ENABLING MOBILE DEVICE MANAGEMENT WITH SYSTEM CENTER 2012 & WINDOWS INTUNE

Howard A. Carter III

Senior Consultant

Microsoft Consulting Services

September 21, 2013TechGate 2013 – Reston, VA

AGENDA

• What is Windows Intune?

• Windows Intune Configurations

• Windows Intune Capabilities Across Devices

• Settings Up an Intune Account

• Integrating with Configuration Manager 2012

• Publishing Applications

• Enrolling Devices

WINDOWS INTUNE CONFIGURATIONSCloud-Only Configuration

Unified Configuration

CLOUD MANAGEMENT CAPABILITIES

Capability / Platform Windows 8Windows 7,

Vista, XP Windows RTWindows Phone

8 iOS Android

Application management ü ü ü ü ü ü

Endpoint Protection ü ü O O O O

Hardware Inventory ü ü ü ü ü ü

Software Inventory ü ü ü1 ü1 ü1 ü1

Remote control ü3 ü ü3 O O O

Reporting ü ü ü ü ü ü

Software updates ü ü O O O O

Compliance settings ü2 ü2 ü2 ü2 ü2 ü2

1 = Managed applications only 2 = Compliance reporting but no remediation automation 3 = Via Remote Assistance

UNIFIED MANAGEMENT CAPABILITIES

Capability / PlatformWindows

8Windows 7, Vista, XP

Windows Embedded

Windows To Go

Mac OS

Windows RT

Windows Phone 8 iOS

Android

Application management ü ü ü ü ü ü ü ü ü

Endpoint Protection ü ü ü ü ü O O O OHardware Inventory ü ü ü ü ü ü ü ü ü1

Software Inventory ü ü ü ü ü ü2 ü2 ü2 ü2

Remote control ü ü ü ü O ü5 O O OReporting ü ü ü ü ü ü ü ü ü

Software updates ü ü ü ü O ü ü ü4 OCompliance settings ü ü ü ü ü ü3 ü3 ü3 ü3

OS deployment ü ü N/A ü O N/A N/A N/A N/A

Out of band management ü ü N/A N/A O N/A N/A N/A N/A

Power management ü ü ü ü O O O O OSoftware metering ü ü ü ü O O O O O

1 = Basic information only through Exchange ActiveSync 2 = Managed applications only 3 = Compliance reporting but no remediation automation 4 = Device User has to accept the update 5 = Via Remote Assistance

WINDOWS INTUNE CLOUD ARCHITECTURE

Windows Phone 8

Windows RT

Direct Management & App Publishing

iOS

CorpNet Internet

x86 / x64

x86 / x64

Windows 8Windows 7

Windows VistaWindows XP

Windows 8Windows 7

Windows VistaWindows XP

EAS Policy & Inventory

DirSync

Android App Publishing

Android

WINDOWS INTUNE UNIFIED ARCHITECTURE

EAS Policy & Inventory Android

Android App Distribution

Windows Phone 8

Windows RT

Direct Management & App Distribution

iOS

x86 / x64

Windows 8Windows To GoWindows 7Windows EmbeddedWindows VistaWindows XPMac

Service Pack 1

CorpNet Internet

x86 / x64

Windows 8Windows 7

Windows VistaWindows XP

DirSync

ADFS ADFSProxy

Active Directory

SELECTION CONSIDERATIONS

Current Infrastructure• On-premise

ConfigMgr?• Something else?

Scale of Solution• Approx. Max of 5000 Users?• Approx. Max of 100,000

Users?

Required Feature Set• Capabilities• Supported Platforms

ROADMAP | INTEGRATING CONFIGURATION MANAGER 2012 WITH WINDOWS INTUNE

Sign up for Windows Intune account

Synchronize your AD with Windows Azure AD

Configure Intune Subscription in ConfigMgr

Add Windows Intune Connector

Setup MDM Properties

Import Apps

DEMO• TG13Demo.onmicrosoft.comSign up for Intune Account (already

done)

Sync AD with Azure AD (already done)

Configure Intune Subscription in ConfigMgr

Install Windows Intune Connector

Setup MDM Properties

Add/Deploy Company Portal App

Enabling the user

Enrolling the device

Inventorying the device

Installing applicatio

ns

Managing the device

Retiring the device

MANAGING THE MOBILE DEVICE LIFECYCLE

Password

• Require password on mobile devices

• Min password length

• Max password length

• Number passwords remembered

• Number failed logons before wipe

• Idle time before lock

• Password complexity

• Send password recovery PIN to Exchange Server

Email management

• POP and IMAP• Max time to keep

email• Allowed message

formats• Max size for plain

text email• Max size for HTML

email• Max attachment

size• Calendar

synchronization

Security

• Unsigned file installation

• Unsigned applications

• SMS and MMS messaging

• Removable storage• Camera• Bluetooth• Windows RT VPN

profile• Profile file• Profile name• Profile for all

users

Peak Synchronization

• Specify peak time• Start• End• Days of week

• Peak synchronization frequency

• Off-peak synchronization frequency

CONFIGURATION ITEM SETTINGS

All options enable you to remediate noncompliant settings and some have a reporting option

