When it comes to enterprise software, “included at no extra cost” can be the strongest selling point for any product. In the world of Windows device management, that tends to mean Microsoft Intune — bundled as part of most enterprise Microsoft licensing packages. While Intune and other free or bundled device management solutions certainly have their time and their place, they can impose tremendous costs on organizations as they grow: In lost time, slow issue resolution, and reduced capacity for innovation.
What Do You Get With a Free MDM
For the vast majority of IT teams, a “free” MDM is just a bundled one (like Microsoft Intune). They’re included alongside core enterprise and productivity suites, and are designed to enable device and application management workflows.
These “free” solutions share a few common traits:
- Bundled as part of a larger enterprise software suite, but have no real need to compete with purpose-built tools on anything but cost
- Get you rolling with your first few devices quickly, but cumbersome once you start to scale beyond a few dozen
- Optimized for general use cases (e.g., Windows workstations, BYOD smartphones), but not for dedicated (single-purpose) or operational edge devices.
Perhaps the best analogy for a “free” bundled MDM are the “free” earbuds you get on an intercontinental flight: It’s better than having nothing, but also a far cry from good.
But with the high cost many organizations pay for their enterprise software, “free” can quickly become the only thing finance and executive leadership hears when budgeting gets discussed. Unfortunately, this tends to gloss over the real TCO of such solutions when managing complex, dedicated, or highly-scaled edge device ecosystems.
The Hidden Costs of Free MDM Solutions
There are a large number of ways “free” and bundled MDM solutions add concrete costs that tailored, dedicated solutions don’t.
Downtime and operational drag
Most free MDM solutions are not designed for rapid incident response, because they are not designed for always-on, real-time device visibility. Check-ins may only happen a few times a day, and alerts are likely to provide very little context about the kind of problems a device is experiencing. Customization of those alerts will be limited (or nonexistent).
Why this happens: Bundled MDM solutions were not designed to be critical infrastructure. They were built as support software for general-purpose computing resources, where users are expected to hand-raise, and issues are more likely to be at the service level, and thus outside the scope of an MDM to resolve in the first place.
The hidden cost: Downtime is easily quantifiable as lost revenue. Operational drag is a function of staff hours spent chasing problems and validating fixes. Admittedly, the latter can be difficult to argue. Given you have to claim that’s time you not only won’t spend in the future, but that it will be used productively.
Added tool sprawl
No free or bundled MDM solution is going to cover the full range of hardware, platforms, and use cases a scaled organization is going to need for device management. This leads to device management tool sprawl, when separate, paid MDM solutions almost always end up as budget line-items regardless, alongside the duct-taped scripts and batch files IT teams have to create to fill feature gaps.
Why this happens: Bundled and free MDM tools are designed for the lowest common denominator use cases, like general-purpose workstations and employee smartphones. Any use case that deviates from these cookie-cutter blueprints (say, POS systems, digital kiosks) will never be a priority for new features or workflows.
The hidden cost: Tools you would be able to eliminate or consolidate by moving to a purpose-built MDM solution are straightforward cost cuts. Also be sure to consider the time cost of your teams on developing and supporting in-house device management workflows, which could be reduced or eliminated by moving to a purpose-built solution.
Security and compliance gaps
Guaranteeing compliance is hard enough in most enterprise environments, and tends to be treated as a kind of triage — as long as the average security patch out-of-date ratio doesn’t dip below the historic average on your desktop Windows systems, your MDM is doing fine. But when you need a zero-day exploit patched across your entire fleet and to deploy it on-demand? No free solution is getting that done.
Why this happens: Free MDMs are simply not built to do anything quickly. They are architected on a monolithic “set it and forget it” device management philosophy that is focused on achieving directionality of outcome (i.e., we are steering toward this update) and not on the completeness or precision of that outcome (i.e., we are 95% confident that 99% of the fleet will be patched by time X). QoS just isn’t in the picture.
The hidden cost: Quantifying a lack of security or compliance as a dollar figure can be challenging unless something very terrible happens to your organization (at which point, those costs can quickly become extreme). Still, it’s wise to “war game” these scenarios — what if a ransomware attack or exploit takes your fleet offline for a day? A week? Could there be regulatory or liability consequences?
The migration tax
In short, this one is “cheap out now, pay later.” The more devices you enroll on a bundled or free MDM, the more painful it’s going to be to migrate your fleet down the road. It’s one thing to unenroll, wipe, re-enroll, and provision 50 devices. It’s entirely another to do it with 500 or 5,000.
Why this happens: No enterprise MDM tool is ever going to be truly easy to migrate off of. And when you have to do it at a huge scale, “not easy” quickly becomes “cancel my PTO for the next 6 months.”
