wally mead - deploying a system center 2012 r2 configuration manager environment to manage mobile...
TRANSCRIPT
![Page 1: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/1.jpg)
Wally Mead
Deploying a System Center 2012 R2 Configuration Manager Environment to Manage Mobile Devices
![Page 2: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/2.jpg)
Agenda• Discussion of how to enable, configure, and
use Configuration Manager 2012 R2 to manage mobile devices with our integration with Windows Intune
• Demonstrations where appropriate
![Page 3: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/3.jpg)
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps
Today’s challenges
3
Data
Users need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
![Page 4: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/4.jpg)
Devices
AppsUsers
Empowering People-centric IT
4
Enable users
Allow users to work on the devices of their choice and provide consistent access to corporate resources.
Protect your data
Help protect corporate information and manage risk.
Management. Access. Protection.
Data
Unify your environment
Deliver a unified application and device management on-premises and in the cloud.
![Page 5: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/5.jpg)
Selecting the Management Platform
Unified Device Management – System Center 2012 R2 Configuration Manager
with Windows Intune
Build on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsScale to 200,000 mobile devicesExtensible administration tools (RBA, Windows PowerShell, SQL Reporting Services)
Cloud-based Management - Standalone Windows Intune
No existing Configuration Manager deploymentSimplified policy controlFewer than 7,000 devices and 4,000 usersSimple web-based administration console
![Page 6: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/6.jpg)
System Center 2012 R2 Configuration Manager
Enable Users
Allow people to be more productive from almost anywhere on almost any device.
Simplify Administration
Improve IT effectiveness and efficiency.
Unify Infrastructure
Reduce costs by unifying IT management infrastructure.
![Page 7: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/7.jpg)
Unified Device Management
IT
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
Windows RT, Windows Phone 8
iOS, Android
Single AdminConsole
![Page 8: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/8.jpg)
Platform SupportOS Platform Management Agent End User Experience
Windows 8.1 PC ConfigMgr Agent Or
Management Agent (OMA-DM)
Software Center/Application Catalog
Windows Company Portal app
Windows PC (Windows 8 down to Windows XP)
ConfigMgr Agent Software Center/Application Catalog
Windows RT Management agent (OMA-DM) Windows Company Portal app
Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app
iOS Apple MDM Protocol iOS Company Portal app
Android Android MDM agent (OMA-DM) Android Company Portal app
Mac ConfigMgr Agent N/A
Linux/Unix ConfigMgr Agent N/A
![Page 9: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/9.jpg)
Registering and Enrolling Devices
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud
Web Application Proxy
ADFS
![Page 10: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/10.jpg)
Preparing the Infrastructure for Integration
• Requires a Windows Intune tenant account• Can get a 30-day trial account at
http://windowsintune.com
• Need a public domain and record in DNS• Configure from the Windows Intune admin portal
• Verify users have UPN in Configuration Manager• Configure, then perform AD User Discovery
![Page 11: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/11.jpg)
Preparing the Infrastructure for Integration (2)
• Recommended to have an Active Directory Federated Services implementation• It not, should use DirSync with password sync or you
will need to maintain two separate passwords for users• Configure from the Windows Intune admin portal
• Implement Active Directory Synchronization• Syncs user accounts from on-premise AD into Windows
Azure AD• Installed and configured from the Windows Intune
admin portal
![Page 12: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/12.jpg)
Preparing the Infrastructure for Integration (3)
• Create the Configuration Manager subscription for Windows Intune• Enable appropriate device platforms
• Enable the Windows Intune Connector site system role
![Page 13: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/13.jpg)
Unified Device Management Configuration
Device management integrated directly into console
Simple Windows Intune Subscription set-up
Centralized branding and customization of Company Portal experience
Windows Intune Connector deployed as a Site System Role
![Page 14: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/14.jpg)
Configuration Manager 2012 SP1 MDM Features• Over the air device enrollment• Self service portal for end users• User-targeted available application
deployment• User and device settings management• Device inventory• Remote device retirement• Remote device wipe
![Page 15: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/15.jpg)
Configuration Manager 2012 R2 UDM Updates
New Features• Required application deployment• Application uninstall• Company versus Personal device designation• New Company Apps portal• VPN, Wifi, and Certificate Profiles• Application triggered VPN• Network traffic triggered VPN
![Page 16: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/16.jpg)
Unified Device Management RecapUnregistered Registered MDM Enrolled Fully Managed
Publish email to users (EAS) Yes Yes Yes Yes
Publish work folders to users Yes Yes Yes Yes
Conditional access based on user, device, locationBlock device
only Yes Yes Yes
Audit logging and monitoring Yes Yes Yes
Unified Device Management Yes Yes
Unified Application Management Yes Yes
Selective data wipe Yes Yes
Compliance reporting Yes Yes
Group Policy and login scripts Yes
OS deployment and imaging Yes
Configuration management Yes
Patch management Yes
Anti malware management Yes
Full application management Yes
BitLocker management Yes
![Page 17: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/17.jpg)
SummaryEn
ab
led
Un
ify
Sim
plify Role-based Administration
Content Management
Software Update Management
Reduced Infrastructure Requirements
User-centric Application Delivery
Modern Device Management
Compliance and Settings Management
Endpoint Protection
Operating System Deployment
Asset Intelligence, Inventory and Software Metering
2012
EAS
User-centric
Updated engine
Improved
RBA in Reporting
Windows 8.1 support
2012 R2
Improved
Web App deployment
New
Integrated
Auto remediation
Improved
New
Improved
Improved
2012 SP1
Unified
Win 8 Apps
Flexible hierarchies
Real-time actions
User profile and data
Improved
Improved
Improved
Modern Management Console Additional cmdletsNew Windows PowerShell
Client Health Improved Improved
Distribution Point for Windows Azure New
![Page 18: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/18.jpg)
http://www.microsoft.com/workstylehttp://www.microsoft.com/server-cloud/user-device-management
More Resources:
System Center 2012 Configuration Managerhttp://technet.microsoft.com/en-us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intunehttp://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windows-server
For More Information
![Page 19: Wally Mead - Deploying a system center 2012 r2 configuration manager environment to manage mobile devices](https://reader034.vdocuments.site/reader034/viewer/2022042714/555894dcd8b42aa6708b4744/html5/thumbnails/19.jpg)
Please evaluate the session before you leave