Presentation is loading. Please wait.

Presentation is loading. Please wait.

11/20/2018 7:37 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

Published byKory Carr Modified over 5 years ago

Similar presentations

Presentation on theme: "11/20/2018 7:37 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or."— Presentation transcript:

1 11/20/2018 7:37 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 11/20/2018 7:37 AM Deploying System Center 2012 Configuration Manager SP1 With Windows Intune Arun Ramakrishnan: Service Engineer Karthik Jayavel: Service Engineer Microsoft UD-B311 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Session Objectives And Takeaways
Share Microsoft IT’s experiences with implementing Bring Your Own Device (BYOD) culture with the help of System Center 2012 SP1 and Windows Intune Takeaway Learn from our experience Understand the intricacies of managing a user’s personal device How to win over users with Line of Business applications on their devices and protect corporate data from being compromised at the same time

4 Who is This Session Designed For
People with a basic understanding of System Center 2012 Configuration Manager and a familiarity with Windows Intune Interested in walking through Setting up the connector between ConfigMgr and Intune Distribute applications and policies to modern devices like Windows Phone 8 and RT Reporting on devices accessing corporate applications

5 Solution Overview at Microsoft IT
Managing Devices at Microsoft Goals Avoid additional hardware investment and network design complexity Means to safeguard BYOD assets & access LOB apps Management support for Windows 8 and heterogeneous devices Single pane of glass for administration , deployment & reporting Solution Benefits Of Adopting Unified Solution Unified Device Management System Center 2012 SP1 Configuration Manager Windows Intune Better with Both Native management of modern devices Ability to provide users access to apps and data while maintaining security Allows end users to connect from anywhere No additional infrastructure required

6 Device Scope @ Microsoft IT
Windows 8 Challenges for Heterogeneous devices @ Microsoft IT Surge in Windows RT and Windows Phone 8 population Limited LOB apps for iOS Lack of LOB apps for Android Heterogeneous Devices Android Out of Scope

7 Intune Subscription in Configuration Manager

8 Prerequisites for Connector Setup (1 of 2)
What you need to know Worked with Microsoft Online Directory Services to provision Intune services for Microsoft IT Tenant Performed User discovery for the entire Microsoft corporate forest Setup DNS redirection for enterpriseenrollment.microsoft.com to the Intune environment Directory Sync to synchronize AD data and ADFS setup for single sign on. This depends on how wide you want to eventually open up BYOD in your environment DNS redirection for enterpriseenrollment.<yourcompany>.com will be needed

9 Pre-requisites for Connector Setup (2 of 2)
What you need to know Window Phone 8 code signing certificate Windows RT code signing certificate and side loading key iOS Apple push notification certificate Collaboration with other teams for dependencies Has to be a Verisign certificate. Work with your app/security team Purchase side loading key from volume license center Generate request from Configuration Manager console and certificate from apple's portal AD Team – Dirsync and ADFS 2.0 App Team – Verisign Certificate Security Team – Policy definition

10 Unified Device Management Architecture
Microsoft Corp Microsoft Cloud Services Built ConfigMgr SP1 Standalone Environment Virtual Primary Site in Corp Domain 12GB, 4 Proc PS and 24 GB, 4 Proc SQL Server Active Directory Federation Server 2.0 1 AD MSODS MS Online Directory Sync (DirSync) Performed User Discovery for Entire Corp Forest 2 User Discovery corp domains MSODS team provisioned Intune Services for Microsoft IT Tenant and set up services Admin 3 Intune Subscription Setup DNS redirection for enterpriseenrollment.Microsoft.com to Intune Beta environment Windows Intune Primary Site 4 Connector Site role Apply device specific certificates: Windows Phone 8 code signing cert Windows RT code signing cert & sideloading iOS Apple push notification cert SQL Server 5

11 Unified Device Management Infrastructure @ Microsoft IT
MS Online Directory Services (MSODS) AD Active Directory Federation Server 2.0 Infrastructure 6 Primary Sites 13 Secondary Sites 250 Distribution Points User Discovery corp domains MS Online Directory Sync (DirSync) PCs & Devices ~300,000 clients ~125k mobile devices Intune Subscription Users ~98k FTEs ~82k Vendors Connector Site role Device Mgmt. Site Redmond Site 1 75k Clients Redmond Site 2 75k Clients North & South America 35k Clients Europe, MidEast, Africa 40k Clients Australia & Asia 75k Clients

