sysctr track: unified device management: it’s all about the experience
DESCRIPTION
by Nico Sienaert This session we will give you a complete overview of the UDM vision that Microsoft has. This vision goes further than the traditional PC & Server Management as we know it today. Discover what building blocks you can use from the Microsoft stack and how you combine them to give the Unified Experience to your users. Do you want to attend a discussion on all these technology blocks like Workplace Join, Work Folders, MFA, RMS, Intune…? •Do you want to learn on how you make this to work? •Do you want to see them in action? •Do you want to know about the competition? •Do you want answers? Sit down and enjoy the UDM ride. It’s all about the ExperienceTRANSCRIPT
Microsoft Unified Device ManagementIt’s all about the experience
Nico Sienaert (@nsienaert)Lead Infrastructure Consultant @ GetronicsV-Technology Solutions Professional @ Microsoft
Session Objectives
Let’s start the UDM ride
It’s all about the experience
Today’s challenges
Devices Apps DataUsers
Identity & Access
Management
Mobile Device Management
Mobile Application
Management
Information Protection
Abrreviations all over the place
Mobile Device Management
Mac OS X
Linux \ Unix
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Windows RT,
Windows Phone 8
iOS, Android
Windows Intune Features
Things to come
PC
Ma
na
ge
me
nt
fea
ture
s
MDM Features
June 2012
+Service Pack 1
Early 2013
� iOS & Android
� SW Publishing,
� EAS Integration
� Windows RT &
Window Phone 8
MDM
�Unified
Management
Oct 2011
� Software
deployment
April 2011� Cloud-based
management
� Windows 8
support
� Office 365
interoperability
Early 2013
� Enterprise
Scale
• Single License: Windows Intune + Configuration Manager
• Per User• Up to 5 devices/user
Windows Phone Enterprise FP
Demo: Intune
It’s all about the experience
It’s not only about Intune
Microsoft Remote Access
Trigger VPN• Add-VpnConnectionTriggerApplication [-Name] <string> –ApplicationID <String[]> -PassThru
• Full support in ConfigMgr (via AppModel & VPN Profiles)
• Split Tunneling needs to be enabledset-vpnconnection –Name “VPNName” –Splittunneling $true
• Disconnects after 5 minutes inactivity (default)
• Currently no support for:• Domain Joined Machines• Android• iPhone (Q4)
Demo: Trigger VPN
It’s all about the experience
RDP App for iOS, Android and OSX
Multi Factor AuthenticationAny two or more of the following factors for authentication:
21
Demo: Azure Multi Factor Authentication
It’s all about the experience
MFA in action
Workplace Join
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the user’s identity.; multi-factor
authentication can be used through Windows Azure Active
Authentication (formerly PhoneFactor)
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device
Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on-premises and in the cloud
Demo: Workplace Join
It’s all about the experience
Work Folders
Data management
Quotas
File screens
Reporting
Classification
RMS protection
Device management policy
Limit access to registered devices
File encryption / selective wipe
Require password / device lock
AuthenticationKerberos (Windows Auth)Digest (Windows Auth)ADFS (OAuth)
https://workfolders.contoso.com
Work Folders positioning
Demo: Work Folders
It’s all about the experience
Dynamic Access Control
Classification Access control Auditing
Rights Management Services protection
• Files inherit classification
tags from parent folder
• File owners tag files
manually
• Files are tagged
automatically
• Files are tagged by
applications
• Central access policies are
based on classification
• Access conditions for user
claims, device claims, and
file tags are based on
expressions
• Assistance is available for
denial of access
• Central audit policies can
be applied across multiple
file servers
• Audits for user claims,
device claims, and file tags
are based on expressions
• Audits can be staged to
simulate policy changes in
a real environment
• Automatic Rights
Management Services
(RMS) protection is
available for Microsoft
Office documents
• Protection is in near-real–
time when a file is tagged
• RMS protection extends to
files not created in
Microsoft Office
Demo: Dynamic Access Control
It’s all about the experience
Things to come
Or just arrived ☺
Enterprise Mobility Suite
Azure RMS Architecture
Azure RMS Experience in Office
https://portal.aadrm.com/home/download
Azure Remote App
31
RemoteApp Service
Pre-built template imageAutomatically maintained
Published Apps
Session Host …
Session Host
Session Host
Elastic Runtime
Persistent user data(50GB per user)
Microsoft Account
Azure Active Directory
On-premises Network
Windows Server Active Directory
DirSync
RDP
Identity Options
Authentication
On-premises Network
Azure VPN
Domain Joined
Subject to IT policy via GP, System Center, or other enterprise management tools
Standalone ModelHybrid Model
Azure Active Directory Sync
Abbreviations all over the place
Microsoft’s UDM Building Blocks
Recap
And take home the Lumia 1320
Present your feedback form when you exit the last session & go for the drink
Give Me Feedback
Follow Technet Belgium@technetbelux
Subscribe to the TechNet newsletteraka.ms/benews
Be the first to know
Belgiums’ biggest IT PRO Conference