Exchange – Managing and Securing Devices Mobile Device Mailbox Policies When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy.
Exchange – Managing and Securing Devices Current list of available settings per device OS ts
Exchange – Managing and Securing Devices The enterprise feature pack will include: S/MIME to sign and encrypt Access to corporate resources behind the firewall with app aware, auto-triggered VPN Enterprise Wi-Fi support with EAP-TLS Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps Certificate management to enroll, update, and revoke certificates for user authentication
Exchange Connector – Managing and Securing Devices Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premises or online) by using the Microsoft Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager.
Exchange Connector – Managing and Securing Devices Settings you can control General Password Management Security Application
Exchange Connector – Managing and Securing Devices Option to control settings Exchange Access rules control Allow, Block, or Quarantine Remotely Wipe via ConfigMgr Self Wipe via Application catalog On-premise automatically added to catalog on sync Hosted requires manual user device affinity before visible in catalog.
Exchange Connector – Managing and Securing Devices When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices. Some management functions are therefore limited. For example, you cannot install software on these devices or use configuration items to configure these devices.
Exchange Connector – Managing and Securing Devices When you use the Exchange Server connector, the mobile devices can be managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies.
Exchange Connector – Managing and Securing Devices Define the settings that you want to use in the following group settings: General, Password, Management, Security, and Application. For example, in the Password group setting, you can configure whether mobile devices require a password, the minimum password length, password complexity, and whether password recovery is allowed.
Exchange Connector – Managing and Securing Devices Decide which account will connect to the Exchange Client Access server to manage the mobile devices. The account can be the computer account of the site server or a Windows user account. The following Exchange Server management roles include the required cmdlets: Recipient Management, View-Only Organization Management, and Server Management.
Exchange Connector – Managing and Securing Devices DEMO
System Center Intune - Managing and Securing Devices System Center Intune has various access points and knowing each one is important to not confuse users and get the most of the subscription. Portal.Manage.Microsoft.com (Users) Account.Manage.Microsoft.com (Subscription Administration) Manage.Microsoft.com (Intune Administration)
System Center Intune - Managing and Securing Devices There are various pre-requisites that must be confgiiured and working before Intune can manage mobile devices or be connected to System Center Configuration Manager. Intune Account Verified Public Domain Domain UPN Dirsync/SSO DNS Alias (CNAME) Certificate Keys
System Center Intune - Managing and Securing Devices Certificates are used with System Center Intune to secure software deployments to devices that are either company developed or push or to allow Notifications. Below is a list by OS type of cert required. Windows Phone 8 – Code Sign Cert (Symantec) Support Tool for Windows Intune Trial (temp cert for testing) Windows devices (Side loading Keys) IOS – Apple Push Notification (APN) Android (None)
System Center Intune - Managing and Securing Devices System Center Intune support many Mobile devices in Direct Managed mode or connected with System Center Configuration Manager 2012 R2. Windows Phone 8 Devices Windows 8 RT Windows 8.1 RT Windows 8.1 iOS 5.0, 6.0, and 7.0 Android Devices 2.3 and Later
System Center Intune - Managing and Securing Devices When integrating System Center Intune with System Center Configuration Manager there is a few configuration changes and system roles to be setup. Subscription Connector Setup Windows Intune Connector Role Logs ConnectorSetup CloudMgr CloudUsersSync dmpDownloader dmpuploader
Intune Connector – Managing and Securing Devices DEMO
Managing Devices – Managing and Securing Devices Company Applications Deeplinking (Store Apps) User Enrollment
Deeplinking – Managing and Securing Devices Method to deploy Vendor store apps via System Center Configuration Manager. ITunes Google Play Windows Phone Windows (Use reference computer)
Software Deployment – Managing and Securing Devices DEMO
User Enrollment – Managing and Securing Devices Windows Phone (Settings - Company apps) Windows RT (System Configuration – Company Apps) Windows 8.1 and RT 8.1 (Workplace) iOS (ITunes –Windows Intune Company Portal) If sp1 (m.manage.Microsoft.com) Android – ( Google Play - Windows Intune Company Portal)
User Enrollment – Managing and Securing Devices DEMO
Protect and Manage Devices and Infrastructure Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune