Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on.

Published byEmily Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on."— Presentation transcript:

1

2

3

4

5

6 Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on user owned devices Safeguard BYOD assets Provide access to LOB apps Reduce infrastructure cost Central management for all enterprise & BYOD devices Unified Device Management System Center 2012 R2 Configuration Manager Windows Intune System Center 2012 Orchestrator Better with Both Ability to provide users access to LOB apps Enforce security policies on devices Allows end users to connect from anywhere Access corporate resources No additional infrastructure required

7 Challenges for Heterogeneous devices @ Microsoft IT Limited LOB applications for various platforms Shift in the technical support model User expectations for non domain joined PCs

8 Windows Phone 8.x Windows RT/8.x Devices Enrolled LOB apps published Deep linked apps iOS

9

10 Redmond Site 1 75k Clients Redmond Site 2 75k Clients North & South America 35k Clients Europe, MidEast, Africa 40k Clients Australia & Asia 75k Clients Device Mgmt. Site MS Online Directory Services (MSODS) Active Directory Federation Server 3.0 MS Online Directory Sync (DirSync) AD User Discovery corp domains Intune Subscription Connector Site role Infrastructure 6 Primary Sites 13 Secondary Sites 250 Distribution Points PCs & Devices ~300,000 clients ~125k mobile devices Users ~98k FTEs ~82k Vendors

11 Built ConfigMgr R2 Standalone Environment  Virtual Primary Site in Corp Domain  12GB, 4 Proc PS and 24 GB, 4 Proc SQL Server Performed User Discovery for Entire Corp Forest MSODS team provisioned Intune Services for Microsoft IT Tenant and set up services Admin Setup DNS redirection for enterpriseenrollment.Microsoft.com to Intune Beta environment Apply device specific certificates:  Windows Phone 8 code signing cert  Windows RT code signing cert & sideloading  iOS Apple push notification cert Microsoft Corp Active Directory Federation Server 3.0 MS Online Directory Sync (DirSync) Intune Subscription Connector Site role Primary Site SQL Server MSODS AD User Discovery corp domains 1 Windows Intune 2 3 4 5 Microsoft Cloud Services

12 Directory Sync to synchronize AD data and ADFS setup for single sign on. http://technet.microsoft.com/en- us/library/hh967642.aspx http://technet.microsoft.com/en- us/library/hh967642.aspx Perform User Discovery for users you will provide BYOD enrollment in your environment DNS redirection for enterpriseenrollment.. com will be needed What you need to do Obtain a VeriSign certificate. Work with your app/security team Purchase side loading key from volume license center Generate request from Configuration Manager console and certificate from Apple's portal AD Team – Dirsync and ADFS 3.0 App Team – App Certification Security Team – Policy definition Remote Resource Access Team – VPN/WiFi/Cert What you need to do

13

14

15 Managing Company Portal Across All Devices Marc Hurley

16 Deployed Company Portal as “Available” to User Collection Obtained WP8 Company Portal through internal process Associated the published WP8 Company Portal in the Intune Subscription Worked with App certification team to sign Company Portal before publishing Published all LOB applications to All Users and/or Security Groups Deployed Company Portal as “Required” to User Collection during upgrade scenarios & maintain Company Portal reach

17 Deployed Company Portal as “Required” to User Collection Configured the Intune Connector with Microsoft Internal Root Certificate Published all LOB applications to All Users and/or Security Groups Obtained Company Portal appx through internal process Deployed Company Portal as “Required” to User Collection during upgrade scenarios & maintain Company Portal reach

18 Obtained Company Portal ipa file through internal process Configured the Intune Connector with APN Certificate Created an internal website to host Company Portal install file Published deep linked applications to All Users and/or Security Groups Deployed Company Portal as “Required” to User Collection during upgrade scenarios & maintain Company Portal reach

19 NamePlatformInstallation Method Windows Intune Company PortalWindows 8.x (RT, x86/x64) IT Deployment - (push to NDJ devices/users at Microsoft; MSIT users should not install the Company Portal from store) Note: Public will download from Microsoft Store Windows Intune Company Portal for Windows Phone 8 Windows Phone 8IT Deployment - (Auto Install post enrollment) Note: Public will download from Microsoft.com Windows Intune Company Portal for iOS iOSDirect User Installation - (We get from Intranet site: http://issp at Microsoft because we are in CTiP, moving to Extranet site)http://issp Note: The public will get it from the App Store. Windows Intune Company Portal for Android AndroidDirect User Installation - (Evaluation in progress). Note: The public will get it from Google Play.

