EnablingPeople-Centric ITPreview GuideJune 2013
2Table of ContentsEnabling People-Centric IT ................................................................................
3Enabling People-Centric ITUsing Microsoft®Windows Server®2012 R2, Microsoft®System Center 2012 R2 Configuration Manager, ...
4OverviewThe proliferation of consumer devices and ubiquitous information access is drivingthe enterprise away from a devi...
5Figure 2 People-centric ITMicrosoft assists IT in supporting consumerization of IT, and in retaining effectivemanagement,...
6For IT professionals, Microsoft solutions unify the environment and provide:Unified management of on-premises and cloud-b...
7Empower Your UsersEnable people to use their chosen devices at workand provide consistent access to corporate resources
8OverviewToday’s users want to access corporate applications and data from anywhere and fromany device (smartphones, table...
9Simplify Bring-Your-Own-Device(BYOD) Registration and EnrollmentUntil a few years ago, most IT organizations discouraged ...
10and manage her own device through the company portal that’s installed.System Center 2012 R2 Configuration Manager and Wi...
11ConclusionMicrosoft is making it easier for organizations to allow people to use the devices theychoose by enabling thos...
12System Center 2012 R2 Configuration Manager and Windows Intune•	 Users can self-provision applications through a company...
13ConclusionMicrosoft enables IT to make corporate resources available to people on the devices oftheir choice from virtua...
14Windows Server 2012 R2•	 Windows Server 2012 provided a single console to deploy, configure, and managea VDI deployment....
15Codec and DisplayImprovementsDelivers the best possible user experience under varyingnetwork conditions, trading off res...
16Microsoft provides security features that help automate user access to resources infour ways:•	 DirectAccess provides an...
17Unify Your EnvironmentDeliver unified application and device managementon-premises and in the cloud
18OverviewMoving from a device-centric to a people-centric enterprise presents a number ofchallenges. One of the biggest c...
19Extend Your Existing System CenterConfiguration Manager Infrastructureand Manage Mobile Devices Throughthe CloudMany ent...
20Supporting FeaturesFeature Description ProductUnified ManagementInfrastructureEnables IT to view and manage PCs, mobiled...
21System Center 2012 R2 Configuration Manager and Windows Intune•	 IT can manage a range of devices, including Windows-bas...
22The People-Centric IT SolutionViewing all the devices accessing corporate resources is useful, but without the abilityto...
23Supporting FeaturesFeature Description ProductDevice Management Policies Enables IT to define and deploy configurationpo...
24The People-Centric IT SolutionMicrosoft recognizes the need to provide more secure access to sensitive corporate resourc...
25Protect Your DataProtect corporate information and manage risk
26OverviewMoving from device-centric to people-centric IT means moving from a world where thedevices accessing corporate t...
27Selectively Wipe DevicesThe portability of devices such as smartphones and tablets makes them attractive topeople wantin...
28System Center 2012 R2 Configuration and Windows Intune•	 IT can selectively and remotely wipe a device, including removi...
29Kelly needs an enterprise solution that centralizes corporate informationand allows her to define policies that both emp...
30Windows Server 2012 R2•	 With the Web Application Proxy, IT administrators can selectively publish corporateresources to...
31ConclusionWindows Server 2012 R2 gives IT the ability to make sensitive corporate informationavailable to users, while r...
32With the PhoneFactor acquisition (to be rebranded as Windows Azure ActiveAuthentication), Microsoft has integrated this ...
33Summary
34The consumerization of enterprise IT is an irreversible trend. Organizations that develop cleargoals and policies to acc...
35Appendix: Summary of FeaturesSolution Feature ProductsEmpower UsersSimplify BYOD Registration andEnrollmentWeb Applicati...
36Define a Common Identity forAccessing Resources On-Premises andin the CloudWindows Server Active DirectoryDomain Service...
Upcoming SlideShare
Loading in...5
×

Enabling People Centric Processes - a Microsoft IT Preview Guide

258
-1

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
258
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Enabling People Centric Processes - a Microsoft IT Preview Guide

  1. 1. EnablingPeople-Centric ITPreview GuideJune 2013
  2. 2. 2Table of ContentsEnabling People-Centric IT ............................................................................................................................................... 3Overview ................................................................................................................................................................................. 4Empower Your Users ........................................................................................................................................................... 7Overview ................................................................................................................................................................................. 8Simplify BYOD Registration and Enrollment .............................................................................................................. 9Enable Consistent Access to Corporate Resources ................................................................................................. 11Enable Modern Work Styles with Microsoft VDI ..................................................................................................... 13Automate How Users Connect to Internal Resources ........................................................................................... 15Unify Your Environment ................................................................................................................................................... 17Overview ............................................................................................................................................................................... 18Extend and Manage Through the Cloud ................................................................................................................... 19Simplify User-Centric Management Across Devices ............................................................................................. 20Enable Comprehensive Settings Management Across Platforms .................................................................... 21Define a Common Identity for Accessing Resources On-Premises and in the Cloud ............................... 23Protect Your Data .............................................................................................................................................................. 25Overview .............................................................................................................................................................................. 26Selectively Wipe Devices ................................................................................................................................................. 27Centralize with Policy-Based Access Control ........................................................................................................... 28Enable Multifactor Authentication & Rights Management Services ............................................................... 31Summary .............................................................................................................................................................................. 33Appendix .............................................................................................................................................................................. 35Some information relates to pre-released product which may be substantially modified before it’s commercially released.Microsoft makes no warranties, express or implied, with respect to the information provided here.
