67% of the people who use a

smartphone for work and

70% of people who use a

tablet for work are

choosing the devices

themselves

905M tablets in use for work and

home globally by 2017

Before

Now

32%

of employees use two or three PCs for

work from multiple locations

Forrester Research The state of workforce technology adoption: global benchmark 2012, Forrester Research, Inc., April 12, 2012

90%

of enterprises will have to support two or

more mobile operating systems in 2017

Gartner Gartner press release, Gartner says two-thirds of enterprises will adopt a mobile device management solution for corporate liable users through 2017, October 25, 2012, http://www.Gartner.Com/newsroom/id/2213115

Today

50%

of mobile subscribers own

a smartphone of some

kind, and those smart-

phone owners average 41

apps per device

Nielsen Appnation, 2012

32%

of your employees—power

laptop users—access 21

different applications, while

desktop users—36% of your

employees—use 9.8

applications at work

Forrester Research The state of workforce technology adoption: global benchmark 2012, Forrester Research, Inc., April 12, 2012

The logos above may be the property of their respective owners.

PC management

The growth of devices and enterprise applications

will continue to impact the IT service desk so

much that by 2016, 25% of contacts to the IT

service desk will be related to mobile devices, up

from fewer than 10% today.

Gartner The impact of mobility on the it service desk, Terrence Cosgrove, July 17 2013 The logos above may be the property of their respective owners.

To work across multiple devices

With access to the apps and data they need

While enjoying a consistent experience

All through a single, verified identity

Windows Intune

Microsoft System Center

2012 R2 Configuration

Manager

Windows Server

Windows Azure

Sessions Personal VMs Pooled VMs

Ease of management

App compatibility

Personalization

Cost effectiveness

Good

Better

Best

Use direct-attached storage, network-attached storage, and clustered or SAN storage

Leverage tiered storage to automatically optimize performance

Reduce storage cost by leveraging disk deduplication

End User Experience

Available in the

Windows Store

Windows Phone iOS

Side-loaded

during enrollment

Available in the

Apple App store

Windows Android

Available in the

Google Play Store

IT

Administrators publish software

titles to catalog, complete with

meta data to enable search

• Deliver best user experience

on each device

Users can browse, select and install

directly from Catalog

• Application model determines

format and policies for delivery

User

18

Delivery Evaluation Criteria

• User

• Device type

• Network connection

User/Device Relationships

Primary Devices

• MSI

• App-V

• Windows 8 Apps

• Windows 8 Apps in the Windows Store

Non-primary Devices

• VDI

• Remote Desktop

Detection Method

Install Command

Requirement Rules

Dependencies

Supersedence

Administrator Properties

End User Metadata

App-V

Windows Script

.XAP, .APK, .IPA

Windows Installer

General Information

Deployment Type

Application “Package”

20

IT can keep corporate assets safe

Through secure access to apps and data

While maintaining control of sensitive or valuable information and data

Windows Intune

Microsoft System Center

2012 R2 Configuration

Manager

Windows Server

Windows Azure

Registering and Enrolling Devices

IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Multi-Factor Authentication integration with Active Directory Federation Services.

Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device

Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications

As part of the registration process, a new device record is created in Active Directory, establishing a link between the user and their device

Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud

Single sign-on with device registration

User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information.

Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information

Domain joined computers are under the full control of IT and can be provided with complete access to corporate information

Browser session single

sign-on

Seamless 2-Factor Auth

for web apps

Enterprise apps single

sign-on

Desktop Single Sign-On

Proxy capabilities

Network Isolation

Hostname/FQDN translation

Selective application publishing

Single Sign On experience

Device and user authorization

Personal Apps and Data

Lost or Stolen

Company Apps and Data

Remote App

Protect your data Help protect corporate information and manage risk

Centralized Data

Enrollment Retired

Company Apps and Data

Remote App

Policies

Policies

Lost or Stolen

Company Apps and Data

Remote App

Policies

Personal Apps and Data

Retired

Personal Apps and

Data

IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.

Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.

• Selective wipe removes corporate applications,

data, and policies based as supported by each

platform

• Full wipe if supported by each platform

• Can be executed by IT or by user via Company

Portal

• Sensitive data or applications can be kept off

device and accessed via Remote Desktop Services

Protect data with Dynamic Access Control

Centrally manage access control and audit polices from Windows Server Active Directory.

Automatically identify and classify data based on content. Classification applies as files are created or modified.

Integration with Active Directory Rights Management Services provides automated encryption of documents.

Central access and audit policies can be applied across multiple file servers, with near real-time classification and processing of new and modified documents.

File classification, access policies and automated Rights Management works against client distributed data through Work Folders.

