Upload
hilary-gilmore
View
225
Download
0
Tags:
Embed Size (px)
Citation preview
ENABLING MOBILE DEVICE MANAGEMENT WITH SYSTEM CENTER 2012 & WINDOWS INTUNE
Howard A. Carter III
Senior Consultant
Microsoft Consulting Services
September 21, 2013TechGate 2013 – Reston, VA
AGENDA
• What is Windows Intune?
• Windows Intune Configurations
• Windows Intune Capabilities Across Devices
• Settings Up an Intune Account
• Integrating with Configuration Manager 2012
• Publishing Applications
• Enrolling Devices
WINDOWS INTUNE CONFIGURATIONSCloud-Only Configuration
Unified Configuration
CLOUD MANAGEMENT CAPABILITIES
Capability / Platform Windows 8Windows 7,
Vista, XP Windows RTWindows Phone
8 iOS Android
Application management ü ü ü ü ü ü
Endpoint Protection ü ü O O O O
Hardware Inventory ü ü ü ü ü ü
Software Inventory ü ü ü1 ü1 ü1 ü1
Remote control ü3 ü ü3 O O O
Reporting ü ü ü ü ü ü
Software updates ü ü O O O O
Compliance settings ü2 ü2 ü2 ü2 ü2 ü2
1 = Managed applications only 2 = Compliance reporting but no remediation automation 3 = Via Remote Assistance
UNIFIED MANAGEMENT CAPABILITIES
Capability / PlatformWindows
8Windows 7, Vista, XP
Windows Embedded
Windows To Go
Mac OS
Windows RT
Windows Phone 8 iOS
Android
Application management ü ü ü ü ü ü ü ü ü
Endpoint Protection ü ü ü ü ü O O O OHardware Inventory ü ü ü ü ü ü ü ü ü1
Software Inventory ü ü ü ü ü ü2 ü2 ü2 ü2
Remote control ü ü ü ü O ü5 O O OReporting ü ü ü ü ü ü ü ü ü
Software updates ü ü ü ü O ü ü ü4 OCompliance settings ü ü ü ü ü ü3 ü3 ü3 ü3
OS deployment ü ü N/A ü O N/A N/A N/A N/A
Out of band management ü ü N/A N/A O N/A N/A N/A N/A
Power management ü ü ü ü O O O O OSoftware metering ü ü ü ü O O O O O
1 = Basic information only through Exchange ActiveSync 2 = Managed applications only 3 = Compliance reporting but no remediation automation 4 = Device User has to accept the update 5 = Via Remote Assistance
WINDOWS INTUNE CLOUD ARCHITECTURE
Windows Phone 8
Windows RT
Direct Management & App Publishing
iOS
CorpNet Internet
x86 / x64
x86 / x64
Windows 8Windows 7
Windows VistaWindows XP
Windows 8Windows 7
Windows VistaWindows XP
EAS Policy & Inventory
DirSync
Android App Publishing
Android
WINDOWS INTUNE UNIFIED ARCHITECTURE
EAS Policy & Inventory Android
Android App Distribution
Windows Phone 8
Windows RT
Direct Management & App Distribution
iOS
x86 / x64
Windows 8Windows To GoWindows 7Windows EmbeddedWindows VistaWindows XPMac
Service Pack 1
CorpNet Internet
x86 / x64
Windows 8Windows 7
Windows VistaWindows XP
DirSync
ADFS ADFSProxy
Active Directory
SELECTION CONSIDERATIONS
Current Infrastructure• On-premise
ConfigMgr?• Something else?
Scale of Solution• Approx. Max of 5000 Users?• Approx. Max of 100,000
Users?
