david tesar richard harrison

19
Click to edit Master subtitle style Microso ft Virtual Academy Windows Intune for IT Pros Jump Start M10: Unified MDM Settings and Compliance David Tesar Richard Harrison

Upload: ken

Post on 25-Feb-2016

44 views

Category:

Documents


4 download

DESCRIPTION

Windows Intune for IT Pros Jump Start M10: Unified MDM Settings and Compliance. David Tesar Richard Harrison. Windows Intune for IT Pros Jump Start. Module Overview. Managing Compliance Settings Collecting Device Inventory + Reporting Manage Mobile D evices via Configuration Manager. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: David Tesar Richard Harrison

Click to edit Master subtitle style

Microsoft Virtual Academy

Windows Intune for IT Pros Jump StartM10: Unified MDM Settings and

Compliance

David TesarRichard Harrison

Page 2: David Tesar Richard Harrison

First Half Second Half(01) Big Picture with Windows Intune

(07) MDM Prerequisites and Cloud-only MDM Setup

(02) Architecture Design Considerations

(08) Cloud-only Software Publishing and Deployment

(03) Extending Identity to Windows Azure Active Directory

(09) Setting Up & Configuring Unified Infrastructure (+ MDM Setup)

(04) Administrator Roles, Users and Groups

(10) Unified MDM Settings and Compliance

(05) Windows Intune Policies (11) Unified MDM Software Deployment

(06) Cloud-only PC Setup (12) End User Enrollment

Windows Intune for IT Pros Jump Start

Page 3: David Tesar Richard Harrison

• Managing Compliance Settings• Collecting Device Inventory + Reporting• Manage Mobile Devices via Configuration

Manager

Module Overview

Page 4: David Tesar Richard Harrison

Click to edit Master subtitle style

Microsoft Virtual AcademyManaging Compliance

Settings

Page 5: David Tesar Richard Harrison

Managing Compliance Settings Process

Step 1: Create a

configuration item for mobile devices

Step 2: Create a

configuration baseline

Step 3: Deploy the

configuration baseline

Page 6: David Tesar Richard Harrison

Configuration Item SettingsPassword

• Require password on mobile devices

• Min password length

• Max password length

• Number passwords remembered

• Number failed logons before wipe

• Idle time before lock

• Password complexity

• Send password recovery PIN to Exchange Server

Email management• POP and IMAP• Max time to keep

email• Allowed message

formats• Max size for plain

text email• Max size for HTML

email• Max attachment

size• Calendar

synchronization

Security• Unsigned file

installation• Unsigned

applications• SMS and MMS

messaging• Removable storage• Camera• Bluetooth• Windows RT VPN

profile• Profile file• Profile name• Profile for all

users

Peak Synchronization

• Specify peak time• Start• End• Days of week

• Peak synchronization frequency

• Off-peak synchronization frequency

All options enable you to remediate noncompliant settings and some have a reporting option

Page 7: David Tesar Richard Harrison

Configuration Item SettingsRoaming

• Mobile device management while roaming

• Software download while roaming

• Email download while roaming

Encryption

• Storage card encryption

• File Encryption on mobile device

• Require email signing

• Require email encryption

• Encryption algorithm

Wireless Communication

• Wireless network connection• Network name• Network

connection• Authentication• Data

encryption• Key index• 802.1x settings• EAP type

Certificates

• Import• Certificate File• Destination

store• Role

All options have a Remediate noncompliant settings option

Page 8: David Tesar Richard Harrison

DEMOCreate and Deploy a [Mobile Device] Configuration Baseline

Page 9: David Tesar Richard Harrison

Click to edit Master subtitle style

Microsoft Virtual AcademyCollecting Device Inventory +

Reporting

Page 10: David Tesar Richard Harrison

Collecting Hardware Inventories

• Device Information• Manufacturer• Model• OS• Device Name• Certificate Expiry

• Mobile Device Computer System• Device Manufacturer• Device Model• DM Version• Firmware Version• Hardware Version• OEM• Platform Type• Processor Architecture• Processor Level• Software Version

