Integrating Mobility into the Enterprise at Microsoft

Technical Case Study

Published: July 16, 2007 | Updated: July 27, 2007

Microsoft has been developing software for mobile devices for more than 10 years. In that time, the use of mobile devices at Microsoft has surged to over 40,000 users across the Microsoft global workforce, from corporate operations personnel and executives to the field staff that supports partners and customers worldwide. Devices running Windows Mobile® software have become must-have work tools. Microsoft Information Technology (Microsoft IT) has developed multiple strategies to manage the rapid growth of mobile devices in the enterprise. These strategies include cost-effective and streamlined procurement for mobile operator services, standardization on one platform while making many devices available to users, support infrastructure enhancements to improve productivity, and the establishment of strong security procedures to help protect corporate intellectual property, critical business data, and other enterprise information.

Mobility is an increasingly important part of many enterprise operations. At Microsoft, almost half of the company's global employee base uses mobile devices, not only for voice communications, but also for other important business tasks, such as connecting to the network to manage e-mail and schedules and viewing work-related documents on the Microsoft network.

Technological advances have spurred the growth of mobile devices. Software, such as the feature-rich Windows Mobile software and Microsoft® Office Mobile applications, helps deliver a desktop-like experience to small devices. Hardware improvements, such as powerful processors, large amounts of random access memory (RAM), and persistent memory storage to prevent data loss, contribute to the experience of using a robust business tool. In Microsoft IT, new and enhanced features for remotely managing mobile devices help protect enterprise data.

This case study examines how Microsoft is incorporating mobile devices into the enterprise. It provides an executive-level overview of the ways the Microsoft IT department manages important issues, such as:

• Selecting and contracting with mobile operators.
• Determining the kind of mobile devices that employees can use.
• Helping to protect enterprise information that resides on mobile devices.

This case study can help business and technical decision makers understand how Microsoft, as a leading provider of mobile software, manages mobility within its own enterprise.

For more information about Windows Mobile and the enterprise, visit http://www.microsoft.com/windowsmobile/default.mspx.

Situation

Microsoft employees have been enthusiastic adopters of mobile technology since the launch of the original Windows® CE-based devices in 1996. Today, the company employs about 76,000 people worldwide at more than 400 sites in 89 countries. Within that workforce, employees registered more than 50,000 mobile devices with the company during the first half of 2007. During that time, network monitoring showed that about 41,000 active mobile device users connected regularly to a Microsoft Exchange Server system.

Therefore, more than half of the Microsoft global workforce is in the field using mobile devices to communicate and collaborate with customers, colleagues, and partners. These mobile device users contribute to the more than 500,000 outgoing messages sent daily.

As mobile technology becomes more powerful and versatile, people recognize how mobility can help them get more work done during the day and respond faster to business issues. Microsoft IT supports employee use of mobile technology and assists in the internal beta programs for Windows Mobile software and for applications that are designed for Windows Mobile.

In the past decade, Microsoft IT has faced significant challenges in helping employees adopt mobile technology. The challenges are due in part to the fact that Microsoft is often a test bed for new software and hardware. Because they work at a leading technology company, Microsoft employees are often early adopters of new technology products and are anxious to test the limits of a particular product or solution.

Along with enabling mobile technology at the user level, Microsoft IT is responsible for incorporating the new technology into a PC-oriented enterprise. This responsibility brings its own set of requirements and risks, from managing relationships with mobile operators, to providing reliable but cost-effective support for users, to implementing device management and security.

The early adoption and the subsequent growth of mobile technology at Microsoft have presented challenges to the company's IT department. These fall into three broad categories:

