Atea ems the next level
•Download as PPTX, PDF•
1 like•303 views
Presentation from Global Azure Bootcamp Aarhus 2016
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Atea ems the next level
Similar to Atea ems the next level (20)
More from Per Larsen
More from Per Larsen (20)
Recently uploaded
Recently uploaded (20)
Atea ems the next level
- 1. Mobility First | Cloud First
- 2. Per Larsen Solution Architect | per.larsen@atea.dk | m: +45 3078 1828 | f: +45 7025 2575 Co-Organizer - Everything Windows User Group Denmark | www.ewug.dk in: http://www.linkedin.com/in/perlarsen1975 | t: @PerLarsen1975 Blog: http://osddeployment.dk
- 3. • User chooses apps (unsanctioned, shadow IT) • User can access resources from anywhere • Data is shared by user and cloud apps • IT has limited visibility and protection • Only sanctioned apps are installed • Resources accessed via managed devices/networks • IT had layers of defense protecting internal apps • IT has a known security perimeter Life with cloudLife before cloud On-premises Storage, corp data Users What is driving change?
- 4. • Windows 10 and AzureAd join • Automatic MDM enrollment • Microsoft Passport for Work • Deploy MSI to Windows 10 MDM Joined devices • Device Group Mapping • Use OMS to view System Update Assessment Agenda EMS the next level
- 5. • Windows Store for Business integrated into Intune • How to deploy Application from Windows Store for Business with Intune • Disable private Store with OMA-URI Agenda EMS the next level
- 6. • Security • Identity as a service: core architecture • Conditional Access • Conditional Access - Challenge from the Real Life • AD Connect new feature – Device Write back Agenda EMS the next level
- 7. Devices | Windows 10 | Cloud Azure AD Join and Automatic MDM enrollment
- 8. • Requirements • Azure AD Premium • Settings in Azure AD • AzureAD Maximum number of devices per user = 20 • Intune Maximum number of devices per user = 5 Auto MDM enroll Windows 10 when Azure AD join
- 9. Auto MDM enroll Windows 10 when Azure AD join
- 10. • Intune - Custom URI settings for Windows 10 devices • Experience/AllowManualMDMUnenrollment • How to setup AzureAD Join a Windows 10 device • Demo Auto MDM enroll Windows 10 when Azure AD join
- 11. • What is Microsoft Passport • Microsoft Passport is set up on the user's device • The user sets a gesture, which can be Windows Hello or a PIN What is two-step verification/Microsoft Passport
- 12. How to disable or configure Microsoft Passport
- 13. Deploy MSI to Windows 10 MDM Joined devices http://officedev.github.io/Office-IT-Pro-Deployment-Scripts/XmlEditor.html
- 15. Use OMS to view System Update Assessment
- 16. Windows Store for Business
- 17. Windows Store for Business integrated into Intune
- 18. How to deploy Application from Windows Store for Business with Intune
- 19. Disable private Store with OMA-URI ./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly
- 20. Security
- 21. Identity as a service: core architecture On-premises and private cloud Enabling users (Active Directory) Federation Services SaaS apps Custom apps 10,000 + apps Windows Server Active Directory Other apps Core Identity Management HR Other Directories Sync Other Directories Devices
- 22. On-Premises applications Introducing ‘Conditional Access Control’ Application Business sensitivity Other Inside corp. network Outside corp. network Risk profile Devices Authenticated MDM Managed (Intune) Compliant with policies Not lost/stolen User attributes User identity Group memberships Auth strength (MFA) Conditional access control
- 23. Conditional access for Office 365 7 5 4 2 1 3 6
- 24. Intuitive end-user experience To access your Contoso e-mail and other company resources, this device needs to be enrolled with Contoso. Part of this process includes installing the Company Portal. Click first link below to begin this process. Step 1 Enroll your device. Step 2 Once you’ve enrolled your device, click here to Activate your enrollment.
- 25. • Different mobile OS • Outlook App not working on IOS and Android • CA for Windows - Not working with RDS or Citrix • Apple DEP enrollment not working with CA Conditional Access - Challenge from the Real Life
- 26. • Requirements • Azure AD Premium • How to Enable?? • What can we use Device Write back for? AD Connect new feature – Device Write back
- 27. AD Connect new feature – Device Write back
- 28. Usefull links • Office 365 Portal • https://portal.office.com • AzureAD Portal • https://manage.windowsazure.com • Intune Admin portal • https://manage.microsoft.com • Intune User portal • https://portal.manage.microsoft.com • Windows Store for Business • https://businessstore.microsoft.com
- 29. Usefull links • Microsoft Operations Management Suite • http://oms.microsoft.com
- 30. © 2015 Atea A/S. All rights reserved. This presentation is for informational purposes only. Atea A/S makes no warranties, express or implied, in this summary. Thank you
Editor's Notes
- This diagram displays the integration with O365 to manage access to the email. Requires users enroll their devices as well as being compliant with Intune policies before getting access to email.
- Let’s take a closer look at the end user experience when the device is not enrolled or compliant. When the user tries to access email from his personal device, the access is blocked and the user get an email explaining the reason why the email is not available as well as instructions on what to do to get access to the email. First thing to do is to enroll the device to Intune. Once the device is enrolled, Intune company portal will check the device for compliance and fix the issues, if necessary, in order to make the device compliant. After that the user will get the email flowing to the device.