• Sidebar: Managed PCs of the Future
• Sidebar: Steve Ballmer on Managed Services

The embryonic Microsoft Managed Services (MMS) group has developed new tools and is providing input to product groups that could significantly reduce the cost of managing desktop PCs. Through a managed services contract with Energizer Holdings, the group is also learning how well its management tools and techniques tools work in a production environment. The future of this effort remains unclear, however: signing additional customers has taken longer than projected, and the services and products that MMS will sell have not been announced, making it difficult for partners to assess the impact of Microsoft's entry.

In any case, end users are likely to see some benefit from the unit's efforts: what Microsoft learns about managing desktops is likely to find its way to market in the form of more manageable products, new partner services, and management and hosting services provided by Microsoft itself.

MMS Services and Objectives

Energizer Holdings has contracted with Microsoft to provide several services, including the following:

• Exchange e-mail and SharePoint collaboration and portal servers hosted in Microsoft's data center
• Desktop PC services, such as planning for deployment of new PCs and remote management of operational PCs
• Testing new applications and packaging them for deployment to Energizer desktops
• Second-tier help-desk services.

Energizer continues to operate its own data center for line-of-business applications, related databases, and other central IT operations, and Microsoft partners provide deskside support and first-tier help-desk services. These partners use Microsoft's trouble-ticket system, which makes it easier for MMS to collect data on the types and frequency of incidents involving its services, even if these incidents are resolved by the partners rather than by MMS.

MMS's general objective is to use its experience at Energizer Holdings to reduce the total cost of ownership (TCO) of desktop computers. Specifically, at Energizer Holdings, its objectives are the following:

• Reduce the operating cost per e-mail account
• Reduce the operating cost per desktop deployed
• Increase the number of PCs that can be deployed in a day.

The Energizer engagement is also an opportunity for Microsoft to test a futuristic vision of the PC, identified by Tim Sinclair, general manager for Windows Enterprise Management, as the "rationalized" PC. This desktop model is highly managed, but most of the management is automated by features on the PC itself and by central management resources, such as Microsoft's Systems Management Server (SMS).

(For a more complete description of the rationalized PC, see the sidebar "Managed PCs of the Future".)

Why Microsoft Is Involved

The Energizer engagement, which was acknowledged only after reports about the contract emerged from other sources, was controversial from the beginning. The worldwide market for managing business desktop PCs is worth about US$18 billion, and it constitutes a significant share of revenue for some of Microsoft's largest partners, many of whom have made significant investments in tools, procedures, and skills that enable their customers to deploy new machines quickly and ensure their ongoing stability and security.

Microsoft remains committed to the Energizer experiment, at least in the short term, for the following reasons.

Customer caution. Many customers consider PCs to be insecure and difficult to manage, and they reduce their vulnerability and variability by limiting users to a defined list of trusted applications. However, these conservative IT practices make customers reluctant to deploy new software: any change requires extensive and expensive testing, and as long as their current software adequately serves their needs, they will stick with it. Microsoft will see little revenue from such customers until they can be convinced that their PCs can safely be updated with new types of applications, such as collaboration and real-time communications, while still remaining reliable and secure.

Promotion of preferred architectures. Microsoft wants to promote the idea of software-assisted collaboration among workers, reasoning that it will help it sell products such as Exchange Server, SharePoint, and Live Communications Server. Its role as a managed service provider gives Microsoft another pulpit for promoting these ideas.

Insight into customer requirements. Although Microsoft runs one of the most technologically advanced IT operations in the world, it relies heavily on partners to take its products to customers and has less firsthand experience with actual customer requirements than competitors such as IBM. The Energizer contract gives Microsoft more insight into the everyday problems that customers face as well as an opportunity to try big ideas that work well in Microsoft labs but have not been tested in many production environments. For example, the company has experimented with some little-known features of Windows, such as software restriction policies, to make PCs more manageable; if such experiments prove successful, they could encourage the company to promote these features to a wider audience.

Making products better. In its work at Energizer Holdings, the MMS team has discovered numerous ways in which Microsoft's products can be improved. Among managed service providers, MMS is uniquely positioned to speak directly to product groups about any problems it encounters and to promote product enhancements that would ease remote management of PCs or server application hosting. Ron Markezich, CIO and vice president of MMS, says these improvements alone justify Microsoft's entry into managed services, even if the company doesn't make money on the services engagements themselves.

Tools for Management

Some of Microsoft's techniques for management are well known to other managed service providers, such as linking Energizer's Active Directory (AD) domain to an MMS AD domain to make it easier for MMS to provision services remotely.

