Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA

Published byKale Rowley Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA"— Presentation transcript:

1 Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA http://dmvmug.com

2 Protect and Manage Devices and Infrastructure  Exchange  Exchange Connecter with Configuration Manager  Configuration Manager with Intune

3 Exchange - Protecting your Infrastructure  Set-ActiveSyncOrganizationSettings  New-ActiveSyncDeviceAccessRule  Set-ActiveSyncDeviceAccessRule

4 Exchange - Protecting your Infrastructure  Set-ActiveSyncOrganizationSettings Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine - AdminMailRecipients will@contoso.com, roger@contoso.com

5 Exchange - Protecting your Infrastructure  New-ActiveSyncDeviceAccessRule New-ActiveSyncDeviceAccessRule -QueryString iPhone -Characteristic DeviceModel -AccessLevel Block New-ActiveSyncDeviceAccessRule -QueryString NokiaE521/2.00()MailforExchange -Characteristic UserAgent -AccessLevel Allow

6 Exchange - Protecting your Infrastructure  Set-ActiveSyncDeviceAccessRule Set-ActiveSyncDeviceAccessRule 'ContosoPhone(DeviceModel)' - AccessLevel:Quarantine Get-ActiveSyncDeviceAccessRule | Where {$_.AccessLevel -eq 'Allow'} | Set-ActiveSyncDeviceAccessRule -AccessLevel:Quarantine

7 Exchange - Protecting your Infrastructure DEMO

8 Exchange – Managing and Securing Devices  Mobile Device Mailbox Policies When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy.

9 Exchange – Managing and Securing Devices  New-ActiveSyncMailboxPolicy New-ActiveSyncMailboxPolicy -Name 'All Users' - AllowNonProvisionableDevices $false -DevicePasswordEnabled $true - AlphanumericDevicePasswordRequired $false - MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true - AttachmentsEnabled $true -AllowSimpleDevicePassword $true - DevicePasswordExpiration '30.00:00:00' -DevicePasswordHistory '0'

10 Exchange – Managing and Securing Devices  New-ActiveSyncMailboxPolicy New-ActiveSyncMailboxPolicy -Name 'All Users' - AllowNonProvisionableDevices $false -DevicePasswordEnabled $true - AlphanumericDevicePasswordRequired $false - MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true - AttachmentsEnabled $true -AllowSimpleDevicePassword $true - DevicePasswordExpiration '30.00:00:00' -DevicePasswordHistory '0'

11 Exchange – Managing and Securing Devices DEMO

12 Exchange – Managing and Securing Devices Current list of available settings per device OS http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clien ts

13 Exchange – Managing and Securing Devices  The enterprise feature pack will include:  S/MIME to sign and encrypt email  Access to corporate resources behind the firewall with app aware, auto-triggered VPN  Enterprise Wi-Fi support with EAP-TLS  Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps  Certificate management to enroll, update, and revoke certificates for user authentication

14 Exchange Connector – Managing and Securing Devices Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premises or online) by using the Microsoft Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager.

15 Exchange Connector – Managing and Securing Devices  Settings you can control  General  Password  Email Management  Security  Application

16 Exchange Connector – Managing and Securing Devices  Option to control settings  Exchange Access rules control  Allow, Block, or Quarantine  Remotely Wipe via ConfigMgr  Self Wipe via Application catalog  On-premise automatically added to catalog on sync  Hosted requires manual user device affinity before visible in catalog.

17 Exchange Connector – Managing and Securing Devices When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices. Some management functions are therefore limited. For example, you cannot install software on these devices or use configuration items to configure these devices.

18 Exchange Connector – Managing and Securing Devices When you use the Exchange Server connector, the mobile devices can be managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies.

19 Exchange Connector – Managing and Securing Devices Define the settings that you want to use in the following group settings: General, Password, Email Management, Security, and Application. For example, in the Password group setting, you can configure whether mobile devices require a password, the minimum password length, password complexity, and whether password recovery is allowed.

20 Exchange Connector – Managing and Securing Devices Decide which account will connect to the Exchange Client Access server to manage the mobile devices. The account can be the computer account of the site server or a Windows user account. The following Exchange Server management roles include the required cmdlets: Recipient Management, View-Only Organization Management, and Server Management.

21 Exchange Connector – Managing and Securing Devices DEMO

22 System Center Intune - Managing and Securing Devices System Center Intune has various access points and knowing each one is important to not confuse users and get the most of the subscription.  Portal.Manage.Microsoft.com (Users)  Account.Manage.Microsoft.com (Subscription Administration)  Manage.Microsoft.com (Intune Administration)

23 System Center Intune - Managing and Securing Devices There are various pre-requisites that must be confgiiured and working before Intune can manage mobile devices or be connected to System Center Configuration Manager.  Intune Account  Verified Public Domain  Domain UPN  Dirsync/SSO  DNS Alias (CNAME)  Certificate Keys

24 System Center Intune - Managing and Securing Devices Certificates are used with System Center Intune to secure software deployments to devices that are either company developed or push or to allow Notifications. Below is a list by OS type of cert required.  Windows Phone 8 – Code Sign Cert (Symantec)  Support Tool for Windows Intune Trial (temp cert for testing)  Windows devices (Side loading Keys)  IOS – Apple Push Notification (APN)  Android (None)

25 System Center Intune - Managing and Securing Devices System Center Intune support many Mobile devices in Direct Managed mode or connected with System Center Configuration Manager 2012 R2.  Windows Phone 8 Devices  Windows 8 RT  Windows 8.1 RT  Windows 8.1  iOS 5.0, 6.0, and 7.0  Android Devices 2.3 and Later

26 System Center Intune - Managing and Securing Devices When integrating System Center Intune with System Center Configuration Manager there is a few configuration changes and system roles to be setup.  Subscription Connector Setup  Windows Intune Connector Role  Logs  ConnectorSetup  CloudMgr  CloudUsersSync  dmpDownloader  dmpuploader

27 Intune Connector – Managing and Securing Devices DEMO

28 Managing Devices – Managing and Securing Devices  Company Applications  Deeplinking (Store Apps)  User Enrollment

29 Deeplinking – Managing and Securing Devices  Method to deploy Vendor store apps via System Center Configuration Manager.  ITunes  Google Play  Windows Phone  Windows (Use reference computer)

30 Software Deployment – Managing and Securing Devices DEMO

31 User Enrollment – Managing and Securing Devices  Windows Phone (Settings - Company apps)  Windows RT (System Configuration – Company Apps)  Windows 8.1 and RT 8.1 (Workplace)  iOS (ITunes –Windows Intune Company Portal)  If sp1 (m.manage.Microsoft.com)  Android – ( Google Play - Windows Intune Company Portal)

32 User Enrollment – Managing and Securing Devices DEMO

33 Protect and Manage Devices and Infrastructure  Exchange  Exchange Connecter with Configuration Manager  Configuration Manager with Intune

34 Questions?

Download ppt "Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA"

Similar presentations

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Meraki Mobile Device Management

Meraki Mobile Device Management
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.

Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.

Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Howard A. Carter III Senior Consultant Microsoft Consulting Services

Howard A. Carter III Senior Consultant Microsoft Consulting Services
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.

IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.
Securing Microsoft® Exchange Server 2010

Securing Microsoft® Exchange Server 2010
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Similar presentations

Ads by Google