Finding the right balance Devices &andExperiences Applications data across Users Want devices, anywhere Controlled access to data with seamless authentication Devices & Platforms Single admin console.

Download Report

Transcript Finding the right balance Devices &andExperiences Applications data across Users Want devices, anywhere Controlled access to data with seamless authentication Devices & Platforms Single admin console.

Finding the right balance
Devices &andExperiences
Applications
data
across
Users
Want
devices, anywhere
Controlled access
to data with
seamless
authentication
Devices & Platforms
Single admin
console
Configurations for MDM:
• Windows Intune standalone
• ConfigMgr 2012 SP1 + Windows
Intune Subscription
New Platforms
•
•
•
•
Windows RT
Windows Phone 8
iOS (5.x, 6.x)
Android (2.1 and later)
Features
•
•
•
•
•
•
Over the air device enrollment*
User-targeted available app deployment
User and device settings management*
Device inventory*
Remote device retirement*
Remote device wipe*
*Android features managed by-proxy through the Exchange Connector
•
•
•
•
•
•
Admin has not configured mobile device management
Admin has not enabled enrollment for specific device types
User is trying to enroll several devices at the same time or has more than 20
mobile devices in the system
User is not provisioned by their IT admin
Windows Phone 8 Only: WP8 code signing certificate not configured properly
iOS only: Apple Push Notification Service certificate is not configured or
expired. Or device is not running iOS 5.0 +
• Hardware properties for mobile devices are collected through Device
Management as well as Exchange ActiveSync
• App inventory for apps installed via MDM. For privacy reasons, we
do not collect app inventory for apps installed through other means
on the device
• Inventory is not extensible for mobile devices
• Settings can be be applied to devices managed in Windows Intune and
devices managed through the Exchange Server Connector
• Single security policy template is used to manage settings on all managed
mobile devices. System figures out applicability to each platform.
• Reporting available on each setting (applicable, conformant or error)
• If a device is receiving policy from more than 1 authority, the most secure
value for a setting is applied.
Setting name
Exchange
Activesync
WinRT/ WinPh8
iOS
Require a password to unlock mobile devices
√
√
√
Required password type
√
√
√
Minimum password length
√
√
√
Allow simple passwords
√
√
√
Number of repeated sign-in failures before device is wiped
√
√
√
Minutes of inactivity before device screen is locked
√
√
√
Password expiration (days)
√
√
√
Remember password history
√
√
√
Allow convenience logon (Windows RT only)
√
Setting name
EAS (Activesync)
WinRT/ WinPh8
iOS
Allow camera
√
√
Allow web browser
√
√
Allow backup to iCloud (iOS only)
√
Allow documents sync to iCloud (iOS only)
√
Allow photostream sync to iCloud (iOS only)
√
Maximum size of e-mail attachments
√
E-mail synchronization for last (days)
√
Allow mobile devices that don’t fully support these settings to synchronize
with Exchange
√
Require encryption on mobile device
√
Require encryption on storage cards
√
• User or Admin initiated
• Removes the record of the device from the system
• Disables further MDM app installation and settings management on the device
• MDM installed apps are removed on Windows Phone
• Sideloading key removed on Windows RT disabling sideloaded apps
•
•
•
•
iOS and WP8: Complete wipe and reset to factory defaults
Android: EAS mailbox removal only
Windows RT and Windows 8: Only EAS mailbox removal if managed through EAS
Windows 7 and below: No wipe
People Centric IT
Come to Booth 1 in the Expo Hall for your chance to win
a Surface RT bundle worth $699
Answer four questions correctly and you’ll be entered in
our prize draw.
Draw will take place at 4pm on April 10 2013
NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules