Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unified Device Management with Windows Intune Andras Khan Microsoft Western Europe HQ.

Published byJuniper Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "Unified Device Management with Windows Intune Andras Khan Microsoft Western Europe HQ."— Presentation transcript:

1 Unified Device Management with Windows Intune Andras Khan Microsoft Western Europe HQ

2 | Basel Modern Device Management with System Center Config Manager and Intune Andras Khan Solution Sales Professional Microsoft Western Europe

3 Today’s challenges Users expect to be able to work in any location and have access to all their work resources. The explosion of devices has eradicated the standards based approach to corporate IT. Deploying and managing applications across platforms is difficult. UsersDevicesAppsData Enabling users to be productive while maintaining compliance and reducing risk.

4 People-centric IT Empower users Allow people to work on the device of their choice and provide consistent access to corporate resources. Unify your environment Deliver a unified application and device management on-premise and in the cloud. Protect your data Help protect corporate information and manage risk. Users Devices Apps Data Management. Access. Protection.

5 User and Device Management Unify your environmentProtect your dataEmpower users On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data

6 ChallengesSolutions Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources. Users want an easy way to be able to access their corporate applications from anywhere. IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies. Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources. Users can enroll their devices, which provides them with the company portal for consistent access to applications and data, and to manage their devices. IT can publish access to corporate resources with conditional access based on the user’s identity, the device they are using, and their location. Empower users

7 Enabling IT to empower users IT can publish access to resources with the web application proxy based on device awareness and the users identity. IT can provide seamless corporate access. Users can work from anywhere on their devices with access to their corporate resources. Users can register devices for single sign- on and access to corporate data with Workplace Join. Users can enroll devices for access to the company portal for easy access to corporate applications. IT can publish desktop virtualization resources for access to centralized resources. Firewall

8 Enabling IT to empower users IT can publish access to resources with the Web Application Proxy based on device awareness and the users identity IT can provide seamless corp. access with DirectAccess and automatic connections with app- triggered VPNs. Users can work from anywhere on their device with access to their corporate resources. Users can register devices for single sign- on and access to corporate data with Workplace Join Users can enroll devices for access to the Company Portal for easy access to corporate applications IT can publish Desktop Virtualization (VDI) resources for external access

9 Target applications based on user role the best way for each device Windows/Windows RT Windows Phone iOS Android OS X Evaluate device capabilities for optimal application delivery Local installation Microsoft Application Virtualization Desktop Virtualization (VDI) Web applications People-centric Application Delivery Accessing apps the right way, on the right device MSI RDS App-V (MDOP) Remote App Native App/ App Store

10 Unify your environment ChallengesSolutions MDM products are typically delivered as point solutions, which do not integrate with the main PC management solution already in use. Managing multiple identities and keeping the information in sync across environments is a drain on IT resources. IT has a single “pane of glass” to view and manage all managed devices, whether on-premises or cloud-based, PCs or mobile devices. Users and IT can leverage their common identity for access to external resources through federation.

11 Unify your environment Deliver comprehensive application and device management IT can manage the device and application lifecycle Unified infrastructure enables IT to manage devices “where they live” Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Single Admin Console User

12 Providing users with a common identity IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Windows Azure Active Directory. Users are more productive by having a single sign-on to all their resources. IT can use Active Directory Federation Services to connect with Windows Azure for a consistent cloud-based identity. Users get access through accounts in Windows Azure Active Directory to Windows Azure, Office 365, and third- party applications. Developers can build applications that leverage the common identity model. 12

13 Protect your data ChallengesSolutions As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device. A significant amount of corporate data can only be found locally on user devices. IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance. Users can work on the device of their choice and be able to access all their resources, regardless of location or device. IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents. IT can centrally audit and report on information access.

14 Personal Apps and Data Lost or Stolen Company Apps and Data Remote App Protect your data Help protect corporate information and manage risk Centralized Data Enrollment Retired Company Apps and Data Remote App Policies Lost or Stolen Company Apps and Data Remote App Policies Personal Apps and Data Retired Personal Apps and Data IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. Selective wipe removes corporate applications, data, certificates/profiles, and policies based as supported by each platform Full wipe if supported by each platform Can be executed by IT or by user via Company Portal Sensitive data or applications can be kept off device and accessed via Remote Desktop Services

15

16 Strategic Direction One unified device management solution that combines on premise and cloud capabilities into one solution – creating a no compromise, offering that enables customers to choose the right delivery mechanism for them.

