1. Microsoft Virtual Academy
Free, online, technical courses
Take a free online course.

2. Administration for Going Mobile Tommy Patterson Sr
Administration for Going Mobile Tommy Patterson Sr. Technical Evangelist Microsoft Corporation
Simon May Sr. Technical Evangelist Microsoft Corporation
Microsoft Virtual Academy

3. End-user experience
Consistent self-service experience for users across mobile platforms
Windows RT
Company Portal
Windows Phone 8
Company Portal
iOS
Company Portal
Native Windows app
Available in the Windows Store
Native Windows Phone 8 app (.xap)
Sideloaded during enrollment
Native iOS application
Available in the Apple App store

4. End-user capabilities for each platform
Windows 8 &
Windows 8.1
Windows RT & Windows RT 8.1
Windows Phone 8
iOS
Android
Enroll (local device)
Yes
Exchange ActiveSync
Rename devices No
Retire (un-enroll local device)
Remotely wipe other devices
Install enterprise LOB apps
Install publicly available apps
yes
Browse to web links
Contact IT

5. Mobile device inventory
Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync.
No software inventory for mobile devices to respect the information worker’s privacy on their own device.
IT pros can track storage on mobile devices, which helps them anticipate and troubleshoot issues.

6. Settings management
Security policy on devices (iOS, Windows RT, and Windows Phone 8) direct management and Exchange ActiveSync
Recommendation: Manage policy through only one management authority.
Reporting available on each setting whether it is applicable, conformant, or has an error
The same security policy template is used for both direct management and Exchange ActiveSync to help admins
Android and Windows Phone 8 devices can be managed through Exchange ActiveSync

7. Application management on mobile devices
Platforms
Windows 8/ Windows RT
Windows Phone 8
iOS
Android
Sideload to install
*.appx
*.xap
*.ipa
*.apk
Deeplinks to store apps: Install from store

8. Software distribution summary
Platform
Desktop apps
(.msi, .exe)
Modern app types
Sideloading
Deep- links
Web apps
.appx
.xap
.ipa
.apk
Windows 8.1 Pro and Enterprise √
Windows RT **
iOS
Android
Windows Phone 8
Windows 7 and earlier **
Windows 8.1 self-service portal on Windows RT will show .msi/.exe apps that can remotely install to other PCs linked to the user but are not installable on the local Window RT device

9. Protect your data Help protect corporate information and manage risk
Lost or Stolen
Retired
Lost or Stolen
Enrollment
Selective wipe removes corporate applications, data, and policies based as supported by each platform
Full wipe if supported by each platform
Can be executed by IT or by user via Company Portal
Sensitive data or applications can be kept off device and accessed via Remote Desktop Services
Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.
Personal Apps and Data
Personal Apps and Data
Company Apps and Data
Company Apps and Data
Company Apps and Data
Retired
Personal Apps and Data
Centralized Data
Remote App
Remote App
Remote App
Policies
Policies
Policies
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with Virtual Desktop Infrastructure and RemoteApp technologies.

10. Recap: MDM features per platform
Management feature
Windows RT
Windows
Phone 8
iOS
Android
Over-the-air enrollment Y
Inventory
Settings management
Software distribution
Remote wipe

11. Comparing the Windows Intune and Exchange Server connectors
Management functionality
Windows Intune connector
Exchange Server connector
App management/deployment ü O
Public Key Infrastructure security between the mobile device and Configuration Manager
Discovery
Hardware inventory ü1
Software inventory ü2
Settings, configuration items, and baseline ü3
For Windows RT, Windows Phone 8, and iOS
Through reporting
Both Exchange ActiveSync and Windows Intune use the same security template for their settings

12. Requirements for managing mobile devices through Windows Intune
Ensure that prerequisites are available
Plan Domain Name System (DNS), domains, and user principle names (UPNs)
Run the Office 365 Deployment Readiness Tool
Enable single sign-on (SSO) with Active Directory Federation Services (AD FS; optional)
Synchronize Active Directory with Windows Azure Active Directory
System Center 2012 R2 Configuration Manager environment
Connection from the System Center site server to the Internet
Windows Intune organizational account
MDM certificates or keys