Required Feature Set• Capabilities• Supported Platforms
ROADMAP | INTEGRATING CONFIGURATION MANAGER 2012 WITH WINDOWS INTUNE
Sign up for Windows Intune account
Synchronize your AD with Windows Azure AD
Configure Intune Subscription in ConfigMgr
Add Windows Intune Connector
Setup MDM Properties
Import Apps
DEMO• TG13Demo.onmicrosoft.comSign up for Intune Account (already
done)
Sync AD with Azure AD (already done)
Configure Intune Subscription in ConfigMgr
Install Windows Intune Connector
Setup MDM Properties
Add/Deploy Company Portal App
Enabling the user
Enrolling the device
Inventorying the device
Installing applicatio
ns
Managing the device
Retiring the device
MANAGING THE MOBILE DEVICE LIFECYCLE
Password
• Require password on mobile devices
• Min password length
• Max password length
• Number passwords remembered
• Number failed logons before wipe
• Idle time before lock
• Password complexity
• Send password recovery PIN to Exchange Server
Email management
• POP and IMAP• Max time to keep
email• Allowed message
formats• Max size for plain
text email• Max size for HTML
email• Max attachment
size• Calendar
synchronization
Security
• Unsigned file installation
• Unsigned applications
• SMS and MMS messaging
• Removable storage• Camera• Bluetooth• Windows RT VPN
profile• Profile file• Profile name• Profile for all
users
Peak Synchronization
• Specify peak time• Start• End• Days of week
• Peak synchronization frequency
• Off-peak synchronization frequency
CONFIGURATION ITEM SETTINGS
All options enable you to remediate noncompliant settings and some have a reporting option
Roaming
• Mobile device management while roaming
• Software download while roaming
• Email download while roaming
Encryption
• Storage card encryption
• File Encryption on mobile device
• Require email signing
• Require email encryption
• Encryption algorithm
Wireless Communication
• Wireless network connection• Network name• Network
connection• Authentication• Data
encryption• Key index• 802.1x
settings• EAP type
Certificates
• Import• Certificate File• Destination
store• Role
CONFIGURATION ITEM SETTINGS
All options have a Remediate noncompliant settings option
INVENTORIED MANAGEMENT PROPERTIESInventory Class Windows Phone 8 Windows RT iOS EAS
Name Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Yes
Unique Device ID Device_ComputerSystem.DeviceClientID Device_ComputerSystem.DeviceName Device_ComputerSystem.UDID Yes
Serial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber No
Email Address Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Yes
Operating System Type Device_OSInformation.Platform CCM_OperatingSystem .SystemType Not applicable Yes
Operating System Version Device_ComputerSystem.SoftwareVersion Win32_OperatingSystem.Version Device_OSInformation.OSVersion Yes
Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable No
Service Pack Major Version Not applicableWin32_OperatingSystem.ServicePackMajorVersion
Not applicable No
Service Pack Minor Version Not applicableWin32_OperatingSystem.ServicePackMinorVersion
Not applicable Yes
Operating System Language
Device_OSInformation.Language Not applicable Not applicable No
Total Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity No
Free Storage Space Not applicableWin32_OperatingSystem.FreePhysicalMemory
Device_Memory.AvailableDeviceCapacity No
IMEI1 Not applicable Not applicable Device_ComputerSystem.IMEI YesMEID2 Not applicable Not applicable Device_ComputerSystem.MEID No
Manufacturer Device_ComputerSystem.DeviceManufacturer
Win32_ComputerSystem.Manufacturer Not applicable No
Model Device_ComputerSystem.DeviceModel Win32_ComputerSystem.Model ModelName Yes
Phone Number Not applicable Not applicable Device_ComputerSystem.PhoneNumber Yes
Subscriber Carrier Not applicable Not applicableDevice_ComputerSystem.SubscriberCarrierNetwork Yes
Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology No
Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC No1 International Mobile Equipment Identity 2 Mobile Equipment Identifier
DEMORemember: Manage.Microsoft.com
Creating a Mobile Configuration Baseline
Enrolling a Device
Retire
Block
Delete
Wipe
RETIRING MANAGED MOBILE DEVICES
Removes the device from Configuration Manager while leaving personal settings and data intact on the device.
Blocks the client from communicating with the hierarchy. You can also unblock clients.
All data is deleted, sets device back to
manufacturer's defaults
Deletes the mobile device permanently from the hierarchy so that it will not be
further managed. No data from the device is removed. Once deleted, the
user would need to unenroll and re-enroll again.
LISTING RETIREMENT OPTIONS BY DEVICE
Function Windows Phone 8 Windows RT iOS Android (EAS)
Retire
Yes Line of business apps
are uninstalled including the company portal app.
User settings are retained
Yes Removes sideloaded
keys and sideloaded apps no longer run.
User settings are retained
Yes• Installed apps
will still run.
Yes installed apps will still
run User settings are
removed.
Block Yes Yes Yes Not available
Wipe Yes Not available YesExchange ActiveSync mailbox removal only
Delete Yes Yes Yes Not available
DEMOWiping a Device
ADDITIONAL RESOURCESWindows Intune Trial
http://www.microsoft.com/en-us/windows/windowsintune/try.aspx
Support Tool for Intune Trial Management of Window Phone 8
http://www.microsoft.com/en-us/download/details.aspx?id=39079#
Microsoft Virtual Academy – Windows Intune Jumpstart
http://www.microsoftvirtualacademy.com/training-courses/windows-intune-for-it-professionals-jump-start
Microsoft Windows Intune Blog
http://blogs.technet.com/b/windowsintune/
Microsoft System Center ConfigMgr Team Blog
http://blogs.technet.com/b/configmgrteam/
QUESTIONS
Thank You
An email will be sent to all attendees on Monday, September 23 announcing location of slides received from presenters.