Empowering people-centric IT Mobile Device and Application Management Desktop Virtualization Hybrid Identity Access and information protection Users Devices Apps Data √ Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify.
Download ReportTranscript Empowering people-centric IT Mobile Device and Application Management Desktop Virtualization Hybrid Identity Access and information protection Users Devices Apps Data √ Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify.
Empowering people-centric IT Mobile Device and Application Management Desktop Virtualization Hybrid Identity Access and information protection Users Devices Apps Data √ Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify your environment Protect your data On-premises and cloud-based management of devices within a single console. Protect corporate information by selectively wiping apps and data from retired/lost devices Simplified, user-centric application management across devices A common identity for accessing resources on-premises and in the cloud Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Identify which mobile devices have been compromised Empower users Allow users to work the device of their choice and provide consistent access to corporate resources. Users can work from anywhere on their devices with access to their corporate resources. Users can register devices for single sign on, and access to corporate data, with Workplace Join. Users can enroll devices for access to the company portal for easy access to corporate applications. Firewall IT can provide seamless corporate access. IT can publish desktop virtualization resources for access to centralized resources. IT can publish access to resources with the web application proxy based on device awareness and the users identity. Workplace join and native platform enrollment Native Clients for 10.6, 10.7, 10.8, 10.9 Supports push software distribution, settings management, and inventory Simple enrollment CentOS 5+6, Debian 5+6, Ubuntu 10.4 LTS and 12.4 LTS, Oracle Linux 5+6 Windows Phone 8 Android 4.0+ iOS 6.0+ OS Platform Windows 8.1 PC Management Agent ConfigMgr Agent Or Management Agent (OMA-DM) End User Experience Software Center/Application Catalog Windows Company Portal app Windows PC ConfigMgr Agent (Win8,Win7,Vista,XP) Software Center/Application Catalog Windows RT Management agent (OMA-DM) Windows Company Portal app Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app iOS Apple MDM Protocol iOS Company Portal app Android Company Portal MDM agent (OMA-DM) Android Company Portal app Mac ConfigMgr Agent Limited self service experience Linux/Unix ConfigMgr Agent N/A Automatic sync of content between Configuration Manager and Intune Web Application Proxy ADFS Device object created upon enrollment. Category Windows 8.1 PC & RT Windows Phone 8/8.1 iOS Android VPN Wi-Fi Certificates (*) (*) Password (*) Device restrictions (*) Store access Browsers (*) (*) Content Rating (*) Cloud Sync (*) Encryption (*) (*) (*) Security (*) (*) (*) Roaming (*) Windows Server Work Folders (*) Wi-Fi settings Manage and distribute certificates Provision networks Setup certificate based authentication Root Certificates SCEP Certificates Support for major SSL VPN vendors Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Windows RT Support* Support for VPN standards like PPTP, L2TP, IKEv2 Automatic VPN connection DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1 Sync files and data across devices Full Support for CM and Intune New feature in Windows 8.1 client and Windows Server 2012 R2 New settings to help provision the work folder discovery settings Self-service portals have links to work folders Selective wipe removes corporate applications, data, certificates/profiles, and policies as supported by each platform Lost or Stolen LostRetired or Stolen Enrollment Full wipe if supported by each platform Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Personal Apps and Data Can be executed by IT or by user via Company Portal Company Apps and Data Sensitive data or applications can be kept off device Company Apps and Data and accessed via Remote Desktop Services Remote App Centralized Data Remote App Policies Policies Retired Personal Apps and Data Runs across x86 and Windows RT Easier and faster deployment Sandboxed! Corporate