I’ve long believed companies should offer workers a choice in the technology they use in the office and when working remote.
Doing so lets employees use what they feel is the best choice of devices for their work, it can help attract and retain staff, it lessens the likelihood workers will go rogue and source their own technology (aka shadow IT), and it establishes a positive relationship between IT and the rest of an organisation.
Companies like IBM and SAP have documented their experiences in moving to an employee-choice model and have declared it a success. But does that mean it would work for every company? And how do users decide which way to go?
The most important question in developing (or expanding) an employee-choice model is determining how much choice to allow. Offer too little and users risk undermining the effort's benefits. Offer too much and they risk a level of tech anarchy that can be as problematic as unfettered shadow IT. There isn’t a one-size-fits-all approach. Every organisation has unique culture, requirements/expectations, and management capabilities.
An approach that works in a marketing firm would differ from a healthcare provider, and a government agency would need a different approach than a start-up.
Options also vary depending on the devices employees use — desktop computing and mobile often require differing approaches, particularly for companies that employ a BYOD program for smartphones.
PCs, Macs, Chromebooks, and other desktops
Most employee-choice programs focus on desktops and laptops. The default choice is typically basic: do users want a Windows PC or a Mac? Most often, the choice only extends to the platform, not specific models (or in the case of PCs, a specific manufacturer).
Keeping the focus on just two platforms eases administrative overhead and technical support requirements. It also allows companies to leverage volume purchases from one partner in order to receive bulk discounts.
The rise of Chromebooks in business expands that choice, as does the use of other operating systems such as varying flavours of Linux or specific versions of Windows. Although Windows 11 has been out for some time now, many organisations are still tied to Windows 10 — partly for simplicity of support and partly because many older PCs don’t meet the requirement of Windows 11.
Google is making a play for the enterprise by offering ChromeOS Flex, which turns aging PCs and Macs into Chromebooks. This allows companies to continue to use machines that have dated or limited hardware, but it also means adding support for ChromeOS devices. Because Flex is so new, it's not clear just how feasible it is with various hardware configurations.
Then there’s the option of going beyond just specific platforms. Although hardware uniformity makes it easier to deploy, manage, and support a fleet of devices, some users might need specific models, specs, or manufacturers. And even a minimal amount of hardware choice can greatly expand the overhead for deployment and support, particularly when users use multiple manufacturers.
Where to draw the line
Start by determining which operating systems a business can support. A big part of this decision is understanding how much additional work and cost each requires. Supporting Windows is generally a default for most organisations, as are the tools for deploying and managing Windows PCs.
To support Macs, they’ll need to invest in software for managing devices, typically referred to as enterprise mobility management (EMM), unified endpoint management (UEM), or mobile device management (MDM) services; different vendors refer to their wares using any of these descriptors.
Users might already have an Apple option, since it uses the same protocol to manage both iOS and macOS hardware. So users won’t have to invest in another tool to manage Macs (aside from addition licence costs for the Macs deployed) and there shouldn’t be a significant learning curve. It also means businesses can use the same user/device groupings that already exist and even many of the same policies, though some tweaks might still be needed.
Even if users have a management solution already, they should explore other options — especially if they’re underwhelmed by the system they have. They’ll also want to consider investing in an Apple-specific EMM options such as JAMF, Kandji, and others.
The advantage here? These companies typically offer capabilities for deploying Macs and iOS devices (as well as software and configurations) that go beyond what’s included in Apple’s MDM protocol. If businesses expect to support a large number of Macs, this can make some tasks and processes run more smoothly and efficiently than something designed to support multiple desktop and mobile platforms.
It’s also important that users have enough IT staffers, particularly help desk and support staff that understand Macs.
Should Chromebooks or Linux be in the mix?
Several, but not all, EMM vendors include support for ChromeOS. If a current vendor does, there shouldn’t be a significant expense in adding ChromeOS hardware to the mix. Otherwise, users will need to look at other options.