• Procuring carrier services and devices. Procurement involves balancing different requirements. At the corporate level, Microsoft needs to contract with mobile operators who can provide high-quality service with good rates. The mobile operators must also give users the support and flexibility to frequently upgrade to the latest operating system or devices and purchase new or additional services. This requirement reflects the Microsoft goal of giving users wide latitude to choose devices that best fit their daily business needs. As a global organization, Microsoft faces different scenarios depending on the country where it obtains mobile services. The company works with four major carriers in the United States, but dozens globally.
• Supporting users. Because of the array of services and devices in the market, Microsoft faces a number of support challenges: How does Microsoft IT provide support that balances the users' needs and the needs of Microsoft IT to control costs? How can Microsoft IT implement self-support tools to reduce calls to the Helpdesk? What policies does Microsoft IT need to create in terms of the mobile technology that it will support? What input or mandates does Microsoft IT give to users who are seeking advice about purchases? What support should the company provide for new solutions and applications that are designed for Windows Mobile, such as line-of-business software?
• Efficiently managing devices and security. Mobile devices have unique requirements in terms of organizational support. Historically, the devices have not had the same kind of built-in management and security features and functions that enterprise desktop operating systems, such as Windows Vista® or Windows XP Professional, offer. Also, mobile devices pose increased security risks. People carry them all day and may leave them behind on a bus seat or a cafeteria table. Devices that contain corporate contacts, personal data, and enterprise information can be lost or stolen. This issue is critical because users increasingly rely on mobile devices for managing work-related communications, contacts, and data. Management and security capabilities for mobile devices have improved exponentially—particularly with the introduction of Windows Mobile 6.0 and Microsoft Exchange Server 2007—but challenges remain.

Microsoft IT takes a leading role in meeting these challenges. This paper examines the lessons learned since the original launch of Windows CE version 1.0 and the policies that Microsoft has implemented to manage the procurement, support, and security of a rapidly growing base of mobile users and their devices.

Solution

To manage the surge in use of mobile devices, Microsoft IT is pursuing a multifaceted strategy that covers the following areas of activity:

• Streamlining the procurement of mobile operator services while ensuring that users have a variety of choices for which devices they want and the manner in which they acquire the devices.
• Working with mobile operators to develop innovative approaches for service plans and contract liability that are cost-effective for Microsoft, are flexible for its employees, and provide a good value for mobile operators.
• Offering new support mechanisms, including a self-help intranet site, that help users while reducing Microsoft support costs—even as the number of mobile users increases.
• Implementing policies and procedures that take advantage of the new and enhanced security features in Windows Mobile 6.0 and Exchange Server 2007.

These activities will be described in more detail in upcoming sections of this paper.

Providing a Variety of Devices for Users

Microsoft has to balance different factors when procuring devices and mobile services. The primary factor is the needs of users, who embrace mobile devices as productivity tools that help them do more during the day.

Paramount for users is the flexibility provided by the variety of Windows Mobile powered devices. Currently, more than half of the 150 Windows Mobile powered devices are voice enabled, including smartphones and Pocket PCs. This variety—which provides for various data input methods, such as QWERTY keyboard, soft-key input, touch screen with stylus, and JOGGR/Scroll wheel—helps users find the device that fits their specific needs.

In addition to the variety of devices, there are continual improvements in RAM, storage, and other device components, along with improvements in broadband technology for delivering data at increasingly fast speeds. This means that mobile devices can serve as excellent tools for both voice communication and business productivity tasks, such as e-mail and text messaging, Web browsing, and transmission of data from business applications.

To give users as much latitude as possible in choosing their devices, Microsoft currently allows employees to purchase devices and plans the traditional way as practiced in the United States—by purchasing a service plan and a phone at the same time if they are working with an "individual liability" contract, as described later in the "Innovating on Contract Liability" section of this paper. Employees typically make purchases and are then compensated through expense reports. Employees can also purchase phones and plans through retail stores.

Justin Emch, service manager for Windows Mobile Enterprise in Microsoft IT in Redmond, Washington, says that this policy reflects an understanding of a basic consumer need when users evaluate any kind of product. "They will be using the device every day for a lot of important activities," he says. "For that reason, a lot of people want to be able to touch and feel a device when they're making a selection."

Striking the Right Balance with Mobile Operator Services

Microsoft also carefully builds and maintains its relationships with mobile operators to strike the right balance between value and profitability.

The Microsoft IT department has developed different models for working with mobile operators: one for the United States, where many different carriers compete for business, and one in other countries, where typically only one or two major carriers service an entire nation.

In the United States, Microsoft works with four national mobile operators: Cingular, Sprint, T-Mobile, and Verizon. Working with several mobile operators is essential not only to ensure an element of competition in the process of obtaining service agreements, but also to guarantee that almost all Microsoft employees—scattered across dozens of nationwide offices, and many traveling constantly—can get coverage.

