The grey-area between work and private applications

(Originally published on LinkedIn)

TLDR; Microsoft AppStore, consider making this available for your users to unlock their full potential.

So, you have taken the leap over to Windows 10? (That’s awesome since support for Windows 7 ended 14th of January if you didn’t by additional extended support, I´m really hoping you did move).

Windows 10 brings you a LOT of new features, services, ideas and challenges. One of those is the Microsoft Store which grants your users access to all kinds of apps and other things like themes and language packs.

This is great, isn’t it?

This is an interesting topic. On one hand you have the fear of more support and your users demanding support for things your IT department is not prepared nor staffed for. On the other hand, this is a hidden gem full of potential and users expecting things to work in a certain way. This post will cover that, but mostly on the end of “this is a great idea” rather than “lock that down, we don’t support that!”. I’m not in any way judging someone or saying “your decision is wrong”, more on the hand of giving the point of view from someone who was responsible for 35k clients and what I learned from that and form talking to customers, peers and friends who uses Windows 10 in a corporate setup.

Disclaimer before I start. I will as usually oversimplify stuff (as the naive millennial I am), don’t care about network capacity and things like that. This will target an expected user behaviour and user expectations. Also, I’m aware that I’ve in some way or another discussed this with people who reads this and I’m not calling you out on any things mentioned in this in any shape or form, you inspired me to write this. I might also be neglecting any legal/licensing aspects of this.

Microsoft Store – the difference between private and corporate

But let’s start with the basics. What is Microsoft Store?

Microsoft Store is a marketplace for applications, much like the AppStore/Google Play Store we know from our phone (I know MacOS also have this but I’m leaving that out for now). The store offers users to download applications to their machine from a trusted source (applications are checked by Microsoft before being published) and they can install these without privileged access (admin access). All applications are installed in a user-context and user A will never see user B’s applications. The risk or malicious code is extremely small.

There is however one major thing to point out here, which is easily missed. There IS a distinction between your private sphere and your corporate sphere.

If you download e.g. Spotify or Netflix, this application will be connected to your PERSONAL Microsoft account if you download it from the public part of the store. If you choose to download it without and account, it will still be connected to a “personal sphere”.

BUT if you download an application from the business side of the store, this will be connected to your corporate account. To download things connected to your corporate account, you need to enable Microsoft Store for Business and this will give your users a new tab in the store called e.g. Contoso. Everything downloaded from this tab, will be connected to your organisation and you will have to obtain a license for it (free or paid). This requires your users to either sign in with their Azure AD account, you to enable hybrid join or the machine being only Azure AD joined.

This means that Windows can keep track of what is private and what is corporate which means that you will only need to keep track of what YOU support.

What if your employees are more productive if they listen to music? Should you block that on their computer? And what happens when you block e.g. Spotify on their corporate computer?

Well, most information workers today have corporate issued smartphone… You didn’t restrict that app on those kinds of devices. So, your workers will consume that service, with a privately owned account, anyways on a corporate device…

And to be honest, if you blocked this one their corporate phone, they would use their personal device instead (or even an old fashion radio).

Enter the grey-area between work and personal life

What does your user expect in the form of services, support and how to use their devices?

User behaviour has shifted a lot since the dawn of device management. We are now entering 2020 and most people have some form of knowledge of how to use a computer or a phone. This means that the expectations are shifting and we at IT needs to adapt to this and understand that our users now know their way around a computing device (computer or phone). Concepts as internet, App-stores and browsers are not new, this has been around for about a decade (the Apple AppStore was released 12 years ago, in 2008). The next generation workforce is also entering the market, and now I’m talking about the Gen Z people who doesn’t know about the world without internet and computers. Millennials are entering their 30’s, time to move on and stop being scared of us.

All this, and the fact that >80% of the population in Sweden have access to a smartphone, means that we need to expect more from our users today than we could 10-15 years ago. We can also expect that they know what services they need, e.g. Spotify might not be a corporate app but might be something that your users’ need to stay focused (and paying for them self). Simply put, we have more experienced users today and we need to meet their expectations, not limit them from reaching their full potential. Simply put, using a computer to perform tasks is not a new thing anymore.

The use of such apps leaves a grey-area between what is work and what is personal. E.g. Spotify might be something your user is using to stay focused to do their work better, while paying for it as a personal service, and it’s not accessing any corporate data since its running in an isolated container (I’m intentionally leaving out network from this). Since this is a subscription service, purchased privately and consumed on personal devices, this won’t require any support from you and the user won’t expect it either. They application will also be “owned” by their personal account, not the corporate one.

What do we support?

One thing I’ve heard from several different customers/partners/peers is “What if they call and want support on application X, we must support whatever we allow on the device”.

My usual answer to this is “Do you support Angry Birds on iPhone?”. The most common answer is no.

Why? Well, it’s not a corporate app. Neither is Spotify, Netflix, WhatsApp, Messenger, Twitter is a corporate app. UNLESS you make it available in the Microsoft Store for Business.

If you make it available in Microsoft Store for Business, that means that you as a company acquired a license for it and you actively made it available for the user. The same goes for applications from Apple AppStore (using VPP) and Managed Google Play. Any application you mark as a corporate approved application, you should expect your users to expect support on.

What about everything else in the app-stores? Well simply tell your users that this is not an application approved for your company and they need to reach out to the application developer/vendor for support, its simply “not supported” by your organisation. Like I said earlier, you don’t support all +130 million applications in the iOS AppStore, do you?

What does real life users expect?

By talking to network of friends, customers, peers, and former co-workers. What do they say?

Well it was a straightforward, non-statistical secured, answer:

We do not expect IT to help us out with applications we obtain for “personal use”

This means if they have problems with e.g. Spotify or any other applications which is not work relate nor sanctioned by/licensed by their employer, they won’t call IT. This is also something I can confirm as previously being the operations manager for the client platform in a global company, support for app-store apps is not a huge problem. And if you managed the expectations from your users in an effective way, you will be fine.

Let’s face it, the way we use technology today is different from that it was 5-10 years ago. We need to adapt.

The go-do…

What’s the go-do from this? Well, I’m not saying that you should make this available for all users tomorrow but consider piloting this outside the comfort of IT and evaluate the outcome before deciding. This might be an appreciated addition to your offering towards your end-users.

What are your thoughts? Do you see the app-stores on the different platforms as hidden potential or a potential support problem? Let me know in the comments.

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.