Embed Size (px)
Citation preview
System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device ManagementJeffrey SutherlandPrincipal PM ManagerMicrosoft
Martin BoothSr Technical Product Manager
Microsoft
Enabling users to be productive, responsiblyFinding the right balanceDevices & Experiences Users Want
Applications and data across devices, anywhere
Empower User Productivity
Unified Management Infrastructure
Common IdentityAccess and Information Protection
Controlled access to data with seamless authentication
Unified Device Management
• Single management interface• Integrated security and
compliance• Improve IT efficiency• Reduced infrastructure complexity
Unified Management Infrastructure
+
Empower User Productivity
• Device choice• Application self-service• Personalized application
Experience• Non-intrusive management
Simplifying Management Across Platforms
Devices & Platforms
IT
Single adminconsole
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
AndroidMac OS X
Windows RT Windows Phone 8
iOSAndroid
MDM Features and Platforms
Configurations for MDM:• Windows Intune standalone• ConfigMgr 2012 SP1 +
Windows Intune Subscription
New Platforms• Windows RT• Windows Phone 8• iOS (5.x, 6.x)• Android (2.1 and later)
Features• Over the air device enrollment*• User-targeted available app
deployment• User and device settings
management*• Device inventory*• Remote device retirement*• Remote device wipe*
*Android features managed by-proxy through the Exchange Connector
Mobile Device Enrollment• Establishes mutual trust between the device and the
management server• User-initiated process over SSL• Admin defines which users are authorized to enroll devices• Maximum 20 active device enrollments per user
• Supports Windows RT, Windows Phone 8, iOS 5.0+• End result: A user certificate is installed on the device and
the management agent is configured. • Certificate renewal: Auto-Renew for Windows RT. User is
prompted for Windows Phone and iOS• WinCE, Windows Embedded Handheld (Windows Mobile 6.5)
still supported via ConfigMgr on-prem infrastructure
Demo - Enrollment
Enrollment failure causes• Admin has not configured mobile device management• Admin has not enabled enrollment for specific device types• User is trying to enroll several devices at the same time or has
more than 20 mobile devices in the system• User is not provisioned by their IT admin• Windows Phone 8 Only: WP8 code signing certificate not
configured properly • iOS only: Apple Push Notification Service certificate is not
configured or expired. Or device is not running iOS 5.0 +
Mobile device inventory
• Hardware properties for mobile devices are collected through Device Management as well as Exchange ActiveSync
• App inventory for apps installed via MDM. For privacy reasons, we do not collect app inventory for apps installed through other means on the device
• Inventory is not extensible for mobile devices
Demo - Inventory
Settings management• Settings can be be applied to devices managed in Windows
Intune and devices managed through the Exchange Server Connector
• Single security policy template is used to manage settings on all managed mobile devices. System figures out applicability to each platform.
• Reporting available on each setting (applicable, conformant or error)
• If a device is receiving policy from more than 1 authority, the most secure value for a setting is applied.
Settings for each mobile platform
Setting name Exchange Activesync
WinRT/ WinPh8 iOS
Require a password to unlock mobile devices √ √ √
Required password type √ √ √
Minimum password length √ √ √
Allow simple passwords √ √ √
Number of repeated sign-in failures before device is wiped √ √ √
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days)
√ √ √
Remember password history √ √ √
Allow convenience logon (Windows RT only) √
Password
Settings for each mobile platform
Setting name EAS (Activesync)
WinRT/ WinPh8 iOS
Allow camera
√ √
Allow web browser
√ √
Allow backup to iCloud (iOS only) √
Allow documents sync to iCloud (iOS only) √
Allow photostream sync to iCloud (iOS only) √
Maximum size of e-mail attachments
√
E-mail synchronization for last (days)
√
Allow mobile devices that don’t fully support these settings to synchronize with Exchange
√
Require encryption on mobile device
√
Require encryption on storage cards
√
Device restriction
s
Encryption
Demo – Settings Management
Retire and Wipe options Retire
• User or Admin initiated• Removes the record of the device from the system• Disables further MDM app installation and settings management on
the device• MDM installed apps are removed on Windows Phone• Sideloading key removed on Windows RT disabling sideloaded
apps
Wipe effects depend on the platform and management type (EAS or native)
• iOS and WP8: Complete wipe and reset to factory defaults • Android: EAS mailbox removal only • Windows RT and Windows 8: Only EAS mailbox removal if managed
through EAS• Windows 7 and below: No wipe
Demo – Retire & Wipe
People Centric ITCome to Booth 1 in the Expo Hall for your chance
to win a Surface RT bundle worth $699
Answer four questions correctly and you’ll be entered in our prize draw.
Draw will take place at 4pm on April 10 2013
NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules
Related ContentBreakout Sessions
UD-B301 Application Delivery with System Center 2012 Configuration Manager SP1 and Windows Intune
UD-B309 Deploying and Configuring Mobile Device Management Infrastructure
UD-B310 Deploying and Managing Windows 8 with Configuration Manager 2012 SP1
UD-B317 Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1
UD-B318 Managing Embedded Devices with Configuration Manager 2012
UD-B325 System Center 2012 Configuration Manager SP1 Overview
UD-B331 System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1
UD-B332 What’s New with Microsoft Deployment Toolkit 2012 Update 1
UD-B333 What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design
UD-B335 Windows Intune Overview
UD-B403 Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting
Related ContentInstructor-led and Hands-on Labs
UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