12 Demo – Cloud sync monitoring
11/20/2018 7:37 AM Demo – Cloud sync monitoring Arun Ramakrishnan © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Cloud User Sync - Behind the Scenes (1 of 2)
Cloudusersync.log has information on the number of users licensed for enrolling devices There is a delta sync every 5 minutes only updating information for users removed or added to ConfigMgr collection

14 Cloud User Sync - Behind the Scenes (2 of 2)
CloudUserID field in User_Disc table in Configuration Manager database will help you identify if users are licensed User not licensed to enroll device User previously licensed but not a member of device management collection anymore Non-zero guid indicates user is licensed to enroll device

15 Recommendations Additional components to monitor
DMP Uploader – Policy changes flow from ConfigMgr to Intune DMP downloader – Policy and data flow from Intune to ConfigMgr Cloud user sync – User collection in ConfigMgr to be licensed in Intune Delta user discovery and fast collection Sync frequency: default of 5 minutes Developed custom report for user license status

16 Device Enrollment and Company portal
11/20/2018 7:37 AM Device Enrollment and Company portal Karthik Jayavel © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Beta Rollout summary Windows Phone 8 Windows RT Devices Enrolled
140 35 Devices Enrolled 9 12 LOB apps published 1 2 Deep linked apps 24,000 19,000 Rollout plan

18 Windows Phone 8 Enrollment
Objectives Better user Experience Easy for users to install Less user intervention Get users productive quickly Seamless Company Portal installation Receive first hand user experience feedback Implementation Developed Enrollment guide for users Sent mail communication for enrollment initiation Collected feedback using distribution list

19 Windows Phone 8 Enrollment
Results Better user Experience Single sign-on let users to enroll using corp credentials Easy to enroll notification and concise user guides with visuals made enrollment easy Seamless Company portal installation Company portal installed silently soon after enrollment Get users productive quickly Device enrollment process took less than a minute

20 Demo – WP8 Enrollment and Company Portal
11/20/2018 7:37 AM Demo – WP8 Enrollment and Company Portal Karthik Jayavel © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 WP8 Enrollment

22 Windows Phone 8 Company Portal
Worked with App provisioning team for apps and signing process Signed Apps and Company Portal before publishing Categorized apps as per MSIT App team standards Apps deployed to “Cloud sync” user collection as “Available” Security groups used for targeted deployment to set of users

23 Lessons Learned Windows Phone 8
What was learned Removed duplicate UPNs by exclusion collection Backend logs available on Intune side Created FAQ docs and smart guides for users Troubleshooting logs can be collected from the company portal itself On-demand Portal install or User initiated Portal uninstall needs re-enrollment How we learned Duplicate UPNs in different domains caused cloud user sync failure Log gathering for enrollment failures escalated by users Repeated set of questions from users after device enrollment Portal login issues investigation Uninstallation of portal by some users raised the concern for diverse portal reinstall methods

24 Windows RT @ Microsoft IT
Windows RT Enrollment No need to license users separately for Windows RT Side loading keys once provisioned are automatically dispensed with enrollment User experience for enrollment same as Windows Phone 8 Company Portal installed as a required app Company Portal App Publishing Utilized Microsoft Root CA as part of subscription Published Windows 8 modern apps compatible for Windows RT Deep linked apps from MS Store

25 Demo – Certificate enrollment for RT apps
11/20/2018 7:37 AM Demo – Certificate enrollment for RT apps Karthik Jayavel © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Windows RT Certificate Setting
Import Enterprise code signing certificate in the Windows RT setting in the subscription wizard

27 Lessons Learned Windows RT
Every re-enrollment of RT devices uses one side loading key Company Portal user experience in WinRT different from WP8 can result in user support calls User initiated un-enrollment does not remove Company Portal Backend Intune logs for enrollment and Company Portal troubleshooting Expected delay in Win RT policy refresh due to once a day maintenance window

