Presentation on theme: "Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014."— Presentation transcript:
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is difficult. Apps Today’s challenges Data Users need to be productive while maintaining compliance and reducing risk. Users expect to be able to work in any location and have access to all their work resources. Users
Devices Apps Users Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Protect your data Help protect corporate information and manage risk. Management. Access. Protection. Data Unify your environment Deliver a unified application and device management on- premises and in the cloud.
Selecting the Management Platform Cloud-based Management - Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Simple web-based administration console
Windows Intune – Standalone service Windows PCs (x86/64, Intel SoC) Windows RT, Windows Phone 8.x iOS, Android
Manage and Secure PCs and Devices Anywhere Help protect PCs from malware Manage updates Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies Distribute software Richer Mobile Device Management Simple web-based Administration Console and a richer experience for Information Workers
Windows Intune Web Console Windows 8.1 with Windows Intune client software installed Demonstrations 7
Windows 8.1 with Windows Intune Mobile Device Management Enabled Demonstration 11
End User Experience Consistent self service experience for end user across mobile platforms Available in the Windows Store Windows Phone iOS Side-loaded during enrollment Available in the Apple App store Windows Android Available in the Google Play Store
End User Capabilities for each Platform Windows 8 & Windows 8.1 Windows RT & Windows 8.1 RT Windows Phone 8 iOSAndroid (4.x) Enroll (local device)Yes Rename devicesYes Retire (un-enroll local device)Yes Remotely wipe other devicesYes Install enterprise LOB applicationsYes Install publicly available applicationsYes Access web applicationsShortcut LaunchWeb clipShortcut Contact ITYes
Mobile Device Inventory Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync. No software inventory for mobile devices to respect the Information Worker’s privacy on their own device. IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues.
Settings Management Security policy on devices by Direct management and Exchange ActiveSync. New expanded policy set. Reporting available on each setting whether it is applicable, conformant or has an error. The same security policy template is used for both Direct Management and EAS to help Admins Older Android and Windows Phone 7 devices can be managed through EAS
Mobile Device Settings in Windows Intune CategoryWin 8.1 PC & RTWP8.1iOSAndroid Password Encryption Malware System Settings Cloud Windows Server Work Folders Browser Applications & Gaming Device restrictions Store access Roaming * Subset of settings Note: Table applicable to direct MDM and not EAS
Software Distribution Summary Platform Desktop Apps (.msi,.exe)* Modern App Types Side loading Deep Links Web apps.appx.xap.ipa.apk Windows 8 Pro/Ent √√√√ Windows RT √√√ iOS √√√ Android √√√ WP8 √√√ Windows 7 and below √ √
Personal Apps and Data Lost or Stolen Company Apps and Data Remote App Protect your data Help protect corporate information and manage risk Centralized Data Enrollment Retired Company Apps and Data Remote App Policies Lost or Stolen Company Apps and Data Remote App Policies Personal Apps and Data Retired Personal Apps and Data IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. Selective wipe removes corporate applications, data, and policies based as supported by each platform Full wipe if supported by each platform Can be executed by IT or by user via Company Portal Sensitive data or applications can be kept off device and accessed via Remote Desktop Services
Windows 8.1 with MDM, Workplace Join and Work Folders Demonstration 19
Mobile device wipe and retire CategoryWindows 8.1 (x86/RT OMA-DM managed) Windows 8 RTWindows Phone 8.1 iOSAndroid (EAS) Full Wipe Retire (Selective wipe) Email (Email through EAS) Company apps and associated data installed by Windows Intune. Apps originally installed through the company portal are uninstalled and sideloading keys are removed. Apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible. Sideloading keys are removed but apps remain installed. Apps originally installed through the company portal are uninstalled. Company app data is removed. Apps are uninstalled. Company app data is removed. Apps and data remain installed. SettingsRequirements removed Management Client Not applicable. Management agent is built-in Management profile is removed Device Administrator privilege is revoked.