Enterprise back with Android 8, I believe it was there's been a lot of different functions that have been added, specific for Android Enterprise versus the Android Legacy or Android Classic model. So that does open up your options for more MDMs or EMMs. That would be applicable to you. But if you're stuck on those old A5 devices or operating system, you're going to probably need to leverage a tool like a Workspace ONE or SODI that has an agent application on it that is paired.
Speaker 1:Got it and with the agent. The biggest difference there so with Android Enterprise, google has built this mechanism to deploy from the Play Store, so you pull applications down from the Play Store with an agent. So the AirWatch or Workspace ONE can both do direct APK installations from a relay server from somewhere on-prem and don't have to go to the Google Play Cloud and pull stuff down. Is that?
Speaker 3:how that works. Yeah, that's a good summary of that. So a couple of years ago, google actually stopped allowing companies to build their own agents. So Sodium Workspace One are grandfathered in. They have the ability to do those application installs, application rollback, file manipulation work. Google is pushing everyone towards leveraging only their APIs for device management, and hence why they're blocking companies from being able to generate those agents going forward. So everything now goes through, as you called out, like a device policy controller, which is a system supported application that comes out of the box on Android, which makes things a little bit more lightweight, but, as we'll get into with Intune is going to definitely restrict what your options are for managing devices.
Speaker 1:Got it. We'll shift gears to Soggy now, but I guess, before we do that, one of the things that I've observed and, patrick, I'd be interested in your opinion on now. But I guess, before we do that, one of the things that I've observed and, patrick, I'd be interested in your opinion on this. But AirWatch got bought by VMware, which got bought by Dell, which got bought by EMC, which got recently acquired by Broadcom, and then Broadcom announced a couple of weeks back that they were spinning off the euc, so the endpoint group which is going to include what I would call like legacy airwatch, spinning that off in into its own group, which is owned by kkr. Now I feel like a lot of customers have shied away from that. That shift in the market just concerned who's going to own it, where's it going to go? Um, and have you know, the last couple years been going to sody? Is that the same thing you guys observed? I guess, patrick, maybe you can go first on that one.
Speaker 3:Yeah, I think there's some uneasiness with customers about all that activity you mentioned with the acquisition and spinning off. I wouldn't say that the product has fallen off in any way yet. I think customers are just concerned that pricing might change. They're concerned that their support and service of that application might falter. So it's a lot of uneasiness, but I wouldn't say any of that has actually come to fruition yet. So yeah, I've definitely seen a lot of customers start investigating alternatives to workspace one. I think you know I would say five years ago workspace one was the clear favorite in the in the space.
Speaker 1:But uh, things are starting to even out a bit more yeah and mark, I know you probably have the the most experience workspace one out of all of us, but would you say that that, from your experience, mark, that workspace one is still a great product and the instability just comes from the concerns on pricing and ownership?
Speaker 2:Yeah, I think really it's the same quality of product that you're getting with Workspace ONE. The question is, what's going to happen in the future? Are we going to keep getting the same amount of support? Are they going to, you know, shift things down the down the line? Um, with any big uh acquisition, that's always a question. So, um, I guess we'll just have to wait and see yeah, all right, wait and see.
Speaker 1:So shifting gears, so sody, I know sody. I feel like around the time that Intune got purchased by VMware, I felt like there was a big uptick from SOTI where they were trying to take market share specifically around rugged. And you know they've definitely grown a lot. That product's gotten a lot better. They had a lot more features and capabilities, patrick, from your standpoint.
Speaker 3:what are the things you've seen on the clients where you use SOTI or the things that you really like about that product from an enterprise standpoint? Yeah, definitely so you called it out. I think SOTI's done a great job at focusing on that rugged Android and enterprise Android space. They've won a lot of customers over with their feature sets. Some of those things they do really well are the ability to create packages and run scripts. So Workspace ONE also has that functionality.
Speaker 3:Soty does it a bit differently, where you bundle up a package and then zip that file and deploy it. So that makes it really easy for myself as a third-party vendor to a lot of companies to build a package with applications scripting and then I can just send that to a customer for them to import into their own SODI MOBI control environment. That's awesome. That's really helpful. I don't need access to their SODI environment to do that to transfer applications or code. So I do really like that feature. Also, their scripting is good. I wouldn't say it's as good as Workspace ONE with the APIs, but they do have the ability to run scripts locally to devices, which is great. Be that stage now commands to configure the Zebra devices or some of their own functions. They've built like time sinks and resets and commands like that that can be run really ad hoc or scripted to run on some type of deployment cycle or schedule Got it.
