Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA

Similar presentations


Presentation on theme: "Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA"— Presentation transcript:

1 Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA

2 Protect and Manage Devices and Infrastructure  Exchange  Exchange Connecter with Configuration Manager  Configuration Manager with Intune

3 Exchange - Protecting your Infrastructure  Set-ActiveSyncOrganizationSettings  New-ActiveSyncDeviceAccessRule  Set-ActiveSyncDeviceAccessRule

4 Exchange - Protecting your Infrastructure  Set-ActiveSyncOrganizationSettings Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine - AdminMailRecipients

5 Exchange - Protecting your Infrastructure  New-ActiveSyncDeviceAccessRule New-ActiveSyncDeviceAccessRule -QueryString iPhone -Characteristic DeviceModel -AccessLevel Block New-ActiveSyncDeviceAccessRule -QueryString NokiaE521/2.00()MailforExchange -Characteristic UserAgent -AccessLevel Allow

6 Exchange - Protecting your Infrastructure  Set-ActiveSyncDeviceAccessRule Set-ActiveSyncDeviceAccessRule 'ContosoPhone(DeviceModel)' - AccessLevel:Quarantine Get-ActiveSyncDeviceAccessRule | Where {$_.AccessLevel -eq 'Allow'} | Set-ActiveSyncDeviceAccessRule -AccessLevel:Quarantine

7 Exchange - Protecting your Infrastructure DEMO

8 Exchange – Managing and Securing Devices  Mobile Device Mailbox Policies When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy.

9 Exchange – Managing and Securing Devices  New-ActiveSyncMailboxPolicy New-ActiveSyncMailboxPolicy -Name 'All Users' - AllowNonProvisionableDevices $false -DevicePasswordEnabled $true - AlphanumericDevicePasswordRequired $false - MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true - AttachmentsEnabled $true -AllowSimpleDevicePassword $true - DevicePasswordExpiration '30.00:00:00' -DevicePasswordHistory '0'

10 Exchange – Managing and Securing Devices  New-ActiveSyncMailboxPolicy New-ActiveSyncMailboxPolicy -Name 'All Users' - AllowNonProvisionableDevices $false -DevicePasswordEnabled $true - AlphanumericDevicePasswordRequired $false - MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true - AttachmentsEnabled $true -AllowSimpleDevicePassword $true - DevicePasswordExpiration '30.00:00:00' -DevicePasswordHistory '0'

11 Exchange – Managing and Securing Devices DEMO

12 Exchange – Managing and Securing Devices Current list of available settings per device OS ts

13 Exchange – Managing and Securing Devices  The enterprise feature pack will include:  S/MIME to sign and encrypt  Access to corporate resources behind the firewall with app aware, auto-triggered VPN  Enterprise Wi-Fi support with EAP-TLS  Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps  Certificate management to enroll, update, and revoke certificates for user authentication

14 Exchange Connector – Managing and Securing Devices Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premises or online) by using the Microsoft Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager.

15 Exchange Connector – Managing and Securing Devices  Settings you can control  General  Password  Management  Security  Application

16 Exchange Connector – Managing and Securing Devices  Option to control settings  Exchange Access rules control  Allow, Block, or Quarantine  Remotely Wipe via ConfigMgr  Self Wipe via Application catalog  On-premise automatically added to catalog on sync  Hosted requires manual user device affinity before visible in catalog.

17 Exchange Connector – Managing and Securing Devices When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices. Some management functions are therefore limited. For example, you cannot install software on these devices or use configuration items to configure these devices.

18 Exchange Connector – Managing and Securing Devices When you use the Exchange Server connector, the mobile devices can be managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies.

19 Exchange Connector – Managing and Securing Devices Define the settings that you want to use in the following group settings: General, Password, Management, Security, and Application. For example, in the Password group setting, you can configure whether mobile devices require a password, the minimum password length, password complexity, and whether password recovery is allowed.

20 Exchange Connector – Managing and Securing Devices Decide which account will connect to the Exchange Client Access server to manage the mobile devices. The account can be the computer account of the site server or a Windows user account. The following Exchange Server management roles include the required cmdlets: Recipient Management, View-Only Organization Management, and Server Management.

21 Exchange Connector – Managing and Securing Devices DEMO

22 System Center Intune - Managing and Securing Devices System Center Intune has various access points and knowing each one is important to not confuse users and get the most of the subscription.  Portal.Manage.Microsoft.com (Users)  Account.Manage.Microsoft.com (Subscription Administration)  Manage.Microsoft.com (Intune Administration)

23 System Center Intune - Managing and Securing Devices There are various pre-requisites that must be confgiiured and working before Intune can manage mobile devices or be connected to System Center Configuration Manager.  Intune Account  Verified Public Domain  Domain UPN  Dirsync/SSO  DNS Alias (CNAME)  Certificate Keys

24 System Center Intune - Managing and Securing Devices Certificates are used with System Center Intune to secure software deployments to devices that are either company developed or push or to allow Notifications. Below is a list by OS type of cert required.  Windows Phone 8 – Code Sign Cert (Symantec)  Support Tool for Windows Intune Trial (temp cert for testing)  Windows devices (Side loading Keys)  IOS – Apple Push Notification (APN)  Android (None)

25 System Center Intune - Managing and Securing Devices System Center Intune support many Mobile devices in Direct Managed mode or connected with System Center Configuration Manager 2012 R2.  Windows Phone 8 Devices  Windows 8 RT  Windows 8.1 RT  Windows 8.1  iOS 5.0, 6.0, and 7.0  Android Devices 2.3 and Later

26 System Center Intune - Managing and Securing Devices When integrating System Center Intune with System Center Configuration Manager there is a few configuration changes and system roles to be setup.  Subscription Connector Setup  Windows Intune Connector Role  Logs  ConnectorSetup  CloudMgr  CloudUsersSync  dmpDownloader  dmpuploader

27 Intune Connector – Managing and Securing Devices DEMO

28 Managing Devices – Managing and Securing Devices  Company Applications  Deeplinking (Store Apps)  User Enrollment

29 Deeplinking – Managing and Securing Devices  Method to deploy Vendor store apps via System Center Configuration Manager.  ITunes  Google Play  Windows Phone  Windows (Use reference computer)

30 Software Deployment – Managing and Securing Devices DEMO

31 User Enrollment – Managing and Securing Devices  Windows Phone (Settings - Company apps)  Windows RT (System Configuration – Company Apps)  Windows 8.1 and RT 8.1 (Workplace)  iOS (ITunes –Windows Intune Company Portal)  If sp1 (m.manage.Microsoft.com)  Android – ( Google Play - Windows Intune Company Portal)

32 User Enrollment – Managing and Securing Devices DEMO

33 Protect and Manage Devices and Infrastructure  Exchange  Exchange Connecter with Configuration Manager  Configuration Manager with Intune

34 Questions?


Download ppt "Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA"

Similar presentations


Ads by Google