Microsoft follows several steps to obtain service from mobile operators. First, it issues a Request for Proposal (RFP) that outlines the number of users whom Microsoft expects to sign up and approximately how many minutes it expects users to consume annually.

Pricing is clearly important in the evaluation of mobile operators, but so are other factors—for example, if an operator has been involved with or is actively planning an industry-changing initiative. Currently, mobile operator contracts for Microsoft employees range from one to two years. As part of its evaluation criteria, Microsoft examines how flexible mobile operators are in terms of modifying their contracts. In the United States, mobile operators offer phones for low prices in exchange for signing users to contracts that typically contain financial penalties for early cancellation. In other countries, users pay more up front for phones, but can typically change service plans without significant financial penalties.

"We also consider how service oriented a mobile operator is and if it provides timely releases of new hardware offerings or services," says Jack Barnes, group program manager of Carrier Strategies at Microsoft. "We look at all of these factors and rank mobile operators according to the results. These rankings are available for our users to consider when purchasing phones and service plans."

Different carriers typically offer different styles and form factors of Windows Mobile powered devices. Microsoft encourages employees to explore the different styles and brands of devices and to provide feedback on the devices and the services that they use. Microsoft uses this information to continuously evaluate the hardware, software, and service offerings from mobile operators.

Microsoft also encourages mobile operators to subsidize the devices. This policy helps to create different options for users to upgrade their phones and service levels as their needs mandate. Subsidization is particularly important for early adopters who want to regularly upgrade their phones to test features or software—including operating system software—as newer technology becomes available.

In other countries, the procurement of services is generally simpler because there are fewer mobile operators and devices to choose from. The process entails issuing an RFP in each country. Typically, Microsoft selects one provider as the mobile operator of choice for that particular country, and device selection may be limited to one or two devices.

Innovating on Contract Liability

Microsoft as a corporate entity owns very few mobile devices. Employees purchase most devices and service plans and are reimbursed through expense reports. Depending on their job responsibility, many employees receive a monthly allowance for communications costs, which includes broadband access and voice communications.

Allowances vary dramatically by employee and the employee's group or department. Generally, Microsoft sales personnel receive the highest monthly allowances. In the first half of 2007, monthly allowances ranged from less than $50 up to $190.

In terms of contract liability, Microsoft works with mobile operators to implement a liability that optimizes the contractual obligations for all parties. Traditionally, a company chooses from the following two kinds of liability:

• Individual liability. Each user has a direct relationship with the carrier. The individual's association with a company may influence rates. This liability, however, is usually the least cost-effective transaction model for corporations.
• Corporate liability. The carrier invoices the corporation. Although corporate liability can be more cost-efficient for enterprises, the corporation assumes the risks and responsibilities of maintaining a contract.
• Microsoft works with mobile operators to implement a blended liability, also known as Corporate Responsible/Individual Liable (CRIL). A blended liability combines aspects of individual and corporate liability. Microsoft establishes the relationship, but the actual billing transactions occur between the user and the mobile operator.

"We are moving a large percentage of our employees into the CRIL model," says Barnes. "This assures that Microsoft receives the best discounts possible from the mobile operators, but puts the responsibility of managing the account on the individual user. We estimate that the CRIL approach will help us achieve a 20 percent reduction in service costs annually."

In addition to instituting the CRIL model, Microsoft has worked with one of its selected U.S. mobile operators to eliminate long-term contracts. "This is the kind of industry-shaping move that we look for when evaluating mobile operators," says Barnes. "What this means is that our employees can sign up and get the same kind of rates on a deal that they would if they signed a multi-year contract—but they can also cancel at any time without being penalized."

Streamlining Service Access

Along with contractual innovations, Microsoft works with mobile operators to streamline service access. The strategies for achieving this goal include the following:

• Uncoupling mobile devices altogether from service plans to enable frequent technology updates. This effort entails unlocking devices so that an employee can use a specific device with a particular mobile operator—even if the mobile operator does not normally sell or support that device.
• Reducing international roaming rates for both voice communication and data transmissions.
• Working with mobile operators to achieve predictability in rate plans—that is, ensuring that there are no surprises when employees receive their invoices.
• Targeting a consistent cost-per-minute rate.
• Working toward flat rates for data transmissions.

