Agenda• Welkom• Windows 8• Governance vs. Management• Windows Intune• System Center 2012• Demo’s • Q&A
Windows 8 Windows All the apps Get more at the reimagined you want Cloud-connected Windows Store Reimagined browsing At home Great experience Built on with IE10 and at work across hardware a solid foundation
Challenges to Enabling Consumerization I want to use the How can IT support device I prefer and manage all Change the Approach to those devices? Client Management • Put the end user in control of their experience I want to connect to • Provide the IT Pro withprovide to How can IT the means people and be safeguard apps and apps and access to data productive data while maintaining anywhere, anytime security?
Users + IT• Device Choice • Manage all devices through single interface• Application Self-service • Deliver applications to the user, not the device• Personalized Application Experience • Integrated security and compliance• Non-intrusive management • Reduced infrastructure complexity Single admin console Access to corp resources across devices & platforms Users IT
Microsoft’s recommended solution for Managed Deployment is Windows Intune • IT manages collection of apps, manages certificates and enrollment and unenrollment of phones • Enrollment • View apps via • Cloud services Self Service PortalLearn more about 3rd-party options at:http://dev.windowsphone.com/en-us/featured/partners
System Center 2012 2012 Laptops, Client Management Comprehensive Management Consumerization Groups Model Servers,Infancy (NT Domain) Management from the Cloud of IT Enterprise Scale
System Center 2012 SimplifyEmpower Users Unify Infrastructure AdministrationEmpower people to be Reduce costs by unifying Improve IT effectivenessmore productive from IT management and efficiency. almost anywhere on infrastructure. almost any device.
Two Options Available to Deploy Apps Use Windows Intune to manage the policies, app inventory, auto get app token,Managed manage apps, enroll and un-enroll employees. Employees discover and install apps through the Self-service PortalWindows Intune OROr 3rd party Use 3rd-party management and deployment toolsUnmanaged Use email to communicate with employees Employees view app inventory either in repositories (e.g. SharePoint) or throughCustom an app that company can build using the Enterprise SDK API (the “Companydeployment Hub”)
Windows Store appsInstallation ProvisioningInstall via an “Enterprise App Store” using: Provision using the Microsoft Deployment– System Center 2012 Configuration Manager Toolkit 2012 or DISM SP1 – Include in sysprepped image– Windows Intune – Customize Start screen layoutEnterprise side loading requirements• Windows 8 Enterprise, domain joined or with a separate side load product key• Windows 8 Pro or Windows RT, with a separate side load product key
Using ConfigMgrThings to Remember• Windows Store apps install per user – Cannot be installed via a task sequence – No native support for provisioning apps, but this can be done using standard software distribution and custom command lines – Use the App Catalog web site to enable self-service installation of Windows Store apps – “Deep links” can be used, but the user must still log in with a Microsoft Account and click “Install”• Requires ConfigMgr 2012 SP1
Settings management• Settings can be be applied to devices managed in Windows Intune and devices managed through the Exchange Server Connector• Single security policy template is used to managed settings on all managed mobile devices. System figures out applicability to each platform• In ConfigMgr Exchange managed device settings are configured separately• Reporting available on each setting (applicable, conformant or error)• If a device is receiving policy from more than 1 entity, the policy that applies the most secure value for a setting is applied.
Settings for each mobile platform Setting name EAS (Activesync) WinRT/ WinPh8 iOS Require a password to unlock mobile devices √ √ √ Required password type √ √ √ Minimum password length √ √ √ Allow simple passwords √ √ √Password Number of repeated sign-in failures before device is wiped √ √ √ Minutes of inactivity before device screen is locked √ √ √ Password expiration (days) √ √ √ Remember password history √ √ √ Allow convenience logon (WindowsRT only) X √ X Allow camera √ X √ Allow web browser √ X √Restrictions Allow backup to iCloud (iOS only) X X √ Allow documents sync to iCloud (iOS only) X X √ Allow photostream sync to icloud (iOS only) X X √ Maximum size of e-mail attachments √ X X E-mail synchronization for last (days) √ X XEmail Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X Require encryption on mobile device √ X XEncryption Require encryption on storage cards √ X X
Retire details Windows RT Windows Phone 8 iOS Android (EAS managed)Device record Yes Yes Yes Yesremoved from IntuneDB and UIDevice record No (see note) No No Yesremoved fromExchange (no email)Removal of Side- Yes Yes (Application -- --loaded keys Enrollment Token is removed)Installed LOB apps Side loaded apps Side loaded apps are Installed apps will still Installed apps will still won’t run uninstalled run runInstalling new LOB Apps cannot be No since SSP is Apps cannot be Apps can still beapps installed uninstalled installed installed