ecmday2015 - peter daalmans – master your mac os x operating system with configuration manager...

Master your Apple investmentswith ConfigMgr 2012 R2 and Intune

Peter Daalmans @pdaalmans / [email protected]

#ECMDay2015

MASTER YOUR APPLE INVESTMENTS

Who am I?

• Peter Daalmans– Senior Technical Consultant at IT-Concern BV

– @pdaalmans.com / [email protected]

– Microsoft MVP: Enterprise Client Management (ConfigMgr and Microsoft Intune)

• Communities– Founder WMUG NL (http://wmug.nl)

– Founder and Blogger ConfigMgrBlog.com

• Author– Mastering System Center 2012 Configuration Manager

– Mastering System Center 2012 R2 Configuration Manager

#ECMDay2015


Agenda

• Native manageability options

– Setting up support and enroll Mac OS X clients

– Deploy Settings

– Hardware Inventory

– Deploy Applications

• Extend ConfigMgr 2012 R2 with Parallels

• iOS Devices via Microsoft Intune (Connector)

#ECMDay2015


MAC OS X SUPPORT

Native Manageability options

#ECMDay2015



• Support for Mac OS X

– 10.6, 10.7, 10.8, 10.9 and 10.10

• Hardware Inventory

• Application Deployment

• Settings Management

#ECMDay2015


Enrollment of Mac OS X

• What do we need?– Public Key Infrastructure (AD CS)

– Site server with Internet FQDN

– HTTPS-enabled Management Point

– HTTPS-enabled Distribution Point

– Enrollment Point and Enrollment Proxy Point

– Client Settings configured

• Installation/Enrollment– Terminal-based install (Console/SSH)

– Manual certificate enrollment

– User-driven GUI in SCCM 2012 R2

#ECMDay2015


DEMO

setting up support and enrolling Mac OS-X device

#ECMDay2015


Inventory• Hardware inventory via Common

Information Model (CIM)

• Installed programs via hardware

inventory

• Inventory schedules handled by

Default Client Policy

#ECMDay2015


Application Management• Native in ConfigMgr 2012 SP1 / R2 using CMMAC wrapper

(Community tool via:

http://www.flaschengeist-studios.com/cmapputil-helper/ )

• Supports APP, PKG, MPKG, DMG

• Detection via Application Bundle ID and Package ID

• Deployment to Devices, not Users

• Simulate Deployments are supported

• Must be a required deployment

• BITS not supported

• Global conditions not supported

#ECMDay2015

http://www.flaschengeist-studios.com/cmapputil-helper/


Compliance Settings

• Creation of Items and Baselines

• Report compliance of preferences

• Remediate preferences

• Managing preferences is getting harder because of changes since 10.8 and 10.9 and the ConfigMgr Client for Mac OS X

• Supports directly managing (system) preferences

• Supports discovery and remediation scripts

#ECMDay2015


Compliance Settings

• System preferences are stored in \Library\Preferences

• So why can’t I manage user preferences?– User preferences are stored in ~\Library\Preferences

(\Users\$USER\Library\Preferences)

– Configuration Manager client operates in Root context

– So the client will change Preferences of User Root (DCR is submitted)

– Workaround = using Apple shell scripts

• defaults reads <preference> <setting> <value>

• defaults write <preference> <setting> <value>

MMS Minnesota 2014


DEMO

deploy applications / inventory / compliance settings

#ECMDay2015


Troubleshooting• Library/Application Support/Microsoft/CCM/Logs

– CCMClient-<date_time>.log• Records activities that are related to the Mac client operations, which

includes application management, inventory, and error logging.

• ~/Library/Logs– CCMAgent-<date_time>.log

• Records information that is related to client operations, which includes user logon and logoff operations and Mac device activity.

– CCMNotifications-<date_time>.log• Records activities that are related to Configuration Manager notifications

displayed on the Mac device .