  3. 3. 3Enabling People-Centric ITUsing Microsoft®Windows Server®2012 R2, Microsoft®System Center 2012 R2 Configuration Manager, andWindows Intune™ to enable the consumerization of ITwithout compromising compliance
  4. 4. 4OverviewThe proliferation of consumer devices and ubiquitous information access is drivingthe enterprise away from a device-centric model centered on corporate-owned andprovisioned devices to a bring-your-own-device (BYOD) model in which employees usetheir own devices to access corporate applications and data. When they’re working, peopleexpect consistent access to corporate tools and data regardless of the type of devicethey’re using. They also want their corporate-issued technology and resources to look andbehave like their personal technology—always on and always available from any device,from virtually anywhere.Figure 1 Today’s challengesThe trend toward BYOD and with it the move toward the consumerization of IT presentsan opportunity for IT to help increase user productivity and satisfaction. At the same time,it brings numerous management and security challenges to IT organizations, which mustsee that enterprise infrastructure and corporate data are protected from malicious intent,while ensuring that these resources can be accessed in compliance with corporate policiesregardless of device type or location.An enterprise model that supports the use of consumer devices in the workplace and theability to work from virtually anywhere, anytime must move from a device-centric view ofIT management to one that’s people-centric.Users expect to be ableto work in any locationand have access to alltheir work resources.The explosion of devices iseroding the standards-basedapproach to corporate IT.Deploying and managingapplications across platformsis difficult.Users need to be productivewhile maintaining complianceand reducing risk.Enabling People-Centric IT
  5. 5. 5Figure 2 People-centric ITMicrosoft assists IT in supporting consumerization of IT, and in retaining effectivemanagement, security, and compliance capabilities. The enterprise tools and technologiesthat Microsoft provides can help with key enterprise tasks—for example, identifyingnon-corporate devices, delivering applications and data to those devices with the bestpossible user experience, and establishing and enforcing policies on devices, based on theuser’s role within the organization. Microsoft enterprise tools and technologies can help ITmaintain security across all device types, regardless of whether the devices are corporate orpersonal assets, and establish security measures that protect their organization’s systems,data, and network.With the upcoming releases of Microsoft®Windows Server®2012 R2, Microsoft®SystemCenter 2012 R2 Configuration Manager, and Windows Intune™, Microsoft builds on acomprehensive, people-centric solution that empowers user productivity while supportingthe management needs of IT.For enterprise users, Microsoft solutions empower users’ productivity and provide:Simplified registration and enrollment for BYOD. Users can manage their devices aswell as install corporate apps through a consistent company portal.Consistent access to company resources across devices. Users can use the device oftheir choice to access corporate resources regardless of location.Support for modern work styles with Microsoft Virtual Desktop Infrastructure.Microsoft Virtual Desktop Infrastructure (VDI) enables IT to deliver a corporate desktopand applications to employees that they can access from their personal and corporatedevices, from both internal and external locations, with the infrastructure running withinthe corporate datacenter.Automatic connection to internal resources when needed. Users can accesscorporate resources automatically when support for single sign-on and other automaticauthentication mechanisms is enabled.Empower usersAllow users to work on the devicesof their choice and provide consistentaccess to corporate resourcesUnify your environmentDeliver a unified application anddevice management on-premisesand in the cloud.Protect your dataHelp protect corporate informationand manage risk.Enabling People-Centric IT
  6. 6. 6For IT professionals, Microsoft solutions unify the environment and provide:Unified management of on-premises and cloud-based mobile devices. IT can extendits System Center Configuration Manager infrastructure with Windows Intune to supportcloud management of mobile devices. This enables IT to publish corporate apps andservices across device types, regardless of whether they’re corporate-connected orcloud-based.Simplified, user-centric application management across devices. IT gains efficiencywith a single administration console, where policies can be applied across group anddevice types.Comprehensive settings management across platforms, including certificates,virtual private networks (VPNs), and wireless network profiles. Policies can be appliedacross various devices and operating systems to meet compliance requirements, and ITcan provision certificates, VPNs, and Wi-Fi profiles on personal devices within a singleadministration console.These solutions also help protect corporate data by providing:The ability to protect corporate information by selectively wiping apps and data.IT can access managed mobile devices to remove corporate data and applications in theevent that the device is lost, stolen, or retired from use.Policy-based access control to corporate applications and data. IT can set policy-based access control for compliance and data protection.A common identity for accessing resources on-premises and in the cloud. IT canbetter protect corporate information and mitigate risk by being able to restrict access tocorporate resources based on user, device, and location.This guide provides an overview of the solutions Microsoft offers to help enterprisestransition from a device-centric to a people-centric, consumerized IT environment withoutcompromising compliance. It also provides details about how Microsoft solutions andproducts can help IT organizations use a people-centric approach to client management.Microsoft’s solution optimizes the application infrastructure, provides unifiedmanagement, and supports the latest security and access models.Note: Features and supported platforms are subject to change until the final releaseof the products mentioned in this guide. The information contained here representsthe current view of Microsoft Corporation on the issues discussed as of May 1, 2013. AsMicrosoft must respond to changing market conditions, it should not be interpretedto be a commitment on the part of Microsoft, and Microsoft cannot guarantee theaccuracy of any information presented within this document.Enabling People-Centric IT
  7. 7. 7Empower Your UsersEnable people to use their chosen devices at workand provide consistent access to corporate resources
  8. 8. 8OverviewToday’s users want to access corporate applications and data from anywhere and fromany device (smartphones, tablets, and PCs), and they want a streamlined way to provisiona new device for corporate information access. Then, after their device is provisioned,they want a consistent way to access corporate applications and data from their devices,including a simplified sign-on process and easy access to tools virtually anytime, fromanywhere.IT must find ways to accommodate the proliferation of consumer devices and supportaccess to corporate resources from locations outside the tightly controlled corporatenetwork setting. They need a management infrastructure that’s efficient, cost-effective, andsecure. Finally, it’s important to have enterprise management tools that make it easy to setup and manage devices, and solutions that provide access to corporate applications anddata from locations within and outside the corporate network.The following sections outline key capabilities and present sample business scenarios thatshow how Microsoft empowers users by enabling people-centric IT.ChallengesUsers want to use the device of their choice and haveaccess to both their personal and work-related applications,data, and resources.Users want an easy way to be able to access theircorporate applications from anywhere.IT departments want to empower users to work this way, butthey also need to control access to sensitive informationand remain in compliance with regulatory policies.SolutionsUsers can register their devices, which makes them knownto IT, who can then use device authentication as part ofproviding access to corporate resources.Users can enroll their devices, which provides them withthe company portal for consistent access to applicationsand data, and to manage their devices.IT can publish access to corporate resources withconditional access based on the user’s identity, the devicethey are using, and their location.Empower Your Users
