Wally Mead
Managing Mobile Devices with
System Center 2012 R2
Configuration Manager and
Windows Intune
Agenda
• Continue our discussion of how to
enable, configure, and use Configuration
Manager 2012 R2 to manage mobile devic...
Today’s challenges

Users

Devices

Apps

Data

Users expect to be able to
work in any location and
have access to all the...
Empowering People-centric IT
Enable users
Allow users to work on the
devices of their choice and
provide consistent access...
Selecting the Management Platform

Unified Device Management – System
Center 2012 R2 Configuration Manager
with Windows In...
Unified Device Management
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Mac OS X

Windows RT,
Windows Ph...
Platform Support
OS Platform
Windows 8.1 PC

Management Agent
ConfigMgr Agent
Or
Management Agent (OMA-DM)

End User Exper...
Registering and Enrolling Devices
Users can enroll devices which
configure the device for
management with Windows
Intune. ...
Configuration Manager 2012 SP1 MDM
Features
•
•
•
•
•
•
•

Over the air device enrollment
Self service portal for end user...
Configuration Manager 2012 R2 UDM
Updates
•
•
•
•
•

Required application deployment
Application uninstall
Company versus ...
Enrolling Mobile Devices
• Windows 8.1

• Use the built-in OMA-DM agent to “Enroll for
Management”

• WindowsRT

• Use the...
Enrolling Mobile Devices

(2)

• iOS

• Use the App store to download our Company Apps
portal
• Running the app will walk ...
Unified Device Management Console
Mobile device management
integrated directly in to console
experience
Common tools for p...
What’s New in Mobile Device Inventory?

Personal vs Corporate
Owned Devices
By default, user-enrolled
devices are “Persona...
User-centric Application Delivery
End User Self-Service

Administrators publish
software titles to
catalog, complete with ...
Deploying Applications
• Create target collection
• Create app
• App types for:
• Windows
• Windows Phone
• iOS
• Android
...
Deploying Applications

(2)

• App would appear in Company Apps portal

• Most deployments are targeted to users as availa...
Mobile Device Settings in ConfigMgr 2012
Windows
Windows
iOS
Android
R2 Category
8.1 PC & RT Phone 8
VPN





Wi-Fi



...
Resource Access Configuration
New Features*

Configure networking profiles VPN profiles
Support for Windows 8.1 Automatic ...
VPN Profile Management

Support for major SSL
VPN vendors
SSL VPNs from Cisco,
Juniper, Check Point,
Microsoft, Dell Sonic...
Wi-Fi and Certificate Profiles

Wi-Fi settings
Manage Wi-Fi protocol and authentication
settings
Provision Wi-Fi networks ...
Work Folders

Sync files and data across devices
New feature in Windows 8.1 client and Windows
Server 2012 R2

Configurati...
Protect your data

Lost or
Stolen

Help protect corporate information and manage risk

Retired
Lost
Enrollme or
• Selectiv...
Corporate Data Protection
• iOS and WP: Complete wipe and reset to factory defaults
• Android: EAS mailbox removal only
• ...
Selective Wipe

•
•
•
•
•
•
•

Email
Apps installed through our MDM channel
Profiles (WiFi/VPN)
Certificates
MDM Policies ...
Unified Device Management Recap
Unregistered

Registered

MDM Enrolled

Fully Managed

Publish email to users (EAS)

Yes

...
Summary

2012 R2

Modern Device Management

EAS

Unified

Improved

User-centric Application Delivery

User-centric

Win 8...
For More Information
System Center 2012 Configuration
Manager
http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?w...
Please evaluate the session
before you leave

Upcoming SlideShare
Loading in …5
×

Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune

4,125 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,125
On SlideShare
0
From Embeds
0
Number of Embeds
2,009
Actions
Shares
0
Downloads
30
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Wally Mead - Managing mobile devices with system center 2012 r2 configuration manager and windows intune

