The Community

Back in 2014, I discovered Miradore, an ITSM solution with a then-emerging Mobile Device Management (MDM) product that promised a robust set of features for managing Android devices. My initial review, Miradore Online: Free MDM, highlighted the platform's potential and its generous free tier, which made it stand out in a market otherwise dominated by costly alternatives. Miradore isn't defined by their free tier, of course, there's a rather large and feature-rich product behind it. It's what drew me in to their product in the first place however, and has been a consistent, defining feature of their platform for more than a decade. Over the years, I revisited Miradore multiple times, documenting its growth and the expansion of its feature set in articles like Miradore Online MDM Review: A Second Look and Miradore Online MDM: Expanding Management with Subscriptions. In 2022, when Miradore announced its acquisition by Goto, I met the news with cautious optimism. Goto, a company known for its suite of remote work tools, seemed like a reasonably safe choice to nurture Miradore's growth. Official announcements from both parties, such as Goto Acquires Miradore and Miradore Acquired by Goto: What Happens Next?, painted a rosy picture of enhanced resources and expanded capabilities. However, the honeymoon period is certainly over now. Since the acquisition, Goto has more and more shown its disdain for Miradore's core MDM USP, systematically stripping away key features from the free tier and fundamentally altering the product's value proposition and accessibility. The erosion of the free tier # Last December, a significant change came when Goto removed essential functionalities from the free plan. Email configuration, VPN setup, Wi-Fi settings, contacts management, and mail were no longer accessible without a paid subscription. Details of these changes weren't outlined in Miradore's release notes, instead opting to send direct emails to certain customers only. I personally heard about it second-hand. Nevertheless, the impact was felt by long-time users who had integrated these features into their device management workflows. The situation worsened then in April; Goto further restricted the free tier by limiting mass actions — a cornerstone feature for any MDM solution. According to the official announcement: We have modified our Free plan and limited the mass actions. From now on, Free plan customers can: Deploy configuration profiles one device at a time Synchronize a single device at a time These changes effectively crippled the efficiency that Miradore once offered. Administrators now have to perform repetitive tasks individually for each device, a tedious process that is impractical for organisations managing more than a handful of devices. But Goto isn't finished. Later this year, they have announced plans to cap the number of devices on the free plan to 50, down from unlimited. The forthcoming changes were communicated through another release note recently. Yes, effectively unlimited devices down to 50. They aren't adjusting the tier functionality either, so it remains quite limited in capability after this change also. The impact on organisations # Obviously paying customers on higher tiers are wholly unaffected by these changes, and the remaining Miradore team within Goto continue to do a wonderful job with their customer base. That said, many of the paying customers they have will have come in through their free tier, often selected because organisations could get started and grow their estates without a licence commitment. These cumulative changes have made Miradore's free tier not just limited but virtually unusable for organisations of any moderate size and/or complexity, and pit Miradore far more directly with competing platforms, such as Manage Engine's 25 free licences. Fewer, yes, but not feature-limited. If you're going to enforce limits, you'd be wise typically to pick a path - limited licences, or limited functionality. The removal of both critical features and the imposition of device limits is a double-whammy that offers the worst of both worlds. I'd ask how they expect groups on the free tier to remain loyal to a platform driven by decisions that scream "we don't want you here", but it seems apparent they haven't considered the question. As someone who has championed Miradore for nearly a decade, I find this trajectory disheartening. The platform's Unique Selling Proposition (USP) was its robust free tier, which allowed organisations — especially smaller groups and communities with tight budgets — to manage their Android devices effectively without incurring additional costs, and I have directed hobbyists, charities, and indeed potential customers their way for years to benefit from this in order to take a first step into the enterprise management ecosystem. Goto's strategy appears to be undermining this USP entirely. By going down the path they've chosen, they're alienating the very user base that helped Miradore grow. It's a puzzling move, especially when considering that the MDM market is more competitive than ever, and my sympathies go out to the remaining Miradore team suffering the consequences of these mandates. Conclusion # Miradore's journey from a promising entry point into device management to its current state of limited functionality on a finite number of devices is a cautionary tale of how acquisitions can sometimes erode the very qualities that gave a product its place in a market. Goto's incremental worsening of their product will fundamentally change what Miradore offers, making it less appealing to organisations that may have used it as a jumping point into a higher tier at a later date, and more likely to be bundled with competing platforms in the decision-making process, unfortunately some with more compelling trial / free tiers than Miradore will soon offer. My hope going forward is these changes derive very real, measurable impacts on user acquisition and retention, and force Goto to revert. Better still if they also then choose to step back and let the folks who built and know the product define how it should be positioned and operated in the market going forward.

