Enabling Mobile Device Management with System
Download
Report
Transcript Enabling Mobile Device Management with System
ENABLING MOBILE DEVICE MANAGEMENT
WITH SYSTEM CENTER 2012
& WINDOWS INTUNE
Howard A. Carter III
Senior Consultant
Microsoft Consulting Services
TechGate 2013 – Reston, VA
September 21, 2013
AGENDA
• What is Windows Intune?
• Windows Intune Configurations
• Windows Intune Capabilities Across Devices
• Settings Up an Intune Account
• Integrating with Configuration Manager 2012
• Publishing Applications
• Enrolling Devices
WINDOWS INTUNE CONFIGURATIONS
Cloud-Only Configuration
Unified Configuration
CLOUD MANAGEMENT
CAPABILITIES
Capability / Platform
Windows 8
Windows 7, Vista,
XP
Application management
Endpoint Protection
O
O
O
O
Hardware Inventory
Software Inventory
1
1
1
1
Remote control
3
3
O
O
O
Reporting
Software updates
O
O
O
O
Compliance settings
2
2
2
2
2
2
Windows RT
Windows Phone 8
iOS
Android
1 = Managed applications only 2 = Compliance reporting but no remediation automation 3 = Via Remote Assistance
UNIFIED MANAGEMENT
CAPABILITIES
Capability / Platform
Application
management
Windows 7,
Windows 8
Vista, XP
Windows
Embedded
Windows To Go Mac OS Windows RT
Windows
Phone 8 iOS Android
Endpoint Protection
O
O
O
O
Hardware Inventory
1
Software Inventory
2
2
2
2
Remote control
O
O
O
O
5
O
Software updates
4
O
Compliance settings
3
3
3
3
OS deployment
N/A
O
N/A
N/A
N/A
N/A
Out of band
management
N/A
N/A
O
N/A
N/A
N/A
N/A
O
O
O
O
O
O
O
O
O
O
Reporting
Power management
Software metering
1 = Basic information only through Exchange ActiveSync 2 = Managed applications only 3 = Compliance reporting but no remediation automation
4 = Device User has to accept the update 5 = Via Remote Assistance
WINDOWS INTUNE CLOUD
ARCHITECTURE
Windows 8
Windows 7
Windows Vista
Windows XP
Windows RT
Windows Phone 8
x86 / x64
DirSync
Android App
Publishing
iOS
Direct Management
& App Publishing
Android
EAS Policy &
Inventory
CorpNet
x86 / x64
Internet
Windows 8
Windows 7
Windows Vista
Windows XP
WINDOWS INTUNE UNIFIED
ARCHITECTURE
Windows RT
Windows Phone 8
iOS
Android App
Distribution
EAS Policy &
Inventory
Direct Management &
App Distribution
Android
x86 / x64
Windows 8
Windows 7
Windows Vista
Windows XP
SELECTION CONSIDERATIONS
Scale of Solution
Current Infrastructure
•
•
On-premise
ConfigMgr?
Something else?
• Approx. Max of 5000 Users?
• Approx. Max of 100,000 Users?
Required Feature Set
• Capabilities
• Supported Platforms
ROADMAP | INTEGRATING
CONFIGURATION MANAGER 2012
WITH WINDOWS INTUNE
Sign up for
Windows
Intune
account
Synchronize
your AD
with
Windows
Azure AD
Configure
Intune
Subscription
in ConfigMgr
Add
Windows
Intune
Connector
Setup
MDM
Properties
Import
Apps
DEMO
Sign up for Intune Account (already
done)
Sync AD with Azure AD (already done)
Configure Intune Subscription in
ConfigMgr
Install Windows Intune Connector
Setup MDM Properties
Add/Deploy Company Portal App
• TG13Demo.onmicrosoft.com
MANAGING THE MOBILE DEVICE
LIFECYCLE
CONFIGURATION ITEM SETTINGS
Password
Email management
Security
• Require password on
mobile devices
• Min password length
• Max password length
• Number passwords
remembered
• Number failed logons
before wipe
• Idle time before lock
• Password complexity
• Send password
recovery PIN to
Exchange Server
• POP and IMAP
• Max time to keep
email
• Allowed message
formats
• Max size for plain text
email
• Max size for HTML
email
• Max attachment size
• Calendar
synchronization
• Unsigned file
installation
• Unsigned applications
• SMS and MMS
messaging
• Removable storage
• Camera
• Bluetooth
• Windows RT VPN
profile
• Profile file
• Profile name
• Profile for all users
All options enable you to remediate noncompliant
settings and some have a reporting option
Peak Synchronization
• Specify peak time
• Start
• End
• Days of week
• Peak synchronization
frequency
• Off-peak
synchronization
frequency
CONFIGURATION ITEM SETTINGS
Roaming
• Mobile device
management
while roaming
• Software
download while
roaming
• Email download
while roaming
Encryption
• Storage card
encryption
• File Encryption
on mobile
device
• Require email
signing
• Require email
encryption