This can mean adding a platform specifically to manage Chromebooks or outright replacing what they now use. As with Macs, they'll be able to leverage existing organisational details such as user and device groups, but they’ll need to develop policies specific to ChromeOS.
In addition to EMM solutions, they can use Google’s Chrome administration service; it allows them to not only manage ChromeOS but also the Chrome browser installed on other platforms. Although it works fine, it will lead to extra admin overhead since they'll be using two separate tools with overlapping functions. And again, they’ll want to have staff familiar with ChromeOS to adequately support it.
Another concern with Chromebooks is that they come with a so-called expiration date. Each model includes an Auto Update Expiration date after which it will receive no feature updates or security patches. While all technology eventually suffers from obsolescence, it’s typically because older hardware can't run newer software.
Even then, on other platforms security patches are typically maintained for some time. With ChromeOS, the decision is less based on technical improvements, more on an actual date. And the clock starts ticking when a Chromebook model is first put on the market, not when it's purchased or first activated. If users decide to support ChromeOS, use Google’s list of models and associated dates to maximise the length of service for each Chromebook.
If users intend to offer Linux devices, they’ll want to look for hardware that can support it. Determining exactly what that looks like can be a bit tricky because of the varieties of Linux available. It’s best to standardise on one and source the best and/or most cost-effective option. This also eases support demands, which can grow significantly if they require multiple Linux distributions.
OS versions and hardware specifics: Choose wisely
It's important to determine which versions of each OS the business will support. That decision may be driven by hardware or by security issues with each platform, the timeliness of updates, and the process of updating both the OS and software once hardware is deployed.
This can vary significantly, so consider security requirements, the expected lifespan of the machines, typical refresh timelines, and how easy it is to support each version of the OSes that is selected.
Once settled on the platforms, the next big consideration is what hardware specs or models users plan to offer. They'll want to standardise this as much as possible, particularly for PCs.
Sticking to a single vendor is best for both volume purchasing and ease of support, but even then hardware configurations can vary a lot. Users must aim for a solid workhorse, and stick as closely to standard configurations as possible (again for both volume purchasing and support).
Form factor matters, too. This is particularly true for PCs where there numerous desktop, laptop, tablet, and hybrid options. While a good single option should meet the needs of most workers, there are legitimate reasons some users and executives may need or want something different.
If users have a good sense of what those needs are, they can decide in advance on a couple of options to offer — either when employees are making a selection or if the standard option doesn’t meet their needs.
Alternatively, users can select a standard option and then treat requests for models on a case-by-case basis. Should they go this route, create a procedure for users to request a specific model/configuration (and to keep costs in check, require manager approval as part of the process).
And they can always ask about specific reasons for a non-standard choice and suggest alternatives less likely to increase cost or administrative complexity.
How to decide on mobile devices
In many ways, mobile devices were the catalyst for employee choice in the first place, regardless of whether they're employee-owned BYOD devices or business-owned devices under a choose-your-own-device (CYOD) model.
Although some companies still dictate specific devices, this largely involves devices like iPads and tablets. With smartphones, however, employees typically have a wide range of options.
The iPhone has long been the phone of choice for business, especially after Apple began incorporating enterprise features as far back 2008 when it introduced support for Exchange Active Sync and configuration profiles. Two years later, Apple unveiled its MDM protocol.
Although Android suffered some significant teething problems when it comes to enterprise capabilities, both platforms today are enterprise-ready.
The big question for smartphones is what level of legacy support is appropriate. Apple continues to get OS updates and security patches for the iPhone longer than any other smartphone manufacturer. It also has the advantage that updates are delivered direct from Apple to each iPhone.
On the Android side of things, support for OS and security updates can vary widely — as can delivery of them. Google’s Pixel devices get a decent margin of active updates, and they are immediately available (much like iOS updates). Other manufacturers are decidedly more mixed.