Speaker 3:So they do a good job at giving you options to manage those Zebra devices. Things that I also like about SOTI is that their file sync option is really awesome. They basically have created the ability to sync devices and a server with a file system. So if you make any changes to a file system on a server, the device will actually go automatically, pull that updated file and store it locally on that device. So you're not having to actually go deploy packages and files every time you want to push a file out.
Speaker 3:We've seen this be really successful for managing os updates. Also, it's just easier for an administrator to manage the file on a server, like a configuration file on a server, and have all the devices pull that file automatically without having to worry about the going through the deployment step as well. And I've even seen this used in reverse. So you can also pull files off of devices. We've seen customers that are writing log files locally to devices and then the file sync rule will grab those files from the device and store them in a server for analysis and some other external tool like Power BI. So that is a great tool. It's sort of a replacement for Workspace ONE's relay servers, but in my opinion, it's a much better implementation of that and yeah, you know SOTY, it's been good. They've definitely updated some of their UI lately to be a bit more modern, which is always appreciated, and they've also given you the ability to upload APKs directly to the portal as well, which was previously missing. You had to go through the package manager option, as I talked about at the beginning.
Speaker 2:But I guess Mark anything else to add around SODI or things you like about SODI, I'd say out of all the competitors on the market, SODI is the most comparable in features to Workspace ONE and you can virtually do everything you need to do to control your devices.
Speaker 1:So a question for you, mark, on those the SODI versus Workspace ONE. It seems like both of those are very Zebra-forward. They have a lot of features and capabilities for Zebra. We're going to pivot here to Intune in a second. But is there any big difference in relation to Zebra devices that you can think of for managing them that you would get with one that you wouldn't get with the other?
Speaker 2:Sure, Really just the difference in method. I think the only thing that I prefer is that on the Zebra devices you're able to access the file system via Workspace ONE, assist with Workspace ONE and in SOTY. I don't know that there's a way to do that. Patrick, correct me if I'm wrong.
Speaker 1:You can, oh, you can. Okay, that's through the remote control, just delete that.
Speaker 1:So that's the remote control option. You can get in there. You can access file systems. You actually look at files on there. This goes back to the file sync rules that Patrick had talked about. So I feel like both of these tools great tools for managing Ze devices, lots of features and capabilities. I'm going to go to the third option, which I'm going to go ahead and throw this out there. It definitely has less capabilities for Zebra devices, which is Intune and Patrick, I know you've probably done the most Intune deployments and worked with them the most in the last couple of years, but maybe you can talk about what you've seen with them and how you've seen that change since you started using them.
Speaker 3:Yeah, absolutely so. Intune is Microsoft's endpoint manager solution, so this is a UEM, if you would call it a unified endpoint management system. It was originally for managing Windows PCs and laptops and has grown to be that all-in-one for Android devices, for Apple devices, etc. So this is the kind of the new kid on the block in the EMM space. Intune I hear about more often than not. In the last six months A ton of customers are considering it or have already made the jump to Intune. The reasons they do that are mostly around cost savings and integration with the Microsoft ecosystem. So, as you called out, brad, there's definitely less features than SOTI and Workspace One, but the total cost of ownership potentially is cheaper if you're bundling some of your other Microsoft solutions as well. And they also have a few advantages in that they have a tighter integration with a lot of the Microsoft features, like intra ID, azure and all of their managed access policies and additional access policies. So go ahead.
Speaker 1:Yeah, let me Mark. You can talk about this for EMDK and stage now support. What have you seen within tune, or what's, or what shortcomings or gaps does it have there compared to the other two?
Speaker 2:Yeah, it's pretty lackluster. So because you're just using the device policy controller and the Android Enterprise, you're restricted to those features that are supported directly there. You don't have the agent, so you can't control the behavior of the device like you can with workspace 100, sody can't, um, well, you can't. Sorry, you can control certain things, but it's very, uh, small, um, but it's very small or it's very light in comparison.
Speaker 1:So, Patrick, for you. I know we have some tooling, but what have you seen around clients trying to fill those gaps that Mark just called down?
