Presentation is loading. Please wait.

Presentation is loading. Please wait.

User and Device Management Tomáš Kanty Kantůrek

Similar presentations

Presentation on theme: "User and Device Management Tomáš Kanty Kantůrek"— Presentation transcript:

1 User and Device Management Tomáš Kanty Kantůrek

2 The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is difficult. Apps Todays challenges Data Users need to be productive while maintaining compliance and reducing risk. Users expect to be able to work in any location and have access to all their work resources. Users

3 Devices Apps Users Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Protect your data Help protect corporate information and manage risk. Management. Access. Protection. Data Unify your environment Deliver a unified application and device management on- premises and in the cloud.

4 User and Device Management Enable users Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Unify your environment On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Protect your data Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Identify which mobile devices have been compromised

5 ChallengesSolutions Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources. Users want an easy way to be able to access their corporate applications from anywhere. IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies. Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources. Users can enroll their devices, which provides them with the company portal for consistent access to applications and data, and to manage their devices. IT can publish access to corporate resources with conditional access based on the users identity, the device they are using, and their location. Enable users

6 Helping IT to enable users IT can publish access to resources with the web application proxy based on device awareness and the users identity. IT can provide seamless corporate access. Users can work from anywhere on their devices with access to their corporate resources. Users can register devices for single sign-on and access to corporate data with Workplace Join. Users can enroll devices for access to the company portal for easy access to corporate applications. IT can publish desktop virtualization resources for access to centralized resources. Firewall

7 Target applications based on user role the best way for each device Windows/Windows RT Windows Phone iOS Android OS X Evaluate device capabilities for optimal application delivery Local installation Microsoft Application Virtualization Desktop Virtualization (VDI) Web applications MSI RDS App-V (MDOP) Remote App Native App/ App Store

8 Protect your data ChallengesSolutions As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device. A significant amount of corporate data can only be found locally on user devices. IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance. Users can work on the device of their choice and be able to access all their resources, while IT can identify at-risk devices through jailbreak and root detection IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents. IT can centrally audit and report on information access.

9 Personal Apps and Data Lost or Stolen Company Apps and Data Remote App Help protect corporate information and manage risk Centralized Data Enrollment Retired Company Apps and Data Remote App Policies Lost or Stolen Company Apps and Data Remote App Policies Personal Apps and Data Retired Personal Apps and Data IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. Identify at-risk devices through jailbreak and root detection Selective wipe removes corporate applications, data, certificates/profiles, and policies based as supported by each platform Full wipe as supported by each platform Can be executed by IT or by user via Company Portal Sensitive data or applications can be kept off device and accessed via Remote Desktop Services

10 Unify your environment ChallengesSolutions MDM products are typically delivered as point solutions, which do not integrate with the main PC management solution already in use. Managing multiple identities and keeping the information in sync across environments is a drain on IT resources. IT has a single pane of glass to view and manage all managed devices, whether on-premises or cloud- based, PCs or mobile devices. Users and IT can leverage their common identity for access to external resources through federation.

11 Providing users with a common identity IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Windows Azure Active Directory. Users are more productive by having a single sign-on to all their resources. IT can use Active Directory Federation Services to connect with Windows Azure for a consistent cloud-based identity. Users get access through accounts in Windows Azure Active Directory to Windows Azure, Office 365, and third-party applications. Developers can build applications that leverage the common identity model. 11

12 Unify your environment Deliver comprehensive application and device management IT can manage the device and application lifecycle Unified infrastructure enables IT to manage devices where they live Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Single Admin Console User

13 Windows Intune – Standalone service Windows PCs (x86/64, Intel SoC) Windows RT, Windows Phone 8 iOS, Android Manage up to 7,000 devices and 4,000 users

14 Manage and Secure PCs and Devices Anywhere Help protect PCs from malware Manage updates Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies Distribute software Richer Mobile Device Management Simple web-based Administration Console and a richer experience for Information Workers

15 End User Experience Consistent self service experience for end user across mobile platforms Native Windows application Available in the Windows Store Windows Phone 8 Company Portal iOS Company Portal Native Windows Phone 8 app (.xap) Side-loaded during enrollment Native iOS application Available in the Apple App store Windows RT Company Portal

16 End User Capabilities for each Platform Windows 8 & Windows 8.1 Windows RT & Windows 8.1 RT Windows Phone 8 iOSAndroid Enroll (local device)Yes EAS Rename devicesYes No Retire (un-enroll local device)Yes No Remotely wipe other devicesYes No Install enterprise LOB applicationsYes Install publicly available applicationsYes yes Browse to web linksYes Contact ITYes

17 Application Management on Mobile Devices PlatformsWindows 8/Windows RT Windows Phone 8 iOSAndroid Sideload to install *.appx*.xap*.ipa*.apk Deep links to store apps – install from store

18 Software Distribution Summary Platform Desktop Apps (.msi,.exe) Modern App Types Side loading Deep Links web apps.appx.xap.ipa.apk Windows 8 Pro/Ent Windows RT** iOS Android WP8 Windows 7 and below ** Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other PCs linked to the user, but not installable on the local Window RT device

19 Selecting the Management Platform

20 Platform Support OS PlatformManagement AgentEnd User Experience Windows 8.1 PCConfigMgr Agent Or Management Agent(OMA-DM) Software Center/Application Catalog Windows Company Portal app Windows PC (Win8,Win7,Vista,XP) ConfigMgr AgentSoftware Center/Application Catalog Windows RTManagement agent (OMA-DM)Windows Company Portal app Windows Phone 8Management agent (OMA-DM)Windows Phone 8 Company Portal app iOSApple MDM ProtocoliOS Company Portal app AndroidAndroid MDM agent (OMA-DM)Android Company Portal app MacConfigMgr AgentLimited self service experience Linux/UnixConfigMgr AgentN/A