13. Planning domain, DNS, and UPN management
Active Directory
Windows Azure AD
Domain name
contoso.com
Default domain
contoso.onmicrosoft.com
Default UPN suffix
@contoso.com
Accounts created as
@contoso.onmicrosoft.com
Directory synchronization
Tony Allen
Tony Allen
User name and UPN must match
Recommended option
Alternative approach
Add external
domain
Add UPN suffix to Active Directory
contoso.com
contoso.onmicrosoft.com
Synchronise with
Change UPNs to
Map enterpriseenrollment.contoso.(onmicrosoft.)com to enterpriseEnrollment.manage.microsoft.com (CNAME)
Create a DNS alias

14. Registering and enrolling devices
Users can enroll devices, which configures the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate apps.
Data from Windows Intune is synced with Configuration Manager, which provides unified management both on premises and in the cloud.
Active Authentication
Active Directory
AD FS
Users can register Bring Your Own Device for SSO and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device.
Web Application Proxy
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the user’s identity. Multi-Factor Authentication can be used through Windows Azure Active Authentication.
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and the device.

15. What’s new in mobile device inventory?
Personal vs. corporate-owned devices
App inventory
App management
By default, user-enrolled devices are “personal”
Admin can specify corporate-owned devices
“Compromised” device detection.
Personal devices. Inventory only apps installed by Configuration Manager or Windows Intune
Corporate devices. Complete inventory of all apps on the device*
New global condition to differentiate app installations on corporate vs. personal devices
* Inventory capability varies by device platform

16. Mobile device settings in Configuration Manager
Category
Windows 8.1 and Windows RT 8.1
Windows Phone 8
iOS
Android
Virtual private network (VPN) 
Wi-Fi
Certificates
Password
(*)
 (*)
Device restrictions
Store access
Browsers
Content rating
Cloud sync
Encryption
Security
Roaming
Windows Server Work Folders
* Subset of settings Note: Table applicable to direct MDM, not Exchange ActiveSync

17. VPN profile management
Support for major SSL VPN vendors
Support for VPN standards like PPTP, L2TP, IKEv2
Automatic VPN connection
SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5
Subset of vendors have Windows RT VPN plug-in
DNS name-based initiation support for Windows 8.1 and iOS
Application ID–based initiation support for Windows 8.1

18. Wi-Fi and certificate profiles
Wi-Fi settings
Manage and distribute certificates
Manage Wi-Fi protocol and authentication settings
Provision Wi-Fi networks that device can auto-connect
Specify certificate to be used for Wi-Fi connection
Deploy trusted root certificates
Support for the Security Center Endpoint Protection (SCEP) protocol

19. Work Folders Sync files and data across devices
Configuration Manager and Windows Intune support
New feature in Windows 8.1 and Windows Server 2012 R2
New settings to help provision the Work Folders discovery settings
Self-service portals have links to Work Folders

20. TechNet Virtual Labs
Deep technical content and free product evaluations
Hands-on deep technical labs
Free, online, technical courses
At the TechNet Evaluation Center you can download free, trial versions of Microsoft software, with no feature limits. Dozens of trials are available – all at no cost.
Try Windows Server 2012 for up to 180 days. Download the Windows 8 Enterprise 90-day evaluation. Or try Windows Azure at no-cost for up to 90 days.
Microsoft Hands On Labs offer virtual environments that will take you through guided, technically deep product learning experience.
Learn at your own pace in labs that you can complete in 90 minutes or less. There is no complex setup or installation is required to use TechNet Virtual Labs.
Microsoft Virtual Academy provides free online training on the IT scenarios that are important to your company and your career.
Learn at your own pace and boost your IT skills with over 100 courses across more than 15 Microsoft technologies including Windows Server, Windows 8, Windows Azure, Office 365, virtualization, Windows Phone, and more.
Download Microsoft software trials today.
Find Hand On Labs.
Take a free online course.
Technet.microsoft.com/evalcenter
Technet.microsoft.com/virtuallabs
microsoftvirtualacademy.com

21. 5/22/2018 6:37 PM
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.