Speaker 3:Yeah, so, as Mark mentioned that stage. Now XML and those ad hoc commands are not applicable to Intune. They simply just do not support that method. So companies have had to start thinking a bit differently about how they manage their Zebra devices. Oem config is becoming one of those replacement options, and what that is is it's an application that gets deployed from the Play Store to Zebra devices and you set the application's configurations that then apply to the device. So instead of sending a command to a device, it all now comes from the Play Store. The UI is completely different. The way it gets delivered to a device is sort of an all-in-one delivery, or the UI is completely different. The way it gets delivered to a device is sort of an all-in-one delivery versus being able to batch things or run things in a particular order. So it's definitely caused companies to have to rethink the way they do things, and it's definitely a learning curve and been painful for a lot of the MDM admins that I work with. There's no task scheduling, no ad hoc commands or scripts. You really just have to have a lot more patience if you're an Intune admin, because we've seen big latency in reporting as well.
Speaker 3:However, there are some options out there that make life a bit easier. Blue Fletch Playbook is a tool that we specifically wrote for this exact scenario. So we talked a little bit earlier in this podcast about agents on a device and having a local agent on a device to run commands and execute commands. That is still an option with Bluefletch Playbook, so we can deploy our agent from the Play Store and then you can send those commands, those scripts, those stage now XMLs, file moves and copies to the device from our Playbook tool. So it brings back a lot of that functionality that you lose when you migrated away from a SODI or Workspace ONE and gives admins a lot more fine-grained control over their devices to be able to do things that they've done in the past, basically as a given, just by having one of those tools and one of those agents out there.
Speaker 3:I think about software rollbacks, a lot Intune makes it extremely difficult for that because really Android is making it difficult for them to do that. So there's no way to roll back a version of an app unless you go uninstall that application first and then reinstall it. So having an agent basically gives you the ability to do things like that exact scenario roll back software, install third-party software from an outside source and even remote control your device is another option that we provide for Intune managed devices. Intune does not provide a remote control solution out of the box. They've actually white-labeled TeamViewer and so that is an additional add-on cost that a lot of companies don't consider when they first see the cost of Intune. So we do offer a remote control add-on that brings a lot of that functionality that you might lose going to intune back into play, got it and then for zebra specifically does.
Speaker 1:Does intune have any printer management right now, or is that something that they're that you guys have seen anywhere?
Speaker 3:I'm not seeing that I don't know if that's in their roadmap.
Speaker 2:Don't believe it is. Peripheral device management, as far as I've seen, is not really a part of Intune's feature set.
Speaker 1:Got it. So you need to look to some other solutions like Zebra's device or Zebra's printer management solution. Mark, I know you've been using Intune or looked at it for quite a while. How have you seen it grow over the last couple of years?
Speaker 2:Yeah, I think there's a big drive towards it because of how many Microsoft shops there are out there. A lot of offices already have their Microsoft licenses and Intune is just a part of that, so they're switching over to just using it instead of paying for an additional license. So as far as growth goes, it's I think the tool has been, it's become more usable, just not as Zebra features Zebra-specific features have not grown in any way.
Speaker 1:Got it. So for Zebra, so in Workspace ONE, are still stronger. And then, patrick, you touched on the application. Like the Microsoft apps, can you talk a bit about? You know why Intune has been useful specifically for those shared devices.
Speaker 3:Yeah, so Intune offered in the last. It's probably been a year now since they announced their shared device mode and it's definitely grown and matured since that time. But the idea here is that you have these shared Android devices we've talked about in a workplace. You have a user log into that device and once they're logged in, you want them to have the experience of if that device truly belonged to them. So you open up your email and you're automatically logged in with your email in a native application. Same with Teams, sharepoint, power Apps, things of that nature.
Speaker 3:Microsoft has built basically the roadmap and infrastructure to allow you to do that now, and that is not specific to Zebra devices at all.
Speaker 3:That's something that you can do on other device types, other Android models as well, but they've really integrated that into their EMM to allow you to set up devices in that exact model the shared device mode I talked about. So they were the first to offer that. Of course, they make it the easiest to set that up and integrate that shared device mode. However, there has been an announcement that they have brought that same integration over to SODI and Workspace ONE. Most customers are going to Intune if they're going to use that model instead of having to basically manage two different systems to achieve that same result having to basically manage two different systems to achieve that same result. But it is interesting that they've started to open that up to other external EMMs as well. So shared device mode is great If you're heavy on the Microsoft applications, if you already have licenses for frontline workers, intra-id accounts, things like that. Intune makes it really easy to give you a native experience on shared devices.