"Our goal is to achieve benefits for Microsoft and its employees, such as demystifying current rates and plans and ensuring consistent costs for variables, such as out-of-business-hours calling or roaming," says Barnes. "At the same time, we also want to respect the objectives of our long-term strategic market partners—the mobile operators—which include maintaining profitable businesses."

Providing Effective, Cost-Efficient Support for Mobile Users

Microsoft operates four support centers for employees—in the United States at Colorado Springs, Colorado, and in Ireland, Bangalore, and China. The growing importance of mobile devices in its global workforce means that Microsoft IT must ensure that it can effectively and efficiently support users while controlling its own costs. The Microsoft IT department is accomplishing this goal in several ways.

First, Microsoft IT tests and certifies the standard devices that it will support and the features that are required if an employee wants to use a particular device on the Microsoft network. Microsoft IT also created an intranet site called ITWeb where employees can find information about corporate policies, about configuring and managing their mobile devices, and about using their mobile devices within the corporate environment. The site, shown in Figure 1, is helping to mitigate the time for out-of-the-box setup and Helpdesk costs as the number of mobile users increases.

Figure 1. The Microsoft ITWeb intranet site

Second, Microsoft works with original equipment manufacturers (OEMs)—the companies that design and build Windows Mobile powered devices—and with mobile operators to help ensure that the Windows Mobile powered devices that Microsoft will deliver to the market meet minimum requirements, such as adequate battery life, sufficient input methods, specific feature sets, and infrastructure compatibility. Microsoft does not endorse the inclusion of every possible feature or application in Windows Mobile powered devices. Users may purchase devices with features that the OEM or mobile operator added, but Microsoft may not support these features.

"It is not possible for our teams to support everything," says Emch. "Someone may buy a device with a certain feature, but if it's not supported by Microsoft IT and we don't have any documentation, we give our best support effort and nothing more. Our goal is to make sure that whatever feature sets we decide to support, they make our users productive in a business environment."

"For anything related to Windows Mobile that we support, we document and post to the intranet site," says Emch. "This is part of our strategy of mitigating calls to the Helpdesk and empowering our end users to be self-sufficient. Employees can go to the site for support; for information about configuring devices, using specific features such as syncing to the network, and determining what devices are supported; for security standards; and more."

Finally, to keep the site current and to support the ongoing effort to reduce calls to the support teams, Microsoft IT tracks the subjects of user calls. Each month it analyzes the top 10 user issues raised in support calls. If issues relate to design flaws in the software, Microsoft IT reports that information to the appropriate development teams. It posts documentation about any prevalent user issues to the Web site. The site also has links to a searchable knowledge base. Microsoft IT focuses on supporting software-related calls; it directs calls about hardware issues to the mobile operators.

The site also includes short, concise user guides, as shown in Figure 2. Users can view the user guides online, or they can download the guides to read when they are offline. The user guides help address the most common issues and help users start using new devices quickly.

Figure 2. Part of a user guide for Windows Mobile powered smartphones that is available on the ITWeb intranet site

Managing the Mobile Environment

The increased use of mobile devices and their growing importance for managing corporate communications and information requires strong security measures. The release of Windows Mobile 5.0 and the Messaging and Security Feature Pack provided a rich set of tools that offers, in conjunction with Exchange Server 2003 SP2, improved messaging functionality and security policies on mobile devices at Microsoft. Microsoft is enhancing these tools in Windows Mobile 6.0 and Exchange Server 2007.

Today, Microsoft employees use Microsoft Office Outlook® Web Access self-service to quickly and easily resolve many of the most common sources of Helpdesk calls on their own. With Outlook Web Access, users can view personal identification numbers (PINs) recovery information for mobile devices. Users can issue remote wipe requests for lost or stolen devices. Employees who use Windows Mobile 6.0 can use Information Rights Management (IRM) for e-mail, which enables users to send and receive rights-managed messages and documents while they are mobile. Employees also have Microsoft SharePoint® intranet access from e-mail links accessed from their devices running Windows Mobile 6.0.

