Microsoft's TechEd North America conference, which was held this week in New Orleans, provided a first glimpse of the architecture that Microsoft shops should use to manage employee personal devices for work duties, an emerging IT trend called BYOD (bring your own device).
"We've built a solution to manage your devices where they live," said Brad Anderson, Microsoft's corporate vice president of Windows Server and System Center, during the keynote at TechEd. System administrators will "get a consistent experience to manage PCs and devices in one console, one set of capabilities, and not separate infrastructures."
[ Also from InfoWorld: TechEd shows Microsoft's betting big on the cloud. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter.| Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
By the end of this year, organizations will be able to use a set of Microsoft products to permit their workers to use their personal devices -- including non-Windows mobile devices such as Apple iOS-based iPhone and iPads and Android devices -- to access company applications, data and other resources. Company administrators can apply full management policies to these devices, at least in how these devices interact with the organization's resources.
"If you have a Windows PC, you can join it to the domain and control it in a pretty deep way," said Andrew Conway, a Microsoft director of product marketing, in a follow-up interview. "But as we move to this new paradigm of people using different mobile devices, we're bringing a lot of new capabilities not only against Windows 8, Windows RT and Windows Phone 8, but also against iOS and Android."
During the TechEd keynotes Monday, Molly Brown, principal development lead at Microsoft, demonstrated how someone could access an internal SharePoint site and work folders from a nonwork Windows 8.1 device, thanks to a new feature in Windows Server 2012 R2 called "Workplace Join." Over time, Microsoft will offer this sort of access to iOS devices as well.
Brown also showed how users can register their mobile devices with the workplace, which will provide them with the ability to download data and company apps written for their device platforms. This will work on Windows 8.1, iOS and -- after Microsoft finishes developing a device agent -- Android as well. When the employee leaves the organization, all the work assets can be wiped from the personal device, while keeping the nonwork assets untouched.
Over the course of the week, more details came out at TechEd about how organizations could make this happen. They'd need the latest versions of Windows Server 2012 R2, System Center R2 -- most notably the System Center's Configuration Manager -- and Microsoft's Intune computer management service.
The use of Intune is unusual given that it is a diversion from the service's original purpose, to supply small businesses and organizations with many branch offices with an easy way to maintain their work computers with updates and bug fixes. Now, Microsoft is also pressing the service into a secondary use of providing a gateway for personal mobile devices used for work duties outside the firewall 