Roaming

• Mobile device management while roaming

• Software download while roaming

• Email download while roaming

Encryption

• Storage card encryption

• File Encryption on mobile device

• Require email signing

• Require email encryption

• Encryption algorithm

Wireless Communication

• Wireless network connection• Network name• Network

connection• Authentication• Data

encryption• Key index• 802.1x

settings• EAP type

Certificates

• Import• Certificate File• Destination

store• Role

CONFIGURATION ITEM SETTINGS

All options have a Remediate noncompliant settings option

INVENTORIED MANAGEMENT PROPERTIESInventory Class Windows Phone 8 Windows RT iOS EAS

Name Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Yes

Unique Device ID Device_ComputerSystem.DeviceClientID Device_ComputerSystem.DeviceName Device_ComputerSystem.UDID Yes

Serial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber No

Email Address Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Yes

Operating System Type Device_OSInformation.Platform CCM_OperatingSystem .SystemType Not applicable Yes

Operating System Version Device_ComputerSystem.SoftwareVersion Win32_OperatingSystem.Version Device_OSInformation.OSVersion Yes

Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable No

Service Pack Major Version Not applicableWin32_OperatingSystem.ServicePackMajorVersion

Not applicable No

Service Pack Minor Version Not applicableWin32_OperatingSystem.ServicePackMinorVersion

Not applicable Yes

Operating System Language

Device_OSInformation.Language Not applicable Not applicable No

Total Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity No

Free Storage Space Not applicableWin32_OperatingSystem.FreePhysicalMemory

Device_Memory.AvailableDeviceCapacity No

IMEI1 Not applicable Not applicable Device_ComputerSystem.IMEI YesMEID2 Not applicable Not applicable Device_ComputerSystem.MEID No

Manufacturer Device_ComputerSystem.DeviceManufacturer

Win32_ComputerSystem.Manufacturer Not applicable No

Model Device_ComputerSystem.DeviceModel Win32_ComputerSystem.Model ModelName Yes

Phone Number Not applicable Not applicable Device_ComputerSystem.PhoneNumber Yes

Subscriber Carrier Not applicable Not applicableDevice_ComputerSystem.SubscriberCarrierNetwork Yes

Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology No

Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC No1 International Mobile Equipment Identity 2 Mobile Equipment Identifier

DEMORemember: Manage.Microsoft.com

Creating a Mobile Configuration Baseline

Enrolling a Device

Retire

Block

Delete

Wipe

RETIRING MANAGED MOBILE DEVICES

Removes the device from Configuration Manager while leaving personal settings and data intact on the device.

Blocks the client from communicating with the hierarchy. You can also unblock clients.

All data is deleted, sets device back to

manufacturer's defaults

Deletes the mobile device permanently from the hierarchy so that it will not be

further managed. No data from the device is removed. Once deleted, the

user would need to unenroll and re-enroll again.

LISTING RETIREMENT OPTIONS BY DEVICE

Function Windows Phone 8 Windows RT iOS Android (EAS)

Retire

Yes Line of business apps

are uninstalled including the company portal app.

User settings are retained

Yes Removes sideloaded

keys and sideloaded apps no longer run.

User settings are retained

Yes• Installed apps

will still run. 

Yes installed apps will still

run User settings are

removed.

Block Yes Yes Yes Not available

Wipe Yes Not available YesExchange ActiveSync mailbox removal only

Delete Yes Yes Yes Not available

DEMOWiping a Device

ADDITIONAL RESOURCESWindows Intune Trial

http://www.microsoft.com/en-us/windows/windowsintune/try.aspx

Support Tool for Intune Trial Management of Window Phone 8

http://www.microsoft.com/en-us/download/details.aspx?id=39079#

Microsoft Virtual Academy – Windows Intune Jumpstart

http://www.microsoftvirtualacademy.com/training-courses/windows-intune-for-it-professionals-jump-start

Microsoft Windows Intune Blog

http://blogs.technet.com/b/windowsintune/

Microsoft System Center ConfigMgr Team Blog

http://blogs.technet.com/b/configmgrteam/

QUESTIONS

Thank You

An email will be sent to all attendees on Monday, September 23 announcing location of slides received from presenters.

techgate@hotmail.com