Applications New object Same deployment process Firewall Windows 8 Windows RT Windows Store Deployed to user or device collections Apps can contain multiple deployment types User picks apps they want Company Portal picks best deployment method Windows Azure Distribution Point DP Corporate Network Policy Content MP Microsoft Update Firewall Reasons Why Obsolete Reasons Central Administration Site Primary Sites Secondary Sites Distribution Points • Scale • Support multiple primary sites • Client assignment (up to 100k) • Reduce impact of a primary site failing • Political reasons • Content fan-out • Manage upward flow of WAN traffic • Content routing • Distribute Content • Future proofing your hierarchy (SP1) • • • • • Delegated administration Different client agent settings Language packs DMZ/Internet Facing Untrusted forests (new in R2) • Throttling (now in Distribution Points) • Branch Distribution Points Works across large networks Variety of uses and applications Saves the earth! Admin is notified that an extension is available when console is launched • • • Admin goes to Extensions for Intune in console, and enables the extension Extension is activated in ConfigMgr (Extension is downloaded to CAS and then installed on database) Admin restarts console, and console is updated with the extension Admin uses feature delivered by the extension Admin may wish to disable the extension Looking back… October 2013 • Depth of settings • Native Company Portal for iOS and Android • App management • Certificates, VPN/WiFi profiles January 2014 • Standalone MDM • Email Profiles/Wipe • iOS 7 Data Protection Settings • Remote Lock/PIN Reset May 2014 • Windows Phone 8.1 Support • Samsung KNOX Standard Support • Remote to My PC for iOS and Android Q4 Roadmap Managed Corporate-owned Devices • • Enable IT to bulk enroll devices Device management focused on task-worker scenarios Conditional Access Policy • • Provide access to email and documents only if device is managed Exchange and OneDrive for Business Managed Mobile Productivity and Data Protection • • • • Managed Office Mobile Apps App Wrapper for existing iOS, Android apps Protected web browser Managed PDF, audio, video viewers Bulk Enrollment Configuration Policies • Support for Apple Device Enrollment Program and Apple Configurator • Service account enrollment • • • • Device lockdown through supervisor mode Policies and apps targeted to devices Application install allow/deny list URL allow/deny LoB for Business MOWA Browser Native E-mail LoB Conditional Access Policy • • • • Access email and documents only if device is managed Deny access if device falls out of compliance Deploy certificates and Wi-Fi, VPN profiles Configure email profiles across devices Mobile App & Data Protection • • • • • • • Contain corporate data to corporate apps and services Push, publish and uninstall apps centrally Provision iOS managed apps and accounts App wrapper for protected internal LoB apps Provide access to internal resources via per-app VPN Protected web browser, PDF, audio, video Selective wipe for managed apps and documents √ Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify your environment Protect your data On-premises and cloud-based management of devices within a single console. Protect corporate information by selectively wiping apps and data from retired/lost devices Simplified, user-centric application management across devices A common identity for accessing resources on-premises and in the cloud Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Identify which mobile devices have been compromised Enterprise Mobility Suite EMS will enable customers with: Hybrid Identity Management • Group management & Self Service Password Reset • Security audit reports & MultiFactor Authentication • Connection between AD / Azure AD Mobile Device Management • Mobile device settings management • Mobile app management • Selective wipe Data Protection • Information protection • Connection to on-premises assets Enterprise Agreement Prices starting at $4 per user per month* * Limited time EA Level A promo pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCAL/ECAL/BridgeCAL) Code Title Time PCIT-B215 What's New in Microsoft System Center 2012 R2 Configuration Manager Infrastructure Mon, May 12 3:00 PM PCIT-B410 