21 Resource Access Configuration Support platforms Windows 8.1 Windows 8.1 RT iOS Android Benefits End users get access to company resources with no manual steps for them New Features* Configure networking profiles VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Management and distribution of certificates Configure remote connection to work PCs

22 User-centric Application Delivery Administration Delivery Evaluation Criteria User Device type Network connection User/Device Relationships Primary Devices MSI App-V Windows 8 Apps Windows 8 Apps in the Windows Store Non-primary Devices VDI Remote Desktop

23 User-centric Application Delivery End User Self-Service IT Administrators publish software titles to catalog, complete with meta data to enable search Deliver best user experience on each device Users can browse, select and install directly from Catalog Application model determines format and policies for delivery User

24 Unified Device Management Configuration Device management integrated directly into console Simple Windows Intune Subscription set-up Centralized branding and customization of Company Portal experience Windows Intune Connector deployed as a Site System Role

25 Security and Compliance Endpoint Protection Unified Infrastructure Simplified server and client deployment. Streamlined updates. Consolidated reporting. Comprehensive Protection Stack Behavior monitoring. Antimalware. Dynamic Translation. Windows Firewall Management.

26 Security and Compliance Settings Management ConfigMgr MPBaseline ConfigMgr Agent WMIXML RegistryIISMSI ScriptSQL Software Updates File Active Directory Baseline Configuration Items Auto Remediate OR Create Alert (to Service Manager) ! Improved functionality Copy settings Trigger console alerts Richer reporting Enhanced versioning and audit tracking Ability to specify versions to be used in baselines Audit tracking includes who changed what Pre-built industry standard baseline templates through IT Governance, Risk & Compliance(GRC) Solution Accelerator Assignment to collections Baseline drift

27 CAS Primary Site MP Role Primary Site DP Role Assigns policy to scan for update status or to deploy update Distributes updates Reports compliance Microsoft Update Primary Site SUP Role/WSUS Identifies who needs updates and reports on compliance Downloads updates Auto Deployment Faster deployment through search. Schedule content download and deployment to avoid reboot during work hours. State-based Updates Allows individual or group deployment. Updates added to groups auto deploy to targeted collections. Optimized for New Content Model Reduce replication and storage. Expired updates and content deleted. Security and Compliance Software Update

28 Role-based Administration FunctionalityConfigMgr 2007ConfigMgr 2012 What types of objects can I see and what can I do to them? Class rightsSecurity roles Which instances can I see and interact with? Object instance permissions Security scopes Which resources can I interact with? Site specific resource permissions Collection limiting Meg - WW Central System Administrator Louis - Software Update Manager for France Bob - US and France Security Admin Can see & update France desktops Cannot modify security settings on France desktops Cannot see All Systems or U.S. desktops Can see and modify security settings on France and U.S. desktops Cannot update France or U.S. desktops Cannot see All Systems Map the organizational roles of your administrators to defined security roles Security organization role Geography Reduces error, defines span of control for the organization RBA enhancements in R2 include SQL Reporting

29 Operating System Deployment Multiple Deployment Method Support PXE initiated deployment allows client computers to request deployment over the network Multi-cast deployment to conserve network bandwidth Stand-alone media deployment for no network connectivity or low bandwidth Pre-staged media deployment allows you to deploy an operating system to a computer that is not fully provisioned User State Migration Tool (USMT) 4.0 UI integration makes it easier transfer files and user settings from one machine to another CAS Primary Site MP Role Primary Site DP Role ImageTask Sequence Report WDS PXE Server

30 Core Operating System Deployment Scenarios ScenarioKey Functionality New computer Fresh install of a new operating system on client or server system New or repurposed hardware PXE boot Integrate with Windows Deployment Services (WDS) PXE server Self-provisioning via F12 Wipe-and-load Install new version of operating system Reinstall applications and user state under new operating system Side-by-side Similar to wipe-and-load, except between two different devices Offline with removable media With low bandwidth or no connectivity Large software packages are on the media Prestaged Media Optimized for network bandwidth Speeds up end to end deployment

31 Client Activity and Health In-console view of client health Threshold-based console alerts Heartbeat DDRs HW/SW inventory and status Remediation

32 Asset Intelligence, Inventory, and Software Metering Consolidated/simplified reporting that allows you to Understand software installation profiles Plan for hardware upgrades Identify over or under licensing issues Track custom apps or groups of titles Software Metering and License Reports Asset Intelligence Service Asset Intelligence Catalog Real-Time Application and Hardware Intelligence ConfigMgr Inventory

33 Summary Enabled Unify Simplify Role-based Administration Content Management Software Update Management Reduced Infrastructure Requirements User-centric Application Delivery Modern Device Management Compliance and Settings Management Endpoint Protection Operating System Deployment Asset Intelligence, Inventory and Software Metering 2012 EAS User-centric Updated engine Improved RBA in Reporting Windows 8.1 support 2012 R2 Improved Web App deployment New Integrated Auto remediation Improved New Improved 2012 SP1 Unified Win 8 Apps Flexible hierarchies Real-time actions User profile and data Improved Modern Management Console Additional cmdletsNewWindows PowerShell Client Health Improved Distribution Point for Windows Azure New

34 Zdroje informací


Download ppt "User and Device Management Tomáš Kanty Kantůrek"

Similar presentations

Ads by Google