david tesar richard harrison
DESCRIPTION
Windows Intune for IT Pros Jump Start M10: Unified MDM Settings and Compliance. David Tesar Richard Harrison. Windows Intune for IT Pros Jump Start. Module Overview. Managing Compliance Settings Collecting Device Inventory + Reporting Manage Mobile D evices via Configuration Manager. - PowerPoint PPT PresentationTRANSCRIPT
Click to edit Master subtitle style
Microsoft Virtual Academy
Windows Intune for IT Pros Jump StartM10: Unified MDM Settings and
Compliance
David TesarRichard Harrison
First Half Second Half(01) Big Picture with Windows Intune
(07) MDM Prerequisites and Cloud-only MDM Setup
(02) Architecture Design Considerations
(08) Cloud-only Software Publishing and Deployment
(03) Extending Identity to Windows Azure Active Directory
(09) Setting Up & Configuring Unified Infrastructure (+ MDM Setup)
(04) Administrator Roles, Users and Groups
(10) Unified MDM Settings and Compliance
(05) Windows Intune Policies (11) Unified MDM Software Deployment
(06) Cloud-only PC Setup (12) End User Enrollment
Windows Intune for IT Pros Jump Start
• Managing Compliance Settings• Collecting Device Inventory + Reporting• Manage Mobile Devices via Configuration
Manager
Module Overview
Click to edit Master subtitle style
Microsoft Virtual AcademyManaging Compliance
Settings
Managing Compliance Settings Process
Step 1: Create a
configuration item for mobile devices
Step 2: Create a
configuration baseline
Step 3: Deploy the
configuration baseline
Configuration Item SettingsPassword
• Require password on mobile devices
• Min password length
• Max password length
• Number passwords remembered
• Number failed logons before wipe
• Idle time before lock
• Password complexity
• Send password recovery PIN to Exchange Server
Email management• POP and IMAP• Max time to keep
email• Allowed message
formats• Max size for plain
text email• Max size for HTML
email• Max attachment
size• Calendar
synchronization
Security• Unsigned file
installation• Unsigned
applications• SMS and MMS
messaging• Removable storage• Camera• Bluetooth• Windows RT VPN
profile• Profile file• Profile name• Profile for all
users
Peak Synchronization
• Specify peak time• Start• End• Days of week
• Peak synchronization frequency
• Off-peak synchronization frequency
All options enable you to remediate noncompliant settings and some have a reporting option
Configuration Item SettingsRoaming
• Mobile device management while roaming
• Software download while roaming
• Email download while roaming
Encryption
• Storage card encryption
• File Encryption on mobile device
• Require email signing
• Require email encryption
• Encryption algorithm
Wireless Communication
• Wireless network connection• Network name• Network
connection• Authentication• Data
encryption• Key index• 802.1x settings• EAP type
Certificates
• Import• Certificate File• Destination
store• Role
All options have a Remediate noncompliant settings option
DEMOCreate and Deploy a [Mobile Device] Configuration Baseline
Click to edit Master subtitle style
Microsoft Virtual AcademyCollecting Device Inventory +
Reporting
Collecting Hardware Inventories
• Device Information• Manufacturer• Model• OS• Device Name• Certificate Expiry
• Mobile Device Computer System• Device Manufacturer• Device Model• DM Version• Firmware Version• Hardware Version• OEM• Platform Type• Processor Architecture• Processor Level• Software Version
• Mobile Device OS Information• Language• Platform
• Processor• Description• Device ID
• System • Name• Configuration Manager
GUID• System Role• System Type
• Workstation Status• Last Hardware Scan• Last Report Version• System Default Locale ID
Hardware Information Displayed
Listing Inventoried Management PropertiesInventory Class Windows Phone 8 Windows RT iOS EAS
Name Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName YesUnique Device ID Device_ComputerSystem.DeviceClientID Device_ComputerSystem.DeviceName Device_ComputerSystem.UDID YesSerial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber NoEmail Address Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress YesOperating System Type Device_OSInformation.Platform CCM_OperatingSystem .SystemType Not applicable Yes
Operating System Version Device_ComputerSystem.SoftwareVersion Win32_OperatingSystem.Version Device_OSInformation.OSVersion Yes
Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable No
Service Pack Major Version Not applicable Win32_OperatingSystem.ServicePackMajorVersion Not applicable No
Service Pack Minor Version Not applicable Win32_OperatingSystem.ServicePackMinorVersion Not applicable Yes
Operating System Language Device_OSInformation.Language Not applicable Not applicable NoTotal Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity No
Free Storage Space Not applicable Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity No
IMEI1 Not applicable Not applicable Device_ComputerSystem.IMEI YesMEID2 Not applicable Not applicable Device_ComputerSystem.MEID No
Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Not applicable No
Model Device_ComputerSystem.DeviceModel Win32_ComputerSystem.Model ModelName YesPhone Number Not applicable Not applicable Device_ComputerSystem.PhoneNumber Yes
Subscriber Carrier Not applicable Not applicable Device_ComputerSystem.SubscriberCarrierNetwork Yes
Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology No
Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC No
1 International Mobile Equipment Identity 2 Mobile Equipment Identifier
DEMOMobile Device Inventory and Reporting
Click to edit Master subtitle style
Microsoft Virtual AcademyManage Mobile Devices via
Configuration Manager
Enabling the user
Enrolling the device
Inventorying the device
Installing applicatio
ns
Managing the device
Retiring the device
Managing the Mobile Device Lifecycle
Retire
Block
Delete
Wipe
Retiring, Blocking, Wiping and Deleting Direct Managed Mobile Devices
Removes the device from Configuration Manager while leaving personal settings and data intact on the device.
Blocks the client from communicating with the hierarchy. You can also unblock clients.
All data is deleted, sets device back to
manufacturer's defaults
Deletes the mobile device permanently from the hierarchy so that it will not be
further managed. No data from the device is removed. Once deleted, the
user would need to unenroll and re-enroll again.
Listing Retirement Options by Device
Function Windows Phone 8 Windows RT iOS Android (EAS)
Retire
Yes Line of business apps
are uninstalled including the company portal app.
User settings are retained
Yes Removes sideloaded keys
and sideloaded apps no longer run.
User settings are retained
YesInstalled apps will still run.
Yes installed apps will still
run User settings are
removed.
Block Yes Yes Yes Not available
Wipe Yes Not available Yes Exchange ActiveSync mailbox removal only
Delete Yes Yes Yes Not available
DEMOMobile Device Management
• Managing Compliance Settings• Collecting Device Inventory + Reporting• Manage Mobile Devices via Configuration
Manager
Module Overview
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.