Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /25/2017 9:57 AM

Published bySteven Hunt Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /25/2017 9:57 AM"— Presentation transcript:

1 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Microsoft Ignite 2015 4/25/2017 9:57 AM Windows 10 + Azure AD + Intune = desktop management and provisioning in the Cloud Daniel Bowbyes & Malcolm Jeffrey M368 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 CloudConsult Practice Lead
Microsoft Ignite 2015 4/25/2017 9:57 AM Malcolm Jeffrey Technical Trainer Auldhouse Daniel Bowbyes CloudConsult Practice Lead Datacom © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Dave OneDrive Office 365 Azure Dynamics Microsoft Ignite 2015
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 10 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Azure AD Join All staff in Dave's Azure AD can log in to the device
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure AD Join MDM All staff in Dave's Azure AD can log in to the device Set local administrators 10 Staff can be blocked from logging on to the device MDM enrolment of device can be enforced © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Intune Enrolment Apply Policy Settings to the device
Microsoft Ignite 2015 4/25/2017 9:57 AM Intune Enrolment Intune Apply Policy Settings to the device Push software down to the device 10 Report on the Health of the device against compliance Policies If needed wipe the device © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 OneDrive Office 365 Azure Intune Dynamics Microsoft Ignite 2015
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Azure AD Join OOBE Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Azure AD Join under the hood
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure AD Join under the hood © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 10 Azure Device Registration Service Microsoft Azure Active Directory
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Azure AD username and Password (+ MFA if enabled)
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Azure AD username and Password (+ MFA if enabled) Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Azure AD returns ADRS SSO Token, Local admin accounts and MDM URL’s
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Azure AD returns ADRS SSO Token, Local admin accounts and MDM URL’s Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Win 10 then performs a device registration against ADRS using token provided by Azure AD Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 ADRS writes a device object to Azure AD
Microsoft Ignite 2015 4/25/2017 9:57 AM ADRS writes a device object to Azure AD Azure Device Registration Service Microsoft Azure Active Directory Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 ADRS issues a device registration certificate to the client
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory ADRS issues a device registration certificate to the client Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 MDM URL’s passed to MDM Enrolment Agent
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory MDM URL’s passed to MDM Enrolment Agent Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 MDM Agent connects to Azure AD for SSO token to access MDM application
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory MDM Agent connects to Azure AD for SSO token to access MDM application Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Azure AD returns MDM SSO Token
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Azure AD returns MDM SSO Token Intune 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 MDM Agent uses SSO Token to start MDM enrolment
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Intune 10 MDM Agent uses SSO Token to start MDM enrolment © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 MDM enrols device and pushes down policy to Windows 10
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure Device Registration Service Microsoft Azure Active Directory Intune 10 MDM enrols device and pushes down policy to Windows 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Under the Hood – Azure AD Join
Microsoft Ignite 2015 4/25/2017 9:57 AM Under the Hood – Azure AD Join © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Single Sign On to Azure AD Federated Applications
Microsoft Ignite 2015 4/25/2017 9:57 AM Azure AD Join & Single Sign On to Azure AD Federated Applications © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Primary Refresh Tokens
Microsoft Ignite 2015 4/25/2017 9:57 AM Primary Refresh Tokens © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Dave authenticates to Azure AD as part of logon process
Microsoft Ignite 2015 4/25/2017 9:57 AM Microsoft Azure Active Directory Dave authenticates to Azure AD as part of logon process 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Primary Refresh Token (PRT)
Microsoft Ignite 2015 4/25/2017 9:57 AM Microsoft Azure Active Directory Primary Refresh Token (PRT) Returned by Azure AD and cached by Windows 10 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 10 Microsoft Azure Active Directory Office 365 Microsoft Ignite 2015
4/25/2017 9:57 AM Office 365 Microsoft Azure Active Directory 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Here is my PRT can I please have an SSO token for Office 365
Microsoft Ignite 2015 4/25/2017 9:57 AM Office 365 Microsoft Azure Active Directory Here is my PRT can I please have an SSO token for Office 365 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Your PRT checks out so here is the SSO token you have asked for
Microsoft Ignite 2015 4/25/2017 9:57 AM Office 365 Microsoft Azure Active Directory Your PRT checks out so here is the SSO token you have asked for 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Here is my Office 365 SSO token give me access please
Microsoft Ignite 2015 4/25/2017 9:57 AM Office 365 Microsoft Azure Active Directory Here is my Office 365 SSO token give me access please 10 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Under the Hood – Intune Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 I’M A DC I’M Azure AD Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Susan Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Microsoft Ignite 2015 4/25/2017 9:57 AM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Azure AD Connect SCCM Intune Hybrid Connection Microsoft Azure
Microsoft Ignite 2015 4/25/2017 9:57 AM Microsoft Azure Active Directory Intune Office 365 OneDrive Dynamics Azure AD Connect SCCM Intune Hybrid Connection Windows Server Active Directory System Centre Configuration Manager © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Username Primary Password Refresh Token PRT Username TGT
Microsoft Ignite 2015 4/25/2017 9:57 AM Microsoft Azure Active Directory Intune Office 365 OneDrive Dynamics Username Password Primary Refresh Token PRT Windows Server Active Directory TGT Username Password Kerberos Ticket System Centre Configuration Manager © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 SSO Token Kerberos Ticket PRT TGT Microsoft Azure Active Directory
Microsoft Ignite 2015 4/25/2017 9:57 AM Microsoft Azure Active Directory Intune Office 365 OneDrive Dynamics SSO Token Kerberos Ticket PRT Windows Server Active Directory TGT System Centre Configuration Manager © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Windows 10 with Policies Deployed
Microsoft Ignite 2015 4/25/2017 9:57 AM Windows 10 with Policies Deployed © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Windows 10 + Azure AD + Intune Desktop Management in the Cloud
Microsoft Ignite 2015 4/25/2017 9:57 AM Intune Windows 10 + Azure AD + Intune Equals Desktop Management in the Cloud © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Related Ignite NZ Sessions
1 5 Managing Windows 10 with Group Policy and Intune [M393] Fri 10:40am – NZ1 Devices Devices Devices! [M120] Fri 1:55pm – SkyCity Theatre 2 In-place Upgrade to Windows 10 Using New SCCM Tech Preview [M394] Fri 11:55am – NZ1 Find us later at… Malcyj-mct.blogspot.co.nz Blog.Bowbyes.co.nz Closing drinks Fri 3:00-4:30pm 3 Windows 10 Ask Me Anything [M265] Fri 1:55pm - Marlborough

