managing mobile devices with windows intune and sccm 2012 (adrian stoian)
DESCRIPTION
In this session we will discuss the features provided by Windows Intune and System Center 2012 Configuration Manager to manage mobile devices using Windows Phone, Windows RT, Android and iOS. We will discuss the configuration steps and the integration between the two platforms using Windows Intune Connector.TRANSCRIPT
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Managing mobile devices with Windows Intune and System Center
2012 Configuration Manager
Adrian Stoian
IT Consultant & Trainer
MVP Enterprise Client Management
TechReady
www.adrianstoian.com
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Huge thanks to our sponsors & partners!
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Windows Intune Overview
• Identity Management
• Cloud Only Windows Intune Configuration
• Unified Management with Configuration Manager
Agenda
Premium community conference on Microsoft technologies itcampro@ itcamp14#
WINDOWS INTUNE OVERVIEW
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Windows Intune is a Microsoft cloud-based management solution
What is Windows Intune?
Computer management Mobile Device Management
Application ManagementSoftware UpdatesInventory and ReportingEndpoint ProtectionWindows FirewallRemote Assistance
Application DeploymentSoftware UpdatesInventory and ReportingPolicy SettingsRemote WipeRemote LockPasscode Reset
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Platform Support
Scenario System Center 2012 R2
Configuration Manager
Windows Intune Configuration Manager and
Windows Intune
Microsoft Windows
Yes Yes Yes
Microsoft Windows Server
Yes No Yes
Windows Phone No Yes YesWindows RT No Yes YesiOS No Yes YesAndroid No Yes YesMac OS X Yes No YesUnix/Linux Servers Yes No Yes
BETTER TOGETHER
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Windows Intune ConsolesAccount Portalhttps://account.manage.microsoft.com/
Administrator Consolehttps://admin.manage.microsoft.com/
Premium community conference on Microsoft technologies itcampro@ itcamp14#
IDENTITY MANAGEMENT
Premium community conference on Microsoft technologies itcampro@ itcamp14#
What is Windows Azure Active Directory?
AzureAD
AD DS
SharePointOnline
ExchangeOnline
LyncOnline
CRMOnline
Windows Intune
Windows Azure Active Directoryis designed for authentication in the cloud
• Manage users and access to cloud applications
• Extend your on-premises directories to the cloud
• Provide single sign-on across your cloud applications
• Enable multi-factor authentication
On-Premise
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Separate Windows Intune accounts
• Dirsync
• Active Directory Federation Services (ADFS)
Identity Management Options
Premium community conference on Microsoft technologies itcampro@ itcamp14#
CLOUD ONLY WINDOWS INTUNECONFIGURATION
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Windows Intune Architecture – Cloud Only
Windows Intune
Corp Net Internet
AD DS
Exchange
Windows RTWindows Phone 8iOSAndroid
Windows 8Windows 7Windows VistaWindows XP
ActiveSync EAS Policy
Administrator
DirSync
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
UNIFIED MANAGEMENT WITH CONFIGURATION MANAGER
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Windows Intune Architecture – Unified Mgmt
Windows Intune
Corp Net Internet
AD FS
Exchange
Windows RTWindows Phone 8iOSAndroidWindows 8
Windows 7Windows VistaWindows XP
ActiveSync EAS Policy
Administrator
Intune Connector
ConfigMgr
AD DS
SingleSign-On
ExchangeConnector
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
CERTIFICATE PROFILESIN CONFIGURATION MANAGER
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Certificate Profiles Architecture
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Install AD CS and configure certificate templates
• Install NDES on a separate Windows Server 2012 R2 and configure service account, CA name, Registration Authority
• Enroll for server certificate
• Install Certificate Registration Point (CRP) site system role
• Install Configuration Manager Policy Module
Configuration Steps
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Create a certificate profile for the Trusted Root CA certificate
• Create a certificate profile for devices
• Create a certificate profile for users
• Deploy Trusted Root certificate profile to device collections
• Deploy other certificate profiles for users and devices to relevant collections
• Monitor compliance
Enrolling for certificates
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Windows 8.1 (incl. RT)
• iOS (5.0, 6.0, 7.0) for iPhone and iPad
• Android
Applicable platforms
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
VPN PROFILESIN CONFIGURATION MANAGER
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Run Create VPN Profile Wizard
• Specify connection type
• Configure authentication method
• Specify proxy settings
• Configure Automatic VPN
• Configure supported platforms
• Deploy VPN profile to an users collection
Configuration Steps
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Devices that run Windows 8.1 32-bit and 64-bit
• Devices that run Windows RT or Windows RT 8.1
• IPhone devices that run iOS 5, iOS 6 and iOS 7
• IPad devices that run iOS 5, iOS 6 and iOS 7
Applicable platforms
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
WI-FI PROFILESIN CONFIGURATION MANAGER
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Run the Create Wi-Fi Profile Wizard
• Specify network name and SSID
• Configure authentication method
• Configure advanced and proxy settings
• Configure supported platforms
• Deploy Wi-Fi profile to an users collection
• Monitor compliance
Configuration Steps
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Devices that run Windows 8.1 32-bit and 64-bit
• Devices that run Windows RT 8.1
• IPhone devices that run iOS 5, iOS 6 and iOS 7
• IPad devices that run iOS 5, iOS 6 and iOS 7
• Android devices that run version 4
Applicable platforms
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Enterprise Feature Pack
– S/MIME for signing and encrypting e-mail
–VPN support
– Enterprise Wi-Fi with EAP-TLS
–Rich MDM policies (lock down)
–Certificate management
• Releasing in H1 2014
What about Windows Phone 8?
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Premium community conference on Microsoft technologies itcampro@ itcamp14#
• Mobile Device Management with Windows Intune and System Center Configuration Manager– Attend this 2-day seminar to find out how you can manage mobile devices
using Windows Intune, either in the Cloud Only configuration, or using the Unified Mangement configuration with System Center 2012 Configuration Manager R2.
• Agenda:1. Windows Intune Overview2. Identity Management with Windows Intune3. Cloud Only Windows Intune Configuration4. Mobile Device Management with Windows Intune5. Deploying Software to Mobile Devices6. Unified Management with Windows Intune and System Center 2012
Configuration Manager R27. Managing Mobile Device Settings and Compliance8. Unified Software Deployment9. End User Experience for Mobile Devices
Seminar
Premium community conference on Microsoft technologies itcampro@ itcamp14#
Q & A
Contact details:
Blog: www.adrianstoian.com
Twitter: @astoian