However, as befits a software company, much of Microsoft's effort is focused on software or software-enabled processes that can drive down costs and make new deployment easier. As of Mar. 2006, Microsoft uses few third-party tools for such management purposes (although the company says it is evaluating several for future use), but it has built several tools and employs management features in its OSs that help it manage desktop PCs.

Environmental Assessment Tool. SMS is commonly used to take an inventory of the software running on a PC, but not all organizations use SMS or have SMS agents running on all of their desktops. The Environmental Assessment Tool (EAT), also called the Inventory Tool, is used to analyze a PC's desktop configuration and installed software. EAT can run as a stand-alone utility, through a log-on script, or by SMS, to create an inventory of machine and user data on a desktop PC before beginning any migration.

Technical Compliance Management (TCM) and SPIDER. TCM ensures that a corporate PC meets the organization's business requirements and conforms to any regulations, such as Sarbanes-Oxley or the Health Insurance Portability and Accountability Act (HIPAA), which can dictate how PC data should be secured and archived.

TCM requires that any special business objectives and regulatory needs be defined, and a PC state that corresponds to those needs can then be determined. Factors affected by TCM include IE's pop-up blocker status, OS and application version numbers, firewall settings, and password strength. A tool known as the Security Profiler Intelligent Detection Engine for Remediation (SPIDER) can be run on each PC to determine how closely it conforms to the desired state and what measures will bring it into compliance.

Interrogate, Filter, and Restore (IFR). Many enterprise desktops are running custom applications built by a systems integrator or the organization's own IT department. These critical applications will need to be restored if the PC is reimaged. Ideally this can be automated so that a user whose machine is rebuilt with a standard image will not need to spend additional time restoring custom applications. The IFR utility collects information on custom applications before a machine is upgraded or reimaged, identifying executable programs and any Registry entries and other software on which it depends. The custom application can then be restored without user intervention.

Software Restriction Policy (SRP). Although preventing users from running as administrators on their own computers can significantly reduce their PCs' vulnerability to various attacks or configuration errors, many commercial programs (including many Microsoft programs) run poorly if users do not have administrative rights. SRP, introduced with Windows XP, can be used to enable or prevent individual applications on a PC from accessing any security-sensitive privileges in the current user's account. Unknown or untrusted code runs in a restricted operating space, where it does not have full access to the user's privileges. MMS allows Energizer users to run with local administrative privileges, but most processes on their computers start with only "Basic User" privileges. Spyware or user-installed programs are thus prevented from making changes to security-related settings, or from installing at all. Trusted applications that require administrative privileges are then configured as exceptions.

TempAdmin. To aid the help desk in troubleshooting and support, a service called TempAdmin runs on each machine and can change SRP rights to regain full administrator rights for a process or application.

Asset Management and Scheduling System. With about 6,000 PCs under management at Energizer Holdings, MMS needs to keep track of the applications and services on each machine, application dependencies, or conflicts, and user or application settings. The Asset Management and Scheduling System is a database that consolidates this information and that can be used for reporting, creating SMS scripts, and other purposes.

Possible Services, Products

The Energizer and other similar engagements are likely to result in new or changed services and products that will have an impact on customers and partners.

Product Changes

As Markezich notes, product improvements alone justify Microsoft's entry into the managed services business. Already, the Energizer engagement has revealed some limitations in current products and gaps in Microsoft's product line. MMS has built some of its own tools and enhancements to work around product limitations, but has passed many suggestions back to Microsoft's product groups, such as the following:

• Design change requests that will make existing Microsoft products better
• Feature suggestions to development teams for Vista and "Vienna" (code name for post-Vista Windows releases)
• Utilities that could be integrated with future product releases, such as adding IFR functions to SMS.

Commercial Offerings

Part of MMS's mandate is to create commercial managed services offerings, which could become a promising new revenue stream to supplement license revenue. These services could take several forms, including automated management delivered over the Internet, but Markezich says an explicit goal is a commercialized version of the Energizer engagement, refined and abstracted so that it can profitably be offered to other customers, either by Microsoft or in concert with partner offerings.

However, the door is open to many different designs for services, including a mix of locally installed software and remote management; Internet-based services that customers can purchase directly from Microsoft; or Internet-based services that partners can purchase or resell to complement their own managed services offerings. (For Microsoft CEO Steve Ballmer's take on where managed services could go, see the sidebar "Steve Ballmer on Managed Services".)

