Date post: | 20-Aug-2015 |
Category: |
Technology |
Upload: | aptera-inc |
View: | 345 times |
Download: | 1 times |
The explosion of devices is eroding the standards-based approach to corporate IT.
Devices
Deploying and managing applications across platforms is difficult.
Apps
How Microsoft addresses today’s challenges
Data
Users need to be productive while maintaining compliance and reducing risk.
Users expect to be able to work in any location and have access to all their work resources.
Users
Devices AppsUsers
Empowering People-centric IT
Enable users
Allow users to work on the devices of their choice and provide consistent access to corporate resources.
Protect your data
Help protect corporate information and manage risk.Management. Access. Protection.
Data
Unify your environment
Deliver a unified application and device management on-premises and in the cloud.
Selecting the Management Platform
Unified Device Management – System Center 2012 R2 Configuration Manager with Windows
Intune
Cloud-based Management - Standalone
Windows Intune
No existing Configuration Manager deployment
Simplified policy control
Fewer than 7,000 devices and 4,000 users
Simple web-based administration console
Windows Intune – Standalone service
Windows PCs
(x86/64, Intel SoC)
Windows RT,
Windows Phone 8
iOS, Android
Manage up to 7,000 devices and 4,000 users
Mobile Device Management with Windows Intune
EAS based management
Direct management (Windows RT,
Windows Phone 8, iOS)
Information Worker Self-service Experience
Connect every user ‘s device to the service
Enable them to discover applications
Let users manage their own devices and data
Provide a premium end user experience
End User ExperienceConsistent self service experience for end user across mobile platforms
Native Windows application
Available in the Windows Store
Windows Phone 8
Company Portal
iOS
Company Portal
Native Windows Phone 8 app (.xap)
Side-loaded during enrollment
Native iOS application
Available in the Apple App store
Windows RT
Company Portal
End User Capabilities for each Platform
Windows 8 &
Windows 8.1
Windows RT &
Windows 8.1 RT
Windows
Phone 8
iOS Android
Enroll (local device) Yes Yes Yes Yes EAS
Rename devices Yes Yes Yes Yes No
Retire (un-enroll local device) Yes Yes Yes Yes No
Remotely wipe other devices Yes Yes No No No
Install enterprise LOB applications Yes Yes Yes Yes Yes
Install publicly available applications Yes Yes Yes Yes yes
Browse to web links Yes Yes Yes Yes Yes
Contact IT Yes Yes Yes Yes Yes
Mobile Device Inventory
Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync.
No software inventory for mobile devices to respect the Information Worker’s privacy on their own device.
IT Pros can track storage on
mobile devices which help them
anticipate/troubleshoot issues.
Settings Management
Security policy on devices (iOS, Windows RT and WP8) Direct management and Exchange ActiveSync.
Reporting available on
each setting whether it is
applicable, conformant or
has an error.
The same security policy template is used for both Direct Management and EAS to help Admins
Android and Windows Phone 7 devices can be managed through EAS
Application Management on Mobile Devices
Platforms Windows
8/Windows RT
Windows Phone
8
iOS Android
Sideload to
install
*.appx *.xap *.ipa *.apk
Deep links to
store apps –
install from
store
Software Distribution Summary
PlatformDesktop Apps
(.msi, .exe)
Modern App Types
Side loading Deep
Links
web
apps.appx .xap .ipa .apk
Windows 8 Pro/Ent √ √ √ √
Windows RT ** √ √ √
iOS √ √ √
Android √ √ √
WP8 √ √ √
Windows 7 and below √ √
** Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other
PCs linked to the user, but not installable on the local Window RT device
Personal Apps and Data
Lost or Stolen
Company Apps and Data
Remote App
Protect your dataHelp protect corporate information and manage risk
Centralized Data
EnrollmentRetired
Company Apps and Data
Remote App
Policies
Policies
Lost or Stolen
Company Apps and Data
Remote App
Policies
Personal Apps and Data
Retired
Personal Apps and
Data
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.
Users can access corporate data regardless of device or location with Work Folders for datasync and desktop virtualization for centralized applications.
