Post on 14-Dec-2015
transcript
Managing Windows 8.1, Windows Phone 8.1 and Windows RT 8.1 Using Mobile Device ManagementMichael NiehausSenior Product Marketing Managermniehaus@microsoft.com
WIN-B316
Managing Windows
Governance Full ControlLightweight Control
Windows Phone 8.1
Windows RT 8.1
Windows 8.1
Exchange ActiveSync
OMA-DMMobile Device Management
Active DirectoryGroup Policy
System Center
Allow e-mail access
BYOD-style management
Fully-managed corporate device
Managing WindowsMobile Device Management (MDM) Defined
App managementPolicy enforcement and compliance Security management Content management
OMA-DM agent in OS, managed via a cloud service
Simple process to register the device and user with the MDM service
Access “PC Settings -> Network -> Workplace” (Windows 8.1) or “Settings -> Workplace” (Windows Phone)Specify the user’s e-mail address (e.g. user@contoso.com) and turn onFind the appropriate MDM service based on the domain name (e.g. enterpriseenrollment.contoso.com for Windows 8.1 or enterpriseregistration.contoso.com for Windows Phone 8.1)Specify user credentials (as required by the service)Accept any terms of use (if offered)
Step 1: Enrollment
Step 2: Collect Inventory
Automatically collected for all enrolled devices
Sent to the MDM service, stored by the servicing for reporting purposes
Supported InventoryWindows 8.1 Inventory
CPU Information Web links deployed via MDM
Memory Information RemoteApps deployed via MDM
Operating System Firewall enabled
Computer System Windows Update (Auto Update) enabled
Networking Adapters Anti-virus enabled
Physical Disks Anti-virus signature
Logical Disks Encryption enabled
Encrypted Volumes Bluetooth enabled
Display Devices Wi-Fi enabled
Infrared Devices PC Settings synchronization enabled
Battery Credentials synchronization enabled
System Bios Metered network synchronization enabled
Shared Resources (disk, printer, screen) Intranet zone security level
Services Internet zone security level
Date and Time Information Restricted sites zone security level
Modern apps deployed via MDM Trusted sites zone security level
Windows Phone 8.1 Inventory
Device ID
OS platform type
Firmware version
OS version
Device local time
Processor type
Device model
Device manufacturer
Device processor architecture
Device language
Wi-Fi MAC address
Phone number
Roaming status
IMEI & IMSI
Wi-Fi IP address
Wi-Fi DNS suffix and subnet mask
Enterprise apps installed
Step 3: Apply configuration and settings
Targeting controlled by the MDM serviceDevice, user, or other attributes (leveraging inventory) can be used
Automatically applied by the MDM agentCan tighten existing settings (e.g. EAS)
Windows 8.1Supported Policies and SettingsSetting Setting
Enable Windows Error Reporting (Diagnostics Submission) Enable SmartScreen (Force Fraud Warning)
Permit Data Roaming (Mobile) Enable Auto-Fill
Allow Work Folders Allow Internet Scripting (JavaScript)
Configure Work Folders Allow Internet Plugins
Enable User Account Control Enable Popup Blocking
Enable Smart Screen Enable Do Not Track
Minimum Password Length Intranet Security Zone Enabled
Auto-lock Timeout Internet Zone Configuration
Maximum Password History Define Wi-Fi Profiles
Password Expiration Define VPN Profiles
Failed Password Attempts before Wipe Enroll Certificates
Minimum Required Complex Characters Define Application Launch VPN Triggers
Disallow Convenience Login Reset local account password
Enterprise Mode IE enable and configure App whitelisting and blacklisting
URL filtering
Windows Phone 8.1Supported Policies and SettingsSetting Setting
Simple password Disable Location
Alphanumeric password Disable NFC
Minimum password length Disable Microsoft Account
Minimum password complex characters Disable roaming between Windows devices
Password expiration Disable custom email accounts
Password history Disable screen capture
Device wipe threshold Disable copy & paste functionality
Auto-lock Timeout Disable sharing and saving of Office Documents
Inactivity timeout Disable MDM un-enrollment
Device encryption Define Wi-Fi profiles and settings
Disable removable storage card Define VPN Profiles
Disable Camera Certificate management
Disable Bluetooth Storage management
Disable Wi-Fi Assigned Access management
Disable telemetry data submission E-mail account management
App whitelisting and blacklisting S/MIME configuration
Step 4: Deploy apps
Push mandatory apps or allow users to select for themselves
Company portal provided by the MDM service enables self-serviceSideloaded apps (e.g. line of business apps) or links to apps in the Windows StoreMake sure you understand the sideloading requirements, including certificates and settings
Web links (favorites) can also be deployed
Step 5: Remotely assist
New capabilities in Windows Phone 8.1:Remote lockRemote password (PIN) resetRemote ring
Step 6: Un-enroll
Removes enterprise apps and configuration applied via MDMRemoves data
For Windows 8.1 and Windows Phone 8.1, remote business data removal removes e-mail and Work Folder docsFor Windows Phone 8.1, a complete device reset can also be performed
Windows 8.1MDM enrollment protocol documentation, http://msdn.microsoft.com/en-us/library/dn409494.aspx MDM protocol documentation, http://msdn.microsoft.com/en-us/library/dn392112.aspx Sideloading apps, http://technet.microsoft.com/en-us/windows/dn535729 and http://blogs.windows.com/windows/b/springboard/archive/2014/04/03/windows-8-1-sideloading-enhancements.aspx
Windows Phone 8.1Windows Phone 8.1 Mobile Device Management Overview, http://www.microsoft.com/en-us/download/details.aspx?id=42508
TrainingWindows Intune for IT Professionals Jump Start, http://www.microsoftvirtualacademy.com/training-courses/windows-intune-for-it-professionals-jump-start
For More Information
Breakout SessionsWIN-B316 Managing Windows 8.1 and Windows RT 8.1 Using Mobile Device Management WIN-B364 Mobile Device Management Overview for the Next Version of Windows Phone WIN-B217 Deploying and Managing Enterprise Apps on Windows and Windows Phone FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server PCIT-B325 Protecting Your Corporate Data with Microsoft System Center Configuration Manager and Windows Intune
Related content
Find Me Later At. . .mniehaus@microsoft.com or @mniehaus on Twitter
Windows Enterprise windows.com/enterprise windowsphone.com/business
Windows Track Resources
Windows Springboard microsoft.com/springboardMicrosoft Desktop Optimization Package (MDOP)
microsoft.com/mdop Windows To Go microsoft.com/windows/wtg
Windows Phone Developer developer.windowsphone.com
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.