W M U G NL€¦ · Spoke on several events like TechDays Netherlands, ExpertsLive, User Group...
Transcript of W M U G NL€¦ · Spoke on several events like TechDays Netherlands, ExpertsLive, User Group...
W M U G NL
WMUG Meeting #2 - DeploymentAPPLICATION DEPLOYMENT ACROSS SEVERAL DEVICES WITH SYSTEM CENTER 2012 CONFIGURATION MANAGER
Our Sponsors
Agenda
Introduction
Microsoft’s Cross Plaform Architecture
Enrollment
Deployment Types for Mobile Applications
Settings Management
Introduction
Who we are
Kenneth van Surksum
Consultant at itgration
Microsoft MVP for 3 yrs, vExpert for 2 yrs
Author:◦ Contributor System Center 2012 Configuration Manager Unleashed◦ Contributor System Center 2012 R2 Configuration Manager Unleashed◦ Contributor System Center 2012 R2 Service Manager Unleashed◦ Co-Author Mastering Windows 7 Deployment
Communities:◦ Co-founder WMUG NL (http://wmug.nl)◦ Founder and Blogger www.vansurksum.com◦ Chief Editor at virtualization.info en cloudcomputing.info
Speaker:◦ Microsoft Techdays◦ Microsoft Management Summit
Follow me: @kennethvs / www.vansurksum.com
Who we are
Peter Daalmans
Senior Technical Consultant at IT-Concern
3 year Microsoft MVP: Enterprise Client Management (ConfigMgr and Windows Intune)
Author:◦ Mastering System Center 2012 Configuration Manager◦ Mastering System Center 2012 R2 Configuration Manager
Communities:◦ Co-founder WMUG NL (http://wmug.nl)◦ Founder and Blogger ConfigMgrBlog.com
Speaker:◦ Spoke on several events like TechDays Netherlands, ExpertsLive,
User Group meetings, TechEd New Zealand and TechEd Australia.
Follow me: @pdaalmans / ConfigMgrBlog.com / [email protected]
Cross platform support
Microsoft’s cross-platform management
Microsoft’s cross-platform Architecture
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8
iOS, Android
Microsoft Exchange Server 2010 SP3Microsoft Exchange Server 2013
orOffice 365
Windows Intune & ConfigMgr 2012 R2
Infrastructural requirements:Windows Intune subscription
Windows Azure Active Directory Sync tool (DirSync)
Windows Intune Connector site role
Single Sign On
Two options: Via Windows Azure Active Directory Sync tool (DirSync)Passwords need to be synced to Azure Active Directory
Authentication is done on Azure Active Directory
DirSync and Active Directory Federation ServicesNo passwords are saved in the cloud
Authentication happens on your Active Directory
Not supported but you can configure DirSync what to synchronize.
How does ADFS work?
AFDS Proxy ADFS / DC
Windows Azure Active Directory Sync toolwithout password sync
1. User goes to Windows Intuneportal.manage.microsoft.com
2. User is redirected to ADFS Proxy
3. User provides AD credentials
4. Credentials areverified
5. User receives security token
6. User presents security token and gets access (or not)
DMZ
Active Directory1. User goes to Windows Intune
portal.manage.microsoft.com
2. User is redirected to ADFS Proxy
3. User provides AD credentials
4. Credentials areverified
5. User receives security token
Setting up Windows Intune
1. Go to http://www.windowsintune.com and sign up for a trial
2. Setup Domain Name in Windows Intune
3. Setup UPN in your Active Directory (if different from domain name in Windows Intune)
4. Setup DirSync
5. Setup ADFS / ADFS Proxy
6. Activate Users in Windows Intune Portal (https://account.manage.microsoft.com/)
7. Install and configure Windows Intune Connector in Configuration Manager 2012 R2
DemoWINDOWS INTUNE AND CONFIGMGR TOGETHER
How does ConfigMgr keep up with Windows Intune and the market?
Updates of Windows Intune are done quarterly
Via the Extensions for Windows Intune Microsoft is able to add Windows Intune features to Configuration Manager 2012 R2
Recently added: Email Profiles Extension (Configure and wipe Exchange ActiveSync accounts on
managed iOS and Windows Phone 8 devices.)
iOS 7 Security Settings (Adds functionality for iOS 7 security settings such as “Open In” and lock screen settings.)
DemoEXTENSIONS FOR WINDOWS INTUNE
Mobile Device Enrollment
Enrollment is done by the users themselves
Enrollment can be done from the Company Portal for◦ Android
◦ iPhone / iPad
Enrollement via build in OMA-DM agent ◦ Windows RT
◦ Windows Phone
DemoENROLLMENT ANDROID & IPAD
End User Experience
Native Windows app package (.appx)
Available in the Windows Store
Windows Phone 8 Company Portal
iOS/Android Company Portal
Native Windows Phone 8 app (.xap)
Needs to be sideloaded
Web based portal Hosted in Windows Intune
Windows RTCompany Portal
Deployment Types for Mobile Applications
Platforms Windows App Windows Phone Apple iOS
Android
Application install (sideloading)
*.appx *.xap *.ipa *.apk
Deep links from store
Windows Store Windows Phone Store
Apple App Store Google Play
Deeplinking Applications
DeeplinkingProviding direct links to the application in the Application StoreWindows Store
Windows Phone Store
Apple Store
Google Play
DemoDEEPLINKING MOBILE APPLICATIONS
Sideloading
SideloadingIn house/company custom developed applicationsRequires development tools/licenseMicrosoft: Visual Studio
Apple: Xcode
Google: Android Developer Tools plugin for Eclipse
Testing Sideloaded Applications
Testing ApplicationsGoogle: Just enable installation on a per device basis
Apple: UUID of device must be registred to developer (100 max/year) - http://developer.apple.com/programs/ios/enterprise
Microsoft: Domain Joined Machines via GPO and a Certificate
Microsoft Phone: Emulator for Windows Phone 8/Windows Intune Trial Management for Windows Phone 8
Installing Sideloaded Applications
Microsoft: Domain Joined (GPO/Certificate) or non domain joined or specific editions (Pro) then sideloading key (per 100)
Microsoft (Phone): Code signing using Verisign Certificate(http://www.symantec.com/verisign/code-signing/windows-phone)
Google: Just install
Apple: Encrypted file must be authorized (uses Apple FairplayDRM)
DemoSIDELOADING MOBILE APPLICATIONS
Web Applications
Deploy a link to a website, just like an application
Settings Management
Settings Management
Retire/Wipe devices