Speaker 1:Got it. So the big three Workspace ONE, which was really the first entrant into the Zebra device management space, sodi definitely took a lot of market shares, definitely huge players. Workspace ONE and SODI have a great Zebra-centric functionality. And then Intune I think one of you guys called it. But then you get on the walk. It's definitely taking a lot of market share, just based on A pricing and then the Microsoft ecosystem integration. So those are the big three. I know we see those the most and wanted to pivot into what I call the secondary options, not necessarily because they're inferior, but for other devices, what we've seen for MDMs, and you know, I think, a lot. The first one is might be a bit controversial for this, but we've seen this a lot with a lot of customers, which is Samsung Knox. We've seen this a lot with a lot of customers, which is Samsung Knox, and it's mainly Samsung support. Only I believe they have some Zebra functionality.
Speaker 3:Patrick, do you want to touch on that at all? Yeah, so Samsung Knox Manage is a EMM from Samsung. Of course, that was purpose-built for Samsung devices, more or less, so they've taken all of their developer kit and integrated that into the UI for managing devices. However, it is still an Android Enterprise EMM, so it is certified for Android Enterprise API calls, meaning a Zebra device could theoretically be enrolled in Samsung Knox. I would not recommend that scenario, but we do come across a lot of customers that have mixed device fleets. They're using Samsung devices in the retail store, maybe Zebra devices in the distribution center, and they've already standardized on Samsung Knox, for example. Theoretically, you could keep everything under one roof and use Samsung Knox for that, but I would look at some of the other options out there that we've already discussed and some we're about to discuss next.
Speaker 1:So the next one on my list was 42 gears or Shure MDM, and I feel like this one we've seen it. I think it's getting pushed by Zebra. Maybe, Mark, you can talk a bit about 42 Gears and what we've seen with it and how it's taking some market share away from SOTI.
Speaker 2:Sure, as far as the Zebra device side of things, it's got some really good functionality. It's on par with SOTI and Workspace ONE. As far as what you can do as far as the interface, the grouping and that sort of thing and the ability to manage a large device fleet, I'd say that it's lacking a little bit, Definitely needs some work in that department. But overall, if you're trying to manage Zebra devices, you'll be able to get everything done that you want to do in SureMDM.
Speaker 1:Got it and it's. I believe we're starting to see a lot more of. I think Zebra has an alliance with them, so I think they're able to skew it and sell it, so that's probably the reason why you see a lot of Zebra devices running it. The next one on the list I had was Manage Engine, and I know I've had some customers ask me about this, but I guess, Mark, maybe you could talk about it. Is this something you've seen out in the field? I know I've seen it covered in Gartner, but I've actually never seen we've never had a customer use it other than the ones that have just casually asked us about it.
Speaker 2:Yeah, so it's strange. I have seen it in the past. This was a long time ago, about 10 years ago, and it it was very under developed. I think. At the time we were comparing it to um workspace one and it had none of the features that we needed. However, I haven't seen it in the recent years, so I can't speak towards that where it is now on the market.
Speaker 1:But it does appear to be a competitor. Patrick, do you have any experience, I guess, with Zebra devices? I've not seen it running anything Zebra-centric.
Speaker 3:No, I have not either.
Speaker 1:All right. Next on the list I might butcher the name here, but Ivanti Neurons for MDM, which was formerly known as MobileIron. So Ivanti had purchased MobileIron and there was another product they had as part of the Wavelength portfolio called Avalanche that they decommissioned. I think everything is going for neurons for MDM. But, patrick, I know you've done some training and working with this and integration wise, maybe you can talk a bit about what you've seen with neurons for MDM, how it stacks up against some of the other ones.
Speaker 3:Sure, yeah. So Avanti good friends of ours are really big in the warehouse and logistics space, so this product I would say I see most often applied in that that vertical customers that are already using velocity of Avanti's velocity for terminal emulation or connecting to SAP, for example. They've also adopted their MDM for device management. Neurons was released last year, rebranded last year 2023. And some of the nice features about it are that they've really gone headfirst into the, I guess, the machine learning and AI story. So they're being very forward with their proactive reporting, alerting, analytics and insights into devices. So I do like that approach that they're taking. However, I haven't seen a huge install base on this yet, I think probably because of the focus of where they are as a company. But we have definitely set up BlueFletch software, deployed it through Avanti Neurons and really no issues with that. So I think this could definitely suffice for managing your Zebra devices.
Speaker 1:Got it. The next one on my list was Hexnode, and I guess Mark or Patrick, have any of you guys seen clients with Zebra hardware running Hexnode?
Speaker 2:I have not.