  1. 1. Wally Mead Managing Mobile Devices with System Center 2012 R2 Configuration Manager and Windows Intune
  2. 2. Agenda • Continue our discussion of how to enable, configure, and use Configuration Manager 2012 R2 to manage mobile devices with our integration with Windows Intune • Will concentrate on the enrollment and management of devices in part 2 • Demonstrations where appropriate
  3. 3. Today’s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
  4. 4. Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Protect your data Management. Access. Protection. Help protect corporate information and manage risk.
  5. 5. Selecting the Management Platform Unified Device Management – System Center 2012 R2 Configuration Manager with Windows Intune Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Fewer than 7,000 devices and 4,000 users Simple web-based administration console
  6. 6. Unified Device Management Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android
  7. 7. Platform Support OS Platform Windows 8.1 PC Management Agent ConfigMgr Agent Or Management Agent (OMA-DM) End User Experience Software Center/Application Catalog Windows Company Portal app Windows PC ConfigMgr Agent (Windows 8 down to Windows XP) Software Center/Application Catalog Windows RT Management agent (OMA-DM) Windows Company Portal app Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app iOS Apple MDM Protocol iOS Company Portal app Android Android MDM agent (OMA-DM) Android Company Portal app Mac ConfigMgr Agent N/A Linux/Unix ConfigMgr Agent N/A
  8. 8. Registering and Enrolling Devices Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
  9. 9. Configuration Manager 2012 SP1 MDM Features • • • • • • • Over the air device enrollment Self service portal for end users User-targeted available application deployment User and device settings management Device inventory Remote device retirement Remote device wipe
  10. 10. Configuration Manager 2012 R2 UDM Updates • • • • • Required application deployment Application uninstall Company versus Personal device designation New Company Apps portal VPN, Wifi, and Certificate Profiles • Application triggered VPN • Network traffic triggered VPN
  11. 11. Enrolling Mobile Devices • Windows 8.1 • Use the built-in OMA-DM agent to “Enroll for Management” • WindowsRT • Use the built-in OMA-DM agent and built-in Company Apps application • Windows Phone 8 • Use the built-in OMA-DM agent and add account in Settings - company apps
  12. 12. Enrolling Mobile Devices (2) • iOS • Use the App store to download our Company Apps portal • Running the app will walk you through the enrollment process • Android • Use Google Play to download our Company Apps portal • Running the app will install the agent and enroll the device
  13. 13. Unified Device Management Console Mobile device management integrated directly in to console experience Common tools for policy and application management Unified reporting across device platforms User collections enable usercentric setting and application deployment across device types
  14. 14. What’s New in Mobile Device Inventory? Personal vs Corporate Owned Devices By default, user-enrolled devices are “Personal” Admin can specify corporateowned devices “Compromised” device detection App inventory Personal devices – Inventory only apps installed by ConfigMgr/Intune Corporate devices – Complete inventory of all applications on the device* App Management New global condition to differentiate app installs on corporate versus personal * Inventory capability varies by device platform
  15. 15. User-centric Application Delivery End User Self-Service Administrators publish software titles to catalog, complete with meta data to enable search IT • Deliver best user experience on each device Users can browse, select and install directly from Catalog • Application model determines format and policies for delivery User
  16. 16. Deploying Applications • Create target collection • Create app • App types for: • Windows • Windows Phone • iOS • Android • Deploy app to target collection
  17. 17. Deploying Applications (2) • App would appear in Company Apps portal • Most deployments are targeted to users as available • Can now perform required app deployment • Likely would want to use the new Device Ownership global condition as a requirement to control which devices get the required deployment