  9. 9. 9Simplify Bring-Your-Own-Device(BYOD) Registration and EnrollmentUntil a few years ago, most IT organizations discouraged or explicitly prevented employeesfrom using personal devices for business-related data. It simply wasn’t necessary tosupport users’ personal devices.However, employees often have or want more up-to-date devices than what IT hasprovided, leading people to demand that they be able to use their own technology atwork. This requires IT to support a growing number and wider range of device types intheir enterprise infrastructure, as well as frequent replacement of devices and regularintroductions of new technology. This drives the need for flexibility—IT must be able tosupport and manage the current generation of devices as well as those two or three (ormore) generations out. And this support must extend not only to corporate assets, but alsoto employee-owned devices.Business RequirementsScenario: Joan from finance just purchased a new smartphone for her personal use. Atfirst, she carries both her personal and corporate smartphones with her, but she quicklyfinds that carrying two phones is inconvenient. She asks the IT department if she can giveback her corporate phone and access the corporate apps she needs through her personalsmartphone, which is newer and faster than her work smartphone.Joan needs an easy way to configure her personal devices for use at work.IT needs a way to support the use of employee-owned devices in theworkplace while retaining management control of the devices used toaccess corporate resources.The People-Centric IT SolutionIn the past, the answer to this scenario would have been “No.” But because Joan’s companyhas implemented Microsoft’s solution for BYOD scenarios, Joan is able to work on herdevice, and IT retains the control they require to remain compliant with corporate policies.Supporting BYOD in the workplace requires a simple way for users to register theirdevices for use and ways to enable IT to manage those devices as part of the corporateinfrastructure. Workplace Join in Windows Server 2012 R2 enables users to register theirdevices in Active Directory®, and IT can require multi-factor authentication as part ofthis process. Additionally, users can enroll their devices for management, which joins thedevices to Windows Intune and allows the installation of the company portal.So, for example, when Joan registers her device, she makes it “known” to IT, and IT can thenconfigure conditional access policies that take into account not only Joan’s identity, butalso the device she’s using. After Joan enrolls her device, she can access her applicationsEmpower Your Users
  10. 10. 10and manage her own device through the company portal that’s installed.System Center 2012 R2 Configuration Manager and Windows Intune together gatherinformation about the user and device and allow IT to manage the device.Windows Server 2012 R2• Users can register their devices, which makes the device “known” to IT, which can thenuse device authentication as part of providing access to corporate resources. Deviceregistration is a “give-and-get” scenario. The user “gives” by registering the device, andin turn “gets” access to resources. From an IT perspective, after the device is registered,it becomes an object in Active Directory and, as such, it can be used as a part of theauthentication and access policies.• Registering a device enables single sign-on and access to corporate data throughWorkplace Join. This enables IT, in return for knowing about the device, to provideaccess to applications and data that otherwise wouldn’t be available.System Center 2012 R2 Configuration Manager and Windows Intune• An easy way for users to access all their corporate applications from one place isby enrolling their devices for access to the company portal. This enrollment addsthe device into the unified device management solution and allows the installationof the company portal. IT can populate the company portal with internal line-of-business (LOB) applications, as well as with links to applications available in the publicapplication stores (Microsoft®Windows®Store, Windows Phone Store, Apple®AppStore, and Google PlaySM). From within the company portal, users can manage theirdevices and perform actions, such as wiping a lost or replaced device.Supporting FeaturesFeatures Description ProductWeb ApplicationProxyAllows the publishing of corporateresources, including support formulti-factor authentication and theenforcement of conditional accesspolices when users connect toresources.Windows Server 2012 R2Active DirectoryFederation Services(ADFS)Supports the Workplace Joincommunication path through theWeb Application Proxy and ADFS toActive Directory.Windows Server 2012 R2DeviceManagementComprehensive managementservices for devices based in thecloud and on-premises, to enableusers to install offered applicationsonto their devices.System Center 2012 R2Configuration Managerand Windows IntuneEmpower Your Users
  11. 11. 11ConclusionMicrosoft is making it easier for organizations to allow people to use the devices theychoose by enabling those devices to be integrated into the security and managementmodels IT may already have in place.Enable Consistent Access toCorporate ResourcesThe prevalence, speed, and availability of affordable high-speed broadband and Wi-Finetworks means that people can be mobile and still expect to get their work done. Peopleexpect to access corporate resources in a consistent way across devices, and they expectthat the technology provided will be available on their schedule, from wherever theyhappen to be. This work-from-anywhere paradigm requires IT to change the way peopleaccess resources such as company tools, apps, data, and services.Business RequirementsScenario: Paul from Human Resources considers himself a savvy consumer of technology.As an early adopter of new mobile technology as it becomes available in the market, Paulnow finds that his personal device has outpaced the device provided for him at work. Paulwants to be able to use his personal, more flexible and powerful device from home toreview the résumés of applicants prior to their job interviews.Paul needs an easy way to access corporate apps and data from anydevice he chooses to use. IT needs an efficient way to provide Paul withconsistent access to corporate resources from his personal devices.The People-Centric IT SolutionWhile the IT department at Paul’s company has previously forbidden the use of personaldevices, it’s recently implemented the people-centric IT solution from Microsoft, whichenables streamlined device management and provides access while protecting corporateresources.When a user enrolls a device for management, the company portal is installed on thedevice. This company portal is consistent across devices, and it makes the latest corporateapplications available to users. Work Folders, new in Windows Server 2012 R2, enable usersto store the data they need for work in one place and make it easy for users to sync thisdata across devices.Empower Your Users
  12. 12. 12System Center 2012 R2 Configuration Manager and Windows Intune• Users can self-provision applications through a company portal that shows theapplications users have permissions to install. Users can view, install, and runcorporate applications across devices, including corporate-owned LOB applications,Web applications, and links to IT-recommended applications available from publicapplication stores (Windows Store, Windows Phone Store, Apple App Store, andGoogle Play).• IT can specify which applications people can see in the company portal based on avariety of means, such as a defined user role (for example, finance managers or groupmanagers) or groups within Active Directory.• Using the company portal, people can view all their managed devices and take action,such as selectively wiping corporate applications and data from their devices orremoving a device from the management system and corporate access.Windows Server 2012 R2• Using Work Folders, people can sync files stored in their Sync Share on a corporatefile server with their devices. This share can be integrated by IT with Dynamic AccessControl for automated classification and protection of documents based on theircontent, and these changes are replicated to the user’s devices.• IT controls access through Web Application Proxy, which publishes resources withmulti-factor authentication and conditional-access policies.Supporting FeaturesFeatures Description ProductCompany Portal A self-service portal that runs natively oneach device and that enables users to installapplications on their devices, as well as viewand remove their managed devices and set upsynchronization of their work data.System Center 2012 R2Configuration Manager andWindows IntuneWork Folders A centralized location on a file server in thecorporate environment that’s configured toallow the synchronization of files to user devices.Work Folders can be published directly through areverse proxy or via the Web Application Proxy forconditional access policy enforcement.Windows Server 2012 R2Web ApplicationProxyAllows the publishing of corporate resources,including multi-factor authentication and theenforcement of conditional access polices whenusers connect to resources. Windows Server 2012 R2 Empower Your Users
