PowerPoint Presentationdownload.microsoft.com/documents/hk/technet/techdays2013/Day 1...Pre-built...

• Device Choice

• Application Self-service

• Personalized Application Experience

• Non-intrusive management

• Manage all devices through single interface

• Deliver applications to the user, not the device

• Integrated security and compliance

• Reduced infrastructure complexity

Access to corp resources

across devices & platforms

Single admin

console

Empower Users

Empower people to be

more productive from

almost anywhere on

almost any device.

Unify Infrastructure

Reduce costs by unifying

IT management

infrastructure.

Simplify

Administration

Improve IT effectiveness

and efficiency.

Empower Users

Empower people to be

more productive from

almost anywhere on

almost any device.

Modern Device Management

User-centric Application Delivery

Unify Infrastructure Simplify

Administration


and efficiency.

Devices & Platforms

Single admin

console

• Windows XP Embedded• Windows Embedded Standard 2009• Windows Embedded Standard 7

Thin Clients

Same as Thin Clients, plus

• POS Ready 2009

• POS Ready 8POS/Kiosk

• Windows Embedded Standard 2009

• Windows Embedded Standard 7Digital Signage

• Windows Thin PCRepurposed PC

Supported Write Filters

• File Based Write Filters (FBFW)

(preferred for scalability)

• Enhanced Write Filters (EWF) RAM

Ability to force persistence of changes for

• Applications

• Packages and programs

• Software updates

• Task sequences

• Endpoint Protection client installation

Eventual persistence of changes for

• Client agent settings

• Settings management remediation

• Power management

Without write filters enabled, embedded devices can be managed like any other Windows client. When write filters are enabled, they require special handling, now provided seamlessly in SP1

• Version 5.3 (Power)



AIX

• Version 11iv2 (PA-RISC/IA64)

• Version 11iv3 (PA-RISC/IA64)HP-UX

• Version 4 (x86/x64)



Red Hat Enterprise Linux

• Version 9 (SPARC)

• Version 10 (SPARC/x86)

• Version 11 (SPARC/x86)

Solaris

• Version 9 (x86)

• Version 10 SP1 (x86/x64)


SUSE Linux Enterprise Server

Supported OS’s across both:

• Configuration Manager

• Operations Manager

Old versions supported as long as vendor provides support

Broader Linux distro support being evaluated

for future releases

Hardware and Software Inventory

Software Deployment

• Using the Package and Program model

• Deploy/patch software, deploy OS patches and run

maintenance scripts that target a collection

Consolidated reports

• Deliver best user experience on each device

• Define application onceDelivery Evaluation Criteria

• User

• Device type

• Network connection

User/Device Relationships

Primary Devices

• MSI

• App-V

• Windows 8 Apps

• Windows 8 Apps in the Windows Store

Non-primary Devices

• VDI

• Remote Desktop

< >

Detection Method

Install Command

Requirement Rules

Dependencies

Supersedence

Administrator Properties

End User Metadata

Application “Package”

App-V

Windows Script

CAB

Windows Installer

General Information

Deployment Type

< >

IT

Administrators publish software titles

to catalog, complete with meta data to

enable search

• Deliver best user experience

on each device

Users can browse, select and install

directly from Catalog

• Application model determines

format and policies for delivery

User

Unify Infrastructure

Reduce costs by unifying

IT management

infrastructure.

Reduced Infrastructure Requirements

Unified Management of Virtual Clients

Endpoint Protection

Software Update Management

Compliance & Settings Management

Distribution Point for Windows Azure

Central Administration Site

• Central primary site administration

• Reporting

Primary Sites

• Client management and settings

• Delegated administration

Secondary Sites

• Content routing

• Distributions points

Central

Administration

Site

Primary Site Primary Site

Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site

Unified Infrastructure

• Simplified server

and client deployment

• Streamlined updates

• Consolidated reporting

Comprehensive Protection Stack

• Behavior monitoring

• Antimalware

• Dynamic Translation

• Windows Firewall Management

ConfigMgr MP Baseline ConfigMgr Agent

WMI XML

Registry IISMSI

Script SQL

Software

UpdatesFile

Active

Directory

Baseline Configuration Items

Auto Remediate

OR

Create Alert (to Service Manager)!

