Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014
Feb 25, 2016
Windows 8.1 Device Management With Windows Intune Mark O’SheaMVP Windows Expert – IT Pro30 June 2014
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps
Today’s challenges
2
DataUsers need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Devices
AppsUsers
Empowering People-centric IT
3
Enable usersAllow users to work on the devices of their choice and provide consistent access to corporate resources.
Protect your dataHelp protect corporate information and manage risk.Management. Access.
Protection.
Data
Unify your environmentDeliver a unified application and device management on-premises and in the cloud.
Selecting the Management Platform
Unified Device Management – System Center 2012 R2 Configuration Manager
with Windows Intune
Build on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsExtensible administration tools (RBA, Windows PowerShell, SQL Reporting Services)
Cloud-based Management - Standalone Windows Intune
No existing Configuration Manager deploymentSimplified policy controlSimple web-based administration console
Windows Intune – Standalone service
IT
Windows PCs(x86/64, Intel SoC)
Windows RT, Windows Phone 8.x
iOS, Android
Web-based AdminConsole
Manage and Secure PCs and Devices Anywhere
Help protect PCs from malware Manage updates
Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies
Distribute software
Richer Mobile Device Management
Simple web-based Administration Console and a richer experience for Information Workers
Windows Intune Web Console
Windows 8.1 with Windows Intune client software installedDemonstrations
7
Non-intrusive Management
Management tasks can work with the Windows 8.x maintenance windowNo distractions from management tasks (reboots)Does not use up computer resources when the user is activeReduced background activity to preserve battery life
Management tasks do not interrupt if the end user immersed in a modern applicationWindows Intune suppresses interruptions reboots for updates that were installed without a deadlineWindows Intune provides sufficient lead time to the user before an automatic rebootWindows Intune leverages the Windows 8 toast and respects user’s settings for notifications
Mobile Device Management with Windows Intune
EAS based management Integration with Exchange ServerEither on-premises or Office365 hosted
Corporate data protection
Over-the-air enrollment of devices for management
Mobile application management
Settings Management
Mobile device inventory
Direct management (Windows RT, Windows Phone 8.x, iOS,
Android)
Information Worker Self-service Experience
Connect every user ‘s device to the serviceEach platform is supported with an end user experience
Enable them to discover applicationsAccess applications or web links recommended by the IT proInstall Line Of Business (LOB) applications supplied by the IT pro
Let users manage their own devices and dataEnd users can enroll, rename and un-enroll devicesEnd users can wipe data or email
Provide a premium end user experience Minimal interruptions from management tasksEnd user privacy is respected
Windows 8.1 with Windows Intune Mobile Device Management EnabledDemonstration
11
End User ExperienceConsistent self service experience for end user across mobile platforms
Available in the Windows
Store
Windows Phone iOS
Side-loaded during
enrollment
Available in the Apple App store
Windows Android
Available in the Google Play
Store
End User Capabilities for each PlatformWindows 8 &Windows 8.1
Windows RT & Windows 8.1
RT
Windows Phone 8
iOS Android(4.x)
Enroll (local device) Yes Yes Yes Yes YesRename devices Yes Yes Yes Yes YesRetire (un-enroll local device) Yes Yes Yes Yes YesRemotely wipe other devices Yes Yes Yes Yes Yes Install enterprise LOB applications Yes Yes Yes Yes Yes
Install publicly available applications Yes Yes Yes Yes Yes
Access web applications Shortcut Shortcut Launch Web clip Shortcut
Contact IT Yes Yes Yes Yes Yes
Mobile Device Inventory
Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync.
No software inventory for mobile devices to respect the Information Worker’s privacy on their own device.
IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues.
Settings Management
Security policy on devices by Direct management and Exchange ActiveSync.
New expanded policy set.
Reporting available on each setting whether it is applicable, conformant or has an error.
The same security policy template is used for both Direct Management and EAS to help Admins
Older Android and Windows Phone 7 devices can be managed through EAS
Mobile Device Settings in Windows IntuneCategory Win 8.1 PC & RT WP8.1 iOS AndroidPassword Encryption Malware System Settings Cloud Windows Server Work Folders
Browser Applications & Gaming Device restrictions Store access Roaming
* Subset of settings Note: Table applicable to direct MDM and not EAS
Note: specific capabilities depend on platform
Software Distribution Summary
Platform Desktop Apps(.msi, .exe)*
Modern App TypesSide loading Deep
LinksWeb apps.appx .xap .ipa .apk
Windows 8 Pro/Ent √ √ √ √Windows RT √ √ √iOS √ √ √Android √ √ √WP8 √ √ √Windows 7 and below √ √
* = With full Windows Intune management client
Personal Apps and
Data
Lost or Stolen
Company Apps and Data
Remote App
Protect your dataHelp protect corporate information and manage risk
Centralized Data
Enrollment
Retired
Company Apps and Data
Remote App
PoliciesPolicies
Lost or Stolen
Company Apps and Data
Remote App
Policies
Personal Apps and
Data
Retired
Personal Apps and
Data
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.
Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.
• Selective wipe removes corporate applications, data, and policies based as supported by each platform
• Full wipe if supported by each platform• Can be executed by IT or by user via
Company Portal• Sensitive data or applications can be kept
off device and accessed via Remote Desktop Services
Windows 8.1 with MDM, Workplace Join and Work FoldersDemonstration
19
Mobile device wipe and retireCategory Windows 8.1 (x86/RT
OMA-DM managed)Windows 8 RT Windows Phone
8.1iOS Android (EAS)
Full Wipe Retire (Selective wipe)
Email (Email through EAS) (Email through EAS)
Company apps and associated data installed
by Windows Intun
e.
Apps originally installed through the company
portal are uninstalled and sideloading keys are removed. Apps using
Windows Selective Wipe will have the encryption
key revoked and data will no longer be accessible.
Sideloading keys are removed but apps remain installed.
Apps originally installed through the company portal are
uninstalled. Company app data is
removed.
Apps are uninstalled. Company app data is
removed.Apps and data
remain installed.
Settings Requirements removed Requirements removed
Requirements removed
Requirements removed
Requirements removed
Management Client
Not applicable. Management agent is
built-in
Not applicable. Management agent
is built-in
Not applicable. Management agent
is built-inManagement profile
is removedDevice Administrator privilege is revoked.
Windows Intune – Recent Releases January 2014
Android direct management support New Mobile Device Policy Settings Featured Apps in Company Portal Web application deployment Mobile Device Inventory Report Remote Lock and Passcode Reset for Mobile Devices
April 2014 Windows Phone 8.1 management
21
Windows Intunehttp://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
My bloghttp://intunedin.net
For More Information