Enhancing Office 365 user security and productivity — so many choices, but which is right for you?

If you’re responsible for Office 365 deployments, you’re likely looking to find a secure way to allow your users to use their Office 365 apps with other mobile productivity apps, such as Mail or Secure Mail for Citrix customers. Recently, both VMware and Blackberry have announced the availability of products (VMware Workspace ONE Send and Blackberry Bridge) that work with EMS/Intune to provide access to data used by Office 365 apps. However, the devil is in the details, and through this post I would like to walk you through the differences in user experience, as well as solution stability.

Have you ever tried to read a web page or a sign board written in French or Spanish with English translation? If not, try it out and some of the translation failures will crack you up! That same concept applies to integrating mobility management software with Office 365.

At Citrix, we know this all too well. When it comes to Office 365 — the most important productivity apps for our users — we apply our life lessons and ensure native integration.

Both VMware and Blackberry have gone the translation route to provide access to Office 365 data by creating a bridge between their MAM (Mobile Application Management) containers and Intune App Protection (Microsoft’s MAM container). Essentially, this is how it looks:

Unfortunately, there are two key disadvantages to this approach:

  • In this instance, bridge apps are work-around solutions, as they translate the content from one MAM to another. With app updates, container changes or OS updates, this can break quite easily.
  • The Bridge apps are neither intuitive nor user friendly. For example, a user needs to open a mail attachment first in the bridge app and then copy/paste its contents to the Word app. The result is more clicks and less productive users.

Citrix has been delivering Endpoint Management service (rebranded from XenMobile service) with native Microsoft EMS/Intune integration providing seamless interaction with Office 365 apps since February 2018. The Citrix approach is to use native integration (we learned the translation lesson  😉 ) with Microsoft EMS/Intune. Both Citrix Secure Mail and ShareFile are Intune-enlightened in that they have the Microsoft Intune SDK embedded, resulting in a natural, more stable integration that will not suffer breakage from app updates, container changes or OS updates. As these apps reside within the Intune MAM container and are managed by Intune, they interact seamlessly with all Office 365 apps.

There is no translation with Citrix Secure Mail. As the app works within the Intune MAM container, it gets direct access to any documents or files required, thus enabling a delightful user experience.

With Citrix Secure Mail, all you have to do is click the email link and the Office 365 app opens, and the user can start reviewing/editing. Sharing a document is as simple as selecting “Attach” in the Secure Mail app. It’s all directly accessed by Secure Mail. Moreover, with Secure Mail, any Office 365 mail attachments are, by default, considered secure. They are allowed for data transfer within the container (and hence with all Office 365 apps), but blocked for unmanaged apps outside the container.

See it in action here:

Isn’t the native integration with Intune better than the multiple-click experience of bridge apps?

To learn more about the extensive integration Citrix Endpoint Management has done with Microsoft EMS, please read this whitepaper. In it, we have discussed, in detail, how to best deploy a UEM solution in conjunction with Microsoft EMS so that you can use a comprehensive UEM without compromising the Office 365 data loss prevention policies.