Speaker 3:I have not either. I'm definitely aware of this company and I see their brand out there a lot. I think they do a really good job of advertising and marketing, but in this specific scenario, we're talking about rugged Zebra Android devices. I do not see a big adoption of Hex, no, no.
Speaker 1:Got it and the next one on the list was Meraki by Cisco. So Meraki was, I believe Cisco purchased them and I know I've had two specific clients that have used you know they're a pretty Cisco heavy shop and wanted to use Meraki for managing devices. I mean, I think it's similar to Intune in the aspect that it's right now it's pretty much Android enterprise forward and doesn't have any like detailed DPC. Patrick, have you seen Meraki used anywhere for fleets of large Zebra devices?
Speaker 3:No, you know, just really access point. Yeah, that's what I was going to say Just really access point.
Speaker 2:Yeah, that's what I was going to say. I thought Meraki was only access points, but I didn't know.
Speaker 1:They do have Android Enterprise functionality. I do have two clients that are using it for that. Yeah, it was new to me, but it's definitely something I've seen this year, but definitely not a very common solution. The next one, which I've seen a lot of advertisements similar to Hexnode is Scale Fusion, and have you guys seen that or seen Scale Fusion anywhere, or played with it at all?
Speaker 2:Nope, put it on the list of things I got to play with.
Speaker 1:All right. So Scale Fusion's out there If you're interested. I'd love to hear comments from folks. And then the last one I was in a partner demo day with Zebra last year up in Chicago and one of the things they had was, with Zebra DNA Cloud, the ability to manage devices, and I'm assuming this is for smaller device fleets. I've not seen any enterprise customers, but definitely it's a tool I've seen that can use. The Ziba EMTK really relies on that. But I think if you're a smaller company that's looking for something that you can get built in and not have to spend a lot. I think it's similar to Intune, where it's low cost or no cost. You know Ziba DNA Cloud and Patrick, have you seen anybody actually use this out in the field that's of size?
Speaker 3:No, I've seen demos like yourself at sales kickoff meetings and some of their materials around it, but I've never actually had to put this to the test or have customers that had to. So I can't comment on where it might shine or fall short on where it might shine or fall short, but you know it's probably going to be full. It's going to take advantage of the EMDK as much as possible, since it is a Zebra product.
Speaker 1:Got it and the last one on the list and Patrick, I'd like you to talk about this. You mentioned this before, but Bluefletch has a tool called Playbook that is specifically for managing shared Android devices in the enterprise and I know Zebra is really our biggest use case. I think, zebra, we have full functionality across that, but can you talk a bit about Bluefletch Playbook and where it might be used for managing devices, as opposed to just being used on top of Intune used?
Speaker 3:for managing devices as opposed to just being used on top of Intune, Sure. So we do have customers that leverage BlueFletch, our EMM and Playbook tools solely as their device management tool. So they're not pairing us with Intune. They're coming to BlueFletch to enroll their device with our EMM and our Android Enterprise EMM and then use Playbook to bring back a lot of that fine-grained control like sideloading applications, managing files locally, running stage-now XML. So we've kind of tried to bring the best of both worlds. We have the EMM, where you can deploy apps from the Google Play Store. You can leverage all the Android Enterprise APIs that are made publicly available, and then we also bring some of that legacy nice-to-have functionality as well with our Playbook MDM. So they are slightly different tools but when they're paired together they really are a great option for managing your devices. And then not only that, there are additional BlueFletch Enterprise tools, for we think about how an end user actually interacts and experiences their device. Experiences their device.
Speaker 3:You can think of an MDM and EMM sort of as the guy behind the curtains pulling the strings and making everything happen and sync and be compliant with the right software. But what is the end user actually seeing? Experience. And that's where Bluefletch Enterprise comes in. Our enterprise launcher is really the first screen a user would see. It's going to limit what the user can do and access. It's going to restrict security and settings on the device. It's going to allow them to log in with single sign-on and have a role-based experience, very much like that shared device mode from Microsoft, which we also play nicely with as well. So this is an Android-only solution. It works great for Zebra, as we mentioned with the Playbook add-on tool. But if you guys, you know, if you're looking for one solution that really can do everything from staging and enrolling your device all the way to providing a single sign-on experience for each user out in the field, we have an awesome option for you guys.
