Scribd
Upload
15 views

Windows Intune Overview Uk MMS

Uploaded by

maha.abuelsaud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
15 views

Windows Intune Overview Uk MMS

Uploaded by

maha.abuelsaud
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 27

Windows Intune

Overview
Susan Smith
Intune TSP
Microsoft

UD-B335
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
What is Windows Intune?
A world class cloud-based device
management service.
A service you can TRUST
ISO/IEC 27001:2005 certified = Industry standard information security
practices

A service you can RELY on


Financially backed SLA - 99.9% uptime
Monthly Uptime Service
Percentage Credit
< 99.9% 25%
< 99% 50%
< 95% 100%

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Windows Intune – Standalone service

Devices & Platforms

Windows PCs
(x86/64, Intel SoC),

Single admin Windows RT


console Windows Phone 8
iOS
Android

Windows Intune Standalone Service: Manage up to 5000 users


IT

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Manage and Secure PCS and Devices
Anywhere Latest Release
 Help protect PCs from malware
Simple web-based Administration  Manage updates
Console and a richer experience  Distribute software
for Information Workers  Proactive monitoring and alerts

 Provide remote assistance

 Inventory hardware and software

 Monitor & track licenses

 Increase insight with reporting

 Set security policies

 Richer Mobile Device Management

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Demo: PC management with
Windows Intune - Overview
Susan Smith
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
PC Management - Demo scenario
IT Pro walks into a cloud and sees Windows
Intune…
Initial Configuration
Setting up Windows Intune for PC management
Managing users through Azure Active Directory
Enrolling devices for management
PC management -
Security – Updates, Endpoint Protection, Security settings
Planning - Asset Management – SW/HW inventory, Licensing
Support - Remote Tasks
Productivity - PC Software distribution

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Preserving the Windows 8 experience
Management tasks can work with the Windows 8
maintenance window
No distractions from management tasks (reboots)
Does not use up computer resources when the user is active
Reduced background activity to preserve battery life
Management tasks do not interrupt if the end user
immersed in a modern application
Windows Intune suppresses interruptions reboots for updates that were installed
without a deadline
Windows Intune provides sufficient lead time to the user before an automatic
reboot
Windows Intune leverages the Windows 8 toast and respects user’s settings for
notifications

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Functionality changes to note

No monitoring for Windows 8


platform

No remote assistance in
Windows 8 and Windows RT

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Mobile Device Management with
Windows Intune
EAS based management
Introduced in last release

Direct management (Windows RT,


Windows Phone8, iOS) (New!)
Over-the-air enrollment of devices for management
Mobile application management
Settings Management
Mobile device inventory
Corporate data protection

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Application management on mobile
devices
Platforms Windows 8/Windows Windows Phone 8 iOS Android
RT

Sideload to *.appx *.xap *.ipa *.apk


install

Deep links to
store apps –
install from
store

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Software distribution summary
Modern App Types
Deskto Side loading
p Apps
Platform Deep web
(.msi,
.exe) .appx .xap .ipa .apk Links apps

Windows 8
Pro/Ent

√ √ √
Windows RT
**
iOS √
√ √
Android √
Not a supported app type on that specific platform
WP8 √ √ √
√ Available since last release
Windows 7 and
√ Added in latest release √ √
below
** Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other PCs linked to the user, but
not installable on the local Window RT device

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Policy
Security policy on devices (iOS, Windows RT and WP8) Direct
management and Exchange ActiveSynch.
Recommendation: Manage policy through only one management
authority

Android and Windows Phone 7 devices can be managed through EAS

The same security policy template is used for both Direct Management
and EAS to help Admins

Reporting available on each setting whether it is applicable,


conformant or has an error.

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Mobile Setting name EAS
(Activesyn
WinRT/
WinPh8
iOS

Device Require a password to unlock mobile devices


c)
√ √ √
Settings Required password type

Minimum password length








Password Allow simple passwords √ √ √
Number of repeated sign-in failures before device is √ √ √
wiped
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days) √ √ √
Remember password history √ √ √
Allow convenience logon (WindowsRT only) X √ X
Allow camera √ X √
Device restrictions Allow web browser √ X √
Allow backup to iCloud (iOS only) X X √
Allow documents sync to iCloud (iOS only) X X √
Allow photostream sync to icloud (iOS only) X X √
Email Maximum size of e-mail attachments √ X X
E-mail synchronization for last (days) √ X X
Allow mobile devices that don’t fully support these √ X X
settings to synchronize with Exchange
Encryption
Require encryption on mobile device √ X X
Require encryption on storage cards √ X X
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Mobile device inventory
Hardware properties for mobile devices are collected
through the Device Management Authority as well as
Exchange ActiveSync (for Android)

No software inventory for mobile devices to respect


the Information Worker’s privacy on their own device

IT Pros can track storage on mobile devices which


help them anticipate/troubleshoot issues

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Property Win RT WP8 iOS Android (EAS)

