Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune
Upcoming SlideShare
Loading in...5

Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune






Total Views
Views on SlideShare
Embed Views



5 Embeds 1,618

http://nicconf.com 830
http://www.nicconf.com 688
http://2014.nicconf.com 96
http://nicconf.macsimum.no 2
http://www.slideee.com 2



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune Presentation Transcript

  • Wally Mead Managing Mobile Devices with System Center 2012 R2 Configuration Manager and Windows Intune
  • Agenda • Continue our discussion of how to enable, configure, and use Configuration Manager 2012 R2 to manage mobile devices with our integration with Windows Intune • Will concentrate on the enrollment and management of devices in part 2 • Demonstrations where appropriate
  • Today’s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
  • Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Protect your data Management. Access. Protection. Help protect corporate information and manage risk.
  • Selecting the Management Platform Unified Device Management – System Center 2012 R2 Configuration Manager with Windows Intune Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Fewer than 7,000 devices and 4,000 users Simple web-based administration console
  • Unified Device Management Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android
  • Platform Support OS Platform Windows 8.1 PC Management Agent ConfigMgr Agent Or Management Agent (OMA-DM) End User Experience Software Center/Application Catalog Windows Company Portal app Windows PC ConfigMgr Agent (Windows 8 down to Windows XP) Software Center/Application Catalog Windows RT Management agent (OMA-DM) Windows Company Portal app Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app iOS Apple MDM Protocol iOS Company Portal app Android Android MDM agent (OMA-DM) Android Company Portal app Mac ConfigMgr Agent N/A Linux/Unix ConfigMgr Agent N/A
  • Registering and Enrolling Devices Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
  • Configuration Manager 2012 SP1 MDM Features • • • • • • • Over the air device enrollment Self service portal for end users User-targeted available application deployment User and device settings management Device inventory Remote device retirement Remote device wipe
  • Configuration Manager 2012 R2 UDM Updates • • • • • Required application deployment Application uninstall Company versus Personal device designation New Company Apps portal VPN, Wifi, and Certificate Profiles • Application triggered VPN • Network traffic triggered VPN
  • Enrolling Mobile Devices • Windows 8.1 • Use the built-in OMA-DM agent to “Enroll for Management” • WindowsRT • Use the built-in OMA-DM agent and built-in Company Apps application • Windows Phone 8 • Use the built-in OMA-DM agent and add account in Settings - company apps
  • Enrolling Mobile Devices (2) • iOS • Use the App store to download our Company Apps portal • Running the app will walk you through the enrollment process • Android • Use Google Play to download our Company Apps portal • Running the app will install the agent and enroll the device
  • Unified Device Management Console Mobile device management integrated directly in to console experience Common tools for policy and application management Unified reporting across device platforms User collections enable usercentric setting and application deployment across device types
  • What’s New in Mobile Device Inventory? Personal vs Corporate Owned Devices By default, user-enrolled devices are “Personal” Admin can specify corporateowned devices “Compromised” device detection App inventory Personal devices – Inventory only apps installed by ConfigMgr/Intune Corporate devices – Complete inventory of all applications on the device* App Management New global condition to differentiate app installs on corporate versus personal * Inventory capability varies by device platform
  • User-centric Application Delivery End User Self-Service Administrators publish software titles to catalog, complete with meta data to enable search IT • Deliver best user experience on each device Users can browse, select and install directly from Catalog • Application model determines format and policies for delivery User
  • Deploying Applications • Create target collection • Create app • App types for: • Windows • Windows Phone • iOS • Android • Deploy app to target collection
  • Deploying Applications (2) • App would appear in Company Apps portal • Most deployments are targeted to users as available • Can now perform required app deployment • Likely would want to use the new Device Ownership global condition as a requirement to control which devices get the required deployment