Speaker 1:Got it. And then the last thing I had a note on my notes was I'm going to call this an honorable mention, but it's not actually device management, it's printer management. So Zebra has their Zebra Printer Profile Manager. So Zebra has their Zebra Printer Profile Manager and this is a standalone product that can be used for managing Zebra printers when MDF doesn't support. So if you have an Intune, you can use Zebra Printer Profile Manager for managing a fleet of printers separately. I know SOTY and AirWatch both include integrated printer management and I'm not positive. I believe I know Avalanche used to have it. Do you guys know if Neurons includes printer management? And I'm not positive. I believe I know Avalanche used to have it Does. Do you guys know if neurons includes printer management?
Speaker 3:I don't. I assume they would, but I don't know for sure.
Speaker 1:Got it Awesome. So that's the list of secondary options and there's. You know, if you search in MDMs, there's probably a slew of 20 or 30 other ones. These are the ones we come across most commonly and some of them to Patrick and Mark's last point we've heard a lot about them. We've not actually seen them used in larger enterprise customers. So definitely, if you're looking for the big three, the workspace one, sodi and Intune are probably the three most commons. And then if you have specific niches, 42 gears, the Ivanti neurons is, we've seen those. And then, you know, for Samsung devices, we've seen it but we've not actually seen it used for Zebra specific devices.
Speaker 1:So for the last segment, I wanted to talk through with you guys specifically around. You know, if somebody is looking at an MDM solution, what they should be thinking about for evaluating, what are the requirements you need to go look at and we've done assessments for companies and wanted to run through it. You guys had sent over your notes on a couple of the key things and we'll start with the first, I guess, bucket, which is, you know, if you're looking at MDM solutions, understanding your infrastructure limitations and, patrick, I know you had a lot of items on your list when we talked through this. Do you want to go through what the key considerations you have for this are?
Speaker 3:Sure. So thinking of infrastructure, usually my mind first goes to network limitations and restrictions. So what does your network look like in a store? Do you have servers set up already? Do you have access to the external Internet? Those are all considerations that you need to understand before you select a tool. Those are all considerations that you need to understand before you select a tool, because some of these options we discussed are cloud only and would require network connection to that cloud.
Speaker 3:Some options, like Workspace, one and SODI, actually offer what they call an on-premise solution, which they'll give you the code and you can install that on your own servers and run that locally within your network. That's a great option for companies that don't want to have to traverse the Internet to get updates. For companies that want to have a more restricted network and firewalls in place, they have much more control over that network traffic. So that's a big thing to understand.
Speaker 3:At first, there are some downsides to going on-prem. It's going to be harder for any of your support staff to access that unless they're on your network or on a VPN, which in a way is also an advantage because it's a security control in place. But it is also going to be slower to take updates and have less new product or feature support, because you'll probably always be a version or two behind with that on-prem install. So that's one of the kind of the big forks in the road that we see companies come across. First is you know, does it offer an on-prem solution or not? Intune does not offer on-prem, so companies are having to say, ok, well, that's fine, we'll make network exceptions for that traffic there.
Speaker 1:Got it and then, I guess, from infrastructure limitations, mark, maybe you want to talk about the hardware limitations. Mark, maybe you want to talk about the hardware. I think one of the things I was thinking of for this discussion. We're primarily talking about Zebra devices, but I know hardware and other OSs and you mentioned this earlier like the Windows managing Windows devices and iOS. Mark, do you want to talk about what you think about when you're evaluating MDM?
Speaker 2:Yeah, sure. So the main thing you'd have to think about is what other devices do you have in your fleet and if you're already using a different mdm for those, are you going to move them into this new mdm for your zebra devices, or are you going to try to make it work with your current mdm to move all your zebrabra devices in there, or are you okay with having them all separate? So that's a key consideration. If you have iOS or Mac devices or Windows, you're probably going to have to look for one of the bigger players in this market, because the smaller ones just don't have the feature set support for all the different operating systems.
Speaker 1:Got it. And then the next bucket I had in my list that we talked about was when you're looking at MDMs your security requirements. Patrick, do you want to talk about what your list to be, or things that companies should think about evaluating when they think about security requirements?
Speaker 3:Sure. So you know, multi-factor authentication is a big one for a lot of companies. Do you want to enforce MFA if you're seeing some unexpected traffic from outside your network et cetera, things like that? So being able to integrate with your system for that, be that your access management tool, like Okta, or IntraID, which is Azure AD rebranded, or intra-ID, which is Azure AD rebranded that is awesome integration. If you can build that pipe in so that you can enforce MFA and apply that from. You know, based on a device being managed or not, a device being compliant with the latest lifeguard version or not, and then have that user be prompted for MFA, depending on those different criteria that are being assessed, also other security requirements.