• Mobile Device OS Information• Language• Platform

• Processor• Description• Device ID

• System • Name• Configuration Manager

GUID• System Role• System Type

• Workstation Status• Last Hardware Scan• Last Report Version• System Default Locale ID

Hardware Information Displayed

Page 11: David Tesar Richard Harrison

Listing Inventoried Management PropertiesInventory Class Windows Phone 8 Windows RT iOS EAS

Name Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName Device_ComputerSystem.DeviceName YesUnique Device ID Device_ComputerSystem.DeviceClientID Device_ComputerSystem.DeviceName Device_ComputerSystem.UDID YesSerial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber NoEmail Address Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress Device_Email.OwnerEmailAddress YesOperating System Type Device_OSInformation.Platform CCM_OperatingSystem .SystemType Not applicable Yes

Operating System Version Device_ComputerSystem.SoftwareVersion Win32_OperatingSystem.Version Device_OSInformation.OSVersion Yes

Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable No

Service Pack Major Version Not applicable Win32_OperatingSystem.ServicePackMajorVersion Not applicable No

Service Pack Minor Version Not applicable Win32_OperatingSystem.ServicePackMinorVersion Not applicable Yes

Operating System Language Device_OSInformation.Language Not applicable Not applicable NoTotal Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity No

Free Storage Space Not applicable Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity No

IMEI1 Not applicable Not applicable Device_ComputerSystem.IMEI YesMEID2 Not applicable Not applicable Device_ComputerSystem.MEID No

Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Not applicable No

Model Device_ComputerSystem.DeviceModel Win32_ComputerSystem.Model ModelName YesPhone Number Not applicable Not applicable Device_ComputerSystem.PhoneNumber Yes

Subscriber Carrier Not applicable Not applicable Device_ComputerSystem.SubscriberCarrierNetwork Yes

Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology No

Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC No

1 International Mobile Equipment Identity 2 Mobile Equipment Identifier

Page 12: David Tesar Richard Harrison

DEMOMobile Device Inventory and Reporting

Page 13: David Tesar Richard Harrison

Click to edit Master subtitle style

Microsoft Virtual AcademyManage Mobile Devices via

Configuration Manager

Page 14: David Tesar Richard Harrison

Enabling the user

Enrolling the device

Inventorying the device

Installing applicatio

ns

Managing the device

Retiring the device

Managing the Mobile Device Lifecycle

Page 15: David Tesar Richard Harrison

Retire

Block

Delete

Wipe

Retiring, Blocking, Wiping and Deleting Direct Managed Mobile Devices

Removes the device from Configuration Manager while leaving personal settings and data intact on the device.

Blocks the client from communicating with the hierarchy. You can also unblock clients.

All data is deleted, sets device back to

manufacturer's defaults

Deletes the mobile device permanently from the hierarchy so that it will not be

further managed. No data from the device is removed. Once deleted, the

user would need to unenroll and re-enroll again.

Page 16: David Tesar Richard Harrison

Listing Retirement Options by Device

Function Windows Phone 8 Windows RT iOS Android (EAS)

Retire

Yes Line of business apps

are uninstalled including the company portal app.

User settings are retained

Yes Removes sideloaded keys

and sideloaded apps no longer run.

User settings are retained

YesInstalled apps will still run.

 

Yes installed apps will still

run User settings are

removed.

Block Yes Yes Yes Not available

Wipe Yes Not available Yes Exchange ActiveSync mailbox removal only

Delete Yes Yes Yes Not available

Page 17: David Tesar Richard Harrison

DEMOMobile Device Management

Page 18: David Tesar Richard Harrison

• Managing Compliance Settings• Collecting Device Inventory + Reporting• Manage Mobile Devices via Configuration

Manager

Module Overview

Page 19: David Tesar Richard Harrison

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.