Partner Impact

When first revealed, the Energizer engagement caused considerable consternation in partner ranks. Companies like EDS and Getronics, for example, already provide similar services for large enterprise accounts, and while the Energizer incubator may yield technology that will be useful to them, Microsoft could also engage customers directly, which would have a major impact on these partners' business.

Microsoft says it is moving cautiously and trying to address partner concerns, and it believes partners can take comfort from the following factors:

Limited focus. Microsoft says its primary interest is the management of client PCs, from the time they are deployed until the time they are retired. This "run" phase of the PC life cycle is less profitable for partners than other services, such as deployment planning, capacity planning, application integration, or managing network and server infrastructures. These and other services will still be provided by other companies, as they are at Energizer.

In addition, other than its hosted Exchange and SharePoint services, MMS says that Microsoft has no interest in managing data centers, server applications, or network infrastructure.

Limited market share. Microsoft executives have suggested that they expect Microsoft to provide comprehensive managed services to only a small number of customers, but the company expects industry demand for managed PCs to expand dramatically to hundreds of millions—far beyond Microsoft's ability to handle directly.

Better foundation for other services. More reliable PC platforms and better management tools will create a better foundation for custom application development and deployment, application integration, and other high-value services from partners, Microsoft contends. Organizations with well-managed PCs will have fewer exceptions that developers must worry about, and customers are more likely to be using up-to-date Microsoft software with new capabilities that broaden the horizons for custom development. For example, customers using recent versions of Office, as well as up-to-date hosted Exchange and SharePoint servers, are good prospects for projects that employ Microsoft's latest messaging and collaboration technologies. If customers spend less money maintaining their PCs, they may spend more of their IT budgets on projects that generate much higher profits for partners.

Legitimizing the market. With the Energizer engagement (and other future engagements), Microsoft hopes to demonstrate that managed PCs offer clear technical and financial benefits. The result could be vastly greater demand for these services, keeping partners too busy to worry about the few accounts that Microsoft tackles itself. Ballmer, for example, has said that the managed business PC is likely to be the rule rather than the exception in a decade.

Subcontracting opportunities. Even in engagements that Microsoft wins, the company expects to employ partners in many roles. Partners with vertical expertise, for example, are likely to face few challenges from Microsoft when developing value-added services for MMS customers.

A Real Business?

All of this is speculative, of course: MMS has yet to get past its first external customer (MMS considers Microsoft itself to be another test bed for its services). Microsoft executives such as Steve Ballmer and Senior Vice President of Worldwide Services Rick Devenuti (Markezich's boss) were predicting in mid-2005 that the company would sign two or more additional customers by the end of the year. MMS says additional deals are imminent, but the slower-than-anticipated rollout of managed services to new customers suggests that the incubation process might have more stages than Microsoft executives expected and that gaps in Microsoft's management toolset were wider than the company realized.

Furthermore, services like hosted Exchange and hosted SharePoint raise questions about MMS's ultimate goals. They seem to have little to do with the managed PC, and they put Microsoft in direct competition with its partners. For example, Microsoft's Hosted Messaging and Collaboration Solution has been developed specifically to encourage partners to host Exchange, SharePoint, and Live Communications Server. Nevertheless, Microsoft remains keenly interested in services like those offered by MMS. At the company's annual Financial Analysts Meeting in July 2005, for example, Gates suggested that Exchange could be offered to business users as a high-end version of the company's Hotmail hosted e-mail services—potentially to hundreds of millions of business users working for companies that would rather let Microsoft host and configure servers than do it themselves.

However, given the enormous success of its traditional licensing model, Microsoft must strike a careful balance in providing services. Ideally, hosted and managed services should attract new customers for whom traditional licensing is not attractive. This would leave the company's immensely profitable licensing business intact; it would not be cannibalized as customers deserted traditional licenses (e.g., Exchange Server and Client Access Licenses) in favor of services such as hosted communications.

The managed desktop business fits these requirements well, because the desktops are already running licensed Microsoft software. If Microsoft can drive the cost of managing desktops down, it helps customers realize more value from those investments.

Resources

The push to promote services was particularly evident at Microsoft's July 2005 Financial Analyst Meeting, covered in "Renewed Interest in Subscription Services" on page 24 of the Sept. 2005 Update. Transcripts of executive speeches from that meeting are available at www.microsoft.com/presspass/features/2005/jul05/07-28FinancialAnalyst.mspx.

The Energizer engagement was described in "Energizer to Use Microsoft IT" on page 31 of the Apr. 2005 Update.

Microsoft's Hosting and Collaboration Solution was described in "IM, Portal Join Exchange Hosting" on page 9 of the Feb. 2005 Update.