Speaker 3:Single sign-on is not really only just a nice-to-have feature for the end user where they only have to log on once. It's actually a better mechanism for managing access because you have a single account, a user account that you can control permission and role and access for that user from one single management tool. So you know, does your EMM or MDM support single sign-on to your access management tool? Does your EMM or MDM support single sign-on to your access management tool? Will these devices be shared or are they going to be personally assigned and delivered to the end user, with Zebra, I would say, 90% of the time, if not more, see these devices used in a shared mode. They're not really designed to be personally owned or personal carry devices.
Speaker 3:Other security considerations are you going to be deploying Wi-Fi certificates for, you know, pci type of transactions on your devices? Well, you need to make sure your EMM is going to support pulling from a certificate authority, be that device-based certificate or what have you for deploying that to devices. What about VPN support? We talked about that a little bit. With MFA Intune, you can deploy the Microsoft Defender application and have that really tightly integrated with your application management policies as well. So those are just considerations that we come across just a small handful. It is really important, though, to understand what Android Enterprise is making available to you and making sure that you are ensuring your requirements meet up with those options out there. Got it and this?
Speaker 1:sort of goes back to the Intune and a lot of these vendors that are really compliant to Google's Android Enterprise standards, and then the SODI and 42 Gears and one that's that adds in a lot of those capabilities based on the pieces that zebra exposes specifically for their devices.
Speaker 3:Yep, exactly, and yeah, I. I think, as we mentioned, sody and workspace one go above and beyond what android enterprise makes available out of the box. Not all corporations or companies need those features and functionalities available to them. Many companies could get by just with the pure Android Enterprise options out there. So definitely worth doing that analysis on your own and ensuring that you have the right solution for you.
Speaker 1:Got it. And the last big category or bucket of things, if you're running an evaluation, pre-mdm we had was like what we categorize as operational use cases and, mark, maybe you can talk to this. I think the first one we had was just about, like that, setting up devices and how you deal with that. Do you want to talk through just mere experiences with that?
Speaker 2:yeah, just think around what kind of enrollment process you're going to do. Are you going to have a depot set up all of your devices for you and roll them out? Um, they're going to have better luck with certain uh systems where they have more control and can automate some of that for your depot, so you're not spending a whole lot of money on each device to get it up and rolling the other things. Can you do some of that inside the four walls of your stores or your deep or your warehouses?
Speaker 1:When somebody goes from one MDM to another. I feel like I've not seen these. What is the typical path you have to do when you go, let's say, from a workspace one over to an Intune? What does that look like? What are the steps involved in that setup and provisioning from one MDM to another?
Speaker 2:Yeah, first you have to transfer all of your policies and settings and everything, build out your whole new environment assuming that you can get one-to-one and then after that all the devices need to be re-enrolled, so they have to be wiped and then enrolled into the new environment.
Speaker 1:Got it, so you'd actually have to physically reset the devices to re-enroll them in Android Enterprise for a new MDM. There's no way to cut it over from one to another.
Speaker 2:Correct. Yeah, they do have to be wiped.
Speaker 1:The next operational bucket we had in the ops was around reporting. Maybe, patrick, you can talk about some of the key requirements or things you think about when you're looking at MDM and looking at a company.
Speaker 3:Yeah, reporting is huge, or things you think about when you're looking at MDM and looking at a company yeah, so reporting is huge. Any MDM administrator or endpoint management team is going to need that, those KPIs and those dashboards to track their deployments and their rolling software updates. So for me, this is one of the biggest criteria when evaluating MDM or EMM is how real time is that data? How accurate is that data? Multiple devices at each site I want to have a really clear picture of what my run rate or I guess my uptake rate is of that, what my compliance rate is and how close I am to hitting that 100% mark. So that to me is a big one. Understanding compliance with operating systems and security, patches, application versions, network profiles that's all really important data that, if it's not seen, means that you have sort of a you know just a wild west of devices out there where devices are strayed and they're not matching the desired setup of a device. Timeliness and latency of that reporting is very important as well. Intune has some built-in reporting but you got to be an extremely patient person to get any value out of it. It's extremely slow for that feedback loop to understand if something was successful or not. I would say SOTY and Workspace ONE have slightly better support for that, but there are third-party tools that are specifically designed around that that I would say do a better job. I think Splunk has one of their own Android agents. Bluefletch also has an agent as well that is responsible for collecting all of that data and telemetry data and sending that up to a cloud for analysis, like a Power BI or a Splunk.