  13. 13. 13ConclusionMicrosoft enables IT to make corporate resources available to people on the devices oftheir choice from virtually anywhere, while enforcing security policies and retaining controlfor corporate compliance.Enable Modern Work Styleswith Microsoft Virtual DesktopInfrastructure (VDI)As the enterprise adapts to more personally owned devices, IT needs a way to offera consistent, managed enterprise desktop to employees. Microsoft Virtual DesktopInfrastructure (VDI) enables IT to deliver a corporate desktop and applications toemployees that can be accessed from their personal or corporate devices, from bothinternal and external locations. Centralized desktops and apps hosted in the datacenteror cloud can be easily managed, and apps and data can be secured.Business RequirementsScenario: Adam is the desktop manager for his company’s IT department. In the past, PCswere all corporate-owned and Adam deployed a standard desktop image to the machinesthat included a standard set of policies and applications. As more people move to usingtheir own PCs, laptops, and tablets, often from non-corporate networks, Adam needs a wayto enforce the same security policies to protect data, while enabling access to applicationson devices that his company no longer directly manages.IT needs a way deploy a standard desktop solution that can be housedcentrally in the datacenter. These virtual desktops will be accessedfrom a variety of devices and locations, while preserving the protectionof the data, including limiting the ability to store the data on anunmanaged device.The People-Centric IT SolutionWindows Server 2012 R2 provides a virtual desktop infrastructure (VDI) that’s easy todeploy and configure, and it delivers a rich user experience. The Microsoft solutiongives IT the freedom to choose personal and pooled virtual (VM)-based desktops, aswell as session-based desktops. It also offers IT several storage options, based on theirrequirements.Windows Server 2012 included significant enhancements to deploying and managinga VDI environment, as well as for improving users’ experience with remote desktops.Windows Server 2012 R2 continues to improve the options and user experience.Empower Your Users
  14. 14. 14Windows Server 2012 R2• Windows Server 2012 provided a single console to deploy, configure, and managea VDI deployment. Windows Server 2012 R2 brings Session Shadowing to theadministration console, enabling helpdesk or IT staff to view and remotely control auser’s session.• Windows Server 2012 supported SMB 3 and Storage Spaces for VDI storage, providinga high-performance storage alternative to expensive SAN storage. Windows Server2012 R2 further expands on this by supporting online disk deduplication, which reducesthe amount of space on disk that’s consumed by personal VMs. It also provides supportfor storage tiering, enabling IT to use a mix of solid state and spinning disks to create astorage volume that automatically optimizes locations of data across the disks so thatthe most accessed data blocks are on the highest-performing disks.• Windows Server 2012 included several enhancements to the Remote Desktop Protocol(RDP) that improve the performance of remote desktops over WAN connections. Thisis accomplished by enhancing the appearance of RemoteApp programs so that theybehave graphically more like locally executed apps. There are also improvements to thecodecs and display handling. Disconnected sessions reconnect much faster than in thepast—reconnect times may be reduced from over 70 seconds to less than 10.• RD Gateway includes support for pluggable authentication, so providers can write aplug-in to support one-time password (OTP) or RSA SecureID authentication to the RDGateway.Supporting FeaturesFeature Description ProductSession Shadow Allows administrators to view and remotely control active usersessions on RD Session Host servers.Windows Server2012 R2DeduplicationStorageEnables storage volumes containing VHD files for a VDIcollection to automatically identify redundant blocks on thestorage and remove duplicate data to reduce the storageconsumed.Windows Server2012 R2Storage Tiering Enables storage volumes that are a mix of multiple disks ofdifferent speeds. The operating system automatically optimizesthe location of data in the volume so that the most frequentlyaccessed data is on the fastest disks.Windows Server2012 R2RemoteApp Displays the correct thumbnail on the task bar instead of usinggeneric icons. Transparent sections of RemoteApp windowsrender correctly.Windows Server2012 R2Quick Reconnect Reconnects disconnected sessions much faster than in previousversions.Windows Server2012 R2Empower Your Users
  15. 15. 15Codec and DisplayImprovementsDelivers the best possible user experience under varyingnetwork conditions, trading off resolution of experience withbandwidth available.Windows Server2012 R2ConclusionMicrosoft VDI enables IT to deliver desktops and apps to users on a range of devices. VDImaintains storage and compute in the datacenter, so the integrity of the data is alwaysmaintained and mitigates the risk of losing data on stolen or lost devices, while alsoproviding business continuity by making the desktop available from anywhere. MicrosoftVDI provides efficient management and a rich user experience at the best value for VDI.Automate How Users Connect toInternal ResourcesBalancing the needs of the users, who want to access corporate resources from multipledevice types and locations, with IT’s need to protect corporate networks and data frommalicious intent makes the authentication of users complex. Users have difficulty keepingtrack of multiple layers of credentials, and when those credentials vary depending onlocation, device type, or application, each potentially with a different sign-on, it canaffect user productivity and result in less-secure access as users try to simplify sign-oninformation themselves. Stymied by the difficult sign-on process, users may call the helpdesk, which can increase overall support costs.Business RequirementsScenario: Mary works on-site as a project planner three days a week. When she’s on-site,Mary signs on once to the corporate network, and then she can open any files she needswithout supplying any other password authentication, regardless of the location of thosefiles on the internal network. Twice a week, when Mary works from home on her laptop,accessing the files she needs requires multiple layers of authentication. She must sign on tothe corporate network through a virtual private network (VPN) and then sign on again forthe corporate tools she uses. This multi-layer authentication creates a potentially unsecuresituation, because Mary has all her sign-on information written down on a sticky note nextto her computer.Mary needs an easier way to sign on to corporate resources, andIT needs a way to support this without compromising the securityof corporate resources.The People-Centric IT SolutionUsing a personal device shouldn’t change a person’s ability to access corporate resources,but at the same time, IT must protect the security of corporate applications and data.Empower Your Users
