Howard A. Carter III Senior Consultant Microsoft Consulting Services Enabling Mobile Device Management with System Center 2012 & Windows InTune Howard A. Carter III Senior Consultant Microsoft Consulting Services TechGate 2013 – Reston, VA September 21, 2013
Agenda What is Windows Intune? Windows Intune Configurations Windows Intune Capabilities Across Devices Settings Up an Intune Account Integrating with Configuration Manager 2012 Publishing Applications Enrolling Devices
Windows Intune Configurations Cloud-Only Configuration Unified Configuration
Cloud Management Capabilities Capability / Platform Windows 8 Windows 7, Vista, XP Windows RT Windows Phone 8 iOS Android Application management ü Endpoint Protection O Hardware Inventory Software Inventory ü1 Remote control ü3 Reporting Software updates Compliance settings ü2 1 = Managed applications only 2 = Compliance reporting but no remediation automation 3 = Via Remote Assistance
Unified Management Capabilities Capability / Platform Windows 8 Windows 7, Vista, XP Windows Embedded Windows To Go Mac OS Windows RT Windows Phone 8 iOS Android Application management ü Endpoint Protection O Hardware Inventory ü1 Software Inventory ü2 Remote control ü5 Reporting Software updates ü4 Compliance settings ü3 OS deployment N/A Out of band management Power management Software metering 1 = Basic information only through Exchange ActiveSync 2 = Managed applications only 3 = Compliance reporting but no remediation automation 4 = Device User has to accept the update 5 = Via Remote Assistance
Windows Intune Cloud Architecture CorpNet Internet x86 / x64 Windows 8 Windows 7 Windows Vista Windows XP Windows Phone 8 Windows RT Direct Management & App Publishing iOS EAS Policy & Inventory DirSync Android App Publishing Android
Windows Intune Unified Architecture CorpNet Internet x86 / x64 Windows 8 Windows To Go Windows 7 Windows Embedded Windows Vista Windows XP Mac Service Pack 1 x86 / x64 Windows 8 Windows 7 Windows Vista Windows XP EAS Policy & Inventory Windows Phone 8 Windows RT Direct Management & App Distribution iOS DirSync ADFS ADFS Proxy Active Directory Android Android App Distribution
Selection Considerations Scale of Solution Approx. Max of 5000 Users? Approx. Max of 100,000 Users? Current Infrastructure On-premise ConfigMgr? Something else? Required Feature Set Capabilities Supported Platforms
Roadmap | Integrating Configuration Manager 2012 with Windows Intune Sign up for Windows Intune account Synchronize your AD with Windows Azure AD Configure Intune Subscription in ConfigMgr Add Windows Intune Connector Setup MDM Properties Import Apps
DEMO TG13Demo.onmicrosoft.com Sign up for Intune Account (already done) Sync AD with Azure AD (already done) Configure Intune Subscription in ConfigMgr Install Windows Intune Connector Setup MDM Properties Add/Deploy Company Portal App
Managing the Mobile Device Lifecycle Enabling the user Enrolling the device Inventorying the device Installing applications Managing the device Retiring the device
Configuration Item Settings Password Require password on mobile devices Min password length Max password length Number passwords remembered Number failed logons before wipe Idle time before lock Password complexity Send password recovery PIN to Exchange Server Email management POP and IMAP Max time to keep email Allowed message formats Max size for plain text email Max size for HTML email Max attachment size Calendar synchronization Security Unsigned file installation Unsigned applications SMS and MMS messaging Removable storage Camera Bluetooth Windows RT VPN profile Profile file Profile name Profile for all users Peak Synchronization Specify peak time Start End Days of week Peak synchronization frequency Off-peak synchronization frequency All options enable you to remediate noncompliant settings and some have a reporting option
Configuration Item Settings Roaming Mobile device management while roaming Software download while roaming Email download while roaming Encryption Storage card encryption File Encryption on mobile device Require email signing Require email encryption Encryption algorithm Wireless Communication Wireless network connection Network name Network connection Authentication Data encryption Key index 802.1x settings EAP type Certificates Import Certificate File Destination store Role All options have a Remediate noncompliant settings option
Inventoried Management Properties Inventory Class Windows Phone 8 Windows RT iOS EAS Name Device_ComputerSystem.DeviceName Yes Unique Device ID Device_ComputerSystem.DeviceClientID Device_ComputerSystem.UDID Serial Number Not applicable Device_ComputerSystem.SerialNumber No Email Address Device_Email.OwnerEmailAddress Operating System Type Device_OSInformation.Platform CCM_OperatingSystem .SystemType Operating System Version Device_ComputerSystem.SoftwareVersion Win32_OperatingSystem.Version Device_OSInformation.OSVersion Build Version Win32_OperatingSystem.BuildNumber Service Pack Major Version Win32_OperatingSystem.ServicePackMajorVersion Service Pack Minor Version Win32_OperatingSystem.ServicePackMinorVersion Operating System Language Device_OSInformation.Language Total Storage Space Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity Free Storage Space Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity IMEI1 Device_ComputerSystem.IMEI MEID2 Device_ComputerSystem.MEID Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Model Device_ComputerSystem.DeviceModel Win32_ComputerSystem.Model ModelName Phone Number Device_ComputerSystem.PhoneNumber Subscriber Carrier Device_ComputerSystem.SubscriberCarrierNetwork Cellular Technology Device_ComputerSystem.CellularTechnology Wi-Fi MAC Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC 1 International Mobile Equipment Identity 2 Mobile Equipment Identifier
Demo Remember: Manage.Microsoft.com Creating a Mobile Configuration Baseline Enrolling a Device
Retiring Managed Mobile Devices Retire Block Delete Wipe Removes the device from Configuration Manager while leaving personal settings and data intact on the device. All data is deleted, sets device back to manufacturer's defaults Blocks the client from communicating with the hierarchy. You can also unblock clients. Deletes the mobile device permanently from the hierarchy so that it will not be further managed. No data from the device is removed. Once deleted, the user would need to unenroll and re-enroll again.
Listing Retirement Options by Device Function Windows Phone 8 Windows RT iOS Android (EAS) Retire Yes Line of business apps are uninstalled including the company portal app. User settings are retained Removes sideloaded keys and sideloaded apps no longer run. Installed apps will still run. installed apps will still run User settings are removed. Block Not available Wipe Exchange ActiveSync mailbox removal only Delete
Demo Wiping a Device
Additional resources Windows Intune Trial http://www.microsoft.com/en-us/windows/windowsintune/try.aspx Support Tool for Intune Trial Management of Window Phone 8 http://www.microsoft.com/en- us/download/details.aspx?id=39079# Microsoft Virtual Academy – Windows Intune Jumpstart http://www.microsoftvirtualacademy.com/training- courses/windows-intune-for-it-professionals-jump-start Microsoft Windows Intune Blog http://blogs.technet.com/b/windowsintune/ Microsoft System Center ConfigMgr Team Blog http://blogs.technet.com/b/configmgrteam/
QUESTIONS
Thank You techgate@hotmail.com An email will be sent to all attendees on Monday, September 23 announcing location of slides received from presenters.