Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

What's your BYOD Strategy? Objectives and tips from Microsoft & Aptera


Published on

It was challenging enough to make sure everyone had access to the software and files they needed back in the days when we all worked on desktops in the office. But with your employees working on their …

It was challenging enough to make sure everyone had access to the software and files they needed back in the days when we all worked on desktops in the office. But with your employees working on their own devices, both in and out of the office, it’s even harder to keep them fully equipped. Plus, you have the added challenge of making sure sensitive or proprietary information stays secure as people come and go with their own laptops, tablets, and smart phones. Fortunately, cloud technologies like Windows Intune are already available to help your business meet these challenges.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. BYOD – Strategy, Objectives and and Tools Aptera Jan 2014 .
  • 2.
  • 3. How Microsoft addresses today’s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
  • 4. Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Protect your data Management. Access. Protection. Help protect corporate information and manage risk.
  • 5. Selecting the Management Platform Unified Device Management – System Center 2012 R2 Configuration Manager with Windows Intune Cloud-based Management - Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Fewer than 7,000 devices and 4,000 users Simple web-based administration console
  • 6. Windows Intune – Standalone service Windows PCs (x86/64, Intel SoC) Windows RT, Windows Phone 8 iOS, Android Manage up to 7,000 devices and 4,000 users
  • 7. Mobile Device Management with Windows Intune Direct management (Windows RT, Windows Phone 8, iOS) EAS based management
  • 8. Information Worker Self-service Experience Connect every user ‘s device to the service Enable them to discover applications Let users manage their own devices and data Provide a premium end user experience
  • 9. End User Experience Consistent self service experience for end user across mobile platforms Windows RT Company Portal Windows Phone 8 Company Portal iOS Company Portal Native Windows application Native Windows Phone 8 app (.xap) Native iOS application Available in the Windows Store Side-loaded during enrollment Available in the Apple App store
  • 10. End User Capabilities for each Platform Windows 8 & Windows 8.1 Windows RT & Windows 8.1 RT Windows Phone 8 iOS Android Enroll (local device) Yes Yes Yes Yes EAS Rename devices Yes Yes Yes Yes No Retire (un-enroll local device) Yes Yes Yes Yes No Remotely wipe other devices Yes Yes No No No Install enterprise LOB applications Yes Yes Yes Yes Yes Install publicly available applications Yes Yes Yes Yes yes Browse to web links Yes Yes Yes Yes Yes Contact IT Yes Yes Yes Yes Yes
  • 11. Mobile Device Inventory Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync. No software inventory for mobile devices to respect the Information Worker’s privacy on their own device. IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues.
  • 12. Settings Management Security policy on devices (iOS, Windows RT and WP8) Direct management and Exchange ActiveSync. Reporting available on each setting whether it is applicable, conformant or has an error. The same security policy template is used for both Direct Management and EAS to help Admins Android and Windows Phone 7 devices can be managed through EAS
  • 13. Application Management on Mobile Devices Platforms Windows 8/Windows RT Windows Phone 8 iOS Android Sideload to install *.appx *.xap *.ipa *.apk Deep links to store apps – install from store
  • 14. Software Distribution Summary Desktop Apps (.msi, .exe) Platform Modern App Types Side loading .appx .xap .ipa .apk Deep Links web apps Windows 8 Pro/Ent √ √ √ √ Windows RT ** √ √ √ √ √ √ √ √ √ √ iOS √ Android √ WP8 Windows 7 and below ** √ Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other PCs linked to the user, but not installable on the local Window RT device √
