Devicie’s Martin McGregor on the Risky.Biz podcast
Device co-founder Martin McGregor caught up with Risky.Biz founder Patrick Gray on the Risky.Biz podcast.
Devicie being selected to join the Microsoft Pegasus program
How Devicie helps organisations of all sizes prepare for and migrate to Intune painlessly
Mastering patching operating systems and application management consistently from day one
Eliminating local administration
Listen to Martin McGregor on the Risky.Biz podcast.
Patrick Gray: Devicie is an Australian company that has built a product around Microsoft Intune. And as you're about to hear, Microsoft is now getting behind them.
Intune is an amazing bit of plumbing that can be used to manage all sorts of devices. But let's be honest, out of the box, it can be quite difficult to use.
What's funny is there doesn't really seem to be a typical customer for Devicie. It's all over the map, which is probably because everyone has to manage devices and it's always a pain, no matter what size you are. Work from home has complicated this even further. Their customers are anyone from schools to large enterprises. The idea with Devicie is, you tell them what apps you want on your devices, and they make it happen. Over the last couple of years, they've done a bunch of engineering work to make their own tooling at the backend work much, much better. So now when a customer says hey, can you roll out this app to our users? The process is very simple. Eventually, they're going to make those tools customer facing, but to be honest, it's not really something people are asking for at the moment. Customers like letting the Devicie gnomes do all of the work once. All this engineering work means that Devicie is ready to scale. So here is Martin McGregor talking all about Devicie and its new relationship with Microsoft.
Martin McGregor: We operate really as a service, so that makes us a little bit different in the market. We're not just tools that people consume to build their own solutions. You come to Devicie when you really want to outsource that function and you want to work with specialists in that domain.
Patrick: So the guts of it is that Intune, unless you're a very large company, can be a little bit difficult to use. Essentially–if you have to boil it down to brass tacks–that's the thing you're trying to fix, right?
“We want a really comprehensive security model and a really great operational model for end users. And that's actually much more difficult to achieve than most people appreciate, especially before they attempt to do the project.”
Martin: We do have very large enterprise companies that use Devicie and they have end user compute teams. They just will play a different role. Instead of building and maintaining all the infrastructure, they'll just use Devicie for that.
Patrick: Now over the last couple of years you took a series A investment, and you've been working on a few things. You've worked on getting ready for scale, right? So you can bring on more and more customers. And the second thing you've worked on is making the back end of your thing easier to use, right? So when a customer says, ‘hey, we want to roll out this app to all of our endpoints,’ that's a much easier process for you now. I believe also the plan is eventually to allow customers to get access to a prettier version of that of that backend. Is that right? So it'll be sort of self service.
Martin: Yeah, and largely it is already. Once the customer is onboarded, they’ve got a portal where they can request apps, decide where they want those deployed in the organisation and even request new apps. So rather than investing in building their own bespoke solutions, they’re coming to Devicie so they can use essentially an off-the-shelf product that meets and exceeds their requirements.
Patrick: All right. Now, I was going to ask you about the local admin thing, right? Because this is actually something that a lot of your customers have been using Devicie to do.
“Once you've got Intune managed endpoints, you can start really tackling the local admin issue.”
This is something that your customers are using you to do, right?
Martin: 100%. There are some really important prerequisites before you can manage local admin effectively. You have to make sure that you can provision the system and make it completely operational without an admin needing to do anything. So that has to be completely automated. That includes app management. All of the applications that an employee needs need to be able to be configured and deployed without anyone being an administrator. Once you're at that point, then we can tackle things like local admin privileges. When they’re onboarded, we have a workflow that we take them through where we bring them to maturity reasonably quickly. They might not even appreciate the sequence that we operate and why we do those things, but it's so that we can get them to those outcomes really quickly.
One of the things is helping them onboard apps and manage those themselves through the portal, so no one needs to install them anymore. Once we've got those prerequisites, we can execute on that. There are some other things that we need to be able to provide. What happens is, a customer will say, ‘Hey, listen, we request local admin on this device’. They'll work with our customer success team who will provide that to them in a safe way. So for example, they want to risk accept that this particular user is going to be a local admin–that is represented in our in our console. They can see that risk accepted user. They can also see all the unexpected admins that shouldn't be there, click on those and start working through resolving those and getting them compliant.
