Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Get your desktops secure with system center configuration manager 2012


Published on

The Presentation include these subjects
1.Case study - using SCCM in order to secure desktop in one of our clients.
2.Bring Your Own Device concept
3.Windows Intune -PC Management & Security in the cloud

Published in: Technology
  • Be the first to comment

Get your desktops secure with system center configuration manager 2012

  1. 1. Get Your Desktops Secure withSystem Center Configuration Manager 2012Asaf Nakash Project Manager +97254970078Dario IT Solutions
  2. 2. 054-9700780Asaf NakashIT Project ManagerDario IT Solutions
  3. 3. Case StudyDesktops Lockdown – XP and SCCM
  4. 4. Case Study – Desktop Lock Down Financial Organization – about 300 desktops The organization is under Regulation rules. Using Microsoft Windows XP
  5. 5. Case Study – Challenges Using Microsoft Windows XP SP2 and cant update to newer versions Users Have Administrative rights on the local computer. Users Install a lot of application locally. Application Lockdown approach –Blacklist Blacklist must have the ability to be updated immidiatly
  6. 6. Case Study –Solution Use SCCM with two titles * Lockdown Package * Lockdown Advertisment * Up to Date Lockdown Monitoring job Black List Using Software Inventory to get reports SCCM + SQL regarding unauthorise application. Active Protection Lock Computer We created a program that lockdown the computer Lockdown Script.exe The blacklist is stored in the SCCM and can be updated Windows XP Client
  7. 7. Case Study – Future Solution - AppLocker •AppLocker™ Users can install and run unapproved applications Even standard users can install some Eliminate unwanted/unknown types of software applications in your network Unauthorized applications may: Enforce application Introduce malware standardization within your Increase helpdesk calls organization Reduce user productivity Easily create and manage flexible Undermine compliance efforts rules using Group Policy
  8. 8. Case Study – Future Solution App Portal
  9. 9. Device Management - SCCM Using SCCM in order to work with personal devices
  10. 10. User Centric – Device Management
  11. 11. Mobile Device ManagementLight Management • EAS-based policy delivery • Discovery and inventory • Settings policy • Remote WipeDepth Management • Secure over-the-air enrollment • Monitor and remediate out-of- compliance devices • Deploy and remove applications (WinCE 5.0, 6.0 7.0; Windows Mobile 6.0, 6.1, 6.5.x ) • Inventory • Remote wipe
  12. 12. “Depth” Mobile Device Management Establishes mutual trust between the device and the management server Extend and align mobile device management  Integration Mobile Device Manager and SCCM features Enable secure, compliant mobile devices  Secure over-the-air enrollment  Monitor and remediate out-of-compliance devices  Deploy and remove applications // Inventory Devices enrolled and provisioned securely over-the-air
  13. 13. “Light” management via Exchange Provide basic management for all Exchange ActiveSync (EAS) connected devices Features Supported:  Discovery/Inventory  Settings policy  Remote Wipe Supports on-premise Exchange 2010 and hosted Exchange
  14. 14. Bring Your Own DeviceUsing combination of SCCM and Windows Intune in order to give a full support
  15. 15. work-life more blur mobile digital multiple generation devices tech fast savvy paced
  16. 16. How We Work and Live is Changing…Fast! No longer about “work-life balance,” but work-life integration using many devices to collaborate & participate. IMPACT: Employees expecting to user THEIR devices of CHOICE
  17. 17. A World of Connected Devices
  18. 18. BYOD – Benefits & Challenges Bring Your Own Benefit Challenge Device (BYOD) • Recent trend of • Employee • Mobile Workforce employees Empowerment • Cost of bringing personally- • Reduced Cost Infrastructure owned mobile • Flexibility • Security devices to their • Mobile Workforce • Need for Revised IT place of work, and • Attract Gen Y policy using those devices to access Workers • Legal & HR privileged Considerations company • Greater Risk resources.
  19. 19. Bring Your Own Device Strategy Here is Your Own Choose Your Own (Managed) (Semi Managed) Trust Predefined devices Whitelisting devices Strict policies Loose policies Bring Your Own On Your Own (Semi Managed) (Unmanaged) Freedom of devices Freedom of devices Loose policies No policies Freedom
  20. 20. CHALLENGING BYOD SCENARIOS • Workers in many locations • Non-domain joined devices • Workers “offline” for extended periods • Compromised security on remote devices • Multiple configurations, versions • Lack of insight into devices & inventory • Infrastructure investments required
  21. 21. Windows Intune Pillars Empower Your Users Help Promptly Manage Drive Efficiency and Without Excess Cost and and Secure PCs Anywhere Reduce Complexity Increased Risk  Enable mobile devices  Fast online device  Drive Efficiency with without increasing security & the Cloud business risk management Infrastructure  Empower users to get  Distribute software  Gain Better Insight the applications they  Help Keep device Into Your IT Estate to need for the device Secure & Working at control spend and they are using their best stay compliant
  22. 22. VisionDeliver the best user experience, embrace consumerisation trends withenterprise-class management
  23. 23. Cloud management for Windows devicesUse online services to ITmanage, secure & keep Windows Intuneyour Windows, IOS &Android devices Manage Security & Updates INTELLIGENT INFRASTRUCTUREupdated Benefits • No on-premise infrastructure required • You always have the latest features • Easy monitoring and reporting • IT can manage security and updates from anywhere
  24. 24. MANAGE & SECURE PCS AND DEVICESANYWHERE Simple Web-based Administration Console and a friendly IW experience          Enabling Flexible Workstyles  Devices can be managed from the office, branch office, or on the road  IT and partners can work from virtually anywhere
  25. 25. WHAT’S NEW in Windows Intune User Centric IT Pro Device Management experienceEnable IT pros to think Empower end users to self Manage Corporateusers first service their and Personally owned management needs mobile (phone & tablets) devices User Centric Management
  26. 26. Desktop Monitoring and AlertsSystem Center Operations Manager 2007R2 Agent for desktop monitoringWindows, Office and desktop applicationmonitoring provided in-box.Configurable alert categories and alertthresholds to reduce noiseConfigurable email notifications
  27. 27. UPDATE MANAGEMENTBuilds on WSUS and Microsoft Updateframework3rd party update supportDesign your update managementworkflowsEasy ongoing management(Patch Tuesdays are easy)Configuration options to choose updates to manageand customize the updates agent
  28. 28. ENDPOINT PROTECTIONBuilt on the same protectionengine used by FEP 2010System-wide, per group andper computer statusFollow up actions provided byremote tasks
  29. 29. POLICYBuilt on the same policyengine as SCCM 2012Set Endpoint Protection,Update and Firewall policiesPolicy Compliance StatusReporting
  31. 31. USER CENTRICITY FOR END USERSEnable IT self service for end users with Company Portal
  32. 32. Self Enroll Devices View all my devices Manage device affinity
  33. 33. Web based software catalog Easily search and install software – Install software locally/remotely Users decide what software/apps to install from catalog made available to – Do not need administrator them privileges
  34. 34. Contact IT for support
  35. 35. SUMMARYEnhance your BYOD strategy to cover BYOD challenging scenariosKeep updated with Windows Intune - rapid release cycles and innovative featuresNext Version of intune – Wave D