Managing Windows 8.1, Windows Phone 8.1 and Windows RT 8.1 Using Mobile Device ManagementMichael NiehausSenior Product Marketing Managermniehaus@microsoft.com

WIN-B316

Managing Windows

Governance Full ControlLightweight Control

Windows Phone 8.1

Windows RT 8.1

Windows 8.1

Exchange ActiveSync

OMA-DMMobile Device Management

Active DirectoryGroup Policy

System Center

Allow e-mail access

BYOD-style management

Fully-managed corporate device

Managing WindowsMobile Device Management (MDM) Defined

App managementPolicy enforcement and compliance Security management Content management

OMA-DM agent in OS, managed via a cloud service

Managing WindowsMobile Device Management (MDM) Services

Simple process to register the device and user with the MDM service

Access “PC Settings -> Network -> Workplace” (Windows 8.1) or “Settings -> Workplace” (Windows Phone)Specify the user’s e-mail address (e.g. user@contoso.com) and turn onFind the appropriate MDM service based on the domain name (e.g. enterpriseenrollment.contoso.com for Windows 8.1 or enterpriseregistration.contoso.com for Windows Phone 8.1)Specify user credentials (as required by the service)Accept any terms of use (if offered)

Step 1: Enrollment

Demo

Enrollment

Step 2: Collect Inventory

Automatically collected for all enrolled devices

Sent to the MDM service, stored by the servicing for reporting purposes

Supported InventoryWindows 8.1 Inventory

CPU Information Web links deployed via MDM

Memory Information RemoteApps deployed via MDM

Operating System Firewall enabled

Computer System Windows Update (Auto Update) enabled

Networking Adapters Anti-virus enabled

Physical Disks Anti-virus signature

Logical Disks Encryption enabled

Encrypted Volumes Bluetooth enabled

Display Devices Wi-Fi enabled

Infrared Devices PC Settings synchronization enabled

Battery Credentials synchronization enabled

System Bios Metered network synchronization enabled

Shared Resources (disk, printer, screen) Intranet zone security level

Services Internet zone security level

Date and Time Information Restricted sites zone security level

Modern apps deployed via MDM Trusted sites zone security level

Windows Phone 8.1 Inventory

Device ID

OS platform type

Firmware version

OS version

Device local time

Processor type

Device model

Device manufacturer

Device processor architecture

Device language

Wi-Fi MAC address

Phone number

Roaming status

IMEI & IMSI

Wi-Fi IP address

Wi-Fi DNS suffix and subnet mask

Enterprise apps installed

Demo

Inventory

Step 3: Apply configuration and settings

Targeting controlled by the MDM serviceDevice, user, or other attributes (leveraging inventory) can be used

Automatically applied by the MDM agentCan tighten existing settings (e.g. EAS)

Windows 8.1Supported Policies and SettingsSetting Setting

Enable Windows Error Reporting (Diagnostics Submission) Enable SmartScreen (Force Fraud Warning)

Permit Data Roaming (Mobile) Enable Auto-Fill

Allow Work Folders Allow Internet Scripting (JavaScript)

Configure Work Folders Allow Internet Plugins

Enable User Account Control Enable Popup Blocking

Enable Smart Screen Enable Do Not Track

Minimum Password Length Intranet Security Zone Enabled

Auto-lock Timeout Internet Zone Configuration

Maximum Password History Define Wi-Fi Profiles

Password Expiration Define VPN Profiles

Failed Password Attempts before Wipe Enroll Certificates

Minimum Required Complex Characters Define Application Launch VPN Triggers

Disallow Convenience Login Reset local account password

Enterprise Mode IE enable and configure App whitelisting and blacklisting

URL filtering

Windows Phone 8.1Supported Policies and SettingsSetting Setting

Simple password Disable Location

Alphanumeric password Disable NFC

Minimum password length Disable Microsoft Account

Minimum password complex characters Disable roaming between Windows devices

Password expiration Disable custom email accounts

Password history Disable screen capture

Device wipe threshold Disable copy & paste functionality

Auto-lock Timeout Disable sharing and saving of Office Documents

Inactivity timeout Disable MDM un-enrollment

Device encryption Define Wi-Fi profiles and settings

Disable removable storage card Define VPN Profiles

Disable Camera Certificate management

Disable Bluetooth Storage management

Disable Wi-Fi Assigned Access management

Disable telemetry data submission E-mail account management

App whitelisting and blacklisting S/MIME configuration

Demo

Settings Configuration

Step 4: Deploy apps

Push mandatory apps or allow users to select for themselves

Company portal provided by the MDM service enables self-serviceSideloaded apps (e.g. line of business apps) or links to apps in the Windows StoreMake sure you understand the sideloading requirements, including certificates and settings

Web links (favorites) can also be deployed

Demo

App management

Step 5: Remotely assist

New capabilities in Windows Phone 8.1:Remote lockRemote password (PIN) resetRemote ring

Demo

Remote assistance

Step 6: Un-enroll

Removes enterprise apps and configuration applied via MDMRemoves data

For Windows 8.1 and Windows Phone 8.1, remote business data removal removes e-mail and Work Folder docsFor Windows Phone 8.1, a complete device reset can also be performed

Demo

Un-enrollment

Windows 8.1MDM enrollment protocol documentation, http://msdn.microsoft.com/en-us/library/dn409494.aspx MDM protocol documentation, http://msdn.microsoft.com/en-us/library/dn392112.aspx Sideloading apps, http://technet.microsoft.com/en-us/windows/dn535729 and http://blogs.windows.com/windows/b/springboard/archive/2014/04/03/windows-8-1-sideloading-enhancements.aspx

Windows Phone 8.1Windows Phone 8.1 Mobile Device Management Overview, http://www.microsoft.com/en-us/download/details.aspx?id=42508

TrainingWindows Intune for IT Professionals Jump Start, http://www.microsoftvirtualacademy.com/training-courses/windows-intune-for-it-professionals-jump-start

For More Information

Breakout SessionsWIN-B316 Managing Windows 8.1 and Windows RT 8.1 Using Mobile Device Management WIN-B364 Mobile Device Management Overview for the Next Version of Windows Phone WIN-B217 Deploying and Managing Enterprise Apps on Windows and Windows Phone FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server PCIT-B325 Protecting Your Corporate Data with Microsoft System Center Configuration Manager and Windows Intune

Related content

Find Me Later At. . .mniehaus@microsoft.com or @mniehaus on Twitter

Windows Enterprise windows.com/enterprise windowsphone.com/business  

Windows Track Resources

Windows Springboard microsoft.com/springboardMicrosoft Desktop Optimization Package (MDOP)

microsoft.com/mdop Windows To Go microsoft.com/windows/wtg

Windows Phone Developer developer.windowsphone.com

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.