Plus, there's other things that we do so if they say, ‘Hey, listen, we need local admin for this purpose’. We’ve built a lot of capabilities so that they don't need local admin and they can still achieve most things. Our support team will help them achieve those. But then, even if it comes down to it and admin absolutely needs to get access to a system, we provide our customers with a key vault that creates credentials for every system and they can be retrieved by an administrator for any system. It's a unique password, it'll change after they'd use it. It's got all those nice security capabilities, but we have to make it operational.
Patrick: So you’ve baked in some automated PAM in there as well.
Martin: Yeah, we used to have our own version of LAPS, (local admin password service) but we've retired that now and we're making use of Microsoft's one that sits on top of Intune. So we essentially automate that for our customers now.
Patrick: Speaking of Microsoft, you've done a deal with them. Tell us about that.
“We've just gone through this quite incredible experience of being assessed for the Microsoft Pegasus program. I was quite surprised to find that we've managed to get in. That's quite a thing for an Australian organisation.”
Martin: I think the real reason for that is we solve a problem that's on Microsoft's radar and something that they've identified this year, which is the challenge for small to medium businesses to get effective outcomes on Intune for their organisations that are affordable. That's where we're really strong. Microsoft recognise that. We’re really expanding our capacity to take on more of their customers and particularly in other regions around the world.
Patrick: So the Pegasus program–I think you get a bunch of Azure credits, right, which is one nice thing, but it's also sales support, isn't it?
Martin: It is sales support, it's go to market support. It's resources that they allocate to us. We even get a solution architect allocated to us from Microsoft. So we have an interface into Microsoft. It's a bit of a two-way thing. We want to be able to give our customers a better experience on Intune than they can achieve themselves. And this relationship allows Microsoft to support us better so that we can support our customers better with Intune as well.
Patrick: So they're backing you because of the small and medium business use case. But as you said, you're selling into enterprise as well. So is there a typical size of business who are buying? I'm guessing not though, because desktop management is something everybody needs. I'm guessing you're still going to get big customers coming along when they can't be bothered doing all of the engineering that you need to do to make Intune work properly.
Martin: Yeah, exactly. When we spoke last, we only really could afford to take on enterprise customers, and that's where we were at as a business. But as we've been able to increase scalability, and we've been able to change our pricing model, we can take on customers of any size. And one of the particular focuses for us has been schools for that reason. Schools is an area that I wanted to help for a long time because it’s a gap. It's really hard for them to find experienced IT people, especially experienced Intune professionals and it's quite expensive to get good outcomes. So we've been able to serve schools that can't pay as much as large enterprises.
Patrick: Yeah. Now, another big use case, I'm guessing, I mentioned local admin earlier and generally well-managed endpoints is great, but also just patching. Patching is just such a big thing. I mean, I'm guessing you would have some enterprises coming to you just because you make that part of it easier, right?
“Patching is a 25-year endeavour for me now. I've been fiddling with this thing, you know. It's amazing to me that it's as challenging as ever for organisations and maybe even more challenging.”
Martin: Back to having complete ownership of the solution and working in a way that gets us outcomes, we've designed Devicie so that we can get much better patching outcomes than if we didn't manage the device. If you had a tool that you just used to orchestrate patching, you couldn't get the outcomes that we do because we're onboarding the devices and we're managing them from when they're first built as well. So we have absolute visibility of every device. The challenge for patch management and keeping organisations up to date for me is that there's always a gap. It's something I’ve experienced my whole career. The auditor is always asking: 'What about the devices that you don't have an agent on? What's their status?’. That could be 3% of your organisation. But if you've got 1000s of devices–that’s a lot of devices to have out of compliance. We've been able to make headway, in an absolute way, where we can get really 100% compliance for patching because of this holistic approach to how we manage devices for our customers. And that's application and operating system and security patches.
Patrick: Well, Martin McGregor from Devicie. Thank you so much for joining us to give us an update on where you're at with it all. If anyone listening would like their devices managed via Intune, head over to devicie.com.
Ready to hear how Devicie can transform device management for your organisation?
Join our newsletter for our latest updates and in
When resources are limited, implementing and maintaining compliance across all Essential Eight controls can be challenging. That's why the State Library of NSW turned to Devicie.
Device security is just the beginning. Discover how a construction company generated $1.2 million ROI after reinventing their device security and management.
Unleashing patching success. Learn how to avoid pitfalls in patch management and discover actionable steps to designing and implementing an efficient patching policy.