Integrating Active Directory with Mobile Devices
-
Let me put it another way. Why do you join Windows PCs to AD? It isn't necessary. You don't need it to connect to an SMB server. You can have your web browser cache your credentials to intranet web servers. You don't need it for group policy. You can have all your apps cache credentials. You don't need it for anything. Why do it?
After you've told me the answer, tell me why you wouldn't want to connect a Phone to AD. What is it about a PC that you want on AD that isn't also desirable on a phone. Because there is nothing I do on my PC that I wouldn't like to do on my phone.
-
@Carnival-Boy said:
OK, you're right in as much as a client doesn't have to join AD to access an AD authenticated server. He can just pass AD credentials manually when connecting. I'm talking about convenience rather than necessity when I want a client to join AD.
How would that be any more convenience than storing the credentials for the user in a file browser?
-
@thecreativeone91 said:
How would that be any more convenience than storing the credentials for the user in a file browser?
See my post above....
-
@Carnival-Boy said:
I'm talking about a phone running a fully featured, domain joined, Windows OS. If we're arguing about two different things, then let's leave it there.
That seems like it would be a very annoying device.. Computer and phone are designed to be operated in two different manners operating a phone like a computer would be odd, confusing and bad on battery life.
-
@Carnival-Boy said:
Let me put it another way. Why do you join Windows PCs to AD? It isn't necessary. You don't need it to connect to an SMB server. You can have your web browser cache your credentials to intranet web servers. You don't need it for group policy. You can have all your apps cache credentials. You don't need it for anything. Why do it?
Because the services used by the computer are AD integrated top to bottom and the desktops and laptops are multiuser so tracking users is important. They are not single user devices like phones. So AD is part of the authentication. We use AD to simplify multiuser management of the computer, that it is used for services is ancillary.
-
@Carnival-Boy said:
After you've told me the answer, tell me why you wouldn't want to connect a Phone to AD. What is it about a PC that you want on AD that isn't also desirable on a phone. Because there is nothing I do on my PC that I wouldn't like to do on my phone.
Because the phone is a single user device and has no value in talking to AD that I can see. PCs allow anyone to log in, I don't want that on my phone. I only want me to be able to log in. And I want any call to that device to go to me, not to whoever is holding it.
-
@thecreativeone91 said:
Computer and phone are designed to be operated in two different manners operating a phone like a computer would be odd, confusing and bad on battery life.
Odd to you, not to me. Wherever possible, I avoid using the phone. I see my iPhone as a computer on which I very occasionally, when forced, make and receive phone calls.
-
@Carnival-Boy said:
Odd to you, not to me. Wherever possible, I avoid using the phone. I see my iPhone as a computer on which I very occasionally, when forced, make and receive phone calls.
I think that the issue here is that you just want a Windows tablet, not a phone. Nothing wrong with that. But you are looking to push phone users to act like computer users which isn't how people want their phones to work. There are two different types of devices, general purpose computers and phones / mobile devices. They are designed to operate in two different ways.
You just need to choose the one that fits your needs. You should get a small tablet rather than a phone. I think that instead of asking for existing phones to "integrate AD", what you really want is existing Windows tablets to shrink by a few inches to meet your size requirements.
Does that make sense? I think that your end goal is good, but I think that you are approaching it the wrong way. I'm pretty sure that a Windows tablet today does what you want exactly, just is too large?
-
A small windows tablet, with WWAN and GPS, that I can occasionally send and receive phone calls on. Yeah, that would be fine for me
-
@Carnival-Boy said:
A small windows tablet, with WWAN and GPS, that I can occasionally send and receive phone calls on. Yeah, that would be fine for me
They can make that today, just no one does. They've gotten pretty close. If you use VoIP you can basically do it on a smaller tablet.
-
@scottalanmiller said:
And I want any call to that device to go to me, not to whoever is holding it.
You don't really (at least easily) have this ability now.
So how would AD made this any different?
To @Carnival-Boy point - it's not AD specifically but the entire ecosystem that is MS's support of the desktop that is wanted on the phone. IE when I log into my phone using my AD account (which I should only have to do once, from there after I should be able to use a PIN) the phone will authenticate with the AD, pull down the associated MDM profile, grant access to SMB, if the feature were added, be able to use my AD creds to log into websites, etc.
If you want to call it AD integrated MDM, and it's the MDM doing all these things to my phone - fine.. but to the average person this seems like AD integration.
-
@scottalanmiller said:
@Carnival-Boy said:
A small windows tablet, with WWAN and GPS, that I can occasionally send and receive phone calls on. Yeah, that would be fine for me
They can make that today, just no one does. They've gotten pretty close. If you use VoIP you can basically do it on a smaller tablet.
The Winbook that was previously mentioned here on ML is pretty nice - combine that with your phone/mobile hotspot and you're golden.
-
@Dashrender said:
@scottalanmiller said:
And I want any call to that device to go to me, not to whoever is holding it.
You don't really (at least easily) have this ability now.
So how would AD made this any different?
By turning the device into a multi-user device. That's AD's function, to make things easily multi-user.
