Enable Bring Your Own Device with SCCM 2012 David Caddick [email protected] [email protected] Solutions Architect, Quest Software WCL315.

Enable “Bring Your Own Device” with SCCM 2012David Caddick [email protected] Solutions Architect, Quest Software

WCL315

Agenda

Extend SCCM to cover Apple iOS devicesWhy it makes senseHow does it workMobile EnterpriseDemo – https://qmx.questworkspace.com/mdmOr - http://bit.ly/Oo62Yx user: Quest\demoanz pwd: P@ssword

Gartner predicts that by 2015, mobile application development projects for smartphones and tablets will outnumber native PC projects by a ratio of 4:1

A report from JPMorgan shows that the iPad is *the* most disruptive technology to date.

Why MDM is rapidly becoming a “must have”

A World of Connected Devices

One User =One Desktop

In 2011 power users owned between 5 and 7 internet connected devices

Source: IDC, 2010-2011Media Tablet Multi-Client Study, February 2011. Note: IDC only surveyed iPad owners for this study.

916M smart connected devices were shipped in 2011

This is forecastedto double to 1.84Bin 2016Source: IDC, "Nearly 1 Billion Smart Connected Devices

Shipped in 2011 with Shipments Expected to Double by 2016, According to IDC," Doc #prUS23398412, March 28, 2012.

Organizations say 34%of their employees are accessing business appson personal devices

69% of employees saythey are accessing business apps on personal devices

Source for both: IDC, “2011 Consumerization of IT Study : Closing the ‘Consumerization Gap’”, July 2011

SCCM is rapidly becoming the defacto standard for Desktop Management, why not simply extend the system to incorporate any other devices?Get control of *ALL* of your Mac’s, iOS and mobile devices

Mac OSX management (Agent or Agent-less)Apple iOS management (Agentless)Over 120+ other cross-platforms availableQMX – also enables Operations Manager integration (QMX can extend both SCCM and SCOM)

Simply extend SCCMto enable BYOD

QMX for SCCM 2012Why it makes sense

The ability to integrate OSX & iOS devices into SCCM simplifies the management of these devices in a predominately Microsoft-based IT organizations.

100% accountability for an entire organization is now possible through Microsoft System Center.

QMX is the only solution providing reporting, software distribution, and device administration natively through System Center Configuration Manager (SCCM) for both OSX and iOS.

QMX is the only solution providing reporting, software distribution, and device administration natively through System Center Configuration Manager (SCCM) for both OSX and iOS.

Leverages the existing SCCM infrastructureA familiar “pane of glass”Reporting, Inventory, Software distribution, and device adminOSX and iOS … and a whole lot more

QMX for SCCM 2012Easy to use

SCCM & QMX – How it works

How SCCM and QMX works

Groups

Groups

Simple Enrolment

Inventory

Reporting

Software Distribution

iPhone iPad Android• Apply applications• Apply policies• Apply restrictions

Provision Exchange PolicyProvision Policies

Provision ApplicationsSecure Mail Gateway

QMX for SCCM 2012Deploy Secure

Settings

http://www.dsd.gov.au/publications/iOS5_Hardening_Guide.pdf

demo

Live demo from RedmondQMX Server in Microsoft Labs

Managing the Mobile Workforce with the iOS Extension

iOS Mobile Device Management: push profiles, applications, run hardware & software inventories; lock, wipe and manage your growing number of Apple iOS mobile devices

System Center Integration

• Configuration Manager direct integration to standard collections, resource explorer and reporting

• Consistent QMX configuration tool UI for Global Infrastructure usability

• Menu driven Utility invocation• Menu driven Security Control• Profile Library container and Web service listing

for self-service distribution

Seamless integration with the Microsoft System Center Configuration Manager console

QMX - Configuration Manager

Network Email Directory File/Print OS Database Application Web Storage

Cisco

3COM

Juniper

GroupWise

Notes

Exchange

NDS

NIS

Active Director

y

Linux

Unix

Sharepoint

Solaris

Apple

Windows

Oracle

DB2

SQL Serve

r

“ERP”

Java

.NET

Apache

Netscape

IIS

EMC

NetApp

McData

System Admin Network Admin

QMX for SCCM 2012Very broad coverage

How does it work for Mac OSX?Agentless or Agent basedAs a service connecting to SCCMAll information is encrypted / each transaction is loggedThe device is instructed to contact the QMX/SCCM Server to process requests/instructionsEnables simple right-click menu to VNC, SSH, Telnet, etc to OSX device as well as all standard SCCM functions.

QMX Mac Edition

Flexibility to Manage Mac OSX – with Agents or Agent-lessly

Seamless integration with the Microsoft System Center Configuration Manager console

QMX – Configuration Manager Features: 120 cross-platforms

• System Discovery – Multiple auto-discovery methods

• Hardware Inventory – Displays system information in the Resource Explorer

• Software Inventory – Captures & Integrates Mac and other non-Windows systems

• Software Distribution – Remote software distribution keeps desktops up to date

• Reporting – Standard Configuration Manager reporting from the SCCM database

• Collections – Installed with Windows collections for heterogeneous management

Mac OSX Management

QMX Mac EditionIf not BYOC – add QAS?

• Tying Apple's Managed Client Solution to Active Directory Group PolicyAuthentication Services delivers Mac preferences and settings from Active Directory Group Policy directly to Apple Computer’s managed client solution. This native integration allows existing Apple applications, such as the System Profiler, to see and display preference settings from Active Directory Group Policy.

• Active Directory Settings Extended to the MacAuthentication Services also extends many powerful Windows identity and access management polices to the Mac environment for: Passwords Account lockout Kerberos User rights assignment Security options

SCCM & QMX – Mobile Enterprise

How to enable BYOD securelyInstead of disabling a host of features on Smartphones in the name of security – shouldn’t we simply protect the Data instead?Ensure Data Protection is enabled for corporate email on a BYODLet users access iCloud for backup – safe in the knowledge that there is no company data being backed up to a private account Isn’t this what BYOD is all about?

QMX Mobile Enterprise

FeaturesAgentless with a simple enrolment process – increase battery lifeDetect Jailbroken devices – but we will assume it is broken anywayAll mail and attachments are held in memory only – *NOT* stored on device or SSD – now there is no need to enforce encryptionWide range of policies as to what can and can’t be done with mail and attachments – disable forwarding, cut & paste, etc.GeoFencing – change the policies based on location

QMX Mobile Enterprise

SCCM & QMX - Review

QMX – Compatible with SCCM & SCOM 2012Support for self service software distribution for OSX – SCCM 2012 (CY 2012)QMX for Mobile Enterprise

Enable detection of Jailbroken devicesProtect email and attachments with an Agentless system

The Entire System Center SuiteOver 400 Extensions in total – growing constantlyAny SNMP device can be added if the MIB is available – less than 4 weeks turnaround

SCCM & QMX: Review

Contact Quest for TrialTrial use for 30 daysHowTo for install and setup guide - http://bit.ly/PakJvn

Use SCCM 2012Manage Exchange and Supports Windows 8 and VDI

Migrating to Windows 7 & 8Use Quest ChangeBASE to accelerate App Migrations

Quest’s vWorkspacecan accelerate Server 2012 RDSH and Windows 8 now

Next Steps:

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the

part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.