mobile device management and byod – simple changes, big benefits
DESCRIPTION
In the second in the series of seminars Charlie Hales and Nigel Robson will demonstrate how your business could use technologies it may have already invested in, such as System Center Configuration manager (SCCM) and Exchange to enable its Mobile Device Management (MDM) & BYOD strategies. You may find that simple infrastructure changes result in big benefits such as improved user experience and support functionality; and hardware cost reductions. Charlie and Nigel will then focus on the functionality Intune can offer when combined with your existing SCCM infrastructure, including management of all devices (PCs and mobile) through one interface.TRANSCRIPT
@Waterstonsltdwww.waterstons.com
Mobile Device Management and BYOD – Simple Changes Big
BenefitsCharlie Hales and Nigel Robson
25th April 2014
Agenda
@ Overview from last Seminar@ Use what you already have@ Windows device possibilities@ Exchange@ SCCM overview@ Intune
Overview from last Seminar
@ What is Mobile Device Management@ Strategy@ What is a Mobile Device?@ Mobile Device Management vs Mobile Application Management @ What is BYOD@ What can MDM/BYOD do for business?@ Where is your Data?@ Acceptable usage policy@ Defining the right solution
Data ClassificationsInformation Category
Description Example Information Assets
Public Information which is or can be made public. AdvertisementsPublic web content
Proprietary Information which is restricted to internal access and protected from external access. Unauthorised access could cause a drop in customer confidence, could influence operational effectiveness, cause financial loss or provide gain for competitors.
Internal presentationsPerformance dataSource codeProprietary knowledge
Confidential Information received from Customers, or sensitive information about Customers and Staff.
Customer DataCustomer intellectual propertyCustomer documentsCustomer backupsInternal reports
Restricted Highly sensitive informationLimited access to specific individuals
PasswordsHR & PayrollBackups Card DataDPA Information
Data ClassificationsCategory Public Proprietary Confidential RestrictedDescription: Prevent easy access without prolonged or
determined access to the devicePrevent access even with prolonged and
determined access to deviceAs per confidential and access is restricted to specific individuals
Physical Media or Device
Printed Media ok In possession of staff or customer In possession of staff or customer, within property
Held in the safe or secure ICT Server room
Mobile Phone ok PIN Coded PIN Coded & Remote Wipe not normally acceptable
Laptop / Tablet ok User authentication Authentication & Encryption not normally acceptable
Portable Storage ok Encryption Encryption Held in a safe
PC ok User authentication Physically Secured within property or Encrypted
Physically secured within property
Cloud Storage ok Encrypted Encrypted not normally acceptable
ICO Website
Defining the right solution
@ What do you want to manage on the device?@ Types of devices@ PIN@ Remote Wipe/Selective Wipe@ Apps@ Device/App Encryption
Defining the right solution
@ What do you want to manage on the device?@ Integration with enterprise applications@ Multi user profiles@ Separation of personal and work data@ Internet access@ Advanced features
@ Data usage@ GPS tracking
Example of device functionalityContent removed when
retiring a device Windows 8.1 Windows Phone 8 iOS Android
Company apps and associated data installed by using Configuration Manager and Windows Intune
Uninstalled and sideloading keys are removed. In addition any apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible.
Uninstalled and data removed.
Uninstalled and data removed.
Apps and data remain installed.
VPN and Wi-Fi profiles Removed. Not applicable. Removed. VPN: Not applicable.Wi-Fi: Not removed.
Certificates Removed and revoked. Not applicable. Removed and revoked. Revoked.
Settings Requirements removed. Requirements removed. Requirements removed. Requirements removed.
Management Client Not applicable. Management agent is built-in.
Not applicable. Management agent is built-in.
Management profile is removed.
Device Administrator privilege is revoked.
Example for SCCM and Intune
Use what you already have
@ Dependant on devices and existing technologies@ Workplace folders@ Exchange ActiveSync@ Networking tools@ SCCM (with Intune)
Workplace folders@ Free and managed version similar to Dropbox@ Built into Windows 8.1@ Windows 7 released this week@ Soon will also work with iOS and possibly Android
Exchange Active Sync by Server
@ Very limited in Exchange 2003 (now unsupported)@ Added HTML emails, Auto discover and a few others in Exchange
2007 but still limited@ 2010 SP1 onwards (including Office 365) saw improvements, added
Block/allow/quarantine list for example@ Still some limitations in Exchange 2013 and Office 365, for example:
@ Free/Busy lookup@ Encryption@ Limited phone policies, e.g. application management
Exchange Active Sync by Device
@ Spreadsheet Server software vs Devices
What is SCCM
@ Device Management@ Desktops, laptops, thin clients, mobile devices@ Operating System Deployment@ Anti-virus@ Software Update Management@ Power Management@ Client Health & Monitoring@ Asset Intelligence and Inventory
What is SCCM
@ Application management@ Application Delivery@ Application Intelligence and Inventory@ Application Updates@ Deploy to user or device@ Self-Service for application provisioning
@Waterstonsltdwww.waterstons.com
PC Demo
@Waterstonsltdwww.waterstons.com
iPad Demo
What is Intune?
Differences between Intune and Intune with SCCM@ Intune is a standalone product for managing devices from the cloud@ Intune standalone is a subscription service@ Limited domain integration to your infrastructure unless SCCM, ADFS
or DirSync is used@ Limits in domain related tasks and business specific tasks
Intune Limitations
@ Limited integration with Apple VPP@ Device encryption capabilities limited@ Intune is still maturing and therefore missing some of the more
advanced features of a fully fledged MDM solution.
Intune Costs
@ Complicated as always with Microsoft@ Available through multiple options
@ Online@ Through EA@ Add on to existing SCCM/SCEP licencing, or can be purchased together new
How Intune can work with your network
How Intune can bring User and IT Benefits
@Waterstonsltdwww.waterstons.com
iPad Demo
@Waterstonsltdwww.waterstons.com
SCCM Remote Wipe Demo
@Waterstonsltdwww.waterstons.com
SCCM Demo
Summary
@ Define requirements first@ System fundamentals@ What devices will be used
@ Use what you already have if possible?@ Windows devices@ Exchange@ SCCM overview@ Intune
Upcoming Events….
@ Mobile Device Management & BYOD Technologies - The Major Players on 23rd May. Charlie Hales and Ian Craggs
@ How to Build a Benefits-led Business Case on 9th May. Joanne Adair and Alistair McLeod
@Waterstonsltdwww.waterstons.com
Questions?