45 Resources Microsoft Virtual Academy TechNet & MSDN Flash
4/25/2017 Microsoft Virtual Academy Resources TechNet & MSDN Flash Free Online Learning Subscribe to our fortnightly newsletter Sessions on Demand © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 Complete your session evaluation now and win! 4/25/2017 9:57 AM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

47 4/25/2017 9:57 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /25/2017 9:57 AM"

Similar presentations

Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.

Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.

Empower Enterprise Mobility. of employees use personal devices for work purposes.* of employees that typically work on employer premises, also frequently.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
Tim Vander Kooi Systems

Tim Vander Kooi Systems
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
30 Bad Habits of Server Administrators Orin Thomas M321.

30 Bad Habits of Server Administrators Orin Thomas M321.
Hybrid end-to-end: SPC339 – Monday 2pm Office 365 identity federation using Windows Azure and Windows Azure Active Directory: SPC411 – Tuesday 9am.

Hybrid end-to-end: SPC339 – Monday 2pm Office 365 identity federation using Windows Azure and Windows Azure Active Directory: SPC411 – Tuesday 9am.
M360 Directory Synchronisation & Authentication Deployment options: Skype for Business Online Skype for Business Server 2015 Skype for Business Hybrid.

M360 Directory Synchronisation & Authentication Deployment options: Skype for Business Online Skype for Business Server 2015 Skype for Business Hybrid.
Deploying, Organizing and Securing Applications with the Azure Resource Manager Emil Velinov Senior Program Manager, AzureCAT M391.

Deploying, Organizing and Securing Applications with the Azure Resource Manager Emil Velinov Senior Program Manager, AzureCAT M391.

Similar presentations

Ads by Google