17 Windows Intune Key Customer Scenarios Mobile DevicesRemote Workers Application Deployment to DevicesQuick Deployment Scenarios

18 Delivering People-centric IT 18 Enable your end users Unify your environment Protect your data

19

20 This iPad is already enrolled and the Company Portal app installed from the iTunes store From the home screen, the user taps on the Company Portal icon to logon

21 The Company Portal app provides a rich experience to access corporate apps, device information, and support details

22 Tapping on the user name in the top right shows the ability to sign out of the app or get more information on the app privacy Under “My Devices” users can see their devices listed across the middle of the screen

23 Selecting the iPad brings up details of this device, plus the options to retire or wipe this device (Retire removes it from IT management and selectively wipes company LoB apps)

24 Selecting the Surface brings up options for that device. The options listed here allow the user to set a friendly name for the device or carry out a remote selective wipe on this device by removing it from IT management

25 For application installation, the experience has been redesigned enabling greater functionality and easier use and navigation

26 Tapping on featured apps displays a list of applications that are being promoted by the company – a great way to get visibility of key applications in the catalog

27 Users can also browse by category or just see a list of all the applications they have access to

28 If the users views the details of Adobe Reader, they will see the option to install this app. As a deep linked app, this would take them to the iTunes store for installation

29 Aperture is an example of an application that the company is requiring approval before installing. By selecting “Request” the user will enter business justification and wait for the approval process to complete on the backend.

30 By tapping on the DropBox app, the user can see that they already requested this app and it has been denied

31 Tapping on “Request History” enables the user to see all requests and the responses from IT regarding why it was denied

32 To complete a successful application installation, the user choose the Dynamics CRM app and clicked “Install” This is a link to a web application, so the user will get a short-cut to that web application place on the home screen

33 While the installation is in progress there is an indicator in the top right corner showing installation status

34 Now that it is installed, the user can go to the home screen and launch the web app directly from the icon

35

36 As an example of Workplace Join for iOS, the user receives an email from IT offering the user the ability to join their device to AD

37 On clicking the URL, the user will be asked to authenticate

38 Multi-factor authentication is also supported such as using Azure Active Authentication Service

39 Details are shown once the device is joined

40 As a function of being Workplace Joined, a management profile and certificate will be placed on the device (This does not mean the device is enrolled in Windows Intune)

41

42 Let’s show the ability to add a device ID to Active Directory (new for Win8.1, iOS, Android)

43 Workplace Join (not Domain Join) allows IT Pro to audit the device access, understand who is using the device, and provide conditional access based on the user, location and device.

44 The user will be prompted for domain credentials via ADFS

45 This also allows for corporations to use the new Azure Active Authentication Service (formerly PhoneFactor) or other multi-factor authentication service

46 The device is now Workplace Joined and the user can also choose to enroll in management of the device via Windows Intune

47 Enrolling in management allows for certificate management, VPN and Wi-Fi profile configuration, among other security settings and application distribution. To do this the user selects “Turn On”

48 The user will be prompted to authenticate into the Windows Intune service to ensure they have rights to enroll devices

49 The user will also be prompted to acknowledge that IT will be managing the device. Once accepted the device will enroll and install the Company Portal app (over the course of a few minutes)

50 Some of the items that were distributed to this user\device include a VPN profile shown here

51 Also installed is the Company Portal App users leverage to install applications

52 In addition to installing applications, users can see the various devices they have enrolled and take action on them. In this example the user can remove this machine or connect remotely to it (via a Remote Connection profile) using the Remote Desktop feature

53 A new feature in Windows 8.1 is Work Folders. Work Folders will give a user access to their documents on a file server

54 After clicking the Work Folder button users can configure their access

55

56 The user has a choice to change the sync location of their files on their device

57 The user must accept the IT admin policy for Work Folder use. The folder will be encrypted and a password on the device will be required if not already done. If the device is retired this folder is removed

58 Once installed and sync users can see the status in the Work Folder section their device

59 For access, users can see their Work Folder in the Favorites tab. As users create content they will sync data to their corporate share (and vice versa)