Microsoft IT is evaluating the following features for use by Microsoft employees:

• Simplified configuration and initiation of digital certificate settings from the Active Directory® directory service through an enhanced desktop user interface.
• Support for the Enhanced Advanced Encryption Standard (AES) 128-bit implementation for the Data Protection Application Programming Interface (DPAPI), and AES 128-bit and 256-bit support for Secure Sockets Layer (SSL).
• Encryption technology for storage cards.
• Employee access to key components of line-of-business applications from mobile phones. Certificate-based authentication and the use of Microsoft SQL Server™ 2005 Mobile Edition for enabling certain application functions.
• The ability of administrators to configure the length of time after which a device password must be changed.
• The ability of administrators to define how frequently a device checks Exchange Server for changes to the Exchange ActiveSync® policy.

"We are currently evaluating the improvements in Exchange Server 2007 SP1 policies to see how these will benefit our mobile users," says Emch. "The goal is to see what makes the most sense to implement. We want to find the right mix of usability for our employees and security for the company."

Benefits

Microsoft benefits from an innovative approach to providing mobile communications and data access in the enterprise, including streamlined procurement, enhanced support for users, and better security.

Streamlined Procurement

By working closely with mobile operators, Microsoft IT has helped the company attain cost-effective service plans for a large and growing percentage of employees who want to use their mobile devices not only for voice communications but also for enterprise tasks, such as e-mail and data exchange. By opting to work with multiple mobile operators in the United States, the company creates an element of competition in obtaining service agreements, while ensuring that the widest possible coverage is available for a nationwide workforce.

Enhanced Support for a Growing User Base

The creation of the ITWeb intranet site for supporting mobile users has helped reduce calls to the Microsoft Helpdesk. Figure 3 shows the breakdown of mobile Helpdesk activity in fiscal year (FY) 2006 and FY 2007. Between the two fiscal years, the number of mobile users grew by about 10,000, yet the percentage of Helpdesk calls for assistance with setup and configuration decreased by more than 20 percent.

Figure 3. Breakdown of Helpdesk support in Microsoft FY 2006 and FY 2007

"This is a clear indication of the benefits we as an IT organization and the end users are receiving after implementing the intranet Web site and employee user guides," says Emch. "The increase in questions about Exchange Server synchronization went up, indicating the jump in the number of users who want to access the network for e-mail and for managing their schedules and contacts."

Enhanced Security

The implementation of the Messaging and Security Feature Pack in Windows Mobile 5.0 and the continued incorporation of the Messaging and Security Feature Pack features in Windows Mobile 6.0 help enhance the security of company communications and information. The biggest benefit of the effort for greater security is that users have a better understanding of the potential security risks of using mobile devices. Users learn how they can mitigate those risks by following policies, such as setting strong passwords for locking devices, enabling automatic lockdown after periods of inactivity, and encrypting removable media.

"Our employees understand the security concerns with mobile devices and have become familiar with practices such as PIN locking a device when it's not in use," says Emch. "Educating the users and setting expectations up front for a large deployment is very important, and we've learned a lot during the process."

Conclusion

Mobility has become an essential part of daily enterprise activity at Microsoft. Many jobs require employees to be away from their desks at least part of the day. For some employees, such as sales personnel and field engineers, mobility is a key part of their work. They use mobile devices more than desktop or portable computers for communications and collaboration.

To manage the influx of mobile devices into the enterprise, Microsoft has faced an array of challenges, such as the following:

• Helping users with their mobile devices while containing support costs
• Finding reasonable and flexible service plans
• Implementing security measures that help protect corporate data on mobile devices

Microsoft IT has tackled these challenges in several ways. It has established a procurement process that helps the company obtain good rates while building strong alliances with mobile carriers, which are strategic Microsoft partners. The company gives employees wide latitude in selecting devices that work for each person's particular working habits. The company has also implemented policies to help protect corporate data while devices are connected to the corporate network.

By carefully managing mobile operator services and contracts, giving employees choices in their selection of mobile devices, and instituting measures to help protect corporate information, Microsoft helps ensure that mobile communications and collaboration can continue to grow as critical business activities.

For More Information

For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information via the World Wide Web, go to:

http://www.microsoft.com

http://www.microsoft.com/technet/itshowcase

 

© 2007 Microsoft Corporation. All rights reserved.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, ActiveSync, Outlook, SharePoint, Windows, Windows Mobile, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.