Mobile Device name


Unique device ID
Y Y Y Y

Device
Y Y Y
Serial number Y

Inventory
Email address Y Y Y Y
OS type Y Y Y
OS version Y Y Y Y
OS language Y Y
Total storage space (GB) Y Y
Free Storage space (GB) Y Y
System enclosure Chassis Y
System enclosure IMEI Y
Manufacturer Y Y
Model Y Y Y Y
Phone number (masked except last 4 digits) Y Y
Subscriber carrier Y
Cellular technology(none, GSM, CDMA) Y
WiFI MAC Y Y
Enrolled date (local time) Y Y Y
Last contact (local time) Y Y Y Y
Last Exchange status Y
Last Policy update status Y
Access State Y
Access state reason Y
Management state Y
ActiveSync ID Y

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Demo: Mobile Device Management with Windows
Intune
Including Intune-Office365 Integration

Susan Smith
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
MDM – Demo scenario
IT Pro wants to enable IWs to work from BYOD
devices
Initial Configuration
Setting up Windows Intune MDM
Setting up Windows Intune for Mobile software distribution
Enrolling devices for management
MDM
Settings management
Hardware inventory
User centric mobile software distribution

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Recap: MDM features per platform
Management Windows Windows iOS Android
Feature RT Phone 8
Over-the-air
Enrollment Y Y Y N

Inventory
Y Y Y Y

Settings
Management Y Y Y Y

Software
Distribution Y Y Y Y

Remote Wipe
N Y Y Y

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Information Worker(IW) self-service
experience
Connect every user ‘s device to the service
Each platform is supported with an end user experience

Enable them to discover applications


Access applications or web links recommended by the IT pro
Install Line Of Business (LOB) applications supplied by the IT pro

End user in control


Let users manage their own devices and of their mobile devices
data
End users can enroll, rename and un-enroll devices
Users in control of configuring
End users can wipe data or email
their devices

Productive on their own


Provide a premium end user experience device
Minimal interruptions from management tasks
End user privacy is respected Choose their applications
on their devices
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
End User Experience
Consistent self service experience for end user across mobile platforms

Windows RT Windows Phone 8 iOS/Android


Company Portal Company Portal Company Portal

 Native Windows app  Native Windows Phone  Web based portal


package (.appx) 8 app (.xap)  Hosted in Windows
 Available in the  Needs to be sideloaded
Intune
Windows Store

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Recap: End user capabilities for each
platform
Windows 8 Windows RT Window iOS Androi
Ent/Pro s Phone d
8
Enroll (local device) Yes Yes Yes Yes EAS
Rename devices Yes Yes No No No
Retire (un-enroll local device) Yes Yes Yes No No
Wipe (remotely other devices) Yes Yes No No No
Install enterprise LOB
Yes Yes Yes Yes Yes
applications
Install publicly available
Yes Yes Yes Yes yes
applications
Browse to web links Yes Yes Yes Yes Yes
Install apps (remotely on other Yes (only Yes (only
No No No
devices) msi/exe) msi/exe)
Contact IT Yes Yes No Yes Yes
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Corporate Data Protection – Retire
and Wipe
All devices and PCs can be retired
Retiring a device removes the record of the device from Intune management
Retiring a device impacts Application distribution and Policies on the retired device

Wipe option depends on the platform and management type


(EAS or native)
Complete wipe and reset to factory defaults – iOS and WP8
EAS mailbox removal only - Android
Only EAS mailbox removal if managed through EAS - Windows RT and Windows 8 Enterprise and
Professional
No wipe - Windows 7 and below (no change from previous release)

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Data Protection – Retire and
Wipe
Susan Smith
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Retire only summary
Windows 8 Windows RT Windows Phone 8 iOS Android (EAS
Ent/Pro managed)
Device record removed from Yes Yes Yes Yes Yes
Intune DB and UI
Device record removed from No (see note below) No (see note No No Yes
Exchange (no email) below)
Removal of Side-loaded keys No Yes Yes (Application -- --
Enrollment Token is
removed)
Already installed applications Side-loaded apps Side-loaded apps Side loaded apps are Installed apps will Installed apps will still
wont run (?) wont run uninstalled still run run
Installing new applications Apps cannot be Apps cannot be SSP is uninstalled so no Apps cannot be Apps can be installed
installed installed apps are available installed from the MIWP

Policies Existing Intune Intune policies are Expected behavior is Expected that Intune Policy is
policies are removed retained on the similar to Windows RT policy will be removed from
during uninstall of device even after removed Exchange server and
Windows Intune the uninstall of the the device receives the
agent agent default Exchange
server policy

Note: When a device is managed natively and through EAS, retiring a


device also removes the device record from Exchange as well as Intune.
M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
Retire with Wipe summary
Windows 7 Windows 8 Windows RT Windows Phone iOS Android
and below Ent/Pro 8 (EAS
managed)
Management Yes Yes -- -- -- --
agent
removed
Data removed No No No Yes Yes No

Mailbox No Yes (EAS Yes (EAS Yes Yes Yes


removed mailbox only) mailbox only)

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
In review: Session Objectives and Key
Takeaways
Session Objectives
Discuss Consumerization of IT(COIT) – Management challenges and
opportunities
Introduce Windows Intune - Unified PC and Mobile Device Management
service
Demonstrate User Centric Management with Windows Intune

Key Takeaways
Windows Intune capabilities, scale and configurations
How to embrace Consumerization of IT today with Windows Intune

M i c r o s o f t C o n fi d e n t i a l – I n t e r n a l O n l y
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

You might also like