60 Leveraging Azure Rights Management Services or on-prem RMS, IT can require, via dynamic access controls in Windows Server 2012, a policy be enforced on documents containing specific things. The user is opening a file that was dynamically protected

61

62 In System Center Configuration Manager 2012 R2 new capabilities for People- centric IT have been added such as: Remote Connection Profiles Company Resource Access for VPN, Wi-Fi, and Certificate management

63 With this release the Windows Intune Subscription location has been moved under the Cloud Service folder in the Administration pane

64 New features in the Intune subscription include: Company Logo and Contacts tabs Intune Service Status check Additional options for Windows Phone certificate provisioning

65 Company Logo

66 Company Contact Info

67 Configuration Manager 2012 provides the ability to see the primary devices in use by user

68 New in Configuration Manager 2012 R2 is the ability to see primary device ownership via the Device Owner attribute

69 Global Conditions can be set for device ownership to target application deployment to corporate owned devices In addition deeper software inventory can be done for corporate owned devices

70 New Company Resource Access pane has three components: Certificate Profiles VPN Profiles Wi-Fi Profiles

71 Creating a VPN Profile

72 VPN Profiles support configurations from the major VPN vendors in the market Profiles are deployed to the users. No need to create a VPN per mobile platform

73 VPN can be created to automatically connect when accessing a specific DNS Suffix or launching a program (Windows 8.1 only)

74 VPN Profiles are currently supported on Windows 8.1 and iOS platforms

75 By right-clicking on the VPN Profile and choosing Deploy, IT Admins can target User Collections to receive the VPN Profile

76 Wi-Fi Profile creation

77 Wi-Fi Profile creation allows for auto- connection when in range or just having the profile automatically configured on the device

78 Wi-Fi Profiles support a wide range of security types

79 Wi-Fi Profiles are supported on Windows 8.1, iOS, and Android devices

80 Certificate Profiles

81 Certificate Profiles can be trusted CA or the client receiving a dynamic certificate based on the SCEP protocol

82 Certificates can be user or computer based

83 Supported platforms include Windows 8.1, iOS, and Android

84 Configuration Items and Configuration Baselines are used to deploy policy settings to mobile devices

85 The Configuration Item type must be set to Mobile Device

86 You can use the wizard to define settings based on category

87 Or you can search on and filter specific settings to add

88 Settings can be defined for all mobile platforms at the same time

89 Not all platforms support the available settings and Configuration Manager will alert the IT Admin of incompatible settings\platforms before the Configuration Item is created

90 Demo Windows Intune Cloud-Only Console Windows Intune UDM: iOS User Experience Windows 8.1Experience Configuration Manager 2012 R2

91 Devices Apps Users Enable your end users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Deliver a unified application and device management on- premises and in the cloud. Protect your data Help protect corporate information and manage risk. Management. Access. Protection. Data

92 Flexible Licensing that Fits Your Needs Already have Configuration Manager Windows Intune (Add-On) ($4 per user per month) Don’t Have Configuration Manager Windows Intune (includes ConfigMgr license) ($6 per user per month) Per User Licensing Up to 5 devices/user

93 For More Information Windows Intune information and trial – www.windowsintune.comwww.windowsintune.com Enabling People-Centric IT - http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/FDN03 http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/FDN03 Contacts: Your Microsoft account team danderse@microsoft.com - Please put WEBCAST in the subject line danderse@microsoft.com

94 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

95 DEMO Hybrid Environment

96 DEMO Intune Cloud Only

Download ppt "Unified Device Management with Windows Intune Andras Khan Microsoft Western Europe HQ."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
People Centric IT Unified Device Management with SCCM + Windows Intune

People Centric IT Unified Device Management with SCCM + Windows Intune
Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.

Mobile Device Management Intune-Configmanager CHANDAN BHARTI PREMIER FIELD ENGINEER-MICROSOFT.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Understanding Active Directory

Understanding Active Directory
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Understanding Active Directory

Understanding Active Directory
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Empowering Your Users-Security & Mobility Bil Martin 1.

Empowering Your Users-Security & Mobility Bil Martin 1.
PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Similar presentations

Ads by Google