3. Microsoft NDA Confidential

5. Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere Controlled access to data with seamless authentication

7. Devices & Platforms Single admin console

8. Microsoft NDA Confidential

9. New Platforms Windows RT Windows Phone 8 iOS (5.x, 6.x) Android (2.1 and later)* Features fully integrated in to ConfigMgr Over the air device enrollment* Available user targeted applications User and device settings management* Device inventory* Remote device retirement* Remote device wipe* *Android features supported through the Exchange Connector only

11. Microsoft NDA Confidential

18. Not required but strongly recommended!

19. Microsoft NDA Confidential

24. PlatformCertificates or keysHow you obtain Windows Phone 8 Code signing certificate: All sideloaded apps must be code- signed. Buy a code signing certificate from Symantec http://www.symantec.com/verisign/code-signing/windows-phone Windows RT Sideloading Keys: Windows RT devices have to be provisioned with sideloading keys to enable installation of sideloaded apps. All sideloaded apps must be code-signed. Buy sideloading keys from Microsoft, link below has more details http://technet.microsoft.com/en-us/library/hh852635.aspx iOS Apple Push Notification service certificate To enable app management for iOS, you must follow these steps. 1.Download a Certificate Signing Request from Windows Intune. This certificate signing request lets you apply to Apple’s certification authority for an Apple Push Notification service certificate. 2.Request an Apple Push Notification service certificate from the Apple website. To Download a Certificate Signing Request from Windows Intune In the Configuration Manager console, click Administration. In the Hierarchy Configuration, right-click Windows Intune Subscriptions and select Create APNs certificate request. Select a location and then click Download. In the Windows Intune sign in page, enter your organizational account and password. After you sign in, the certificate signing request is downloaded to the location that you specified. To request an Apple Push Notification service certificate Connect to the Apple Push Certificates Portal.Apple Push Certificates Portal Sign in and continue in the wizard. AndroidNone

26. Set up device enrollment for mobile devices Set up Direct Management for Windows RT Mobile Devices Learn how to set up automatic detection for a Windows Intune enrollment server and obtain and add product activation sideloading keys to enable users to install line-of-business applications on their Windows RT devices. Set up Direct Management for Windows RT Mobile Devices Set up Direct Management for Windows Phone 8 Mobile Devices Learn how to set up automatic detection for a Windows Intune enrollment server, and how to download and sign the Company Portal app so that you can make it available to users. The Company Portal app enables you to distribute applications and web links to users with Windows Phone 8 devices. Users can access and install the Company Portal app when they enroll their Windows Phone 8 devices. Set up Direct Management for Windows Phone 8 Mobile Devices Set up Direct Management for iOS Mobile Devices Learn how to download a certificate signing request from Windows Intune so that you can apply to Apple’s certification authority for an Apple Push Notification Service (APNs) certificate. Configuration Manager with Windows Intune uses the APNs to maintain persistent communications with iOS devices. Set up Direct Management for iOS Mobile Devices

29. Microsoft NDA Confidential

33. People Centric IT Come to Booth 1 in the Expo Hall for your chance to win a Surface RT bundle worth $699 Answer four questions correctly and you’ll be entered in our prize draw. Draw will take place at 4pm on April 10 2013 NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules

35. Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com. Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

74. All Identities and group memberships flow down to Intune via Sync Daemon 1.User identities and SGs are created / modified in AD 2.DirSync delta syncs on-prem userid (no pwd) to MSODS every 3 hours 3.Federation between on-premise AD and Org ID allowing users to use their on prem username and pwd to login 4.All Identities and group memberships flow down to Intune via Sync Daemon To learn more about ADFS, design and deployment visit Windows Server ADFS homepage and Preparing for single sign on.Windows Server ADFS homepagePreparing for single sign on For more details on AD Directory Synchronization visit Directory Synchronization roadmap.Directory Synchronization roadmap For details on attributes Dirsync’d see this KBKB Identity Services On Premise Infrastructure AD MS Online Directory Sync (DirSync) Provisioning platform Windows Intune SharePoint Online Exchange Online Active Directory Federation Server 2.0 Trust IdP Directory Store Admin Portal/ PowerShell Authentication platform IdP Microsoft Online Services

75. The following illustration and corresponding steps provide a description of the client application request process in AD FS using TLS/SSL. 1.The remote employee uses the Web browser to open the application on the AD FS-enabled Web server. 2. The AD FS-enabled Web server refuses the request because there is no AD FS authentication cookie. The AD FS-enabled Web server redirects the client browser to sign-in on the resource federation server. 3. The client browser requests the logon Web page from the resource federation server. 4. The Web page on the resource federation server prompts the user for account partner discovery. 5.The resource federation server redirects the client browser to the logon Web page on the account federation server proxy. 6.The Web browser requests the logon Web page from the account federation server proxy.

76. Microsoft NDA Confidential Microsoft.NET Framework 3.5 (reboot) and Microsoft Windows PowerShell™ v1.0 (no reboot) Not a domain controller Domain-joined machine DirSync can synchronize from source forests running the following versions of Windows Server: Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows Server 2000 Microsoft SQL Server ® 2008 R2 Express Microsoft Identity Lifecycle Manager 2007 (version created specifically for Microsoft Online) No customer purchase beyond providing a server Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2003 SP2 Supported Operating SystemsPrerequisites Source Forest SynchronizationSingle file download To learn more about ADFS, design and deployment visit Windows Server ADFS homepage and Preparing for single sign on.Windows Server ADFS homepagePreparing for single sign on For more details on AD Directory Synchronization visit Directory Synchronization roadmap.Directory Synchronization roadmap For details on attributes Dirsync’d see this KBKB