• Encryption
algorithm
Wireless
Communication
• Wireless network
connection
• Network name
• Network
connection
• Authentication
• Data
encryption
• Key index
• 802.1x settings
• EAP type
All options have a Remediate noncompliant settings option
Certificates
• Import
• Certificate File
• Destination
store
• Role
INVENTORIED MANAGEMENT PROPERTIES
Inventory Class
Windows Phone 8
Windows RT
iOS
EAS
Name
Device_ComputerSystem.DeviceName
Device_ComputerSystem.DeviceName
Device_ComputerSystem.DeviceName
Yes
Unique Device ID
Device_ComputerSystem.DeviceClientID
Device_ComputerSystem.DeviceName
Device_ComputerSystem.UDID
Yes
Serial Number
Not applicable
Not applicable
Device_ComputerSystem.SerialNumber
No
Email Address
Device_Email.OwnerEmailAddress
Device_Email.OwnerEmailAddress
Device_Email.OwnerEmailAddress
Yes
Operating System Type
Device_OSInformation.Platform
CCM_OperatingSystem .SystemType
Not applicable
Yes
Operating System Version
Device_ComputerSystem.SoftwareVersion
Win32_OperatingSystem.Version
Device_OSInformation.OSVersion
Yes
Build Version
Not applicable
Win32_OperatingSystem.BuildNumber
Not applicable
No
Service Pack Major Version
Not applicable
Service Pack Minor Version
Not applicable
Operating System Language
Device_OSInformation.Language
Not applicable
Not applicable
No
Total Storage Space
Not applicable
Win32_PhysicalMemory.Capacity
Device_Memory.DeviceCapacity
No
Free Storage Space
Not applicable
Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity
IMEI1
MEID2
Not applicable
Not applicable
Not applicable
Not applicable
Device_ComputerSystem.DeviceManufactur
Win32_ComputerSystem.Manufacturer
er
Device_ComputerSystem.IMEI
Device_ComputerSystem.MEID
Yes
No
Not applicable
No
Model
Device_ComputerSystem.DeviceModel
Win32_ComputerSystem.Model
ModelName
Yes
Phone Number
Not applicable
Not applicable
Device_ComputerSystem.PhoneNumber
Yes
Subscriber Carrier
Not applicable
Not applicable
Device_ComputerSystem.SubscriberCarrierNet
Yes
work
Cellular Technology
Not applicable
Not applicable
Device_ComputerSystem.CellularTechnology
No
Wi-Fi MAC
Not applicable
Win32_NetworkAdapter.MACAddress
Device_WLAN.WiFiMAC
No
Manufacturer
1
International Mobile Equipment Identity
Win32_OperatingSystem.ServicePackMajorVe
Not applicable
rsion
Win32_OperatingSystem.ServicePackMinorVer
Not applicable
sion
2
Mobile Equipment Identifier
No
Yes
No
DEMO
Creating a Mobile Configuration
Baseline
Enrolling a Device
Remember: Manage.Microsoft.com
RETIRING MANAGED MOBILE DEVICES
Removes the device from
Configuration Manager while leaving
personal settings and data intact on
the device.
All data is deleted, sets device
back to manufacturer's defaults
Deletes the mobile device permanently from
the hierarchy so that it will not be further
managed. No data from the device is
removed. Once deleted, the user would need
to unenroll and re-enroll again.
Blocks the client from
communicating with the
hierarchy. You can also unblock
clients.
LISTING RETIREMENT OPTIONS BY
DEVICE
Function
Windows Phone 8
Windows RT
iOS
Android (EAS)
Yes
Yes
Yes
Line of business apps are Removes sideloaded • Installed apps
uninstalled including the
keys and sideloaded
will still run.
company portal app.
apps no longer run.
User settings are retained User settings are
retained
Yes
installed apps will still run
User settings are
removed.
Block
Yes
Yes
Yes
Not available
Wipe
Yes
Not available
Yes
Exchange ActiveSync
mailbox removal only
Delete
Yes
Yes
Yes
Not available
Retire
DEMO
Wiping a Device
ADDITIONAL RESOURCES
Windows Intune Trial
http://www.microsoft.com/en-us/windows/windowsintune/try.aspx
Support Tool for Intune Trial Management of Window Phone 8
http://www.microsoft.com/enus/download/details.aspx?id=39079#
Microsoft Virtual Academy – Windows Intune Jumpstart
http://www.microsoftvirtualacademy.com/trainingcourses/windows-intune-for-it-professionals-jump-start
Microsoft Windows Intune Blog
http://blogs.technet.com/b/windowsintune/
Microsoft System Center ConfigMgr Team Blog
http://blogs.technet.com/b/configmgrteam/
QUESTIONS
An email will be sent to all attendees on Monday, September 23
announcing location of slides received from presenters.