Improved functionality• Copy settings

• Trigger console alerts

• Richer reporting

Enhanced versioning and audit tracking• Ability to specify versions to be used in baselines

• Audit tracking includes who changed what

Pre-built industry standard baseline templates

through IT GRC Solution Accelerator

Assignment to

collectionsBaseline drift

CAS

Primary SiteMP Role

Primary SiteDP Role

Assigns policy to scan for update

status or to deploy updateDistributes updates

Reports

compliance

Microsoft Update

Primary SiteSUP Role/WSUS

Identifies who needs updates

and reports on compliance

Downloads updates

Auto Deployment• Faster deployment through search

• Schedule content download and

deployment to avoid reboot during work

hours

State-based Updates• Allows individual

or group deployment

• Updates added to groups auto deploy to

targeted collections

Optimized for New Content Model• Reduce replication and storage

• Expired updates and content deleted

PR1

MP

MP DP

Windows Azure

Distribution Point

Microsoft

Update

Policy

Content

FIREWALL

Corporate Network

Simplify

Administration


and efficiency.

Modern Management Console

Role-based Administration

Operating System Deployment

Asset Intelligence

Client Health

Functionality ConfigMgr 2007 ConfigMgr 2012

Meg- WW Central System

Administrator

Louis-Software Update

Manager for France

Bob- US & France

Security Admin

• Can see & update “France” desktops

• Cannot modify security settings on “France” desktops

• Cannot see “All Systems” or “U.S.” desktops

• Can see & modify security settings on “France” and “U.S.” desktops

• Cannot update “France” or “U.S.” desktops

• Cannot see “All Systems”

Map the organizational roles of your administrators

to defined security roles

• Security organization role

• Geography

Reduces error, defines span of control for the organization

• PXE initiated deployment allows client

computers to request deployment over the

network

• Multi-cast deployment to conserve

network bandwidth

• Stand-alone media deployment for no network

connectivity or low bandwidth

• Pre-staged media deployment allows you to

deploy an operating system to a computer that

is not fully provisioned

USMT 4.0 UI integration makes it easier transfer

files and user settings from one machine to another

CAS

Primary Site

MP Role

Primary Site

DP Role

Image Task Sequence

Report

WDS PXE Server

Understand software installation profiles

Plan for hardware upgrades

Identify over or under licensing issues

Track custom apps or groups of titles

Software Metering & License Reports

Asset Intelligence Service

Asset Intelligence Catalog

Real-time Application

and Hardware Intelligence

ConfigMgr Inventory

Configuration Manager SP1: Single pane of glass

Service Pack 1

Single pane of glass

New Platforms• Windows RT

• Windows Phone 8

• iOS (5.x, 6.x)

• Android (2.1 and later)*

Two Configurations for MDM:

• ConfigMgr 2012 SP1 +

Windows Intune Subscription

• Windows Intune standalone

Features fully integrated in to ConfigMgr• Over the air device enrollment*

• Available user targeted applications

• User and device settings management*

• Device inventory*

• Remote device retirement*

• Remote device wipe*

*Android features supported through the Exchange Connector only

Management Feature Windows

RT

Windows

Phone 8

iOS Android

Over-the-air Enrollment Y Y Y

Inventory Y Y Y Y

Settings Management Y Y Y Y

Software Distribution Y Y Y Y

Remote Wipe Y Y Y

Retire Y Y Y Y

Windows RT Windows Phone 8 iOS

• Settings can be be applied to devices managed in Windows Intune and devices

managed through the Exchange Server Connector

• Single security policy template is used to managed settings on all managed

mobile devices. System figures out applicability to each platform

• In ConfigMgr Exchange managed device settings are configured separately

• Reporting available on each setting (applicable, conformant or error)

• If a device is receiving policy from more than 1 entity, the policy that applies the

most secure value for a setting is applied.