Speaker 3:But you think about when these deployments happen. Usually they're overnight. You've got a team that's managing that and making sure it goes well. You want to give them as good of a picture as possible to see that progress in that fleet and react really if anything starts going wrong. So that's what I think about when I think about reporting. It gets forgotten about a lot. I would say, uh, reporting it's. It gets forgotten about a lot, I would say. But once everything is deployed and out there, it's really your only way to understand. You know how healthy are these, these devices that are spread across the country or spread across the world?
Speaker 2:got it sorry, just real quick on that. Um the, I think when I'm thinking about what I want to buy in a software as far as reporting goes, I want something that gives me the big picture view and also lets me get real granular and detailed in it so I can figure out what's going on when something is going wrong.
Speaker 1:Back to the API and individual device level pieces you talked about earlier, right, mark? Yep, mark, I know you've done a lot of work with supporting devices I think another category and you'd mentioned this before when we put together some notes for this but the technical support and training and documentation is definitely important to guys like us that have to do boots on the ground and managing these devices. What are the things you look for in those areas as you think about the MDMs and tools that are out there?
Speaker 2:Yeah. So most of these companies have most of these MDM companies have their own. They have public documentation and so you can actually go pour through it a little bit, see how detailed it gets, how granular it gets. Are they giving you step-by-step instructions for things or are they just kind of talking about things in like a very high level way, if that can kind of give you a good idea of how committed they are to supporting their, their software and how what kind of help you're gonna get when you get on the phone with somebody, because usually when you're talking to somebody on the help desk you're usually just getting somebody reading through the training documents so in the next category is sort of the flip side of that as as administrator of the MDM that you choose, I think, the understanding what your admins and your help desk need.
Speaker 1:What are the categories Mark you look for in? I'm going to call it like internal support tools or help desk support tools for these products.
Speaker 2:Right, and that's going to be what you have control over per device. So when I'm on a call with somebody at a store or warehouse and they have a device in front of them and they need help right now, can I get on that device? Can I interact with that device in every way that I need to? Can I quickly resend an application to it, uninstall, reinstall that kind of thing? If some of them are better at that than others, I'd say Workspace ONE and SODI give you that kind of control, and even SureMDM 42-Gear SureMDM will give you that kind of control. It's harder to get that kind of stuff in Intune. You need some helper applications like Blue Fletch, playbook, team Viewer, something like that.
Speaker 1:So you think about your help desk. They need to remote in devices, like you mentioned, file management. So pull files in devices, like you mentioned, like file management, so pull files, push files, run stage now, run intents and then install, uninstall applications. So those are really useful for your help desk to be able to troubleshoot and mediate devices without having to bring them back into your depot. And then Patrick back to the Intune piece and Patrick back to the Intune piece. I think from an operational requirement standpoint your application landscape seems like a really important thing. When you talk with clients or give them recommendations around app landscape, what are the key points you think about there or ask them?
Speaker 3:Yeah. So for me it really comes down to single sign-on is the first question. So everyone wants single sign-on, but it's not as easy to implement as people might like. On shared device modes Sorry, on shared devices, as we talked about, microsoft has made that a bit easier with shared device mode and if you're using the Microsoft native apps like Teams and Outlook and Edge. So that's one of the big considerations that actually can help drive your choice of an EMM. If you're not a Microsoft shop, I would say there's no true advantage of Intune for you except for potential pricing. I would then maybe consider a SODI or a Workspace one for that additional control that your endpoint management team is going to appreciate.
Speaker 1:Awesome. All right, so that's a wrap for the items. I'll do a quick recap here. So we talked about what is an EMM MDM solution, the differences for Zebra versus BYOD and then the I would call them the big three options. So Workspace ONE, sodi, intune, the pros and cons of those. Yeah, I think Workspace ONE and SODI definitely have a lot more capabilities specific to Zebra. Intune is getting a lot of market share for a lot of the reasons.
Speaker 1:Patrick just mentioned the second tier of MDMs. You know, based on your need or specific use case, you might want to take a look at those and then, you know, evaluating the things that you look at or should be looking at as you look at it. I think we talked about the infrastructure, the security requirements, and then the operational use cases were the big buckets to think about as you're looking at MDM, and then the operational use cases were the big buckets to think about as you're looking at MDM. If you do have further questions around MDM options for Zebra devices, definitely feel free to reach out to us at info at bluefletchcom and if you have other questions, feel free to let us know. But, patrick and Mark, thank you very much for walking us through this today. I appreciate it and have a good one.