Some, like Samsung, beat Google’s update timelines, but most fall short of it — and some devices will never see an OS update. Because manufacturers need to vet new Android releases with their hardware and any customisations they’ve made to Android, it’s not uncommon for months to elapse between when Google publishes an update and devices receive it.
Given the number of Android device models available, trying to understand what to support or not was once a major challenge (and one reason iOS dominated the business market for so long). In recent years, Google has worked to help companies avoid this pitfall by creating Android Enterprise, a set of features designed to help organisations deploy and manage Android devices.
Manufacturers that want to be included within the Android Enterprise rubric must agree to implement certain security and management features and offer some level of update support down the road.
Google uses data from these manufacturers to create a searchable list or authorised Android Enterprise devices that can be sorted across a wide range of metrics including initial Android version, hardware and storage, carrier region support, and initial release date.
This provides a useful tool to determine what company-owned devices users are willing to offer and/or the range of devices that they’re willing to support under a BYOD program. But the program has come under fire, too, for falling short of its lofty goals.
There seems to be a trend with Android to treat it primarily as a smartphone platform, even though there are a range of Android tablets on the market. Most simply don’t have the mindshare that the iPad, Surface, or Kindle Fire enjoy. (I note these three examples because they are typically more requested than Android tablets.)
Managing iPads is not materially different than managing iPhones and Macs. Until relatively recently, the iPhone and iPad ran the same operating system, though Apple has begun to differentiate between them. With the advent of Apple Silicon, the current iPad Pro and iPad Air actually use the same M1 chip that powers several of the current Mac models.
Likewise, the Surface is a Windows PC, as are any number of other Windows tablets or hybrid devices. there's little difference between managing Windows tablets and managing desktop or laptop PCs.
The Kindle Fire is a completely different animal. Although Fire OS\ is based on a forked version of Android, it really can’t be thought of as an Android device. Its user experience is completely unique, it can’t connect to the Google Play Store, and it is designed to prefer Amazon’s services instead of those from Google. Most significantly, Fire OS cannot use Android’s EMM features because the OS has been so heavily modified.
That doesn’t mean users can’t manage Kindle Fire tablets; there are a few EMM vendors that support some basic device management for them. Most EMM vendors, however, don’t (or have stopped supporting Fire OS). This can mean relying on multiple EMM products as well as higher administrative challenges and confusion. Very few organisations support Kindle Fire tablets as a result.
What other devices can be offered?
In addition to traditional desktop and mobile platforms, business and education computing continues to explode. Smart TVs (or boxes/sticks that offer streaming and other features) are a growing staple in many conference rooms, meeting spaces, classrooms and offices.
The Apple TV set top box offers extensive configuration and management capabilities in tvOS, including setup, access restrictions, network connectivity and device name, and apps.
As with other Apple products in this list, any vendor that supports Apple’s MDM protocol should be able to manage a fleet of stationary Apple TV units or units for employees and executives that need to travel as a presentation option. Beyond Apple TV, the situation is murkier, though EMM vendors do support different TV platforms, most notably Android TV.
Despite the business potential of virtual assistants in business and enterprise, the smart speaker market is almost entirely consumer based. The same is true with vehicle infotainment platforms such as Apple’s CarPlay and Android Auto. This doesn’t mean they can’t be used for basic business tasks like asking Siri to read and reply to messages, or telling Google Assistant to schedule a meeting or create a to-do list.
With no direct enterprise integration, these platforms simply use their connection to a user’s identity in their respected ecosystems to perform tasks and shuttle the results to a user’s devices, essentially acting as a shortcut to completing a task on a smartphone or a PC.
Working with employees, managers, and executives to deliver the best combination of tools to support their job functions has become a requirement for almost every IT department, particularly after two and half years of remote and hybrid work during the pandemic. This offers tremendous opportunities for both users and IT staff, but too much of a good thing ceases to be good.
The watchword is balance — and what that looks like for each organisation will differ. Plan accordingly.