  16. 16. 16Microsoft provides security features that help automate user access to resources infour ways:• DirectAccess provides an “always on” connection for domain-joined Windows clients.• The Remote Access role in Windows Server provides traditional VPN connections fromuser devices to corporate resources.• The Web Application Proxy enables IT to publish access to corporate resources.• A new feature in Windows Server 2012 R2 and Windows 8.1 provides the ability forapplications to trigger the VPN on the user’s behalf as they’re launched.System Center 2012 R2 Configuration Manager and Windows Intune provide a way todefine which applications automatically trigger a VPN connection to a corporate resourceand deploy the configuration information. The Web Application Proxy enables IT topublish access to corporate resources without a VPN connection, based on user, device,location, and application.System Center 2012 R2 Configuration Manager and Windows Intune• IT can deploy the configuration details for applications and the Wi-Fi/VPN profiles tothe user’s devices.Windows Server 2012 R2• IT can tightly control access to corporate resources. The Web Application Proxy enablesIT security administrators to provide secure conditional access by selectively publishingcorporate resources to remote users using managed and unmanaged devices, based onthe user, device, location, and application.Supporting FeaturesFeature Description ProductWeb Application Proxy Allows the publishing of corporate resources,including multi-factor authentication and theenforcement of conditional access polices whenusers connect to resources.Windows Server 2012 R2Support for VPN andWi-Fi profilesDeploys the policies and configuration for VPNor Wi-Fi profiles.System Center 2012 R2Configuration Manager andWindows IntuneConclusionMicrosoft provides the ability for corporate resources to be available to users on thedevices they use, removing the complexity of configuring the devices and enabling IT toenforce who and which devices can access corporate resources.Empower Your Users
  17. 17. 17Unify Your EnvironmentDeliver unified application and device managementon-premises and in the cloud
  18. 18. 18OverviewMoving from a device-centric to a people-centric enterprise presents a number ofchallenges. One of the biggest challenges is how to effectively support and manage thediversity of platforms and devices that can now potentially access corporate resources. ITmust be able to configure device settings based on a number of variables (including users,groups, and device types) and device location (on-premises, in the cloud, or external). ITadministrators also need to protect corporate security and manage compliance policies.Being able to manage both user- and corporate-owned devices within a singlemanagement console can help busy IT administrators efficiently evaluate and managenetwork activity, regardless of whether it originates on-premises, in the cloud, or remotely.Devices can be managed in the world in which they live—from the cloud or from thecorporate network. Using a single interface enables IT to identify the devices accessing thecorporate network, and then configure and manage those devices consistently, regardlessof device type. A unified solution also provides a cohesive structure for setting policy,delivering reporting capabilities that help IT to maintain corporate compliance.As people work on a variety of devices and IT adopts a hybrid approach to deliveringapplications and services (both on-premises and in the cloud), it becomes essential to havea single identity that can be used for authentication. This single identity, which can be usedregardless of what resources a person is accessing and where he or she is accessing themfrom, can make people more productive and provide a better overall experience.The following sections outline key capabilities and present sample business scenarios thatshow how Microsoft supports people-centric IT with a unified environment.ChallengesProviding users with a common identity when they areaccessing resources that are located both on-premises in acorporate environment, and in cloud-based platforms.Managing multiple identities and keeping the informationin sync across environments is a drain on IT resources.SolutionsUsers have single-on experience when accessing allresources, regardless of location.Users and IT can use their common identity for access toexternal resources through federation.IT can consistently manage identities across on-premisesand cloud-based identity domains.Unify Your Environment
  19. 19. 19Extend Your Existing System CenterConfiguration Manager Infrastructureand Manage Mobile Devices Throughthe CloudMany enterprises are moving their corporate resources to the cloud to save money and tobetter provide their users with access to those resources from anywhere. As the enterpriseextends to the cloud, managing corporate assets can become fragmented, and it becomesmore difficult to set consistent policies across on-premises and cloud environments. Amove to the cloud may end up costing more, because managing the complexity of the newenterprise model increases time spent on basic resource management tasks.Business RequirementsScenario: Matt is the IT administrator responsible for managing the assets that make upthe company’s on-premises System Center Configuration Manager infrastructure. NowMatt has to also manage mobile devices like tablets and smartphones, and he’s findingthat in order to view all the physical and virtual assets he’s responsible for managing, hemust use multiple management tools. He’s worried that he’s losing track of devices.IT needs an integrated tool to view and manage devices both on-premisesand in the cloud.The People-Centric IT SolutionAs corporate resources extend to the cloud, IT needs a cohesive way to view and managethose resources as part of the entire corporate infrastructure. System Center 2012 R2Configuration Manager and Windows Intune extend management functionality to includesupport for managing physical and virtual assets from within a single managementconsole.System Center 2012 R2 Configuration Manager and Windows Intune• IT can manage devices that connect to corporate resources “in the world in whichthey live” from a single management console by connecting their on-premises SystemCenter 2012 R2 Configuration Manager infrastructure with the cloud-based WindowsIntune service.• From the management console, IT administrators get a comprehensive view that canhelp them identify and inventory mobile, physical, and virtual assets. This helps them tofocus on what users need access to in order to be productive, rather than focusing onthe devices themselves.Unify Your Environment
  20. 20. 20Supporting FeaturesFeature Description ProductUnified ManagementInfrastructureEnables IT to view and manage PCs, mobiledevices, servers, and virtual machines—bothcorporate-connected and cloud-based—through a single console.System Center 2012 R2Configuration Manager andWindows IntuneConclusionMicrosoft provides a unified way for organizations to view and manage all the devices accessingcorporate resources, including Windows-based PCs, tablets, phones, and servers, WindowsEmbedded devices, Macs®, iOS®and Android™ smartphones and tablets, as well as UNIX®/Linux®servers. This integration means that organizations don’t need to learn or implementdifferent, segregated products.Simplify User-Centric ManagementAcross DevicesAs the types of devices being used to access corporate resources grows to include mobiledevices (such as smartphones and tablets) as well as PCs and laptops, managing devicesbecomes more challenging.Moving to people-centric IT increases the number of potential user and device combinations.For example, a user could have multiple devices, some corporate-owned, some personallyowned. IT must be able to easily view the devices associated with a user and verify that thosedevices have the appropriate software installed.Business RequirementsScenario: Ann accesses corporate resources from her PC at work, a corporate laptop when shetravels on business, and her own Microsoft®Surface™ in the evening and on weekends. UsingSystem Center 2012 R2 Configuration Manager and Windows Intune, the IT department caneasily view the devices Ann is using. After Ann enrolls her devices for management, she wants toinstall the software she needs to get her job done.Ann needs to use a variety of devices to get her job done. IT needs a simpleway to manage across devices.The People-Centric IT SolutionIntegrating the management of the devices that make up the corporate infrastructure—whether those devices are physical, virtual, or mobile—makes the move to people-centric ITmore efficient. Through System Center 2012 R2 Configuration Manager and Windows Intune,Microsoft provides an integrated console that enables IT to manage all device types andefficiently install software across device types.Unify Your Environment
