Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
•Download as PPTX, PDF•
0 likes•616 views
by Kenny Buntinx, Tim De Keukelaere Do you need to manage Windows 8.1 /RT including other non-Microsoft mobile devices with Microsoft's UDM Solution ( CM12R2 + Intune). Do you need to provide functionality for deploying the new Intune Extensions such as email profiles, managing your MDM settings, configuring VPN and wireless profiles, deploying cert's? Compliance Settings , Company Resource Access and Intune Extensions delivered in Configuration Manager are mostly unexplored territory for the configmgr admin. During this session we will demystify these features for you.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (6)
Similar to Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
Similar to Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2 (20)
More from ITProceed
More from ITProceed (20)
Recently uploaded
Recently uploaded (20)
Sysctr Track: Managing your hybrid Mobile cloud Workforce Demystified with System Center Configuration Manager 2012 R2
- 2. Microsoft NDA Confidential @KennyBuntinx http://be.linkedin.com/KennyBuntinx http://scug.be/blogs/sccm Kenny Buntinx Enterprise Client Management MVP from 2009 Principal Consultant Kenny.Buntinx@inovativ.be
- 3. Microsoft NDA Confidential @Tim_DK http://be.linkedin.com/in/timdekeukelaere/ http://scug.be/tim/ Tim De Keukelaere Freelance Consultant Tim.De.Keukelaere@IT-Essence.be
- 5. Microsoft NDA Confidential Understanding • These concepts: • UDM Integration with CM12 • ConfigMgr Extensions for Windows Intune • Settings Management (aka DCM) • Company Resource Access Knowing • How to implement them
- 6. Microsoft NDA Confidential About our audience • Practical experience with System Center Configuration Manager 2012 SP1/R2 • Knowledge of Windows Intune and Device Enrollment About us • Not aiming to explain in detail • “How to enroll all possible devices” • “All possible UDM capabilities”
- 8. Empowering people-centric IT Mobile Device Management Access and information protection Desktop Virtualization Hybrid Identity
- 10. Mobile Device Management Vision Unify your environment On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Protect your data Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Identify which mobile devices have been compromised √
- 11. • Configure compliance settings on devices • Settings for passwords, security, roaming, encryption, and wireless communication. • Deploy certain Resource Profiles • VPN Profiles, WIFI and Email Profiles.
- 13. Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on- premises and in the cloud Dirsync w Pwd Sync Connector Internal Connector
- 14. App Management • By default, user-enrolled devices are “Personal” • Admin can specify corporate-owned devices ! Personal vs. Corporate Owned Devices
- 18. Admin is notified that an extension is available when console is launched Admin goes to Extensions for Intune in console, and enables the extension Extension is activated in ConfigMgr • (Extension enables on all site system, then console updates are avail) Admin restarts console, and console is updated with the extension Admin uses feature delivered by the extension Admin may wish to disable the extension
- 19. Baseline Group of CIs with presence rules. Configuration Item Configuration model defined for OS , Application (settings, rules, applicability ) WMI XML Registry IIS MSI Script SQL Software Updates File Active Directory Agent discovers CIs, validates data against rules, remediates and reports compliance ConfigMgr Agent Deployment Monitor/remediate Collection
- 21. Category Win 8.1 PC & RT WP8.1 (New!) iOS Android VPN Wi-Fi Certificates Email Password Device restrictions Store access Browsers Content Rating Cloud Synch Encryption Security Roaming Windows Server Work Folders
- 23. Last week at a customer during a Windows Intune UDM Proof of concept : • Customer was ordering 1000 corporate owned (COPE) Nokia Lumia 630 Windows Phones • He wanted us to provide the option when a ‘device owner’ in CM12 R2 is set to “corporate” , a user can’t unenroll a “corporate” device. • Unless you are the ConfigMgr 2012 MDM admin , you can’t. Read the full story below : http://scug.be/sccm/2014/04/24/configmgr-2012-r2-windows-intune-udm-how-to-prevent-an-end-user- can-un-enroll-his-corporate-windows-phone-8-1/
- 27. Resource Access Configuration 29 Platforms Windows 8.1 Windows 8.1 RT iOS Android Windows Phone 8.1 (New!) Benefits End users get access to company resources with no manual steps for them Features* Configure VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Email account profiles Management and distribution of certificates
- 28. Support for major SSL VPN vendors DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1 Automatic VPN connection Support for VPN standards SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows VPN plug-in PPTP ,L2TP, IKEv2
- 29. Wi-Fi settings Manage and distribute certificates Deploy trusted root certificates Support for Simple Certificate Enrollment Protocol (SCEP) Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection
- 30. Network Device Enrollment Service (NDES) CA SCCM SCCM Connector Desktop Admin Device IW Intune Certificate Registration Point SCCM plug-in
- 32. • Delivered as Configuration Manager Extension for Windows Intune • Configure account settings and security restrictions • Enable certificate authentication • Support for iOS and Windows Phone 8.1
Editor's Notes
- Freelance Based in Belgium Focus on Workplace Management Active in the SysCtr community SCUG Board Member Accredited Member of MEET Connect on LinkedIn / Twitte Weblog
- Mention ADFS session (SCUG night)
- Refer to PDF + Extending default capabilities
- Over to Kenny
- How to prevent an “End-User” can un-enroll his “Corporate” Windows Phone 8.1
- See scug site blog post Over to Tim
- See scug site blog post
- NICO blog post
- See scug site blog post Over to Tim
- See scug site blog post http://scug.be/nico/2014/05/22/deny-windows-phone-apps-with-configuration-manager-intune/
- Over to Kenny
- Over to Tim