Back in 2014, I discovered Miradore, an ITSM solution with a then-emerging Mobile Device Management (MDM) product that promised a robust set of features for managing Android devices. My initial review, Miradore Online: Free MDM, highlighted the platform's potential and its generous free tier, which made it stand out in a market otherwise dominated by costly alternatives. Miradore isn't defined by their free tier, of course, there's a rather large and feature-rich product behind it. It's what drew me in to their product in the first place however, and has been a consistent, defining feature of their platform for more than a decade. Over the years, I revisited Miradore multiple times, documenting its growth and the expansion of its feature set in articles like Miradore Online MDM Review: A Second Look and Miradore Online MDM: Expanding Management with Subscriptions. In 2022, when Miradore announced its acquisition by Goto, I met the news with cautious optimism. Goto, a company known for its suite of remote work tools, seemed like a reasonably safe choice to nurture Miradore's growth. Official announcements from both parties, such as Goto Acquires Miradore and Miradore Acquired by Goto: What Happens Next?, painted a rosy picture of enhanced resources and expanded capabilities. However, the honeymoon period is certainly over now. Since the acquisition, Goto has more and more shown its disdain for Miradore's core MDM USP, systematically stripping away key features from the free tier and fundamentally altering the product's value proposition and accessibility. The erosion of the free tier # Last December, a significant change came when Goto removed essential functionalities from the free plan. Email configuration, VPN setup, Wi-Fi settings, contacts management, and mail were no longer accessible without a paid subscription. Details of these changes weren't outlined in Miradore's release notes, instead opting to send direct emails to certain customers only. I personally heard about it second-hand. Nevertheless, the impact was felt by long-time users who had integrated these features into their device management workflows. The situation worsened then in April; Goto further restricted the free tier by limiting mass actions — a cornerstone feature for any MDM solution. According to the official announcement: We have modified our Free plan and limited the mass actions. From now on, Free plan customers can: Deploy configuration profiles one device at a time Synchronize a single device at a time These changes effectively crippled the efficiency that Miradore once offered. Administrators now have to perform repetitive tasks individually for each device, a tedious process that is impractical for organisations managing more than a handful of devices. But Goto isn't finished. Later this year, they have announced plans to cap the number of devices on the free plan to 50, down from unlimited. The forthcoming changes were communicated through another release note recently. Yes, effectively unlimited devices down to 50. They aren't adjusting the tier functionality either, so it remains quite limited in capability after this change also. The impact on organisations # Obviously paying customers on higher tiers are wholly unaffected by these changes, and the remaining Miradore team within Goto continue to do a wonderful job with their customer base. That said, many of the paying customers they have will have come in through their free tier, often selected because organisations could get started and grow their estates without a licence commitment. These cumulative changes have made Miradore's free tier not just limited but virtually unusable for organisations of any moderate size and/or complexity, and pit Miradore far more directly with competing platforms, such as Manage Engine's 25 free licences. Fewer, yes, but not feature-limited. If you're going to enforce limits, you'd be wise typically to pick a path - limited licences, or limited functionality. The removal of both critical features and the imposition of device limits is a double-whammy that offers the worst of both worlds. I'd ask how they expect groups on the free tier to remain loyal to a platform driven by decisions that scream "we don't want you here", but it seems apparent they haven't considered the question. As someone who has championed Miradore for nearly a decade, I find this trajectory disheartening. The platform's Unique Selling Proposition (USP) was its robust free tier, which allowed organisations — especially smaller groups and communities with tight budgets — to manage their Android devices effectively without incurring additional costs, and I have directed hobbyists, charities, and indeed potential customers their way for years to benefit from this in order to take a first step into the enterprise management ecosystem. Goto's strategy appears to be undermining this USP entirely. By going down the path they've chosen, they're alienating the very user base that helped Miradore grow. It's a puzzling move, especially when considering that the MDM market is more competitive than ever, and my sympathies go out to the remaining Miradore team suffering the consequences of these mandates. Conclusion # Miradore's journey from a promising entry point into device management to its current state of limited functionality on a finite number of devices is a cautionary tale of how acquisitions can sometimes erode the very qualities that gave a product its place in a market. Goto's incremental worsening of their product will fundamentally change what Miradore offers, making it less appealing to organisations that may have used it as a jumping point into a higher tier at a later date, and more likely to be bundled with competing platforms in the decision-making process, unfortunately some with more compelling trial / free tiers than Miradore will soon offer. My hope going forward is these changes derive very real, measurable impacts on user acquisition and retention, and force Goto to revert. Better still if they also then choose to step back and let the folks who built and know the product define how it should be positioned and operated in the market going forward.