  18. 18. Mobile Device Settings in ConfigMgr 2012 Windows Windows iOS Android R2 Category 8.1 PC & RT Phone 8 VPN   Wi-Fi    Certificates      (*)   (*) Password (*) Device restrictions  (*) Store access Browsers (*)   (*) Content Rating  (*)  Cloud Sync (*)  Encryption (*)  (*)  (*) Security (*) (*) (*) Roaming (*) Windows Server Work Folders (*)  * Subset of settings Note: Table applicable to direct MDM and not EAS
  19. 19. Resource Access Configuration New Features* Configure networking profiles VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Management and distribution of certificates Configure remote connection to work PCs Benefits End users get access to company resources with no manual steps for them Support platforms Windows 8.1 Windows 8.1 RT iOS Android
  20. 20. VPN Profile Management Support for major SSL VPN vendors SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows WindowsRT VPN plug-in Support for VPN standards like PPTP, L2TP, IKEv2 Automatic VPN connection DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1
  21. 21. Wi-Fi and Certificate Profiles Wi-Fi settings Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection Manage and distribute certificates Deploy trusted root certificates Support for Simple Certificate Enrollment Protocol (SCEP)
  22. 22. Work Folders Sync files and data across devices New feature in Windows 8.1 client and Windows Server 2012 R2 Configuration Manager and Windows Intune support New settings to help provision the work folder discovery settings Self-service portals have links to work folders
  23. 23. Protect your data Lost or Stolen Help protect corporate information and manage risk Retired Lost Enrollme or • Selective wipe removes corporate nt Stolen applications, data, certificates/profiles, and policies based as supported by each Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Personal Apps and Data platform Company Apps and Data Company Apps and Data • Full wipe if supported by each platform Centralized Remote App • Can be executed by IT or by user via Data Company Portal Remote App Policies • Sensitive data or applications Policies be kept can off device and accessed via Remote Desktop Services Retired Personal Apps and Data
  24. 24. Corporate Data Protection • iOS and WP: Complete wipe and reset to factory defaults • Android: EAS mailbox removal only • Windows RT and Windows 8: Only EAS mailbox removal if managed through EAS • User or Admin initiated • Removes the record of the device from the system • Disables further MDM app installation and settings management on the device & selectively wipes corporate app data • Uninstalls MDM-installed apps and removes data • Removes enterprise EFS certs and email
  25. 25. Selective Wipe • • • • • • • Email Apps installed through our MDM channel Profiles (WiFi/VPN) Certificates MDM Policies (Settings) Management Agent Corp App Data • • • Windows 8.1, Windows 8.1 RT iOS Android
  26. 26. Unified Device Management Recap Unregistered Registered MDM Enrolled Fully Managed Publish email to users (EAS) Yes Yes Yes Yes Publish work folders to users Yes Yes Yes Yes Block device only Yes Yes Yes Yes Yes Yes Unified Device Management Yes Yes Unified Application Management Yes Yes Selective data wipe Yes Yes Compliance reporting Yes Yes Conditional access based on user, device, location Audit logging and monitoring Group Policy and login scripts Yes OS deployment and imaging Yes Configuration management Yes Patch management Yes Anti malware management Yes Full application management Yes BitLocker management Yes
  27. 27. Summary 2012 R2 Modern Device Management EAS Unified Improved User-centric Application Delivery User-centric Win 8 Apps Web App deployment New Flexible hierarchies Endpoint Protection Enable d 2012 SP1 Reduced Infrastructure Requirements Unify 2012 Integrated Real-time actions Compliance and Settings Management Auto remediation User profile and data Software Update Management Improved Improved New Distribution Point for Windows Azure Improved Content Management Modern Management Console Simplify Updated engine New Windows PowerShell Role-based Administration New Operating System Deployment Improved Improved Client Health Improved Improved Asset Intelligence, Inventory and Software Metering Improved Improved Additional cmdlets RBA in Reporting Windows 8.1 support
  28. 28. For More Information System Center 2012 Configuration Manager http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33 Windows Intune http://www.microsoft.com/enus/windows/windowsintune/try-and-buy Windows Server 2012 http://www.microsoft.com/en-us/servercloud/windows-server More Resources: http://www.microsoft.com/workstyle http://www.microsoft.com/server-cloud/user-devicemanagement
  29. 29. Please evaluate the session before you leave 

×