Windows 8.1 Device Management With Windows Intune Mark O’SheaMVP Windows Expert – IT Pro30 June 2014

The explosion of devices is eroding the standards-based approach to corporate IT.

Devices

Deploying and managing applications across platforms is difficult.

Apps

Today’s challenges

2

DataUsers need to be productive while maintaining compliance and reducing risk.

Users expect to be able to work in any location and have access to all their work resources.

Users

Devices

AppsUsers

Empowering People-centric IT

3

Enable usersAllow users to work on the devices of their choice and provide consistent access to corporate resources.

Protect your dataHelp protect corporate information and manage risk.Management. Access.

Protection.

Data

Unify your environmentDeliver a unified application and device management on-premises and in the cloud.

Selecting the Management Platform

Unified Device Management – System Center 2012 R2 Configuration Manager

with Windows Intune

Build on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsExtensible administration tools (RBA, Windows PowerShell, SQL Reporting Services)

Cloud-based Management - Standalone Windows Intune

No existing Configuration Manager deploymentSimplified policy controlSimple web-based administration console

Windows Intune – Standalone service

IT

Windows PCs(x86/64, Intel SoC)

Windows RT, Windows Phone 8.x

iOS, Android

Web-based AdminConsole

Manage and Secure PCs and Devices Anywhere

Help protect PCs from malware Manage updates

Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies

Distribute software

Richer Mobile Device Management

Simple web-based Administration Console and a richer experience for Information Workers

Windows Intune Web Console

Windows 8.1 with Windows Intune client software installedDemonstrations

7

Non-intrusive Management

Management tasks can work with the Windows 8.x maintenance windowNo distractions from management tasks (reboots)Does not use up computer resources when the user is activeReduced background activity to preserve battery life

Management tasks do not interrupt if the end user immersed in a modern applicationWindows Intune suppresses interruptions reboots for updates that were installed without a deadlineWindows Intune provides sufficient lead time to the user before an automatic rebootWindows Intune leverages the Windows 8 toast and respects user’s settings for notifications

Mobile Device Management with Windows Intune

EAS based management Integration with Exchange ServerEither on-premises or Office365 hosted

Corporate data protection

Over-the-air enrollment of devices for management

Mobile application management

Settings Management

Mobile device inventory

Direct management (Windows RT, Windows Phone 8.x, iOS,

Android)

Information Worker Self-service Experience

Connect every user ‘s device to the serviceEach platform is supported with an end user experience

Enable them to discover applicationsAccess applications or web links recommended by the IT proInstall Line Of Business (LOB) applications supplied by the IT pro

Let users manage their own devices and dataEnd users can enroll, rename and un-enroll devicesEnd users can wipe data or email

Provide a premium end user experience Minimal interruptions from management tasksEnd user privacy is respected

Windows 8.1 with Windows Intune Mobile Device Management EnabledDemonstration

11

End User ExperienceConsistent self service experience for end user across mobile platforms

Available in the Windows

Store

Windows Phone iOS

Side-loaded during

enrollment

Available in the Apple App store

Windows Android

Available in the Google Play

Store

End User Capabilities for each PlatformWindows 8 &Windows 8.1

Windows RT & Windows 8.1

RT

Windows Phone 8

iOS Android(4.x)

Enroll (local device) Yes Yes Yes Yes YesRename devices Yes Yes Yes Yes YesRetire (un-enroll local device) Yes Yes Yes Yes YesRemotely wipe other devices Yes Yes Yes Yes Yes Install enterprise LOB applications Yes Yes Yes Yes Yes

Install publicly available applications Yes Yes Yes Yes Yes

Access web applications Shortcut Shortcut Launch Web clip Shortcut

Contact IT Yes Yes Yes Yes Yes

Mobile Device Inventory

Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync.

No software inventory for mobile devices to respect the Information Worker’s privacy on their own device.

IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues.

Settings Management

Security policy on devices by Direct management and Exchange ActiveSync.

New expanded policy set.

Reporting available on each setting whether it is applicable, conformant or has an error.

The same security policy template is used for both Direct Management and EAS to help Admins

Older Android and Windows Phone 7 devices can be managed through EAS

Mobile Device Settings in Windows IntuneCategory Win 8.1 PC & RT WP8.1 iOS AndroidPassword Encryption Malware System Settings Cloud Windows Server Work Folders

Browser Applications & Gaming Device restrictions Store access Roaming

* Subset of settings Note: Table applicable to direct MDM and not EAS

Note: specific capabilities depend on platform

Software Distribution Summary

Platform Desktop Apps(.msi, .exe)*

Modern App TypesSide loading Deep

LinksWeb apps.appx .xap .ipa .apk

Windows 8 Pro/Ent √ √ √ √Windows RT √ √ √iOS   √ √ √Android √ √ √WP8   √ √ √Windows 7 and below √       √

* = With full Windows Intune management client

Personal Apps and

Data

Lost or Stolen

Company Apps and Data

Remote App

Protect your dataHelp protect corporate information and manage risk

Centralized Data

Enrollment

Retired

Company Apps and Data

Remote App

PoliciesPolicies

Lost or Stolen

Company Apps and Data

Remote App

Policies

Personal Apps and

Data

Retired

Personal Apps and

Data

IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.

Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.

• Selective wipe removes corporate applications, data, and policies based as supported by each platform

• Full wipe if supported by each platform• Can be executed by IT or by user via

Company Portal• Sensitive data or applications can be kept

off device and accessed via Remote Desktop Services

Windows 8.1 with MDM, Workplace Join and Work FoldersDemonstration

19

Mobile device wipe and retireCategory Windows 8.1 (x86/RT

OMA-DM managed)Windows 8 RT Windows Phone

8.1iOS Android (EAS)

Full Wipe Retire (Selective wipe)

Email (Email through EAS) (Email through EAS)

Company apps and associated data installed

by Windows Intun

e.

Apps originally installed through the company

portal are uninstalled and sideloading keys are removed. Apps using

Windows Selective Wipe will have the encryption

key revoked and data will no longer be accessible.

Sideloading keys are removed but apps remain installed.

Apps originally installed through the company portal are

uninstalled. Company app data is

removed.

Apps are uninstalled. Company app data is

removed.Apps and data

remain installed.

Settings Requirements removed Requirements removed

Requirements removed

Requirements removed

Requirements removed

Management Client

Not applicable. Management agent is

built-in

Not applicable. Management agent

is built-in

Not applicable. Management agent

is built-inManagement profile

is removedDevice Administrator privilege is revoked.

Windows Intune – Recent Releases January 2014

Android direct management support New Mobile Device Policy Settings Featured Apps in Company Portal Web application deployment Mobile Device Inventory Report Remote Lock and Passcode Reset for Mobile Devices

April 2014 Windows Phone 8.1 management

21

Windows Intunehttp://www.microsoft.com/en-us/windows/windowsintune/try-and-buy

My bloghttp://intunedin.net

For More Information