Setting name EAS (Activesync) WinRT/ WinPh8 iOS

Require a password to unlock mobile devices √ √ √

Required password type √ √ √

Minimum password length √ √ √

Allow simple passwords √ √ √

Number of repeated sign-in failures before device is wiped √ √ √

Minutes of inactivity before device screen is locked √ √ √

Password expiration (days) √ √ √

Remember password history √ √ √

Allow convenience logon (WindowsRT only) X √ X

Allow camera √ X √

Allow web browser √ X √

Allow backup to iCloud (iOS only) X X √

Allow documents sync to iCloud (iOS only) X X √

Allow photostream sync to icloud (iOS only) X X √

Maximum size of e-mail attachments √ X X

E-mail synchronization for last (days) √ X X

Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X

Require encryption on mobile device √ X X

Require encryption on storage cards √ X X

Password

Restrictions

Email

Encryption

All devices and PCs can be retired

• Retiring a device removes the record of the device from the DB

• Retiring a device disables App distribution and settings management

on the device but does not impact personal data

• Users can perform Retire from the device

Wipe effects depend on the platform and management type (EAS or native)

• iOS and WP8: Complete wipe and reset to factory defaults

• Android: EAS mailbox removal only

• Windows RT and Windows 8: Only EAS mailbox removal if managed

through EAS

• Windows 7 and below: No wipe

Windows RT Windows Phone 8 iOS Android (EAS

managed)

Device record

removed from Intune

DB and UI

Yes Yes Yes Yes

Device record

removed from

Exchange (no email)

No (see note) No No Yes

Removal of Side-

loaded keys

Yes Yes (Application

Enrollment Token is

removed)

-- --

Installed LOB apps Side loaded apps

won’t run

Side loaded apps are

uninstalled

Installed apps will still

run

Installed apps will still

run

Installing new LOB

apps

Apps cannot be

installed

No since SSP is

uninstalled

Apps cannot be

installed

Apps can still be

installed

Note: When a device is managed natively and through EAS, retiring a device also removes the device record from Exchange Server .

Scenarios

Available user targeted

applications (side loaded)

Available user targeted store

based application

In console deployment

monitoring for side loaded

application

App monitoring

reports

Workflow for side loaded and Store based applications

Microsoft Surface

Apple iOS

Microsoft Windows Phone

Google Android

On Premise Site Roles

Install App

Windows Intune Service

Central

Administration Site

Windows Intune

Connector Site Role

Install App

IW Service

Intune DP

MDM Gateway

CacheOrg-Id Auth

Cloud ServiceBYOD


Install App


Central

Administration Site

Windows Intune

Connector Site Role

New Application

Install App

Cloud ServiceBYOD


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

Deploy Application

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

Sync PolicyApp

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies

Windows Notification

Service

Apple Notification

Service


Install Appv


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies


Service

Apple Notification

Service


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies


Service

Apple Notification

Service


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

IW Service

Intune DP

MDM Gateway

CacheOrg-Id Auth

Cloud ServiceBYOD


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

New Application


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

Deploy Application

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

PoliciesSync Policy


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies

Install App


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

App

Policies

Install AppInstall App


Install App


Central

Administration Site

Windows Intune

Connector Site RoleInstall App

IW Service

Intune DP

MDM

Gateway

CacheOrg-Id Auth

Cloud ServiceBYOD

Install App

Consumer Stores


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Consumer Stores

New Application


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies

Deploy Application


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies Sync Policy


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies

Login Token

Login Token

Login Token

Login Token


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies

App

Policies

App

Policies

App

Policies

App

Policies

Retrieve App List


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD

Install App

Consumer Stores

App

Policies

App

Policies

App

Policies

App

Policies

App

Policies

Windows Phone

Store

Google Play

Windows Store

App Store


Install App


Central

Administration Site

Windows Intune

Connector Site Role

Install App

Cloud ServiceBYOD Consumer Stores

App

Policies

App

Policies

App

Policies

App

Policies

App

Policies

Windows Phone

Store

Google Play

Windows Store

App Store

Download App

Download App

Windows Phone

Store


Install App


Central

Administration Site

Windows Intune


Cloud ServiceBYOD

Install App

Install App

App

Policies

Google Play

Windows Store

App Store

Consumer Stores

PowerPoint Presentationdownload.microsoft.com/documents/hk/technet/techdays2013/Day 1...Pre-built...

Documents

Transcript of PowerPoint Presentationdownload.microsoft.com/documents/hk/technet/techdays2013/Day 1...Pre-built...