28 Settings Management Karthik Jayavel 11/20/2018 7:37 AM
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Goals For Setting Management
Safeguard users device Set proper control for accessing Corp Data Avoid annoying users with draconian settings

30 Setting Management at Microsoft IT
WinRT iOS Device Encryption True Not Supported Device Password Enabled Allow Simple Password Min Password Length 4 5 (local only) Max inactive time to lock 15 mins Max failed attempts before wipe 5 5 (local) Password Expiration Unlimited 70 days (local) Password History Min Complex Characters 1 1 (local only) WP8 UDM policies consistent with MSIT EAS policies Added enrolled devices to target collection using Agent Edition property in system_disc Created password and encryption policies using pre-defined settings in CM Set the baseline for remediation to enforce Setting Up Device Policies Corp Policies

31 Demo -Settings Management
Karthik Jayavel

32 Policy Settings in Microsoft IT

33 Configuring Enforcement Policies

34 Using Device Retire Retired all devices from console after dogfooding in MSIT Device record automatically deleted from CM after retirement Defining an RBAC role to limit access to Wipe and Retire Factory default Mail connection removed Un-enrolls from service Removes Company Portal Removes apps and settings Side-loaded LOB apps do not run Wipe Retire Windows Phone 8 Windows RT

35 Unified Device Management Reports
11/20/2018 7:37 AM Unified Device Management Reports Karthik Jayavel © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Unified Device Management Reports
Created custom reports for device inventory and user licensing status App installation reports are same as App model reports and ICM Settings Management reports provide policy enforcement status and in ICM

37 In-console Monitoring

38 Best Practices Identified at Microsoft IT
Learnings Actions New experience for users enrolling devices Helpdesk awareness on modern devices support Common escalations from users through Providing status on unified device management for our stakeholders Educated users with enrollment steps Created support documentation and trained helpdesk Generated and shared FAQ document Creating custom dashboard from ConfigMgr for better visibility

39 In Review: Session Objectives And Takeaways
Show how ConfigMgr and Intune helped MSIT users to access corporate applications from their devices Share how you can enforce corporate security policies on Devices accessing Corporate Applications Key Takeaways Straightforward process to maximize value from implementing Unified Device Management Enforcing Corporate Security is simple by using settings and policy features Reports specifically for managed devices to track devices accessing corporate data and status of policy enforcement

40 We want to hear from you! Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

41 Access MMS Online to view session recordings after the event.
Resources Access MMS Online to view session recordings after the event.

42 11/20/2018 7:37 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "11/20/2018 7:37 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or."

Similar presentations

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Something special about Benjamin Session Objectives and Takeaways.

Something special about Benjamin Session Objectives and Takeaways.
UD-B305 Features and Solutions Used User Centric Application Delivery Macintosh Client Management Orchestrator Runbooks Software Update Point List.

UD-B305 Features and Solutions Used User Centric Application Delivery Macintosh Client Management Orchestrator Runbooks Software Update Point List.
Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on.

Solution Benefits Of Adopting Unified Solution Goals Management support for Windows 8.x and heterogeneous devices Improve user productivity on.
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.
Service Pack 2 System Center Configuration Manager 2007.

Service Pack 2 System Center Configuration Manager 2007.
Recording Brief EMS Partner Bootcamp Variables Values Module Title

Recording Brief EMS Partner Bootcamp Variables Values Module Title
Deployment Planning Services

Deployment Planning Services
Tech Ed North America 2010 5/18/2018 1:18 PM Required Slide

Tech Ed North America /18/2018 1:18 PM Required Slide
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Virtual Academy

Microsoft Virtual Academy
5/28/2018 9:16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

5/28/2018 9:16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
6/2/2018 3:13 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

6/2/2018 3:13 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
Microsoft Virtual Academy

Microsoft Virtual Academy
Deployment Planning Services

Deployment Planning Services
Exam Prep : Section 2: Design for Device Access and Protection

Exam Prep : Section 2: Design for Device Access and Protection
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Ignite 2016 7/18/2018 8:30 PM BRK2065

Microsoft Ignite /18/2018 8:30 PM BRK2065

Similar presentations

Ads by Google