29

Co

nsu

mer

/

pers

on

al d

ata

Ind

ivid

ual

wo

rk d

ata

Team

/ g

rou

p

wo

rk d

ata

Pers

on

al

devic

es

Data location

OneDrive Public cloud

OneDrive Pro SharePoint / Office 365

Work Folders File server

Build on existing investments and resources

While providing a single view across all devices

To manage the experience at the user level

And simplify IT

Windows Intune

Microsoft System Center

2012 R2 Configuration

Manager

Windows Server

Windows Azure

Selecting the Management Platform

Unified Device Management System Center 2012 R2 Configuration

Manager with Windows Intune

Cloud-based Management

Standalone Windows Intune

No existing Configuration Manager deployment

Simplified policy control

Less than 7,000 devices and 4,000 users

Simple web-based administration console

Mac OS X

Windows PCs

(x86/64, Intel SoC),

Windows to Go

Windows Embedded

Windows RT,

Windows Phone 8

iOS, Android

35

Platform Support

OS Platform Management Agent End User Experience

Windows 8.1 PC ConfigMgr Agent

Or

Management Agent(OMA-DM)

Software Center/Application Catalog

Windows Company Portal app

Windows PC

(Win8,Win7,Vista,XP)

ConfigMgr Agent Software Center/Application Catalog

Windows RT Management agent (OMA-DM) Windows Company Portal app

Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app

iOS Apple MDM Protocol Native iOS Company Portal App

Android Android MDM agent (OMA-DM) Native Android Company Portal App

Mac ConfigMgr Agent Limited self service experience

Linux/Unix ConfigMgr Agent N/A

ConfigMgr MP Baseline ConfigMgr Agent

WMI XML

Registry IIS MSI

Script SQL

Software

Updates File

Active

Directory

Baseline Configuration Items

Auto Remediate

OR

Create Alert (to Service Manager) !

Improved functionality Copy settings

Trigger console alerts

Richer reporting

Enhanced versioning and audit tracking Ability to specify versions to be used in baselines

Audit tracking includes who changed what

Pre-built industry standard baseline templates

through IT Governance, Risk & Compliance(GRC) Solution

Accelerator

Assignment to

collections Baseline drift

37

CAS

Primary Site MP Role

Primary Site DP Role

Assigns policy to scan for

update status or to deploy

update

Distributes updates Reports

compliance

Microsoft Update

Primary Site SUP Role/WSUS

Identifies who needs updates

and reports on compliance Downloads updates

Auto Deployment Faster deployment through search.

Schedule content download and deployment to avoid

reboot during work hours.

State-based Updates Allows individual or group deployment.

Updates added to groups auto deploy to targeted

collections .

Optimized for New Content Model Reduce replication and storage.

Expired updates and content deleted.

38

Distribution Point for Windows Azure

Rich feature set

•

•

•

PR1

MP MP

DP

Windows Azure Distribution Point

Microsoft Update

Policy

Content

Firewall

Corporate Network Integrated monitoring In-console content monitoring

Ability to monitor storage and traffic out

usage

Content is fully encrypted

39

Operating System Deployment

PXE initiated deployment allows client

computers to request deployment over the

network

Multi-cast deployment to conserve

network bandwidth

Stand-alone media deployment for no

network connectivity or low bandwidth

Pre-staged media deployment allows you to

deploy an operating system to a computer that

is not fully provisioned

User State Migration Tool (USMT) 4.0 UI

integration makes it easier transfer files and

user settings from one machine to another

CAS

Primary Site

MP Role

Primary Site

DP Role

Image Task Sequence

Report

WDS PXE Server

40

Core Operating System Deployment Scenarios

Scenario Key Functionality

New computer • Fresh install of a new operating system on client or server system

• New or repurposed hardware

PXE boot • Integrate with Windows Deployment Services (WDS) PXE server

• Self-provisioning via F12

Wipe-and-load • Install new version of operating system

• Reinstall applications and user state under new operating system

Side-by-side • Similar to wipe-and-load, except between two different devices

Offline with

removable media

• With low bandwidth or no connectivity

• Large software packages are on the media

Prestaged Media • Optimized for network bandwidth

• Speeds up end to end deployment

41

42

Understand software installation profiles

Plan for hardware upgrades

Identify over or under licensing issues

Track custom apps or groups of titles

Software Metering and License Reports

Asset Intelligence Service

Asset Intelligence Catalog

Real-Time Application

and Hardware Intelligence

ConfigMgr Inventory

43

ios (version 6 or below):

Please input the below URL:

http://aka.ms/MDC234

Other platform:

QR Code: