Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing modern devices with System Center 2012 R2 Configuration Manager Niall Brady.

Published byAmos Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing modern devices with System Center 2012 R2 Configuration Manager Niall Brady."— Presentation transcript:

1 Managing modern devices with System Center 2012 R2 Configuration Manager Niall Brady

2 Agenda

3 Introduction

4 Cross-platform management

5 Enrollment of Mac OS X What do we need? Public Key Infrastructure (AD CS) Site server with Internet FQDN HTTPS-enabled Management Point HTTPS-enabled Distribution Point Enrollment Point and Enrollment Proxy Point Installation/Enrollment Terminal-based install (Console/SSH) – CM12SP1 Manual certificate enrollment Macclient.dmg file is part of ConfigmgrMacClient.msi User-driven GUI - SCCM 2012 R2

6 Application Management Native in ConfigMgr 2012 SP1 using CMMAC wrapper Use the CMAppUtil tool on a Mac to convert the Mac software into a Configuration Manager.cmmac file The CMMAC wrapper supports APP, PKG, MPKG, DMG Detection via Application Bundle ID and Package ID Deployment to Devices, not Users

7

8 ConfigMgr 2012 R2 + Windows InTune Mac OS X Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Windows RT, Windows Phone 8 iOS, Android

9 Options within ConfigMgr & Intune Over-the-air device enrollment Self-service Company Portal User-targeted app deployment Settings management Device inventory Remote device retirement Remote device wipe

10 Platform Support in ConfigMgr R2 OS PlatformManagement AgentEnd User Experience Windows 8.1 PC ConfigMgr Agent Or Management Agent(OMA-DM) Software Center/Application Catalog Windows Company Portal app Windows PC (Win8,Win7,Vista,XP) ConfigMgr AgentSoftware Center/Application Catalog Windows RTManagement agent (OMA-DM)Windows Company Portal app Windows Phone 8Management agent (OMA-DM)Windows Phone 8 Company Portal app iOSApple MDM ProtocolNative iOS Company Portal App AndroidAndroid MDM agent (OMA-DM)Native Android Company Portal App MacConfigMgr AgentLimited self service experience Linux/UnixConfigMgr AgentN/A

11

12 Management via ConfigMgr+ InTune

13 Device Enrollment Process Enrollment is done per device by the user Enrollment is done via Windows Intune, controlled by ConfigMgr InTune acts as cloud-based MP/DP

14 Device Enrollment Process in detail Get the company portal from the store Launch the app and Login with your credentials You’ll be presented with the company portal If your device is not enrolled yet an ‘i’ will appear

15 Device Enrollment Process Select your device, and click on Add device

16

17

18 What’s New in Mobile Device Inventory? * iOS – Apple MDM allows only inventory of MDM provisioned apps New global condition to differentiate app installs on corporate versus personal App Management Personal devices – Inventory of applications installed by ConfigMgr/Intune only Corporate devices – Complete inventory of all applications on the device* App inventory By default, user-enrolled devices are “Personal” Admin can specify corporate-owned devices Personal vs. Corporate Owned Devices

19 Resource Access Configuration Platforms Windows 8.1 Windows 8.1 RT iOS Android Benefits End users get access to company resources with no manual steps for them New Features* Configure networking profiles VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Management and distribution of certificates 19

20 VPN Profile Management Support for major SSL VPN vendors DNS name-based initiation support for Windows 8.1 and iOS Application ID based initiation support for Windows 8.1 Automatic VPN connection Support for VPN standards SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows Windows RT VPN plug-in PPTP,L2TP, IKEv2

21 Wi-Fi and Certificate Profiles Wi-Fi settings Manage and distribute certificates Deploy trusted root certificates Support for Security Center Endpoint Protection(SCEP) protocol Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection

22 Mobile Device Settings in ConfigMgr 2012 R2 * Subset of settings Note: Table applicable to direct MDM and not EAS CategoryWin 8.1 PC & RTWP8iOSAndroid VPN Wi-Fi Certificates Password (*) (*) Device restrictions (*) (*) Email Store access Browsers (*) Content Rating Cloud Synch (*) Encryption (*) Security (*) Roaming (*) Windows Server Work Folders

23

24 Selective Wipe

25 Selective Wipe new in R2 CategoryWindows 8.1 (x86/RT OMA-DM managed) Windows 8 RTWindows PhoneiOSAndroid Full Wipe Selective Wipe Email (Email through EAS) Corporate Apps (from ConfigMgr / Intune) (Uninstalled + sideloading key removed) Sideloading key removed VPN and Wifi Profiles CertificatesRevoked on serverN/ARevoked on server SettingsPolicy enforcement is removed Management Agent N/A. Built into OS Management profile removed “Device administrator” privilege is revoked Corporate App Data Data remains encrypted if app is EFS aware App container removed during uninstall

26 Unified Device Management Recap UnregisteredRegisteredMDM EnrolledFully Managed Publish email to users (EAS)Yes Publish work folders to usersYes Conditional access based on user, device, locationBlock device onlyYes Audit logging and monitoringYes Unified Device ManagementYes Unified Application ManagementYes Selective data wipeYes Compliance reportingYes Group Policy and login scriptsYes OS deployment and imagingYes Configuration managementYes Patch managementYes Anti malware managementYes Full application managementYes BitLocker managementYes

27

28

Download ppt "Managing modern devices with System Center 2012 R2 Configuration Manager Niall Brady."

Similar presentations

User and Device Management Tomáš „Kanty“ Kantůrek

User and Device Management Tomáš „Kanty“ Kantůrek
People Centric IT Unified Device Management with SCCM + Windows Intune

People Centric IT Unified Device Management with SCCM + Windows Intune
2 Agenda Introductions – Kathleen Wetherell Introduction of the Enterprise Mobility Suite– Kathleen Wetherell Overview of Microsoft’s Intune with Product.

2 Agenda Introductions – Kathleen Wetherell Introduction of the Enterprise Mobility Suite– Kathleen Wetherell Overview of Microsoft’s Intune with Product.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA

Managing and Securing Devices using Exchange, System Center, and Intune LAWRENCE NOVAK MICHAEL INDENCE DMVMUG Reston, VA
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Meraki Mobile Device Management

Meraki Mobile Device Management
Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
For company-owned smartphones, only 55% of decision-makers say that their company has security policies and sufficient tools. The situation for employee-owned.

For company-owned smartphones, only 55% of decision-makers say that their company has security policies and sufficient tools. The situation for employee-owned.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Microsoft Ignite /16/2017 3:59 PM

Microsoft Ignite /16/2017 3:59 PM
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.

Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
System Center 2012 R2 Configuration Manager with Windows Intune Product Overview Tomáš „Kanty“ Kantůrek.

System Center 2012 R2 Configuration Manager with Windows Intune Product Overview Tomáš „Kanty“ Kantůrek.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Similar presentations

Ads by Google