• Selective wipe removes corporate applications,
data, and policies based as supported by each
platform
• Full wipe if supported by each platform
• Can be executed by IT or by user via Company
Portal
• Sensitive data or applications can be kept off
device and accessed via Remote Desktop Services
Recap: MDM Features per Platform
Management
Feature
Windows RT Windows
Phone 8
iOS Android
Over-the-air
EnrollmentY Y Y
InventoryY Y Y Y
Settings
ManagementY Y Y Y
Software
DistributionY Y Y Y
Remote WipeY Y Y
Windows Intune integrated with System Center 2012 R2 Configuration Manager
Mac OS X
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Windows RT,
Windows Phone 8
iOS, Android
Manage and Secure PCs and Devices Anywhere
Help protect PCs from malware
Manage updates
Proactive monitoring and alerts
Provide remote assistance
Inventory hardware and software
Monitor & track licenses
Increase insight with reporting
Set security policies
Distribute software
Richer Mobile Device Management
Simple web-based Administration Console and a
richer experience for Information Workers
Non-intrusive Management
Management tasks can work with the Windows 8 maintenance window
Management tasks do not interrupt if the end user immersed in a modern application
Mobile device wipe and retire
Category Windows 8.1
(MDM managed)
Windows 8 RT Windows Phone iOS Android (EAS)
Full Wipe Not applicable Not applicable
Retire (Selective wipe)
Email (Email through EAS) (Email through EAS) (Email through EAS)
Company apps
and associated
data installed by
using
Configuration
Manager and
Windows Intune
Uninstalled and sideloading
keys are removed.
In addition any apps using
Windows Selective Wipe will
have the encryption key
revoked and data will no
longer be accessible
Sideloading keys
removed but remain
installed
Uninstalled and data
removed
Uninstalled and data
removed
Apps and data remain
installed
Settings Requirements removed Requirements removed Requirements removed Requirements removed Requirements removed
Management
Client
Not applicable. Management
agent is built-in
Not applicable.
Management agent is
built-in
Not applicable.
Management agent is
built-in
Management profile is
removed
Not applicable.
Management agent is
built-in
Setting nameEAS
(Activesync)
WinRT/ WinPh8 iOS
Require a password to unlock mobile devices √ √ √
Required password type √ √ √
Minimum password length √ √ √
Allow simple passwords √ √ √
Number of repeated sign-in failures before device is wiped √ √ √
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days) √ √ √
Remember password history √ √ √
Allow convenience logon (WindowsRT only) √
Allow camera √ √
Allow web browser √ √
Allow backup to iCloud (iOS only) √
Allow documents sync to iCloud (iOS only) √
Allow photostream sync to icloud (iOS only) √
Maximum size of e-mail attachments √
E-mail synchronization for last (days) √
Allow mobile devices that don’t fully support these settings to
synchronize with Exchange√
Require encryption on mobile device √
Require encryption on storage cards √
Password
Device restrictions
Encryption
Mobile Device Settings
Mobile Device Inventory
Property Win RT WP8 iOS Android (EAS)
Device name Y Y Y Y
Unique device ID Y Y Y
Serial number Y
Email address Y Y Y Y
OS type Y Y Y
OS version Y Y Y Y
OS language Y Y
Total storage space (GB) Y Y
Free Storage space (GB) Y Y
System enclosure Chassis Y
System enclosure IMEI Y
Manufacturer Y Y
Model Y Y Y Y
Phone number (masked except last 4 digits) Y Y
Subscriber carrier Y
Cellular technology(none, GSM, CDMA) Y
WiFI MAC Y Y
Enrolled date (local time) Y Y Y
Last contact (local time) Y Y Y Y
Last Exchange status Y
Last Policy update status Y
Access State Y
Access state reason Y
Management state Y
ActiveSync ID Y
Flexible Licensing that Fits Your Needs
Already have Configuration Manager
Windows Intune
(Add-On)($4 per user per month)
Don’t Have Configuration Manager
Windows Intune
(includes Configuration Manager license)($6 per user per month)
Windows Intune & Windows Enterprise
(includes Configuration Manager license)($11 per user per month)
• Single License: Windows Intune and Configuration Manager
• Per User Licensing
• Up to 5 devices/user
http://www.microsoft.com/workstyle
http://www.microsoft.com/server-cloud/user-device-management
More Resources:
System Center 2012 Configuration Manager
http://technet.microsoft.com/en-
us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intune
http://www.microsoft.com/en-us/windows/windowsintune/try-and-
buy
Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windows-server
For More Information