แชร์ผ่าน


Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 1)

Hello and welcome to my first blog as a member of the Office IT Pro team. I used to blog quite a bit for the Windows team about fun topics such as imaging, deployment automation, physical-to-virtual OS migration and application compatibility. If you’re wondering what I am doing in Office now… well, there are tons of cool deployment things we are doing for the next release and I definitely wanted to help with that – more to come on that in a few months.

A lot of people keep using the phrase “Post-PC World” as if the death of the keyboard and mouse are eminent. I love keyboard-less devices and anyone who knows me also knows I have a ton of ultra-mobile computers (UMPCs) both with and without keyboards. Right now, I am using a docked HP 8540W with a full-sized external keyboard and mouse to write this blog, because it would be a chore to do this on any of my keyboard-less Windows or non-Windows tablets in the same way it would be painful to use my tiny Umid mBook or Fujitsu U820 keyboards. Not all form factors are created equal for getting work done, and based on that, I think we are still in the “PC World.” All of this is especially important when it comes to Office and productivity applications and whether one is in content creating or consuming modes. And it happens to lead me to my first thought – Do users expect the same experiences across all these computing devices?

Hold that thought. This is part one in a series of blogs meant to explore how people can use multiple device types to access, view and edit work documents and files. I really want to cut through the hype and show some real ways to manage multiple device types with varying operating systems and browsers. I will break it down with the following key themes.

  1. Office Software Delivery Types – PC, Mac, Phone and Browser
  2. Managing Email Access on Different Device Types
  3. Customizing the Office End User Experience for Touch Devices
  4. Differentiating File Access Based on Device
  5. Remote Desktop and Application Options, Benefits and Challenges

A lot of this is not just about Office and using the Office Suite of applications, but instead a general allegory on managing multiple devices and providing differentiated access privilege based on device trust. Yoni Kirsh and I presented this topic at TechEd in Atlanta last May. We covered many of these themes and showed a bunch of demos on Windows, iPad, Android devices and of course server-side. While my colleagues on the Windows team have built a lot of great content on the Consumerization of IT to explain what it means to have people want devices and the tensions associated with managing them, I thought I would get my hands dirty and actually build my own functional Exchange and SharePoint environment with a bunch of devices to see the real implications and decision points of building out a multi-device world. I have a little history doing this kind of stuff; when we used “Infrastructure Optimization” as a sales and marketing campaign back in 2006, I decided to write 500+ pages on how an IT pro would implement our Core Infrastructure Optimization recommendations, so how hard could this tablet topic be?

Office Software Delivery Types – PC, Mac, Phone and Browser

As with any investigation and reporting, there is a bit of discovery needed. If I put the lens on Office again for the moment, you will see there are quite a number of ways to view and edit Office files across a lot of platforms.

  1. Office full applications for Windows 32-bit and 64-bit
  2. Office full applications on Mac Os
  3. Office viewer applications for Windows
  4. Office mobile phone applications
  5. Office Web Applications
  6. OpenXML applications on Windows and non-Windows devices to view OpenXML files (docx, xlsx, pptx, etc.)
  7. Office remotely hosted on a Windows Server with Remote Desktop Services role installed
  8. Office hosted (remotely or locally) on a physical or virtual Windows client operating system

When you think about all of these options, there are two vectors that I find important as an IT guy, “Do they have enough functionality for the user and can I manage it?” When I say manage, I can’t just relegate management to the Office application itself. Management in this case means:

  • “Can I authenticate the user is who he says he is?”
  • “Can I give access to documents or application features based on the user’s rights?”
  • “Can I control the client-side experience to resist unwanted user configuration changes, undesirable code or add-ins?”

These are a few big questions, but still the tip of the iceberg. Of course, I need to weigh what the application can do. If my users are even running Windows XP with Office 2003, they have an expectation of what Office can do for them, so will replacing that with a set of Office Web Apps or Office for Mac 2011 really meet all of their expectations and give me enough management control? I have visualized the main scenarios for feature functionality and manageability into the following quadrant diagram.