  • Mobile Device Settings in ConfigMgr 2012 Windows Windows iOS Android R2 Category 8.1 PC & RT Phone 8 VPN   Wi-Fi    Certificates      (*)   (*) Password (*) Device restrictions  (*) Store access Browsers (*)   (*) Content Rating  (*)  Cloud Sync (*)  Encryption (*)  (*)  (*) Security (*) (*) (*) Roaming (*) Windows Server Work Folders (*)  * Subset of settings Note: Table applicable to direct MDM and not EAS
  • Resource Access Configuration New Features* Configure networking profiles VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Management and distribution of certificates Configure remote connection to work PCs Benefits End users get access to company resources with no manual steps for them Support platforms Windows 8.1 Windows 8.1 RT iOS Android
  • VPN Profile Management Support for major SSL VPN vendors SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows WindowsRT VPN plug-in Support for VPN standards like PPTP, L2TP, IKEv2 Automatic VPN connection DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1
  • Wi-Fi and Certificate Profiles Wi-Fi settings Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection Manage and distribute certificates Deploy trusted root certificates Support for Simple Certificate Enrollment Protocol (SCEP)
  • Work Folders Sync files and data across devices New feature in Windows 8.1 client and Windows Server 2012 R2 Configuration Manager and Windows Intune support New settings to help provision the work folder discovery settings Self-service portals have links to work folders
  • Protect your data Lost or Stolen Help protect corporate information and manage risk Retired Lost Enrollme or • Selective wipe removes corporate nt Stolen applications, data, certificates/profiles, and policies based as supported by each Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Personal Apps and Data platform Company Apps and Data Company Apps and Data • Full wipe if supported by each platform Centralized Remote App • Can be executed by IT or by user via Data Company Portal Remote App Policies • Sensitive data or applications Policies be kept can off device and accessed via Remote Desktop Services Retired Personal Apps and Data
  • Corporate Data Protection • iOS and WP: Complete wipe and reset to factory defaults • Android: EAS mailbox removal only • Windows RT and Windows 8: Only EAS mailbox removal if managed through EAS • User or Admin initiated • Removes the record of the device from the system • Disables further MDM app installation and settings management on the device & selectively wipes corporate app data • Uninstalls MDM-installed apps and removes data • Removes enterprise EFS certs and email
  • Selective Wipe • • • • • • • Email Apps installed through our MDM channel Profiles (WiFi/VPN) Certificates MDM Policies (Settings) Management Agent Corp App Data • • • Windows 8.1, Windows 8.1 RT iOS Android
  • Unified Device Management Recap Unregistered Registered MDM Enrolled Fully Managed Publish email to users (EAS) Yes Yes Yes Yes Publish work folders to users Yes Yes Yes Yes Block device only Yes Yes Yes Yes Yes Yes Unified Device Management Yes Yes Unified Application Management Yes Yes Selective data wipe Yes Yes Compliance reporting Yes Yes Conditional access based on user, device, location Audit logging and monitoring Group Policy and login scripts Yes OS deployment and imaging Yes Configuration management Yes Patch management Yes Anti malware management Yes Full application management Yes BitLocker management Yes
  • Summary 2012 R2 Modern Device Management EAS Unified Improved User-centric Application Delivery User-centric Win 8 Apps Web App deployment New Flexible hierarchies Endpoint Protection Enable d 2012 SP1 Reduced Infrastructure Requirements Unify 2012 Integrated Real-time actions Compliance and Settings Management Auto remediation User profile and data Software Update Management Improved Improved New Distribution Point for Windows Azure Improved Content Management Modern Management Console Simplify Updated engine New Windows PowerShell Role-based Administration New Operating System Deployment Improved Improved Client Health Improved Improved Asset Intelligence, Inventory and Software Metering Improved Improved Additional cmdlets RBA in Reporting Windows 8.1 support
  • For More Information System Center 2012 Configuration Manager http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33 Windows Intune http://www.microsoft.com/enus/windows/windowsintune/try-and-buy Windows Server 2012 http://www.microsoft.com/en-us/servercloud/windows-server More Resources: http://www.microsoft.com/workstyle http://www.microsoft.com/server-cloud/user-devicemanagement
  • Please evaluate the session before you leave 