CLOUD OS WEEK People Centric IT

Unified Device Management with SCCM + Windows Intune

ALL ABOUT YOU!

Raphael Perez, MVP: Enterprise Client Management, MCT

System Center consultant, specialized in SCCM & related technologies (ie. Windows Deployment, automation, patch management, etc)

- Ex-Developer

- SCCM Book Author

- TheDesktopTeam Community leader

http://www.thedesktopteam.com

@dotraphael | http://uk.linkedin.com/in/dotraphael/

raphael@rflsystems.co.uk

AGENDA

The Story so far…

Cloud-only or Unified?

Unified Device Management

Work from Anywhere

Registering and Enrolling Devices

User-centric Application DeliveryAdministration

Protect your DataHelp protect corporate information and manage risk

Demo

Unified Device Management Recap

THE STORY SO FAR…

April 2012

June 2012

September 2012

December 2012

June 2013

• App sideloading for iOS, EAS support

• Selective Wipe

• Granular Device Settings

• Corporate Portal

• Certificate, VPN, Wi-Fi Provisioning

Preview

• Work Folders

• Workplace Join

• Web Application Proxy

Preview

• User-centric application delivery

• MDM via EAS

• Unified management

• MDM for Windows RT, Windows Phone 8, iOS

• Mac OS X support

• RDS and RDP8.0 improvements

• Dynamic Access Control

• DA/RRAS

SP1

THE STORY SO FAR…

2014

• Windows Intune Extensions

• Windows Phone 8.1 Enterprise Features

• Email profile

CLOUD-ONLY OR UNIFIED?

Cloud-based ManagementStandalone Windows Intune

No existing Configuration Manager deploymentSimplified policy controlLess than 7,000 devices and 4,000 usersSimple web-based administration console

Unified Device ManagementSystem Center 2012 R2 Configuration

Manager with Windows IntuneBuild on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsScale to 100,000 devicesExtensible administration tools (RBA, PowerShellSQL Reporting Services)

UNIFIED DEVICE MANAGEMENT

Governance Full ControlLightweight Control

Windows Phone 8.1

Windows RT 8.1

Windows 8.1

Exchange ActiveSync

OMA-DMMobile Device Management

Active DirectoryGroup Policy

System Center

Allow e-mail access

BYOD-style management

Fully-managed corporate device

UNIFIED DEVICE MANAGEMENT

IT

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows RT, Windows Phone 8

iOS, Android

Single AdminConsole

WORK FROM ANYWHERE

10

IT can publish access to resources with the Web Application Proxy based on device awareness and the users identity

IT can provide seamless corporate access with DirectAccess and automatic VPN connections.

Users can work from anywhere on their device with access to their corporate resources.

Users can register devices for single sign-on and access to corporate data with Workplace Join

Users can enroll devices for access to the Company Portal for easy access to corporate applications

IT can publish Desktop Virtualization (VDI) for access to centralized resources

Remote Access

Web Application Proxy

RD Gateway

Web Apps

Files

LOB Apps

Session host VDI

REGISTERING AND ENROLLING DEVICES

IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.

Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device

Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications

As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device

Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud

Web Application Proxy

ADFS

USER-CENTRIC APPLICATION DELIVERYADMINISTRATION

Delivery Evaluation Criteria

• User• Device type• Network connection

User/Device Relationships

Primary Devices• MSI• App-V• Windows 8 Apps• Windows 8 Apps in the Windows

StoreNon-primary Devices• VDI• Remote Desktop

PROTECT YOUR DATAHELP PROTECT CORPORATE INFORMATION AND MANAGE RISK

Personal Apps and

Data

Lost or Stolen

Company Apps and Data

Remote App

Centralized Data

Enrollment

Retired

Company Apps and Data

Remote App

Policies

Policies

Lost or Stolen

Company Apps and Data

Remote App

Policies

Personal Apps and

Data

Retired

Personal Apps

and Data

DEMO

UNIFIED DEVICE MANAGEMENT RECAP

Unregistered Registered MDM Enrolled Fully Managed

Publish email to users (EAS) Yes Yes Yes Yes

Publish work folders to users Yes Yes Yes Yes

Conditional access based on user, device, location

Block device only Yes Yes Yes

Audit logging and monitoring Yes Yes Yes

Unified Device Management Yes Yes

Unified Application Management Yes Yes

Selective data wipe Yes Yes

Compliance reporting Yes Yes

Group Policy and login scripts Yes

OS deployment and imaging Yes

Configuration management Yes

Patch management Yes

Anti malware management Yes

Full application management Yes

BitLocker management Yes

Raphael Perez, MVP: Enterprise Client Management, MCT

http://www.thedesktopteam.com

@dotraphael | http://uk.linkedin.com/in/dotraphael/

raphael@rflsystems.co.uk

Cloud OS website http://www.microsoft.com/en-us/server-cloud/cloud-os/default.aspx#fbid=h40PL5JDtJG

Find out more about the MVP community https://mvp.microsoft.com/en-US/default.aspx

PLEASE END THE VIDEO WITH:

- Your contact details

- Link to the Cloud OS website http://www.microsoft.com/en-us/server-cloud/cloud-os/default.aspx#fbid=h40PL5JDtJG

- Link to your User Group

- # for Twitter

- Find out more about the MVP community https://mvp.microsoft.com/en-US/default.aspx