Managing Devices in the Enterprise: From EMS zero to Hero in only 60 minutes Ken Goossens Herman Arnedo Mahr
#ITProceed Managing Keduco Services City, Country Ken Goossens Copenhagen, Denmark Ghent Services Enterprise Client Management Solution Engineer Consultant and a Certified Trainer 10 years IT Pro Crew Member of System Center User Group Belgium Administrator of
#ITProceed Managing Keduco Services City, Country Herman Arnedo Mahr Copenhagen, Denmark Ghent Proud MCT Since 2003 Secure Infrastructure Consultant WECP – Client Solutions System Management consultant since 2001 MCT Regional Lead –
Special thanks to our sponsors
Session Objectives Understand Microsoft EMS Setup your EMS demo infrastructure – Azure Active Directory Premium – Microsoft Intune – Azure RMS BE a hero in 60 minutes and then a Super Hero…
Enterprise Mobility Suite Easily manage identities across on-premises and cloud. Single sign-on and self-service for corporate resources. Azure Active Directory Premium Unify identity Manage apps and devices Protect data Microsoft Intune Azure Rights Management Manage and protect corporate apps and data on almost any device with MDM and MAM. Encryption, identity, and authorization policies to secure corporate files and across phones, tablets, and PCs.
Security reports, audit reports, multi-factor authentication Self-service password reset and group management Single sign-on to over 2,400 popular SaaS applications Information protection Document trackingBring your own key Mobile device settings management Mobile application management with Office mobile apps Conditional access and selective wipe Enterprise Mobility Suite Active Directory Premium Rights Management
Self-service Single sign on Itproceedx.com Username On-premises Simple connection Azure Active Directory ITProceedx.onmicrosoft.com Public Cloud Office 365 Intune RMS Azure ITProceedx.local Windows Server Active Directory
Demo Pre-requisites Azure Subscription Legacy AD Buy a new Public Domain Next Steps Create Azure Active Directory Premium Add a Custom Domain to improve SSO Experience Integration with Local Active Directory Customize Branding Assign EMS Licenses
Phone callMobile appSingle-use codes SMS “ ” cloudOn-premises
Mobile application management PC managementMobile device management IT User Microsoft Intune Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
Enroll Provide a self-service Company Portal for users to enroll devices Deliver custom terms and conditions at enrollment Bulk enroll devices using Apple Configurator or service account Restrict access to Exchange if a device is not enrolled Retire Revoke access to corporate resources Perform selective wipe Audit lost and stolen devices Provision Deploy certificates, , VPN, and WiFi profiles Deploy device security policy settings Install mandatory apps Deploy app restriction policies Deploy data protection policies Manage and Protect Restrict access to corporate resources if policies are violated (e.g., jailbroken device) Protect corporate data by restricting actions such as copy, cut, paste, and save as between Intune-managed apps and personal apps Report on device and app compliance User IT
ConfigMgr integrated with Intune (hybrid)Intune standalone (cloud only) Mobile devices and PCs Intune web console System Center Configuration Manager Mobile devicesDomain joined PCs Configuration Manager console IoT/Kiosk devices
Demo Enable Workplace Join & auto Enrolment with Microsoft Intune Set Mobile Management Authority – Intune Cloud Only Available Mobile Platforms Setup iOS Devices - Apple Push Notification Certificate
SharePoint Online Exchange Online User Microsoft Intune IT SharePoint Online Exchange Online User Microsoft Intune IT
Demo Configure a Compliance Policy Enable Conditional Access Enroll a device with conditional Access – (optional)
MANAGED MOBILE PRODUCTIVITY Managed apps Personal apps Managed apps Corporate data Personal data Multi-identity policy Personal apps Managed apps Copy Paste Save Save to personal storage Paste to personal app attachment
Personal apps Managed apps Perform selective wipe via self- service company portal or admin console Remove managed apps and data Keep personal apps and data intact IT
Demo Selective Wipe (Optional)
Data protection at the file layer Document tracking Access control Data encryption Share internallyShare externally z On any device Authentication and collaboration
Vendor 2 Azure Rights Management ! Sender Vendor Username Password Username Password
Sharing documents securely Use Microsoft Azure RMS to securely share documents with colleagues and business partners
Getting notifications for document use opened RMS blog post – Aug2014.docx.pdf was denied access to BudgetWithCharts.xlsx.pdf was denied access to BudgetwithCharts.xlsx.pdf
Demo Prerequisites RMS1 Computer with Office RMS2 Computer with Office Next Steps Data Encription Access Control Tracking Print Screen
Belgiums’ biggest IT PRO Conference