In a surprise announcement last week, Google have confirmed sideloaded applications - such as those deployed via EMM solutions - will no longer be sent to Google servers for Google Play Protect scanning on enterprise-managed devices. Why apps are sent to Google # When an application is installed from a source other than Google Play, it is not considered safe by default. Google Play Protect, as part of the round-the-clock security it provides, tries to verify it. If the application doesn't match any known applications in the GPP database, it will ask the end user of the device to allow GPP to send the application up to Google's dedicated infrastructure to run the necessary security verifications. This off-device service then undertakes the necessary tasks to ensure it's safe, devoid of anything harmful, and any future devices that install the application benefit from GPP knowing of its existence ahead of time. This doesn't happen with applications that come down from Google Play because they've already undergone this security validation during the Play Store approval process. GPP knows the application, knows where it's from, and in most cases now sees an association with Google Play in the application metadata itself. Why organisations dislike it # While the service itself really can't be knocked (free security), the approach of requesting from end-users whether an application can be sent to Google is troublesome. If an organisation relies on in-house, or line of business, applications typically installed via the EMM agent directly (rather than using the Google Play iFrame or console uploaded as a private application), they may be familiar with this on-device prompt: Source: Google A disruptive, and oft-confusing interruption for end-users, this has caused questions around the quality, security, and trustworthiness of non-Google Play installed applications for years now. It is an entirely-consumer approach forced upon enterprise devices with no administrative control; had an API been present to define the answer to the above prompt (akin to how organisations can set permissions, for example) this likely wouldn't have been an issue. What's changing # As of the 6th of September (2024), applications sideloaded onto enterprise-managed devices, via any means, will no longer be sent for scanning, and thus the prompt will no longer present itself. It is, in effect, a permanent "Don't send" preset for applications installed either into the parent profile for device owner deployments (fully managed, dedicated), or the work profile of a profile owner deployment, so yes, it applies to personally owned work profile devices also. What it means for organisations # While sending applications for scanning will no longer be done, Google Play Protect remains active on devices. This is not a full disablement of on-device security, as on-device detection and prevention continues to function; known malicious apps, however they're installed, will still be flagged and may be removed. Beyond this, nothing really changes in terms of recommendations for the overall management of applications from unknown sources. Where possible it should be blocked by default. How this came to be # This announcement stems from a lengthy & passionate post on the Android Enterprise Customer Community, further highlighting the importance of the CC for direct feedback into Google and respective product teams. It's a considerable win for the community and those who use it 😁 If you're on the fence about joining up to share your own feedback, I would hope this example of Google and the customer ecosystem working together to improve the experience for everyone offers the nudge you need. Find a link to join in the share box below 👇

In a surprise announcement last week, Google have confirmed sideloaded applications - such as those deployed via EMM solutions - will no longer be sent to Google servers for Google Play Protect scanning on enterprise-managed devices. Why apps are sent to Google # When an application is installed from a source other than Google Play, it is not considered safe by default. Google Play Protect, as part of the round-the-clock security it provides, tries to verify it. If the application doesn't match any known applications in the GPP database, it will ask the end user of the device to allow GPP to send the application up to Google's dedicated infrastructure to run the necessary security verifications. This off-device service then undertakes the necessary tasks to ensure it's safe, devoid of anything harmful, and any future devices that install the application benefit from GPP knowing of its existence ahead of time. This doesn't happen with applications that come down from Google Play because they've already undergone this security validation during the Play Store approval process. GPP knows the application, knows where it's from, and in most cases now sees an association with Google Play in the application metadata itself. Why organisations dislike it # While the service itself really can't be knocked (free security), the approach of requesting from end-users whether an application can be sent to Google is troublesome. If an organisation relies on in-house, or line of business, applications typically installed via the EMM agent directly (rather than using the Google Play iFrame or console uploaded as a private application), they may be familiar with this on-device prompt: Source: Google A disruptive, and oft-confusing interruption for end-users, this has caused questions around the quality, security, and trustworthiness of non-Google Play installed applications for years now. It is an entirely-consumer approach forced upon enterprise devices with no administrative control; had an API been present to define the answer to the above prompt (akin to how organisations can set permissions, for example) this likely wouldn't have been an issue. What's changing # As of the 6th of September (2024), applications sideloaded onto enterprise-managed devices, via any means, will no longer be sent for scanning, and thus the prompt will no longer present itself. It is, in effect, a permanent "Don't send" preset for applications installed either into the parent profile for device owner deployments (fully managed, dedicated), or the work profile of a profile owner deployment, so yes, it applies to personally owned work profile devices also. What it means for organisations # While sending applications for scanning will no longer be done, Google Play Protect remains active on devices. This is not a full disablement of on-device security, as on-device detection and prevention continues to function; known malicious apps, however they're installed, will still be flagged and may be removed. Beyond this, nothing really changes in terms of recommendations for the overall management of applications from unknown sources. Where possible it should be blocked by default. How this came to be # This announcement stems from a lengthy & passionate post on the Android Enterprise Customer Community, further highlighting the importance of the CC for direct feedback into Google and respective product teams. It's a considerable win for the community and those who use it 😁 If you're on the fence about joining up to share your own feedback, I would hope this example of Google and the customer ecosystem working together to improve the experience for everyone offers the nudge you need. Find a link to join in the share box below 👇

Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!) ^ Not any more 🙂