Cost: The time cost of a migration is massive, and it gets a lot more massive with every order of magnitude your fleet grows. Migrations mean freezing devices in a known good state, and that means configurations and applications get locked in for the duration of that migration (and often, longer as the new solution is validated in production). And should you experience an outage mid-migration (which is always a risk), the bigger they are, the harder they fall — more devices, more lost revenue.
Free Resource: The MDM Migration Survival Guide
The innovation tax
Free and bundled MDM solutions aren’t built to rapidly deploy, test, and innovate. Organizations that need an always-on flow of market and user tests, controlled lab deployments, and DevOps-style code deployment on their device fleets don’t use Intune — because they can’t wait several business days to ensure an update rolls out. Deploy now should mean now, not in the next 1-72 hours.
Why this happens: Same as the security and compliance gaps, bundled MDMs aren’t built to go fast, and have no incentive to do so with their monolithic fleet management philosophy. If you need real-time, programmatic, and highly automated control over software and configuration deployments, there’s no substitute for a dedicated enterprise device management tool.
Cost: If it takes 6-12 months to get a new device experience — one tied to meeting revenue targets — rolled out nationally to your entire fleet, you can be sure your business’s leaders have a very clear sense of how reducing that time frame to a few weeks might impact financials. There’s also the time cost of your team chasing down and manually updating devices, something you’re sure to be doing a lot with a free MDM.
How Enterprise-Scale MDM Saves Money
We’ve articulated the ways free and bundled MDM solutions cost your team and organization money, but how does enterprise MDM save money? Let’s break it down.
Unified and orchestrated control
By bringing multiple operating systems, form factors, and use cases under a single pane of glass, you eliminate silos, redundant tooling, and unify processes like provisioning and deployment.
The Advantage: Enterprise-scale MDM is focused on achieving outcomes for complex, highly-scaled device fleets based on the needs of organizations managing them. Not keeping you in a larger software ecosystem.
Savings: Eliminate unnecessary tooling, reduce documentation burden, and speed up processes like new hardware deployments in support of business expansion.
Deep automation and lifecycle management
By automating operations like security patch deployments, drift control, and building customized alert regimes, enterprise MDM lets IT and ops teams finally take their hands off the wheel. Day-to-day survival makes room for long-term planning and process optimization.
The Advantage: Enterprise MDM is designed to be highly scalable, and therefore embraces deep automation as an architectural pillar. It’s not about doing more with less; it’s about working smarter, not harder.
Savings: Teams spend less time watching over and nannying devices, and more time resolving edge cases, testing new software before it deploys (imagine that!), and on supporting activities that enable growth.
Dev-friendly tools for seamless software deployment
The ability to test, stage, and scale a software rollout — without touching a single button — is the future of enterprise fleet management. For many companies, the single largest bottleneck to scaling edge device fleets is maintaining the pace of deployment for new software. Whether it’s new content or security patches, going from lab test to full fleet scale deployment can be a veritable Mt. Everest for teams to summit — we’ve heard of deployments taking over a year for some major brands.
The Advantage: Enterprise device management solutions are built to enable next-gen, integrated DevOps processes that resolve this challenge once and for all. You can treat devices like objects in the cloud, with automated fallbacks and escalation logic to keep everything running smoothly.
Savings: There’s a clear cost to being too slow to deploy critical updates to your devices in the field, and there are clear savings to be had by going (much) faster.
Designed to be remote-native
The ability to remotely diagnose, debug, patch, and test a fix — all without ever picking up a phone — is a game-changer. And for many teams, it just sounds too good to be true. Too often, IT teams are still burning their ever-tightening incremental budgets on truck rolls, and those costs can add up to truly staggering sums in the event of a regional or nationwide outage.
The Advantage: Enterprise MDM is built to be remote-native: You can open up a secure connection and pull logs, run terminal commands, and remotely control a device all from the same platform — and do so with the confidence that it’s all happening through the same centrally-authenticated tool, not something sketchy saved on one old laptop stored in the IT safe.
Savings: Reducing on-site support costs and mean time to resolution is a double win. This one’s a real no-brainer.
Explore Windows Device Management Solutions
Making the Case for Enterprise MDM Versus Free MDM
In articulating why spending more today actually costs less tomorrow, you’re going to have an uphill battle at any company. But there are some intuitive and basic truths you can bring to the table.
First, as with many things in life, the bigger the job, the more important it is to have the right tool. If you’re hanging pictures in your living room, a hammer is cheap, simple, and easy to use. But if you’re framing a house? You want a nail gun. It may take some learning on how to most effectively use that tool, but at the scale of hundreds of nails, no one is using a hammer. You need speed, consistency, and guaranteed performance. And, crucially, you have to recognize the value of those things in the context of a larger outcome: It’s not about driving nails into wood, it’s about building a home.
When you think about managing an enterprise device fleet, it’s critical to maintain this “building a home” perspective. Business leaders probably aren’t going to empathize with quality of life improvements and unified interfaces, but they are going to understand.
