Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Unified client management session from Microsoft partner boot camp


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Unified client management session from Microsoft partner boot camp

  1. 1. UNIFIED MANAGEMENT OF CLIENTS Olav Tvedt Chief Consultant MVP - Twitter: @olavtwitt – Blog:
  2. 2. AGENDA: Data Access Remote System Access Client Control
  3. 3. Data Access
  4. 4. Data Access • SkyDrive • SkyDrive Pro • Folder Redirection • Work Folders 5
  5. 5. Consumer / personal data SkyDrive Individual work data X Work Folders X X X Personal devices Access protocol Data location X X SkyDrive Pro Folder Redirection / Client-Side Caching Team / group work data HTTPS Public cloud X HTTPS SharePoint / Office 365 X HTTPS File server SMB (only from onprem or using VPN/DA) File server
  6. 6. 7
  7. 7. 8 Work Folders
  8. 8. Work Folders Requirements • A server running Windows Server 2012 R2 for hosting sync shares and user files • A volume formatted with the NTFS file system for storing user files • Work Folders has the following software requirements for client PCs: • Client side (More client OS support to come): - Windows 8.1 - Windows RT 8.1 - Enough free space on a local, NTFS-formatted drive to store all files in Work Folders. Work Folders uses the %USERPROFILE%Work Folders location by default, although users can change the location during setup (microSD cards and USB drives are supported locations). The maximum size for individual files is 10 GB by default and there is no per-user storage limit, though administrators can use File Server Resource Manager to implement quotas. 9
  9. 9. Work Folders Offline Files SkyDrive Pro SkyDrive Yes Yes Yes No Summary Syncs files stored on a file server with PCs and devices Syncs files stored on a file server with PCs that have access to the corporate network (can be replaced by Work Files) Syncs files stored in Office 365 or in SharePoint with PCs and Windows Phones inside or outside a corporate network and provides document collaboration functionality Syncs personal files stored in SkyDrive with PCs and popular devices Cloud service None None Office 365 Microsoft SkyDrive Internal network servers File servers running Windows Server 2012 R2 Preview File servers SharePoint server (optional) None PCs inside or outside of a corporate network, popular devices* PCs in a corporate network (or connected via DirectAcces, VPNs, or other remote access technologies) PCs, Windows Phone PCs, Macs, Windows Phone, iOS, Android Intended for providing user access to work files Supported clients . *Work Folders apps not yet announced. 11
  10. 10. Work Folders Requirements • To enable users to sync across the Internet, there are additional requirements: - A server certificate from a certification authority (CA) that is trusted by your users – ideally a public CA - The ability to make a server accessible from the Internet by creating publishing rules in your organization’s reverse proxy or network gateway - A publicly registered domain name and the ability to create additional public DNS records for the domain • (Optional) An Active Directory Domain Services forest with the Windows Server 2012 R2 schema extensions to support automatically referring client PCs and devices to the correct sync server when using multiple sync servers • (Optional) Active Directory Federation Services (AD FS) infrastructure, when using AD FS authentication 12
  11. 11. Windows Server 2012 R2 - Web Application Proxy 13
  12. 12. 1 5
  13. 13. More Info: Work folder • Introducing Work Folders On Windows Server 2012 R2: • Technet: • Work Folder Best Practices Analyser: • Work Folders Test Lab Deployment: • Work Folders Certificate Management: 16
  14. 14. Remote System Access
  15. 15. WORKPLACE JOIN 18
  16. 16. Users can enroll devices for access to the Company Portal for easy access to corporate applications IT can publish Desktop Virtualization (VDI) for access to centralized resources Users can work from anywhere on their device with access to their corporate resources. IT can publish access to resources with the Web Application Proxy based on device awareness and the users identity Users can register devices for single sign-on and access to corporate data with Workplace Join IT can provide seamless corporate access with DirectAccess and automatic VPN connections.
  17. 17. Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. Data from Windows Intune is sync with Configuration Manager which provides unified management across both onpremises and in the cloud As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
  18. 18. Not Joined User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information. Browser session single sign-on Seamless 2-Factor Auth for web apps Enterprise apps single sign-on Desktop Single Sign-On Workplace Joined Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information Domain Joined Domain joined computers are under the full control of IT and can be provided with complete access to corporate information
  19. 19. DIRECTACCESS 23
  20. 20. 24
  21. 21. 25
  22. 22. DirectAccess Limitations Supported Clients • Windows 8 Enterprise • Windows 7 Enterprise • Windows 7 Ultimate • Domain-Joined Non-Supported Clients • Windows 8 Professional • Windows Vista • Windows XP • Non Domain-Joined
  23. 23. DirectAccess Limitations Client Compatibility Issues • Protocols with Embedded IPv4 Addresses • Applications with Hard Coded IPv4 Addresses • IP Protocol Communication
  24. 24. DIRECTACCESS 28
  25. 25. 29
  26. 26. 30
  27. 27. 31
  28. 28. 32
  29. 29. 33
  30. 30. 34
  31. 31. 35
  32. 32. DIRECTACCESS 36
  33. 33. Client Control
  34. 34. Controlling With Group Policy
  35. 35. Controlling The Group Policy • • • • • •
  36. 36. Client Control • Intune 43 • System Center Config Manager w/Intune
  37. 37. Windows Intune Alone 44
  38. 38. SCCM With Windows Intune 45
  39. 39. User Actions Company portal actions available to users From Windows 8.1 Preview From Windows Phone 8 From iOS From Android Enroll device. Yes Yes Yes No Retire local device. Yes Yes No No Wipe mobile devices remotely. Yes No No No Install line-of-business apps. Yes Yes Yes Yes Install apps from the store that the device connects to for Windows Store, Windows Phone Store, App Store, or Google Play. Yes Yes Yes Yes
  40. 40. Administrator Management Options Management tasks Windows RT Windows Phone 8 iOS Android Device life cycle management such as the ability to retire, wipe, remote wipe, remove, and block devices. Yes Yes Yes No Compliance settings that include settings for password settings, email management, security, roaming, encryption, and wireless communication. Yes Yes Yes No Line-of-business app management. Yes Yes Yes Yes App installation from the store that the device connects to (Windows Store, Windows Phone Store, App Store, Google Play). Yes Yes Yes Yes Hardware inventory. Yes Yes Yes No
  41. 41. Why Use Intune • Get Controll • Office365 Exchange Integration (built-in connector) • On Premies Active Directory Integration • SCCM Integration 48
  42. 42. Why Use Configuration Manager? • One Interface o Servers o Computers o Tablet o Phones • Line-Of-Business Apps Sideloading • Extended Features o o 49 Multipe Client settings Wipe Company Content (Sideloaded App And Stuff Controlled By SCCM)
  43. 43. SCCM Mobile Management 50
  44. 44. SCCM Or Intune Mobile Management 51
  45. 45. Hardware Inventory Not Available With The Exchange Server Connector Hardware Inventory Class Windows Phone 8 Windows RT iOS Serial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable Service Pack Major Version Not applicable Win32_OperatingSystem.ServicePackMajorVersi Not applicable on Operating System Language Device_OSInformation.Language Not applicable Not applicable Total Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity Free Storage Space Not applicable Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity Mobile Equipment Identifier (MEID) Not applicable Not applicable Device_ComputerSystem.MEID Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Not applicable Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC 52
  46. 46. 5 3