Post on 19-Oct-2014
description
Moderne device management
door middel van Cloud
Maarten GoetSystem Center MVP
Ronny de JongSystem Center specialist
MVP
MCT
MCSE
Agenda
• Welkom
• Windows 8
• Governance vs. Management
• Windows Intune
• System Center 2012
• Demo’s
• Q&A
Windows 8
Cloud-connected
Built on a solid foundation
Get more at the Windows Store
At home and at work
All the apps you want
Reimagined browsing with IE10
Windows reimagined
Great experience across hardware
Windows 8 Enterprise
Support Mobile Workforce
Governance vs. Management
I want to connect to
people and be
productive
anywhere, anytime
How can IT provide
access to apps and
data while maintaining
security?
How can IT support
and manage all
those devices?
I want to use the
device I prefer
Challenges to Enabling Consumerization
Change the Approach to Client Management• Put the end user in control of their
experience• Provide the IT Pro with the means to
safeguard apps and data
Users + IT
• Device Choice• Application Self-service• Personalized Application Experience• Non-intrusive management
• Manage all devices through single interface• Deliver applications to the user, not the device• Integrated security and compliance• Reduced infrastructure complexity
Users IT
Access to corp resources across devices & platforms
Single adminconsole
User-centric
Windows Intune
Microsoft’s recommended solution for Managed Deployment is
Windows Intune• IT manages collection of apps,
manages certificates and enrollment and unenrollment of phones
• Enrollment• View apps via
Self Service Portal
• Cloud services
Learn more about 3rd-party options at: http://dev.windowsphone.com/en-us/featured/partners
Company portal
Management features for each platform
Management Feature
Over-the-airEnrollment
Y Y Y
Inventory Y Y Y Y
Settings Management Y Y Y Y
Software Distribution Y Y Y Y
Remote Wipe Y Y Y
Retire Y Y Y Y
demoWindows Intune overview
System Center 20122012
Client Management
Infancy (NT Domain)Groups Model
Comprehensive
Management
Laptops,
Servers,
Enterprise Scale
Consumerization
of IT
Management
from the Cloud
System Center 2012
Empower Users
Empower people to be
more productive from
almost anywhere on
almost any device.
Simplify
Administration
Improve IT effectiveness
and efficiency.
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Architectuur
Modern Device Management
Devices & Platforms
Single adminconsole
Native vs. Integrated
Native Integrated
demoSystem Center 2012
Windows RT
A new member of the Windows family
Long battery life / thin, light, and sleek
Commonality and shared code with Windows 8
High-quality and predictable experience
Windows RT for business
Devices & Experiences Users Want
Enterprise-GradeSolutionsEnabled for business use
Devices & experiences users love
App Deployment
Two Options Available to Deploy Apps
Managed
Windows IntuneOr 3rd party
Unmanaged
Customdeployment
Use Windows Intune to manage the policies, app inventory, auto get app token, manage apps, enroll and un-enroll employees. Employees discover and install apps through the Self-service Portal
OR
Use 3rd-party management and deployment tools
Use email to communicate with employees
Employees view app inventory either in repositories (e.g. SharePoint) or through an app that company can build using the Enterprise SDK API (the “Company Hub”)
What Are the Steps?
Develop
or Acquire Apps
Windows Store apps
Install via an “Enterprise App Store” using:
– System Center 2012 Configuration Manager SP1
– Windows Intune
Provision using the Microsoft Deployment Toolkit 2012 or DISM
– Include in sysprepped image
– Customize Start screen layout
ProvisioningInstallation
Enterprise side loading requirements
• Windows 8 Enterprise, domain joined or with a separate side load product key
• Windows 8 Pro or Windows RT, with a separate side load product key
• Windows Store apps install per user
– Cannot be installed via a task sequence
– No native support for provisioning apps, but this can be done using
standard software distribution and custom command lines
– Use the App Catalog web site to enable self-service installation of Windows
Store apps
– “Deep links” can be used, but the user must still log in with a Microsoft
Account and click “Install”
• Requires ConfigMgr 2012 SP1
Using ConfigMgrThings to Remember
Enrollment
demoWindows RT management
Cross platform support
Cross platform support
Settings management
• Settings can be be applied to devices managed in Windows Intune
and devices managed through the Exchange Server Connector
• Single security policy template is used to managed settings on all
managed mobile devices. System figures out applicability to each
platform
• In ConfigMgr Exchange managed device settings are configured
separately
• Reporting available on each setting (applicable, conformant or
error)
• If a device is receiving policy from more than 1 entity, the policy that
applies the most secure value for a setting is applied.
Settings for each mobile platformSetting name EAS (Activesync) WinRT/ WinPh8 iOS
Require a password to unlock mobile devices √ √ √
Required password type √ √ √
Minimum password length √ √ √
Allow simple passwords √ √ √
Number of repeated sign-in failures before device is wiped √ √ √
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days) √ √ √
Remember password history √ √ √
Allow convenience logon (WindowsRT only) X √ X
Allow camera √ X √
Allow web browser √ X √
Allow backup to iCloud (iOS only) X X √
Allow documents sync to iCloud (iOS only) X X √
Allow photostream sync to icloud (iOS only) X X √
Maximum size of e-mail attachments √ X X
E-mail synchronization for last (days) √ X X
Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X
Require encryption on mobile device √ X X
Require encryption on storage cards √ X X
Password
Restrictions
Encryption
demoSettings Management
Federation
http://technet.microsoft.com/en-us/library/hh967629.aspx
Retirement
Retire details Windows RT Windows Phone 8 iOS Android (EAS
managed)
Device recordremoved from Intune DB and UI
Yes Yes Yes Yes
Device record removed from Exchange (no email)
No (see note) No No Yes
Removal of Side-loaded keys
Yes Yes (Application Enrollment Token is removed)
-- --
Installed LOB apps Side loaded apps won’t run
Side loaded apps are uninstalled
Installed apps will still run
Installed apps will still run
Installing new LOB apps
Apps cannot be installed
No since SSP is uninstalled
Apps cannot be installed
Apps can still be installed
Bedankt! Vragen?
System Center trainingen!