20

21

22

23 Simplified Administration Experience Advanced Modern Device Management

24 Self service of Modern Application publishing Rapid turnaround time from request time to deployment Reduction of Configuration Manager Administrative Overhead Remove manual provisioning and deployment errors IT DevCenter – application developer’s request portal Visual Studio 2012 Team Foundation Server System Center 2012 Orchestrator System Center 2012 R2 Configuration Manager cmdlets Custom PowerShell modules Active Directory cmdlets Publishing process that mimics the Windows Store process Use of scripts & templates to enforce standardization Reduce publishing time from 3 days to 6 hours Admins can focus on deployment errors rather than publishing 95% of app publishing work completed zero touch RequirementsTechnologyBenefits

25 Dev Center Assigns Task Orch. Runbooks wake on schedule Check TFS tasks waiting for Automation Update task Status “In Process” Create XML files from TFS Task Identify “Activity Type” Call Power Shell Modules Create, Deploy, Create & Deploy, Delete, Pause, Supersede Update Task Status Assigns Task to Dev Center Pre-Process Process App owner submits application to Dev Center

26

27 Security Policies - Settings Management

28 Setting Management at Microsoft IT UDM policies consistent with MSIT EAS policies Created password and encryption policies using pre-defined settings in CM Set the baseline for remediation to enforce Deployed the baseline to users Provided reports to Security Team for compliance status Setting Up Device Policies WPWinRT Windows iOS Device EncryptionTrueNot Supported Device PasswordEnabledNot Supported Enabled Allow Simple PasswordTrueNot Supported False Min Password Length46 (local only) 8 4 Max inactive time to lock15 mins 15 15 mins Max failed attempts before wipe 55 (local) 10 5 Password ExpirationNot configured70 days (local) 70 Not Configured Password History00 24 0 Min Complex Characters11 (local only) 1 0 Allow CameraNot configured Yes Maximum grace PeriodNot configured 3 Allow BrowserNot configured Yes Corp Policies

29

30

31

32

33

34

35

36

37 UDM Reports Marc Hurley

38 Unified Device Management Reports

39 ActionsLearnings New experience for users enrolling devices Helpdesk awareness on modern devices support Restrict access for Remote Wipe and Retire commands Monitoring external components like NDES and VPN servers Call out important apps to users Educated users with enrollment steps Created support documentation and trained helpdesk Use RBAC to control Remote Wipe and Retire access Work with VPN team to enable monitoring/reports Use Featured App function when publishing

40 WP App Signing Cert expired after 1 year Had to replace AET with new token Had to resign and republish applications No need to resign apps for WP8.1 Replaced Apple APN certificate Account used to obtain APN was user specific iTunes account Had to have all iOS devices un-enroll and re-enroll Enrollment certificate expiration happens every year on WP8 WP8 users need to respond and renew cert before expiration to keep enrollment intact WP8.1 will update the certificate automatically in the background Policies were targeted to devices instead of users Delay in getting security policies as devices had to register first Windows 8.x core OS does not support app Side Loading Users had to upgrade OS license to Windows 8.x Pro or Enterprise

41

42

43

44 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

45

46

47

Download ppt "Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on."

Similar presentations

People Centric IT Unified Device Management with SCCM + Windows Intune

People Centric IT Unified Device Management with SCCM + Windows Intune
Configuring SharePoint 2013 and Office 365 Hybrid – Part 1

Configuring SharePoint 2013 and Office 365 Hybrid – Part 1
Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.
Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA

Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA
Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.

Integrate into existing systems with PowerShell integration modules Extend by building PS modules to enable integrating into other systems Optimize.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Something special about Benjamin Session Objectives and Takeaways.

Something special about Benjamin Session Objectives and Takeaways.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
TFS WI PriorityPackaging/Test SLADeployment SLA PRI13 business days to UAT4 business hours PRI28 business days to UAT8 business hours PRI314 business.

TFS WI PriorityPackaging/Test SLADeployment SLA PRI13 business days to UAT4 business hours PRI28 business days to UAT8 business hours PRI314 business.
Windows Phone 8 device and app management Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation WPH205.

Windows Phone 8 device and app management Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation WPH205.
Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.

Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.
Howard A. Carter III Senior Consultant Microsoft Consulting Services

Howard A. Carter III Senior Consultant Microsoft Consulting Services
Www.NetComLearning.com Microsoft Windows 8.1 Enterprise: A brief overview of Microsoft Windows 8 Enhancements. Welcome!

Microsoft Windows 8.1 Enterprise: A brief overview of Microsoft Windows 8 Enhancements. Welcome!

Similar presentations

Ads by Google