Devices Enable your users Apps Unify Your Environment Data Protect your data Help organizations enable their users to be productive on the devices they love while helping ensure corporate.
Download ReportTranscript Devices Enable your users Apps Unify Your Environment Data Protect your data Help organizations enable their users to be productive on the devices they love while helping ensure corporate.
Devices Enable your users Apps Unify Your Environment Data Protect your data Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure Manage mobile productivity without compromising compliance Manage Mobile Productivity and Protect Data with Office Manage mobile productivity and protect data with Office Mobile apps for iOS and Android Conditional Access Policy to Email and Documents Provide access to Exchange and OneDrive for Business resources only to managed devices Enroll and Manage Corporate-owned Devices Enable IT to bulk enroll corporate-owned task-worker devices Manage policy for existing iOS line of business apps (so called “app wrapping”) Managed browser and PDF/Audio/Video viewers Deny access if a device falls out of compliance Support for Apple Configurator Personal Corporate Layer 1 Data wrapping device via MDM 23 – Mobile Application andlockdown data containers LoB Managed Browser Native E-mail LoB (aka “managed mobile productivity”) Protects corporate data by… Gaps it leaves open Restricting device behaviors: Protecting data Preventing apps from sharingPIN, encryption, wipe, disable screen wherever it resides data with other apps outside capture and cloud backup, track of IT control Providing granular, content compliance, etc. specific protection – e.g. timedata Preventing apps from saving Provisioning credentials that bomb vision docsof to stores outside enable corporate resource access IT control control Encrypting app data to supplement device encryption Apps mayenlightened share corporate Requires applications Only protects corporate data that data with apps outside resides onother devices. Cannot Requires all data to be protected IT control protect data beyond a device. if not complemented by Layers 1 Apps saveprotection corporatetodata and 2may Applies same all to consumer cloud data that an app services touches. Does not allow for specific protection per document. Enterprise Mobility Lifecycle Enroll Enroll devices in AD and MDM Block email/SharePoint etc until enrolled Customizable Terms & Conditions Simple end user experience Provision Retire Revoke company resource access Selective wipe Audit lost/stolen devices etc Employees Manage and Protect Provision access to corporate resources Install VPN, Wifi, Certificates Deploy device security policy settings Install mandatory apps Deploy app restriction policies Deploy data protection policies Measure device and app compliance Block access if policy violated (eg: jailbreak) Contain data to prevent leaks Self service portal for users Enroll Retire Provision Manage and Protect Intune standalone (cloud only) Intune web console ConfigMgr integrated with Intune (hybrid) No existing Configuration Manager deployment Simplified policy control PC+MDM: 4K users, 6K PCs, and 7K devices MDM Only: 25k users and 50k mobile devices Simple web-based administration console ConfigMgr console System Center ConfigMgr Microsoft Intune Microsoft Intune Mobile devices and PCs Cloud-based Management Microsoft Intune Domain joined PCs Mobile devices System Center 2012 R2 Configuration Manager with Microsoft Intune Build on existing Configuration Manager deployment Full PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting) Deep policy control requirements Scale to 100,000 devices Extensible administration tools (RBA, PowerShell, SQL Reporting Services) The End User Experience Family Bulk Enrollment • Support for Apple Device Enrollment Program and Apple Configurator • Service account enrollment Configuration Policies • Device lockdown through supervisor mode • Policies and apps targeted to devices • Application install allow/deny list • URL allow/deny Device Type Allow/Block enforcement Windows Phone Enforced by device OS (always compliant) iOS Audit reporting Android Audit reporting Managed store apps • • • • • • No trip to the store. - Installation begins directly. Monitor installation – Get install status in the console Push apps – Apps can be required installations Inventory apps - App on the device is marked as a Managed app in inventory Works only for Free apps. App Restriction policies can be applied External/Deep link • • • • • • IW is taken to the store for installation Intune is NOT aware of the installation. No Installation status. IT Pro can only make it Available install App on the device is marked as a Personal app in inventory Works for both free and paid app App Restriction policies can NOT be applied • Option 1: Configure app in deny list Detect • Option 2: Deploy managed iOS app Audit Advise Deploy • Option 1: Audit devices that have “denied” app installed • Option 2: Report on installation failure • Advise end user to uninstall iOS app • Deploy managed iOS app successfully to device App Origination Line of Business (Sideloading) Public Store apps Scenarios Windows 8.1 Windows Phone 8.1 iOS Android Available Install deployed to users Required Install & Uninstall Coming deployed to users and soon devices Deep linked app: Available user targeted Managed store app: Available user targeted Coming soon Managed store app: Required Install & Uninstall Coming deployed to users & soon devices User Consent required User Consent required User Consent required App Origination Line of Business (Sideloading) Public Store apps Scenarios Windows 8.1 Windows Phone 8.1 iOS Android Installation Status Available Install deployed to users Required Install & Uninstall deployed to users and devices * Deep linked app: Available user targeted Managed store app: Available user targeted Managed store app: Required Install & Uninstall deployed to users & devices * User Consent User Consent required required User Consent required Application Update Coming soon Enroll Retire Provision Manage and Protect Microsoft Office apps are natively manageable with Intune Intune offers key apps to support content viewing • OWA • OneDrive for Business • Word • Excel • PowerPoint • • • • Managed Browsers PDF Viewer AV Viewer Image Viewer Build or buy your app with the Intune SDK Make any app manageable, without modifying code • Developers can easily integrate applications for manageability. • Provide more control over user experience than wrapping • Apply all MAM policies to apps Acquire Import Configure Deploy • Option 1: Wrap LOB apps or recompile with the Intune App SDK • Option 2: Purchase store applications that include the Intune App SDK • Import LOB App Packages or App deeplinks into Intune • Create MAM Policies • Associate MAM Policy with User group(s) during Application deployment Tool Certs Package • Download the Intune App Wrapping Tool from Download Center and Install • Acquire appropriate packaging certs (e.g. Apple signing certification and provisioning profile) • Run the App Wrapping Tool and generate the new app package Enroll Retire Provision Manage and Protect Restore device to factory defaults Remove company assets from device • All assets on device are removed • Typically used for lost/stolen devices or resetting corporate owned devices • Company assets (Apps, Data, Profiles, Certs, Settings and Email) are removed • MAM support adds ability to remove only company data from multi-account applications • Typically used for personally owned device Initiate Wipe Device • Option 1: IT Pro opens in the Microsoft Intune console, finds the device and chooses Retire • Option 2: IW opens the Microsoft Company Portal, finds device and chooses Retire • Option 1: IT Pro/IW chooses Full Wipe • Option 2: IT Pro/IW choose Selective Wipe • For Selective Wipe: • IWs will notifications for specific platforms (e.g. Android) • IWs will be informed of Company Data removal in MAM enabled applications http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://developer.microsoft.com http://aka.ms/enterprise mobilitysuite http://aka.ms/microsoftintune http://aka.ms/configmgr http://aka.ms/hi http://aka.ms/aip http://aka.ms/virtualdesktop