Moderne device management

door middel van Cloud

Maarten GoetSystem Center MVP

Ronny de JongSystem Center specialist

MVP

MCT

MCSE

Agenda

• Welkom

• Windows 8

• Governance vs. Management

• Windows Intune

• System Center 2012

• Demo’s

• Q&A

Windows 8

Cloud-connected

Built on a solid foundation

Get more at the Windows Store

At home and at work

All the apps you want

Reimagined browsing with IE10

Windows reimagined

Great experience across hardware

Windows 8 Enterprise

Support Mobile Workforce

Governance vs. Management

I want to connect to

people and be

productive

anywhere, anytime

How can IT provide

access to apps and

data while maintaining

security?

How can IT support

and manage all

those devices?

I want to use the

device I prefer

Challenges to Enabling Consumerization

Change the Approach to Client Management• Put the end user in control of their

experience• Provide the IT Pro with the means to

safeguard apps and data

Users + IT

• Device Choice• Application Self-service• Personalized Application Experience• Non-intrusive management

• Manage all devices through single interface• Deliver applications to the user, not the device• Integrated security and compliance• Reduced infrastructure complexity

Users IT

Access to corp resources across devices & platforms

Single adminconsole

User-centric

Windows Intune

Microsoft’s recommended solution for Managed Deployment is

Windows Intune• IT manages collection of apps,

manages certificates and enrollment and unenrollment of phones

• Enrollment• View apps via

Self Service Portal

• Cloud services

Learn more about 3rd-party options at: http://dev.windowsphone.com/en-us/featured/partners

Company portal

Management features for each platform

Management Feature

Over-the-airEnrollment

Y Y Y

Inventory Y Y Y Y

Settings Management Y Y Y Y

Software Distribution Y Y Y Y

Remote Wipe Y Y Y

Retire Y Y Y Y

demoWindows Intune overview

System Center 20122012

Client Management

Infancy (NT Domain)Groups Model

Comprehensive

Management

Laptops,

Servers,

Enterprise Scale

Consumerization

of IT

Management

from the Cloud

System Center 2012

Empower Users

Empower people to be

more productive from

almost anywhere on

almost any device.

Simplify

Administration

Improve IT effectiveness

and efficiency.

Unify Infrastructure

Reduce costs by unifying

IT management

infrastructure.

Architectuur

Modern Device Management

Devices & Platforms

Single adminconsole

Native vs. Integrated

Native Integrated

demoSystem Center 2012

Windows RT

A new member of the Windows family

Long battery life / thin, light, and sleek

Commonality and shared code with Windows 8

High-quality and predictable experience

Windows RT for business

Devices & Experiences Users Want

Enterprise-GradeSolutionsEnabled for business use

Devices & experiences users love

Apps

.ipa

.ipk

.appx

.xap

traditioneel

App Deployment

Two Options Available to Deploy Apps

Managed

Windows IntuneOr 3rd party

Unmanaged

Customdeployment

Use Windows Intune to manage the policies, app inventory, auto get app token, manage apps, enroll and un-enroll employees. Employees discover and install apps through the Self-service Portal

OR

Use 3rd-party management and deployment tools

Use email to communicate with employees

Employees view app inventory either in repositories (e.g. SharePoint) or through an app that company can build using the Enterprise SDK API (the “Company Hub”)

What Are the Steps?

Develop

or Acquire Apps

Windows Store apps

Install via an “Enterprise App Store” using:

– System Center 2012 Configuration Manager SP1

– Windows Intune

Provision using the Microsoft Deployment Toolkit 2012 or DISM

– Include in sysprepped image

– Customize Start screen layout

ProvisioningInstallation

Enterprise side loading requirements

• Windows 8 Enterprise, domain joined or with a separate side load product key

• Windows 8 Pro or Windows RT, with a separate side load product key

• Windows Store apps install per user

– Cannot be installed via a task sequence

– No native support for provisioning apps, but this can be done using

standard software distribution and custom command lines

– Use the App Catalog web site to enable self-service installation of Windows

Store apps

– “Deep links” can be used, but the user must still log in with a Microsoft

Account and click “Install”

• Requires ConfigMgr 2012 SP1

Using ConfigMgrThings to Remember

Enrollment

demoWindows RT management

Cross platform support

Cross platform support

Settings management

• Settings can be be applied to devices managed in Windows Intune

and devices managed through the Exchange Server Connector

• Single security policy template is used to managed settings on all

managed mobile devices. System figures out applicability to each

platform

• In ConfigMgr Exchange managed device settings are configured

separately

• Reporting available on each setting (applicable, conformant or

error)

• If a device is receiving policy from more than 1 entity, the policy that

applies the most secure value for a setting is applied.

Settings for each mobile platformSetting name EAS (Activesync) WinRT/ WinPh8 iOS

Require a password to unlock mobile devices √ √ √

Required password type √ √ √

Minimum password length √ √ √

Allow simple passwords √ √ √

Number of repeated sign-in failures before device is wiped √ √ √

Minutes of inactivity before device screen is locked √ √ √

Password expiration (days) √ √ √

Remember password history √ √ √

Allow convenience logon (WindowsRT only) X √ X

Allow camera √ X √

Allow web browser √ X √

Allow backup to iCloud (iOS only) X X √

Allow documents sync to iCloud (iOS only) X X √

Allow photostream sync to icloud (iOS only) X X √

Maximum size of e-mail attachments √ X X

E-mail synchronization for last (days) √ X X

Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X

Require encryption on mobile device √ X X

Require encryption on storage cards √ X X

Password

Restrictions

Email

Encryption

demoSettings Management

Federation

http://technet.microsoft.com/en-us/library/hh967629.aspx

Retirement

Retire details Windows RT Windows Phone 8 iOS Android (EAS

managed)

Device recordremoved from Intune DB and UI

Yes Yes Yes Yes

Device record removed from Exchange (no email)

No (see note) No No Yes

Removal of Side-loaded keys

Yes Yes (Application Enrollment Token is removed)

-- --

Installed LOB apps Side loaded apps won’t run

Side loaded apps are uninstalled

Installed apps will still run

Installed apps will still run

Installing new LOB apps

Apps cannot be installed

No since SSP is uninstalled

Apps cannot be installed

Apps can still be installed

Bedankt! Vragen?

System Center trainingen!