  21. 21. 21System Center 2012 R2 Configuration Manager and Windows Intune• IT can manage a range of devices, including Windows-based PCs, laptops, tablets, phones, and servers;iOS phones and tablets; Macs; Android devices; and UNIX/Linux Servers.Supporting FeaturesFeature Description ProductUnified DeviceManagementEnables IT to inventory, apply policies,and distribute software to a wide rangeof devices across multiple platforms.System Center 2012 R2 ConfigurationManager and Windows IntuneConclusionMicrosoft is committed to helping reduce client management infrastructure costs and complexity. Withthe integration between Configuration Manager and Windows Intune, we offer a single console thatintegrates for both on-premises and in-the-cloud management. It consolidates client management andsecurity and offers in a unified single solution—giving a streamlined approach to managing devices andapplications as well as identifying and remediating threats and non-compliance.Enable Comprehensive Settings ManagementAcross PlatformsAs the number of device types allowed in the corporate environment grows, keeping track of the settingspossible for each device becomes crucial and more complex for IT, because the wrong settings couldcreate a security risk.Business RequirementsScenario: Ben in IT is responsible for extending enterprise support to employee-owned devices. A briefsurvey of users reveals that not all devices are Windows-based and that some users want to use theirmobile devices as well as personal PCs and laptops for work tasks.Ben doesn’t have the time to research the functionality supported by each type of device, but he stillneeds to be sure that the devices are configured in a way that mitigates risk to corporate resources.For example, he plans to require that all mobile devices accessing the corporate network have a PINassociated with them.IT needs a comprehensive management solution that extends support across all devicetypes, platforms, and users, and offers flexibility in configuring and inventoryingdevices based on whether they’re corporate- or employee-owned.Unify Your Environment
  22. 22. 22The People-Centric IT SolutionViewing all the devices accessing corporate resources is useful, but without the abilityto centralize configuration or management tasks for those devices, it can be difficult toprovision them for use in a way that makes it possible to enforce compliance policies.System Center 2012 R2 Configuration Manager and Windows Intune provide a unified wayto configure devices, regardless of device type. Within System Configuration Manager, ITcan also generate reports about all devices that use corporate resources.Because Ben’s organization is using System Center 2012 R2 Configuration Manager andWindows Intune, he can manage settings for all device types from one managementconsole. To support corporate compliance, Ben can also generate reports that include alldevices. He can also make choices about how to deploy software and inventory devicesbased on whether the devices are corporate- or employee-owned.Figure 3 Unified management console for configuring devicesSystem Center 2012 R2 Configuration Manager• IT can configure settings across different device types, including: • Security and compliance settings, including passwords and PINs, encryption, and wireless communication certificates. • Applications, including email, store, browser, and content ratings.• Applications can be deployed and inventoried on the devices.• Reports can be generated that show the usage of software distribution points withintheir infrastructure, and IT can establish content-distribution priorities, which can resultin more effective infrastructure and deployment planning.Unify Your Environment
  23. 23. 23Supporting FeaturesFeature Description ProductDevice Management Policies Enables IT to define and deploy configurationpolicies specific to each mobile device platformto help meet compliance requirements.System Center 2012 R2Configuration Manager andWindows IntuneSoftware Distribution Publishes or deploys applications to people’scorporate or personal devices based on policy.System Center 2012 R2Configuration Manager andWindows IntuneDistribution Point UsageReports and ManagementProvides usage reports of software distributionpoints across the infrastructure to help identifyunder- or over-used resources and prioritizepackage replication.System Center 2012 R2Configuration ManagerConclusionTogether, System Center 2012 R2 Configuration Manager and Windows Intune provide organizationswith a holistic view of all devices accessing corporate resources, whether they’re PCs or mobiledevices, on-premises or in the cloud. IT can define security and compliance settings to help ensurethat devices accessing corporate resources meet corporate policies.Define a Common Identity for AccessingResources On-Premises and in the CloudA paramount concern of any IT department is protecting the security of corporate resources. Everytime a user attempts to access data, it creates a potential security risk. Managing the risks associatedwith how people work was simpler when they accessed corporate resources using only corporate-owned and managed assets. Security becomes far more complex as enterprises move to a people-centric model in which corporate resources can be accessed using either corporate- or employee-owned devices of any type.Business RequirementsScenario: Phil is a security administrator for his organization. The number of devices that Philmanages continues to grow. He wants a centralized way to provide a consistent authenticationprocess across device types, while continuing to make sure that the security of corporate assetsis maintained.IT needs a way to define a common identity that users can use to accessresources on-premises, in the cloud, and outside the corporate network.Unify Your Environment
  24. 24. 24The People-Centric IT SolutionMicrosoft recognizes the need to provide more secure access to sensitive corporate resources whenthey’re consumed on BYO devices. Windows Server Active Directory and Windows AzureTMActiveDirectory provide functionality that enables IT security administrators to manage a person’s identityregardless of whether the resources the person is accessing are on-premises, in the cloud, or fromexternal networks.Phil’s organization has deployed Windows Server 2012 R2 and connected their Active Directoryto Windows Azure Active Directory, so Phil uses the services associated with these products to setauthentication options for access to resources on-premises and in the cloud, for users and deviceswherever they’re being used.Windows Server 2012 R2• With Active Directory, IT gains a single view of all user information, so they can efficiently managesecurity settings for users, devices, groups, printers, applications, and other directory-enabledobjects (such as Workplace Join devices) from one secure, centralized location.• Because authentication options can be set for the cloud, on-premises, or federated, IT can set upa model where users can sign on once and then access their data and applications, regardless ofwhether those resources reside in the cloud or on the corporate network.Windows Azure Active Directory• IT can use cloud-based identity, which serves as the central authentication endpoint for all usersand devices outside the corporate environment and cloud/hybrid applications.• IT can use Windows Azure Active Directory for the authoritative authentication directory or cancheck user validation and device verification through federated connections to other directories,such as on-premises Windows Server Active Directory or other cloud-based identity repositories.• Windows Azure Active Directory works fluidly with Windows Server Active Directory to easilyextend an organization’s Active Directory into the cloud.Supporting FeaturesFeature Description ProductWindows Server ActiveDirectory Domain ServicesProvides an identity directory used to authenticateusers and devices, and for the enforcement ofaccess policies and centralized configurationpolicies.Windows Server 2012 R2Windows Azure ActiveDirectoryDelivers a modern, REST-based service thatprovides identity management and access controlcapabilities for cloud applications.Windows Azure ActiveDirectoryConclusionAs IT adopts a hybrid delivery model for applications and services across on-premises and in the publiccloud, Microsoft provides a way for IT to provide a single sign-on experience for users by providing acommon identity for accessing all their resources regardless of location or device being used.Unify Your Environment
  25. 25. 25Protect Your DataProtect corporate information and manage risk
  26. 26. 26OverviewMoving from device-centric to people-centric IT means moving from a world where thedevices accessing corporate tools and data are company-owned and provisioned to onewhere devices are owned by users and contain applications and data not under corporatecontrol. This introduces new challenges for IT administrators, who must provide flexibleuser models while making sure that corporate resources are protected from unauthorizedaccess. Users expect consistent access to corporate resources, yet that access can’tcompromise the security of the enterprise.IT must deploy a solution that supports efficient and secure access to corporate resourcesregardless of whether the user’s location is within or outside corporate control. To meetcompliance requirements, IT must also be able to gather reporting information forregulatory and internal auditing purposes across the range of devices accessing thecorporate network.The following sections outline key capabilities and present sample business scenarios thatshow how Microsoft helps you protect your data in people-centric IT.ChallengesAs users bring their own devices in to use for work, they willalso want to access sensitive information and have accessto this information locally on the device.A significant amount of corporate data can only be foundlocally on user devicesIT needs to be able to secure, classify, and protect databased on the content it contains, not just where it resides,including maintaining regulatory compliance.SolutionsUsers can work on the device of their choice and be able toaccess all their resources, regardless of location or device.IT can enforce a set of central access and audit policies,and be able to protect sensitive information based on thecontent of the documents.IT can centrally audit and report on information access.Protect Your Data