Management-wise there is little I can set and enforce (enforce being the key word) on a Mac or a phone. Office for Mac 2011 offers some install-time configurability, but lacks any policy enforcement. That means everything is set as a preference and there is no Active Directory Group Policy-like enforcement of these settings. You will see recommendations like this from Microsoft:

Best practice

Consideration

Educate and train users about the security settings that are available to protect their documents.

There are no administrative settings that allow you to enforce security preferences that you specify. Even if you set and deploy security preferences, users can change these preferences at a later time. Therefore, if you are deploying security settings as part of your organization's policy, you must educate your users about the risks associated with changing default settings.

As a frequent conference speaker, I love quotes like this since they are a sure fire way to get fun reactions from your audience. “Yes, I will inform people like my mom to not change my default settings – that will work for sure.” If you are like me, pilgrimages home usually involve running ERD Commander at least once on every machine in the house. Are your users much better?

The net result here is that functionality and feature level parity against the Office Professional Plus 2010 Windows applications are close, but not quite the same. Manageability is largely limited to server-side access controls and install-time preferences. These limitations in my book put Office for Mac 2011 at about the same management level as Office for Windows Phone 7. While the phone doesn’t really have install-time or post-install preference setting per se, Exchange Active Sync-enforced settings fill in the install-time preference gaps and server-side document controls are roughly similar. Windows Phone 7.5 (Mango) and Office for Mac 2011 both respect Information Rights Management. The Office for Windows Phone 7 applications however do have a smaller set of features compared with the full clients for Windows or Mac. In fact, these features are roughly comparable with the Office Web Application feature set on an app-by-app basis, characterized by high fidelity viewing with limited editing or document creation capabilities. These limitations are generally indicative to most Web applications – Microsoft or not – versus their locally-installed counterparts. Office Web Applications if you have not yet used them are accessed via SharePoint 2010 environments, Windows Live or Office 365 portals.

Last but not least, I have Office installed on a remote Windows Server or client operating system and accessed via a remote Windows or Android device, iPad, thin PC or similar device. In theory, there should be parity with running the full client on a local and physical computer and with the current level of integration, we are getting close. My rationale for limiting the feature level is mainly due to lack of offline use or use over a slow connection. Depending on the architecture used and whether or not you allow user profile settings to persist, customizations may only be at the hkey_local_machine (HKLM) registry or default user profile level, which rules out per user customization. Since we are potentially painting a screen of a remote server or virtual client hosted in our datacenter, and the sessions are generally always active and connected to systems management tools for servicing, there is typically a management advantage. Even though remote hosting can provide benefits, you still need to pay attention to how endpoints are accessing these sessions and where data can be stored and accessed among other things. We will talk about data access and save-to location permissions in future blogs in the series.

With that, you have an idea of the delivery types for Office applications. I didn’t touch repackaging or Application Virtualization intentionally here as we can roughly put them with the full client; there are a few non-parity issues paired with a few provisioning and management benefits, but for the sake of this blog series I will combine that delivery type with where I put the local installation of Office Professional Plus 2010. In the next blog, we’ll cover Exchange Active Sync controls for email and calendar on slate devices along with how Office can be configured and customized for touch use.

Thanks for reading and more depth to come soon in part 2,

Jeremy Chapman

Senior Product Manager

Office IT Pro Team

UPDATE: Now that all of the blogs are complete in the series, here are links to all six completed blogs:

  1. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 1) – Introduction and Methods to Deliver and Consume Office
  2. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 2) – Exchange ActiveSync Considerations and Customizing Office Client Installations
  3. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 3) – Office Web Apps on Non-Windows Devices
  4. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 4) – Device-Based Access Management
  5. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 5) – User Interface Configurations to Prepare for Remote Desktop Environments
  6. Windows, iPad and Android - Managing and Using Your Office Assets in a Tablet World (Part 6) – Building Solutions for Remote Access to Windows Environments