Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Microsoft NDA Confidential
@KennyBuntinx
http://be.linkedin.com/KennyBuntinx
http://scug.be/blogs/sccm
Kenny Buntinx
Enter...
Microsoft NDA Confidential
@Tim_DK
http://be.linkedin.com/in/timdekeukelaere/
http://scug.be/tim/
Tim De Keukelaere
Freela...
Microsoft NDA Confidential
Microsoft NDA Confidential
Understanding
• These concepts:
• UDM Integration with CM12
• ConfigMgr Extensions for Windows
...
Microsoft NDA Confidential
About our
audience
• Practical experience with System Center
Configuration Manager 2012 SP1/R2
...
Empowering
people-centric IT
Mobile Device
Management
Access and
information
protection
Desktop
Virtualization
Hybrid Iden...
AppsUsers DataDevices
Mobile Device Management Vision
Unify your environment
On-premises and cloud-based
management of devices within a
single c...
• Configure compliance settings on devices
• Settings for passwords, security, roaming, encryption, and wireless communica...
Users can enroll devices that configure
the device for management with Windows
Intune; the user can then use the
Company P...
App Management
• By default, user-enrolled devices are “Personal”
• Admin can specify corporate-owned devices !
Personal v...
Admin is
notified that
an extension
is available
when console
is launched
Admin goes
to Extensions
for Intune in
console, ...
Baseline
Group of CIs with presence
rules.
Configuration Item
Configuration model defined for OS ,
Application (settings, ...
http://technet.microsoft.com/en-us/library/dn499787.aspx
Category Win 8.1 PC & RT WP8.1 (New!) iOS Android
VPN   
Wi-Fi    
Certificates    
Email  
Password    
...
Last week at a customer during a Windows Intune UDM Proof of concept :
• Customer was ordering 1000 corporate owned (COPE)...
http://scug.be/nico/2014/05/22/deny-windows-phone-apps-with-configuration-manager-intune/
Resource Access Configuration
29
Platforms
Windows 8.1
Windows 8.1 RT
iOS
Android
Windows Phone 8.1 (New!)
Benefits
End us...
Support for major
SSL VPN vendors
DNS name-based initiation support
for Windows 8.1 and iOS
Application ID based initiatio...
Wi-Fi settings Manage and distribute certificates
Deploy trusted root certificates
Support for Simple Certificate Enrollme...
Network Device
Enrollment Service
(NDES)
CA
SCCM
SCCM Connector
Desktop
Admin
Device
IW
Intune
Certificate
Registration
Po...
• Delivered as Configuration Manager
Extension for Windows Intune
• Configure account settings and
security restrictions
•...
http://scug.be/sccm/2014/03/21/sysctr-configmgr-2012-and-intune-provisioning-email-profiles-and-
the-why-the-profile-may-n...
Microsoft NDA Confidential
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Upcoming SlideShare
Loading in …5
×

Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2

548 views

Published on

by Kenny Buntinx, Tim De Keukelaere

Do you need to manage Windows 8.1 /RT including other non-Microsoft mobile devices with Microsoft's UDM Solution ( CM12R2 + Intune).

Do you need to provide functionality for deploying the new Intune Extensions such as email profiles, managing your MDM settings, configuring VPN and wireless profiles, deploying cert's? Compliance Settings , Company Resource Access and Intune Extensions delivered in Configuration Manager are mostly unexplored territory for the configmgr admin.

During this session we will demystify these features for you.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2