  27. 27. 27Selectively Wipe DevicesThe portability of devices such as smartphones and tablets makes them attractive topeople wanting to get work done on the go, but there’s a risk associated with thatportability—the potential for devices to be lost or stolen. To protect corporate data, it’simperative that users and IT have ways to wipe devices remotely.Along with the portability of mobile devices, frequent advances in mobile devicetechnology mean that people may change the devices they use to access corporate datamore rapidly than in the past, re-purposing their old devices for family use or selling themback to wireless companies as they upgrade. When users discontinue using a device,having an easy way to remove corporate resources (or at a minimum render the datainaccessible) from those devices is essential in protecting the security of corporate toolsand data.Business RequirementsScenario: Lisa is a corporate recruiter traveling on business to college job fairs. While she’sout of the office, the team she recruits for is interviewing a few job candidates. Feedbackon the candidates is recorded in the company’s proprietary interview feedback application,and Lisa frequently checks the feedback from her smartphone. While at the job fair, Lisasets her smartphone down for a minute, and before she can reach for it again, it disappearsinto the crowd.Lisa needs to be able to quickly block access to corporate resources fromher stolen mobile device. In case she’s unable to wipe the device herself, ITneeds a way to wipe the device for her, thereby maintaining the security ofthe company’s data and applications.The People-Centric IT SolutionWith System Center 2012 R2 Configuration Manager and Windows Intune, mobile devicescan be selectively wiped to protect corporate data and applications. These Microsofttools also provide a way for people to retire a device when they no longer use it to accesscorporate resources.Luckily for Lisa, she has her laptop with her. She opens the company portal installed on herlaptop, and she can view all the devices that she’s using to access corporate resources. Lisaselects her smartphone, and then follows the steps to wipe the device. This removes allproprietary corporate applications and (where possible) associated data from her device. Inall cases where the data was provisioned through the company portal, the data is renderedinaccessible, and when the underlying platform supports it, the data is also removed.Because the IT department at Lisa’s company also has the ability to manage the device, ifshe were unable to wipe the device herself, she could contact IT to wipe the device fromthe management console.Protect Your Data
  28. 28. 28System Center 2012 R2 Configuration and Windows Intune• IT can selectively and remotely wipe a device, including removing applications anddata, management policies, and networking profiles.• Users can selectively and remotely wipe corporate applications and data fromtheir devices.• Users can also retire a device from management, which removes the device’s ability toaccess corporate tools and data.Supporting FeaturesFeature Description ProductSelective Wipe Removes corporate-relatedapplications, data, andmanagement policies fromthe mobile device.System Center 2012 R2Configuration Manager andWindows IntuneConclusionAs people lose or upgrade their mobile devices, or if they no longer work for theorganization, it’s crucial to make sure that any corporate-related information, includingapplications and data, are no longer available on their devices. With System Center 2012R2 Configuration Manager and Windows Intune, corporate resources can be remotelyremoved from the device by either the user or IT, while the personal data on the device isleft alone.Centralize Corporate Information forCompliance and Data Protection withPolicy-Based Access ControlWith new models for how users access corporate resources, IT needs a new way to balanceaccess and sharing of corporate information with the ability to audit against internal andregulatory requirements. The costs for meeting regulatory and compliance requirementsare rising at a time when IT budgets are facing new constraints, so implementing changesto the infrastructure to enable people-centric IT must be cost-effective without sacrificingsecurity. A centralized information protection model for access control, coupled withrobust compliance reporting capabilities, supports a cost-effective transition to people-centric IT.Business RequirementsScenario: Kelly is responsible for setting the security, access policies, and auditing forcompliance with corporate policy. Her role has expanded, and she now provides accessto sensitive corporate information on devices that users provide without compromisingnetwork security or compliance requirements.Protect Your Data
  29. 29. 29Kelly needs an enterprise solution that centralizes corporate informationand allows her to define policies that both empower users and allowher to remain in control of the information. Like most enterprises, Kellyhas responsibility for data stored in multiple locations, so she requires acentralized solution for setting and enforcing policy, and for configuringauditing policies for reporting.The People-Centric IT SolutionWindows Server 2012 delivered a new solution, Dynamic Access Control, which allows ITto configure content classification policies, along with dynamic conditional access policiesand actions based on the outcome of the classification process, such as automaticallyencrypting documents using Rights Management Services.With Windows Server 2012 R2, IT can now publish access to corporate resources usingthe Web Application Proxy and enforce conditional access policies with multi-factorauthentication. IT can also enable users to sync their files to their devices using WorkFolders, and this includes integration with the Dynamic Access Control policies.Figure 4 Managing Work Folders with Windows ServerEnabling users to get their work done while providing IT the control that helps themprotect information and remain compliant is an important solution as organizations adoptBYOD as part of a people-centric model.Protect Your Data
  30. 30. 30Windows Server 2012 R2• With the Web Application Proxy, IT administrators can selectively publish corporateresources to remote users based on user, device, location, and application.• IT can safeguard data when it’s distributed outside the corporate network by controllingwhether a user can open, modify, print, forward, or take other action with rights-managed information. Active Directory Rights Management Service protects MicrosoftOffice documents and Exchange email by identifying the rights that a user has to the fileand removing the option to perform actions outside those rights.• IT can set central access policies and classify data to protect important information ontheir file servers using Dynamic Access Control, which include the ability to automaticallyencrypt documents with Rights Management.• Using Dynamic Access Control audit functionality, IT can generate reports that showwhich users have accessed classified information.• Using Work Folders, users can synchronize files on corporate servers to their devicesanywhere through a sync service, and IT can apply Dynamic Access Control policies tothis data.Supporting FeaturesFeature Description ProductWeb Application Proxy Allows the publishing of corporateresources, including support formulti-factor authentication and theenforcement of conditional accesspolices when users connect toresources.Windows Server 2012 R2Dynamic Access Control Provides the ability to classify and setconditional policies for which users anddevices can access certain information,and allows tasks such as automaticallyencrypting with Rights Management.Windows Server 2012Windows Server 2012 R2Work Folders Provides a centralized location on a fileserver in the corporate environmentthat’s configured to allow thesynchronization of files to user devices.Work Folders can be published directlythrough a reverse proxy or via theWeb Application Proxy for conditionalaccess policy enforcement.Windows Server 2012 R2Protect Your Data
