The document summarizes topics related to modern device management through the cloud, including Windows 8, governance versus management, Windows Intune, and System Center 2012. It discusses how Windows Intune and System Center 2012 can be used to manage devices from the cloud through a single admin console while empowering users and maintaining security. It also provides overviews and demonstrations of Windows RT management, settings management across platforms, federation, and device retirement processes.
5. Agenda
• Welkom
• Windows 8
• Governance vs. Management
• Windows Intune
• System Center 2012
• Demo’s
• Q&A
6.
7. Windows 8
Windows All the apps Get more at the
reimagined you want Cloud-connected Windows Store
Reimagined
browsing At home Great experience Built on
with IE10 and at work across hardware a solid foundation
10. Challenges to Enabling Consumerization
I want to use the How can IT support
device I prefer and manage all
Change the Approach to
those devices?
Client Management
• Put the end user in control of their
experience
I want to connect to • Provide the IT Pro withprovide to
How can IT the means
people and be safeguard apps and apps and
access to data
productive data while maintaining
anywhere, anytime security?
11. Users + IT
• Device Choice • Manage all devices through single interface
• Application Self-service • Deliver applications to the user, not the device
• Personalized Application Experience • Integrated security and compliance
• Non-intrusive management • Reduced infrastructure complexity
Single admin
console
Access to corp resources
across devices & platforms
Users IT
14. Microsoft’s recommended solution for Managed Deployment is
Windows Intune
• IT manages collection of apps,
manages certificates and
enrollment and unenrollment of
phones
• Enrollment
• View apps via
• Cloud services Self Service
Portal
Learn more about 3rd-party options at:
http://dev.windowsphone.com/en-us/featured/partners
16. Management features for each platform
Management Feature
Over-the-air Y Y Y
Enrollment
Inventory Y Y Y Y
Settings Management Y Y Y Y
Software Distribution Y Y Y Y
Remote Wipe Y Y Y
Retire Y Y Y Y
18. System Center 2012 2012
Laptops,
Client Management Comprehensive Management Consumerization
Groups Model Servers,
Infancy (NT Domain) Management from the Cloud of IT
Enterprise Scale
19. System Center 2012
Simplify
Empower Users Unify Infrastructure Administration
Empower people to be Reduce costs by unifying Improve IT effectiveness
more productive from IT management and efficiency.
almost anywhere on infrastructure.
almost any device.
24. Windows RT
A new member of the
Windows family
Commonality and High-quality and Long battery life /
shared code with predictable thin, light, and
Windows 8 experience sleek
25.
26. Windows RT for business
Devices &
Devices & experiences Enterprise-Grade
Enabled for
users love
Experiences Users Solutions use
business
Want
29. Two Options Available to Deploy Apps
Use Windows Intune to manage the policies, app inventory, auto get app token,
Managed manage apps, enroll and un-enroll employees. Employees discover and install
apps through the Self-service Portal
Windows Intune OR
Or 3rd party
Use 3rd-party management and deployment tools
Unmanaged Use email to communicate with employees
Employees view app inventory either in repositories (e.g. SharePoint) or through
Custom an app that company can build using the Enterprise SDK API (the “Company
deployment Hub”)
32. Windows Store apps
Installation Provisioning
Install via an “Enterprise App Store” using: Provision using the Microsoft Deployment
– System Center 2012 Configuration Manager Toolkit 2012 or DISM
SP1 – Include in sysprepped image
– Windows Intune – Customize Start screen layout
Enterprise side loading requirements
• Windows 8 Enterprise, domain joined or with a separate side load product key
• Windows 8 Pro or Windows RT, with a separate side load product key
33. Using ConfigMgr
Things to Remember
• Windows Store apps install per user
– Cannot be installed via a task sequence
– No native support for provisioning apps, but this can be done using
standard software distribution and custom command lines
– Use the App Catalog web site to enable self-service installation of Windows
Store apps
– “Deep links” can be used, but the user must still log in with a Microsoft
Account and click “Install”
• Requires ConfigMgr 2012 SP1
38. Settings management
• Settings can be be applied to devices managed in Windows Intune
and devices managed through the Exchange Server Connector
• Single security policy template is used to managed settings on all
managed mobile devices. System figures out applicability to each
platform
• In ConfigMgr Exchange managed device settings are configured
separately
• Reporting available on each setting (applicable, conformant or
error)
• If a device is receiving policy from more than 1 entity, the policy that
applies the most secure value for a setting is applied.
39. Settings for each mobile platform
Setting name EAS (Activesync) WinRT/ WinPh8 iOS
Require a password to unlock mobile devices √ √ √
Required password type √ √ √
Minimum password length √ √ √
Allow simple passwords √ √ √
Password
Number of repeated sign-in failures before device is wiped √ √ √
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days) √ √ √
Remember password history √ √ √
Allow convenience logon (WindowsRT only) X √ X
Allow camera √ X √
Allow web browser √ X √
Restrictions Allow backup to iCloud (iOS only) X X √
Allow documents sync to iCloud (iOS only) X X √
Allow photostream sync to icloud (iOS only) X X √
Maximum size of e-mail attachments √ X X
E-mail synchronization for last (days) √ X X
Email
Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X
Require encryption on mobile device √ X X
Encryption
Require encryption on storage cards √ X X
43. Retire details
Windows RT Windows Phone 8 iOS Android (EAS
managed)
Device record Yes Yes Yes Yes
removed from Intune
DB and UI
Device record No (see note) No No Yes
removed from
Exchange (no email)
Removal of Side- Yes Yes (Application -- --
loaded keys Enrollment Token is
removed)
Installed LOB apps Side loaded apps Side loaded apps are Installed apps will still Installed apps will still
won’t run uninstalled run run
Installing new LOB Apps cannot be No since SSP is Apps cannot be Apps can still be
apps installed uninstalled installed installed