  1. 1. Microsoft NDA Confidential @KennyBuntinx http://be.linkedin.com/KennyBuntinx http://scug.be/blogs/sccm Kenny Buntinx Enterprise Client Management MVP from 2009 Principal Consultant Kenny.Buntinx@inovativ.be
  2. 2. Microsoft NDA Confidential @Tim_DK http://be.linkedin.com/in/timdekeukelaere/ http://scug.be/tim/ Tim De Keukelaere Freelance Consultant Tim.De.Keukelaere@IT-Essence.be
  3. 3. Microsoft NDA Confidential
  4. 4. Microsoft NDA Confidential Understanding • These concepts: • UDM Integration with CM12 • ConfigMgr Extensions for Windows Intune • Settings Management (aka DCM) • Company Resource Access Knowing • How to implement them
  5. 5. Microsoft NDA Confidential About our audience • Practical experience with System Center Configuration Manager 2012 SP1/R2 • Knowledge of Windows Intune and Device Enrollment About us • Not aiming to explain in detail • “How to enroll all possible devices” • “All possible UDM capabilities”
  6. 6. Empowering people-centric IT Mobile Device Management Access and information protection Desktop Virtualization Hybrid Identity
  7. 7. AppsUsers DataDevices
  8. 8. Mobile Device Management Vision Unify your environment On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Protect your data Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Identify which mobile devices have been compromised √
  9. 9. • Configure compliance settings on devices • Settings for passwords, security, roaming, encryption, and wireless communication. • Deploy certain Resource Profiles • VPN Profiles, WIFI and Email Profiles.
  10. 10. Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on- premises and in the cloud Dirsync w Pwd Sync Connector Internal Connector
  11. 11. App Management • By default, user-enrolled devices are “Personal” • Admin can specify corporate-owned devices ! Personal vs. Corporate Owned Devices
  12. 12. Admin is notified that an extension is available when console is launched Admin goes to Extensions for Intune in console, and enables the extension Extension is activated in ConfigMgr • (Extension enables on all site system, then console updates are avail) Admin restarts console, and console is updated with the extension Admin uses feature delivered by the extension Admin may wish to disable the extension
  13. 13. Baseline Group of CIs with presence rules. Configuration Item Configuration model defined for OS , Application (settings, rules, applicability ) WMI XML Registry IIS MSI Script SQL Software Updates File Active Directory Agent discovers CIs, validates data against rules, remediates and reports compliance ConfigMgr Agent Deployment Monitor/remediate Collection
  14. 14. http://technet.microsoft.com/en-us/library/dn499787.aspx
  15. 15. Category Win 8.1 PC & RT WP8.1 (New!) iOS Android VPN    Wi-Fi     Certificates     Email   Password     Device restrictions     Store access   Browsers    Content Rating  Cloud Synch    Encryption     Security     Roaming    Windows Server Work Folders 
  16. 16. Last week at a customer during a Windows Intune UDM Proof of concept : • Customer was ordering 1000 corporate owned (COPE) Nokia Lumia 630 Windows Phones • He wanted us to provide the option when a ‘device owner’ in CM12 R2 is set to “corporate” , a user can’t unenroll a “corporate” device. • Unless you are the ConfigMgr 2012 MDM admin , you can’t. Read the full story below : http://scug.be/sccm/2014/04/24/configmgr-2012-r2-windows-intune-udm-how-to-prevent-an-end-user- can-un-enroll-his-corporate-windows-phone-8-1/
  17. 17. http://scug.be/nico/2014/05/22/deny-windows-phone-apps-with-configuration-manager-intune/
  18. 18. Resource Access Configuration 29 Platforms Windows 8.1 Windows 8.1 RT iOS Android Windows Phone 8.1 (New!) Benefits End users get access to company resources with no manual steps for them Features* Configure VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Email account profiles Management and distribution of certificates
  19. 19. Support for major SSL VPN vendors DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1 Automatic VPN connection Support for VPN standards SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows VPN plug-in PPTP ,L2TP, IKEv2
  20. 20. Wi-Fi settings Manage and distribute certificates Deploy trusted root certificates Support for Simple Certificate Enrollment Protocol (SCEP) Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection
  21. 21. Network Device Enrollment Service (NDES) CA SCCM SCCM Connector Desktop Admin Device IW Intune Certificate Registration Point SCCM plug-in
  22. 22. • Delivered as Configuration Manager Extension for Windows Intune • Configure account settings and security restrictions • Enable certificate authentication • Support for iOS and Windows Phone 8.1
  23. 23. http://scug.be/sccm/2014/03/21/sysctr-configmgr-2012-and-intune-provisioning-email-profiles-and- the-why-the-profile-may-not-turn-up-on-devices-such-as-an-ipad/
  24. 24. Microsoft NDA Confidential

×