Microsoft System Center 2012 Configuration Manager: MVP Experts Panel Mon, May 12 4:45 PM PCIT-B216 Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune Tue, May 13 8:30 AM PCIT-B317 Enrollment and Management of Mobile Devices with Microsoft System Center Configuration Manager and Windows Intune Tue, May 13 1:30 PM PCIT-B320 Microsoft System Center Configuration Manager Community Jewels Tue, May 13 5:00 PM PCIT-B323 Application Management with Microsoft System Center Configuration Manager and Windows Intune Wed, May 14 8:30 AM PCIT-B325 Protecting Your Corporate Data with Microsoft System Center Configuration Manager and Windows Intune Wed, May 14 10:15 AM PCIT-B340 What’s New with OS Deployment in Configuration Manager and the Microsoft Deployment Toolkit Wed May 14 5:00 PM PCIT-B336 Managing Mac OS X Clients and Linux Servers Using Microsoft System Center Configuration Manager Thu May 15 8:30 AM PCIT-B339 How Microsoft IT Manages Their Microsoft System Center Configuration Manager Application Lifecycle with Zero Touch Thu, May 15 10:15 AM PCIT-B333 How Microsoft IT Solves BYOD Using Microsoft System Center 2012 R2 Configuration Manager and Windows Intune Thu, May 15 1:00 PM Session Title Timeslot FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Monday, May 12 11:00 AM - 12:00 PM PCIT-B212 Design Considerations for BYOD Tuesday, May 13 10:15 AM - 11:30 AM PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B310 Empowering Your Users and Protecting Your Corporate Data Monday, May 12 1:15 PM - 2:30 PM PCIT-B313 Hybrid Identity: Extending Active Directory to the Cloud Monday, May 12 4:45 PM - 6:00 PM PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2 Tuesday, May 13 8:30 AM - 9:45 AM PCIT-B321 Deploying the New RMS for Cloud-Friendly and Cloud-Reluctant Customers Tuesday, May 13 5:00 PM - 6:15 PM PCIT-B322 Deploying and Managing Work Folders Wednesday, May 14 10:15 AM - 11:30 AM PCIT-B324 How to Rapidly Design and Deploy an Active Directory Federation Services Farm: The Do's and the Don'ts Wednesday, May 14 8:30 AM - 9:45 AM PCIT-B326 Providing SaaS Single Sign-on with Microsoft Azure Active Directory Thursday, May 15 10:15 AM - 11:30 AM PCIT-B327 Introducing Web Application Proxy in Windows Server 2012 R2: Enable Work from Anywhere Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B328 Microsoft Identity Manager vNext Overview Wednesday, May 14 5:00 PM - 6:15 PM PCIT-B330 Active Directory + BYOD = Peace of Mind Thursday, May 15 8:30 AM - 9:45 AM Code Title Time PCIT-IL200 Introduction to Microsoft System Center 2012 R2 Configuration Manager Mon, May 12 3:00 PM Wed, May 14 5:00 PM PCIT-IL201 Upgrading from Configuration Manager 2012 SP1 to Microsoft System Center 2012 R2 Configuration Manager Thu, May 15 10:15 AM PCIT-IL300 Deploying Windows 8.1 to Bare Metal Clients Wed, May 14 1:30 PM Thu, May 15 1:00 PM PCIT-IL305 Basic Software Distribution with Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 5:00 PM Wed, May 14 3:15 PM PCIT-IL306 Implementing Endpoint Protection in Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 10:15 AM Thu, May 15 8:30 AM PCIT-IL307 Managing Microsoft Software Updates in Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 1:30 PM Wed, May 14 8:30 AM PCIT-IL308 Migrating from Configuration Manager 2007 to Microsoft System Center 2012 R2 Configuration Manager Wed, May 14 10:15 AM Code Title PCIT-H302 Deploying a Microsoft System Center 2012 R2 Configuration Manager Hierarchy PCIT-H303 Deploying Microsoft System Center 2012 R2 Configuration Manager PCIT-H304 Deploying Windows 8.1 to Bare Metal Clients PCIT-H309 Implementing App-V 5.0 in Microsoft System Center 2012 R2 Configuration Manager PCIT-H310 Implementing Endpoint Protection in Microsoft System Center 2012 R2 Configuration Manager PCIT-H311 Implementing Linux Clients in Microsoft System Center 2012 R2 Configuration Manager PCIT-H312 Implementing Role-Based Administration in Microsoft System Center 2012 R2 Configuration Manager PCIT-H314 Managing Clients with Microsoft System Center 2012 R2 Configuration Manager PCIT-H315 Managing Content in Microsoft System Center 2012 R2 Configuration Manager PCIT-H316 Managing Software Updates in Microsoft System Center 2012 R2 Configuration Manager http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn