Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)

Premium community conference on Microsoft technologies itcampro@ itcamp14#

Managing mobile devices with Windows Intune and System Center

2012 Configuration Manager

Adrian Stoian

IT Consultant & Trainer

MVP Enterprise Client Management

TechReady

www.adrianstoian.com

http://www.adrianstoian.com/


Huge thanks to our sponsors & partners!


• Windows Intune Overview

• Identity Management

• Cloud Only Windows Intune Configuration

• Unified Management with Configuration Manager

Agenda


WINDOWS INTUNE OVERVIEW


• Windows Intune is a Microsoft cloud-based management solution

What is Windows Intune?

Computer management Mobile Device Management

Application ManagementSoftware UpdatesInventory and ReportingEndpoint ProtectionWindows FirewallRemote Assistance

Application DeploymentSoftware UpdatesInventory and ReportingPolicy SettingsRemote WipeRemote LockPasscode Reset


Platform Support

Scenario System Center 2012 R2

Configuration Manager

Windows Intune Configuration Manager and

Windows Intune

Microsoft Windows

Yes Yes Yes

Microsoft Windows Server

Yes No Yes

Windows Phone No Yes YesWindows RT No Yes YesiOS No Yes YesAndroid No Yes YesMac OS X Yes No YesUnix/Linux Servers Yes No Yes

BETTER TOGETHER


Windows Intune ConsolesAccount Portalhttps://account.manage.microsoft.com/

Administrator Consolehttps://admin.manage.microsoft.com/


IDENTITY MANAGEMENT


What is Windows Azure Active Directory?

AzureAD

AD DS

SharePointOnline

ExchangeOnline

LyncOnline

CRMOnline

Windows Intune

Windows Azure Active Directoryis designed for authentication in the cloud

• Manage users and access to cloud applications

• Extend your on-premises directories to the cloud

• Provide single sign-on across your cloud applications

• Enable multi-factor authentication

On-Premise


• Separate Windows Intune accounts

• Dirsync

• Active Directory Federation Services (ADFS)

Identity Management Options


CLOUD ONLY WINDOWS INTUNECONFIGURATION


Windows Intune Architecture – Cloud Only

Windows Intune

Corp Net Internet

AD DS

Exchange

Windows RTWindows Phone 8iOSAndroid

Windows 8Windows 7Windows VistaWindows XP

ActiveSync EAS Policy

Administrator

DirSync



UNIFIED MANAGEMENT WITH CONFIGURATION MANAGER


Windows Intune Architecture – Unified Mgmt

Windows Intune

Corp Net Internet

AD FS

Exchange

Windows RTWindows Phone 8iOSAndroidWindows 8

Windows 7Windows VistaWindows XP

ActiveSync EAS Policy

Administrator

Intune Connector

ConfigMgr

AD DS

SingleSign-On

ExchangeConnector



























CERTIFICATE PROFILESIN CONFIGURATION MANAGER


Certificate Profiles Architecture


• Install AD CS and configure certificate templates

• Install NDES on a separate Windows Server 2012 R2 and configure service account, CA name, Registration Authority

• Enroll for server certificate

• Install Certificate Registration Point (CRP) site system role

• Install Configuration Manager Policy Module

Configuration Steps


• Create a certificate profile for the Trusted Root CA certificate

• Create a certificate profile for devices

• Create a certificate profile for users

• Deploy Trusted Root certificate profile to device collections

• Deploy other certificate profiles for users and devices to relevant collections

• Monitor compliance

Enrolling for certificates


• Windows 8.1 (incl. RT)

• iOS (5.0, 6.0, 7.0) for iPhone and iPad

• Android

Applicable platforms



VPN PROFILESIN CONFIGURATION MANAGER


• Run Create VPN Profile Wizard

• Specify connection type

• Configure authentication method

• Specify proxy settings

• Configure Automatic VPN

• Configure supported platforms

• Deploy VPN profile to an users collection

Configuration Steps


• Devices that run Windows 8.1 32-bit and 64-bit

• Devices that run Windows RT or Windows RT 8.1

• IPhone devices that run iOS 5, iOS 6 and iOS 7

• IPad devices that run iOS 5, iOS 6 and iOS 7




WI-FI PROFILESIN CONFIGURATION MANAGER


• Run the Create Wi-Fi Profile Wizard

• Specify network name and SSID

• Configure authentication method

• Configure advanced and proxy settings

• Configure supported platforms

• Deploy Wi-Fi profile to an users collection

• Monitor compliance

Configuration Steps


• Devices that run Windows 8.1 32-bit and 64-bit

• Devices that run Windows RT 8.1

• IPhone devices that run iOS 5, iOS 6 and iOS 7

• IPad devices that run iOS 5, iOS 6 and iOS 7

• Android devices that run version 4



• Enterprise Feature Pack

– S/MIME for signing and encrypting e-mail

–VPN support

– Enterprise Wi-Fi with EAP-TLS

–Rich MDM policies (lock down)

–Certificate management

• Releasing in H1 2014

What about Windows Phone 8?



• Mobile Device Management with Windows Intune and System Center Configuration Manager– Attend this 2-day seminar to find out how you can manage mobile devices

using Windows Intune, either in the Cloud Only configuration, or using the Unified Mangement configuration with System Center 2012 Configuration Manager R2.

• Agenda:1. Windows Intune Overview2. Identity Management with Windows Intune3. Cloud Only Windows Intune Configuration4. Mobile Device Management with Windows Intune5. Deploying Software to Mobile Devices6. Unified Management with Windows Intune and System Center 2012

Configuration Manager R27. Managing Mobile Device Settings and Compliance8. Unified Software Deployment9. End User Experience for Mobile Devices

Seminar


Q & A

Contact details:

Blog: www.adrianstoian.com

Twitter: @astoian

http://www.adrianstoian.com/

Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)

Technology

premium community

certificate

run windows

windows intune

1 iphone devices

run ios 5

bit devices

manage