  31. 31. 31ConclusionWindows Server 2012 R2 gives IT the ability to make sensitive corporate informationavailable to users, while retaining control over which users and devices can access theinformation through the enforcement of conditional access policies.Enable Multi-factor Authentication andRights Management ServicesAs the enterprise adapts to the proliferation of consumer devices attempting to access thenetwork, the security model must evolve to allow for consistent secure access to corporateresources based on a combination of factors, including user, device type, and location.With tools that enable IT security professionals to manage and federate user identitiesand credentials across the organization and into the cloud, Microsoft makes it possible toprovide secure, always available access to the corporate network for users.Business RequirementsScenario: John is responsible for the security of the corporate network. In the past,users were directly connected to the internal network while on site through domainauthentication. For users who needed remote access, it was required that they usedcorporate-provided equipment configured with multi-layer authentication procedures.Now that John’s company is allowing users to work on their own devices from virtuallyanywhere, John must create a solution for user devices that enables remote access tocorporate applications and data via highly secure and always-on connections.IT needs a way develop a multi-layer security solution that allowsremote access to corporate applications and data via secure connectionsregardless of the device being used. The users this security modelsupports want a consistent authentication process for accessing companyresources. The authentication process must also protect corporate datafrom unauthorized access.The People-Centric IT SolutionWindows Server 2012 R2 provides an information protection solution that includes multi-factor authentication and data encryption. IT can grant access based on user, device, andlocation, and selectively publish corporate resources to remote users, integrating withmulti-factor authentication at the back end and providing a single sign-on experiencefor users.Protect Your Data
  32. 32. 32With the PhoneFactor acquisition (to be rebranded as Windows Azure ActiveAuthentication), Microsoft has integrated this service into the new Web Application Proxyrole, as well as making it available to Windows Server customers for integration with ActiveDirectory and other applications.Windows Server 2012 R2• IT can control access to company resources based on: the identity of the user, theidentity of the registered device, and the user’s network location (whether the user iswithin the corporate boundary or not).• With the Web Application Proxy, IT can selectively publish corporate resources toremote users using managed and unmanaged devices.• With multi-factor authentication integrated into the Web Application Proxy, IT can takeadvantage of additional layers of authentication as users and devices connect to thecorporate environment.Supporting FeaturesFeature Description ProductMulti-factorAuthenticationThrough PhoneFactor (Windows AzureActive Authentication), IT can applyadditional layers of authentication andverification of users and devices.Windows Server 2012 R2Windows Azure ActiveAuthenticationWeb ApplicationProxy ActiveDirectory FederationServicesAllows the publishing of corporate resources,including multi-factor authentication andthe enforcement of conditional accesspolices when users connect to resources.Windows Server 2012 R2ConclusionMicrosoft is providing IT with new ways to make corporate resources available ondevices that are outside of corporate management or control. IT can use the additionallayers of validation provided to help maintain security and to control access to sensitiveinformation.Protect Your Data
  33. 33. 33Summary
  34. 34. 34The consumerization of enterprise IT is an irreversible trend. Organizations that develop cleargoals and policies to accommodate a burgeoning number of personal devices, ubiquitousinformation access, and the resulting flexible work styles can benefit from employees who aremore motivated and productive—while still retaining the efficient management and enterprisesecurity and governance required by IT departments. Microsoft supports and enables theconsumerization of IT and the associated flexible work styles—as part of people-centric IT.That’s why Microsoft consistently advises customers and partners to look across the entireconsumerization stack—the user, device, applications, and data—to make sure proper policiesand technologies are in place at each level. Rights management, dynamic access control, andauditing are just as important, if not more so, than the configuration policies for any particulardevice.With an intelligent infrastructure built on Microsoft technologies, organizations can provide easyaccess to applications and data so that users can remain productive. With the Microsoft tools,IT administrators can implement technologies and procedures to manage disparate devices.Microsoft tools help to protect the organization’s systems, data, and network.Embracing and managing consumerization goes beyond simply allowing people to choose whichdevices they want to use. The people-centric IT solution addresses the following IT requirements:• Devices must be easily integrated into the corporate infrastructure.• Devices must be configured to become and remain compliant with corporate access andsecurity policies as long as they’re used for work.• Users must be able to access the applications and data they need to be productive in aconsistent way.• Corporate applications and data must be protected and accessed only by compliant devices.• Corporate information must be removed from devices when they’re lost, stolen or replaced.Together, Windows Server 2012 R2, System Center 2012 R2 Configuration Manager, and WindowsIntune help organizations address the consumerization of IT. With the upcoming releases of theseproducts, organizations can empower their users, unify their environment, and protect their data,ultimately helping to embrace consumerization and a people-centric IT model, while maintainingcorporate compliance.Summary
  35. 35. 35Appendix: Summary of FeaturesSolution Feature ProductsEmpower UsersSimplify BYOD Registration andEnrollmentWeb Application ProxyActive Directory Federation Services(ADFS)Device ManagementWindows Server 2012 R2System Center 2012 R2Configuration Manager andWindows IntuneEnable Consistent Access toCorporate ResourcesWork FoldersWeb Application ProxyCompany PortalWindows Server 2012 R2System Center 2012 R2Configuration Manager andWindows IntuneEnable Modern Work Styleswith Microsoft Virtual DesktopInfrastructure (VDI)Session ShadowDeduplication StorageStorage TieringRemoteAppQuick ReconnectCodec and Display ImprovementsWindows Server 2012 R2Automate How Users Connect toInternal ResourcesWeb Application ProxySupport for VPN and Wi-Fi ProfilesWindows Server 2012 R2System Center 2012 R2Configuration Manager andWindows IntuneUnify Your EnvironmentExtend Your Existing System CenterConfiguration Manager Infrastructureand Manage Mobile Devices throughthe CloudUnified Management Infrastructure System Center 2012 R2Configuration Manager andWindows IntuneSimplify User-Centric ManagementAcross DevicesUnified Device Management System Center 2012 R2Configuration Manager andWindows IntuneEnable Comprehensive SettingsManagement Across PlatformsDevice Management PoliciesSoftware DistributionDistribution Point Usage Reports andManagementSystem Center 2012 R2Configuration Manager andWindows IntuneSystem Center 2012 R2Configuration ManagerSummary
  36. 36. 36Define a Common Identity forAccessing Resources On-Premises andin the CloudWindows Server Active DirectoryDomain ServicesWindows Azure Active DirectoryWindows Server 2012 R2Windows Azure Active DirectorySolution Feature ProductsProtect Your DataSelectively Wipe Devices Selective Wipe System Center 2012 R2Configuration Manager andWindows IntuneCentralize Corporate Information forCompliance and Data Protection withPolicy-based Access ControlWeb Application ProxyWork FoldersDynamic Access ControlWindows Server 2012 R2Windows Server 2012Windows Server 2012 R2Enable Multi-factor Authenticationand Rights Management ServicesMultifactor AuthenticationWeb Application Proxy ActiveDirectory Federation ServicesWindows Server 2012 R2Windows Azure ActiveAuthenticationWindows Server 2012 R2Summary

×