#ECMDay2015


EXTEND CONFIGMGR 2012 R2 WITH

PARALLELS


Manage Macs with SCCM

Discovery &

Enrollment

Patch deployment

Inventory

OS image

deployment

Enforce

Compliance

Application Portal

Software

deployment

Reporting

Discovery &

Enrollment

OS image

deploymentApplication Portal


Parallels vs. SCCM 2012 R2Parallels SCCM 2012 R2

Discovery and Enrollment

Network discovery and automatic enrollment

Manual enrollment

Inventory

Hardware and software inventory

Collect AppleCare warranty status

Compliance

Deploy Mac OS X Configuration Profiles

Easy to use OS X Configuration Profile editor

Push scripts as SCCM Configuration Items

Enable FileVault 2 encryption

Escrow and retrieve FileVault 2 personal keys


Parallels vs. SCCM 2012 R2Parallels SCCM 2012 R2

Software and Patch Deployment

Deploy software via SCCM Package Deployment

Deploy software via SCCM Application Deployment

Self-Service Application Portal for Macs

Silent & interactive deployment modes

Mac OS X Image Deployment

Deploy Mac OS X images via SCCM

Remote Assistance

Remote Assistance via VNC

Remote Assistance via SSH

Configuration

Works without PKI infrastructure


DEMO

Parallels plug in


Client side PMM

#ECMDay2015


IOS SUPPORT


#ECMDay2015


#ECMDay2015

Mobile devices

System Center Configuration

Manager

Configuration Manager integrated with Intune (hybrid)Intune standalone (cloud only)

IT IT

Intune web console Configuration Manager console


Highlights iOS Support

#ECMDay2015

Category iOS Support

VPN, Wi-Fi Profiles

Certificates

Password

Device restrictions

Store access

Browsers

Content Rating

Cloud Sync

Encryption

Security

Roaming

Email management

Category FeatureIntune

Standalone

Intune + ConfigMgr

(Hybrid)

De

vic

e

co

nfig

ura

tio

n Inventory mobile devices that access corporate applications ● ●Remote factory reset (full device wipe) / selective wipe ● ●Mobile device configuration settings (PIN length, PIN required, lock time, etc.) ● ●Self-service password reset (Office 365 cloud only users) ● ●

Off

ice

365

Provides reporting on devices that do not meet IT policy ● ●Group-based policies and reporting (ability to use groups for targeted device configuration) ● ●Root cert and jailbreak detection ● ●Remove Office 365 app data from mobile devices while leaving personal data and apps intact

(selective wipe)● 2015

Prevent access to corporate email and documents based upon device enrollment and

compliance policies● 2015

Pre

miu

m

mo

bile

de

vic

e &

a

pp

ma

na

ge

me

nt

Self-service Company Portal for users to enroll their own devices and install corporate apps ● ●App deployment (Windows Phone, iOS, Android) ● ●Deploy certificates, VPN profiles (including app-specific profiles), email profiles, and Wi-Fi profiles ● ●Prevent cut/copy/paste/save as of data from corporate apps to personal apps (mobile

application management) ●

Secure content viewing via Managed browser, PDF viewer, Imager viewer, and AV player apps for

Intune●

Remote device lock via self-service Company Portal and via admin console ● ◐ (via CP)


Layered security in EMS

#ECMDay2015


MAM in Microsoft Intune

• Data Relocation

– Copy data from/to apps

– Restrict save as

– iCloud/Itunes backup

• Access

– Require PIN/Password/corporate

credentials#ECMDay2015


DEMO

Manage an iOS app

#ECMDay2015


Resources• Blog James Bannan: http://www.jamesbannanit.com

• Blog Kent Agerlund: http://kea.coretech.dk

• Mac Scripter: http://macscripter.net

• Technet: http://blogs.technet.com/b/pauljones/archive/2013/06/02/managing-mac-os-x-with-system-center-2012-configuration-manager.aspx

• Blog Peter Daalmans: http://configmgrblog.com(http://configmgrblog.com/resources/community-tools/for demo examples)

• Blog Chris Nackers: http://www.chrisnackers.com

#ECMDay2015

http://www.jamesbannanit.com/

http://kea.coretech.dk/

http://macscripter.net/

http://blogs.technet.com/b/pauljones/archive/2013/06/02/managing-mac-os-x-with-system-center-2012-configuration-manager.aspx

http://configmgrblog.com/

http://configmgrblog.com/resources/community-tools/

http://www.chrisnackers.com/


Key takeaway

If you have SCCM you

need to manage your Mac’s

to be compliant!

#ECMDay2015

Main Sponsor

Event Sponsors

Special thanks to our sponsors!

ecmday2015 - peter daalmans – master your mac os x operating system with configuration manager...

Technology

apple investmentsdemosetting

apple investmentswho

apple investmentsmac

user preferences

mac os x

configmgr client

settings hardware inventory

apple shell scripts