  • 15. Protect your data Help protect corporate information and manage risk Lost or Stolen Retired Lost or Enrollment Stolen • Selective wipe removes corporate applications, data, and policies based as supported by each Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. platform Personal Apps and Data Personal Apps and Data Company Apps and Data Company Apps • Full wipe if supported by each platform and Data • Can be executed by IT or by user via Company Portal Retired Remote App Centralized Data Remote App • Sensitive data or applications can be kept off Policies Policies device and accessed via Remote Desktop Services
  • 16. Recap: MDM Features per Platform Management Feature Windows RT Windows Phone 8 iOS Y Y Y Y Y Y Y Settings Management Y Y Y Y Software Distribution Y Y Y Y Y Y Y Over-the-air Enrollment Inventory Remote Wipe Android
  • 17. Thank You! Mark Gordon .
  • 18. Appendix
  • 19. Windows Intune integrated with System Center 2012 R2 Configuration Manager Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android
  • 20. Manage and Secure PCs and Devices Anywhere Simple web-based Administration Console and a richer experience for Information Workers  Help protect PCs from malware  Manage updates  Distribute software  Proactive monitoring and alerts  Provide remote assistance  Inventory hardware and software  Monitor & track licenses  Increase insight with reporting  Set security policies  Richer Mobile Device Management
  • 21. Non-intrusive Management Management tasks can work with the Windows 8 maintenance window Management tasks do not interrupt if the end user immersed in a modern application
  • 22. Mobile device wipe and retire Category Full Wipe Windows 8.1 (MDM managed) Not applicable Windows 8 RT Not applicable Windows Phone  iOS Android (EAS)   Retire (Selective wipe)  (Email through EAS)  (Email through EAS) Company apps and associated data installed by using Configuration Manager and Windows Intune Uninstalled and sideloading keys are removed. In addition any apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible Sideloading keys removed but remain installed Settings Requirements removed Management Client Not applicable. Management agent is built-in Email  (Email through EAS) Uninstalled and data removed Uninstalled and data removed Apps and data remain installed Requirements removed Requirements removed Requirements removed Requirements removed Not applicable. Management agent is built-in Not applicable. Management agent is built-in Management profile is removed Not applicable. Management agent is built-in
  • 23. Mobile Device Settings Setting name EAS WinRT/ WinPh8 iOS (Activesync) Require a password to unlock mobile devices √ √ Required password type √ √ √ Minimum password length √ √ √ Allow simple passwords √ √ √ Number of repeated sign-in failures before device is wiped √ √ √ Minutes of inactivity before device screen is locked √ √ √ Password expiration (days) √ √ √ Remember password history Password √ √ √ √ √ Allow convenience logon (WindowsRT only) Allow camera √ Allow web browser Device restrictions √ √ √ Allow backup to iCloud (iOS only) √ Allow documents sync to iCloud (iOS only) √ Allow photostream sync to icloud (iOS only) √ Maximum size of e-mail attachments Encryption E-mail synchronization for last (days) √ Allow mobile devices that don’t fully support these settings to synchronize with Exchange Email √ √ Require encryption on mobile device √ Require encryption on storage cards √
  • 24. Mobile Device Inventory Property Win RT WP8 iOS Android (EAS) Device name Y Y Y Y Unique device ID Y Y Y Serial number Y Email address Y Y OS type Y Y OS version Y Y OS language Y Y Y Y Y Y Y Total storage space (GB) Y Y Free Storage space (GB) Y Y System enclosure Chassis Y System enclosure IMEI Y Manufacturer Y Y Model Y Y Y Y Phone number (masked except last 4 digits) Y Y Subscriber carrier Y Cellular technology(none, GSM, CDMA) Y WiFI MAC Y Enrolled date (local time) Y Y Y Last contact (local time) Y Y Y Y Y Last Exchange status Y Last Policy update status Y Access State Y Access state reason Y Management state Y ActiveSync ID Y
  • 25. Flexible Licensing that Fits Your Needs Don’t Have Configuration Manager Windows Intune (includes Configuration Manager license) ($6 per user per month) Windows Intune & Windows Enterprise (includes Configuration Manager license) ($11 per user per month) Already have Configuration Manager Windows Intune (Add-On) ($4 per user per month) • Single License: Windows Intune and Configuration Manager • Per User Licensing • Up to 5 devices/user
  • 26. For More Information System Center 2012 Configuration Manager Windows Intune Windows Server 2012 More Resources: