UD-B335 - Windows Intune Overview

UD-B335 - Windows Intune Overview

Windows Intune Overview Susan Smith Intune TSP Microsoft UD-B335 M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y What is Windows Intune? A world class cloud-based device management service. A service you can TRUST ISO/IEC 27001:2005 certified = Industry standard information security practices A service you can RELY on Financially backed SLA - 99.9% uptime Monthly Uptime Percentage < 99.9% < 99% < 95% Service Credit 25% 50% 100% M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Windows Intune Standalone service Devices & Platforms Windows PCs (x86/64, Intel SoC), Single admin console IT

Windows RT Windows Phone 8 iOS Android Windows Intune Standalone Service: Manage up to 5000 users M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Manage and Secure PCS and Devices Anywhere Latest Release Simple web-based Administration Console and a richer experience for Information Workers Help protect PCs from malware Manage updates Distribute software Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies Richer Mobile Device Management M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Demo: PC management with Windows Intune - Overview Susan Smith M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y PC Management - Demo scenario IT Pro walks into a cloud and sees Windows Intune Initial Configuration Setting up Windows Intune for PC management

Managing users through Azure Active Directory Enrolling devices for management PC management Security Updates, Endpoint Protection, Security settings Planning - Asset Management SW/HW inventory, Licensing Support - Remote Tasks Productivity - PC Software distribution M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Preserving the Windows 8 experience Management tasks can work with the Windows 8 maintenance window No distractions from management tasks (reboots) Does not use up computer resources when the user is active Reduced background activity to preserve battery life Management tasks do not interrupt if the end user immersed in a modern application Windows Intune suppresses interruptions reboots for updates that were installed without a deadline Windows Intune provides sufficient lead time to the user before an automatic reboot Windows Intune leverages the Windows 8 toast and respects users settings for notifications M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Functionality changes to note No monitoring for Windows 8 platform No remote assistance in Windows 8 and Windows RT M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Mobile Device Management with Windows Intune EAS based management Introduced in last release Direct management (Windows RT,

Windows Phone8, iOS) (New!) Over-the-air enrollment of devices for management Mobile application management Settings Management Mobile device inventory Corporate data protection M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Application management on mobile devices Platforms Sideload to install Windows 8/Windows RT Windows Phone 8 iOS Android *.appx *.xap *.ipa *.apk Deep links to store apps install from store M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y

Software distribution summary Platform Deskto p Apps (.msi, .exe) Windows 8 Pro/Ent Windows RT Modern App Types Side loading .appx .xap .ipa .apk web apps **

iOS Android WP8 Not7a and supported app type on that specific platform Windows Available since last release below ** Deep Links Added in latest release Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other PCs linked to the user, but not installable on the local Window RT device M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Policy Security policy on devices (iOS, Windows RT and WP8) Direct management and Exchange ActiveSynch. Recommendation: Manage policy through only one management authority Android and Windows Phone 7 devices can be managed through EAS

The same security policy template is used for both Direct Management and EAS to help Admins Reporting available on each setting whether it is applicable, conformant or has an error. M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Mobile Device Settings Setting name EAS WinRT/ (Activesyn WinPh8 iOS c)

X X X Allow web browser X Allow backup to iCloud (iOS only) X X X X

X X X X E-mail synchronization for last (days) X X Allow mobile devices that dont fully support these settings to synchronize with Exchange Require encryption on mobile device X X X X Require encryption on storage cards X X

Require a password to unlock mobile devices Required password type Minimum password length Password Allow simple passwords Number of repeated sign-in failures before device is wiped Minutes of inactivity before device screen is locked Password expiration (days) Remember password history Allow convenience logon (WindowsRT only) Allow camera Device restrictions Allow documents sync to iCloud (iOS only) Allow photostream sync to icloud (iOS only) Maximum size of e-mail attachments Email Encryption M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Mobile device inventory Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync (for Android) No software inventory for mobile devices to respect the Information Workers privacy on their own device IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Mobile Device

Inventory Property Win RT WP8 iOS Android (EAS) Device name Y Y Y Y Unique device ID Y Y Y Serial number Y Email address Y Y

OS type Y Y OS version Y Y OS language Y Y Y Y Y Y Y Total storage space (GB) Y Y Free Storage space (GB) Y Y System enclosure Chassis

Y System enclosure IMEI Y Manufacturer Y Y Model Y Y Y Y Phone number (masked except last 4 digits) Y Y Subscriber carrier Y Cellular technology(none, GSM, CDMA) Y WiFI MAC Y

Y Enrolled date (local time) Y Y Y Last contact (local time) Y Y Y Y Last Exchange status Y Last Policy update status Y Access State Y Access state reason Y Management state Y

ActiveSync ID Y M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Demo: Mobile Device Management with Windows Intune Including Intune-Office365 Integration Susan Smith M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y MDM Demo scenario IT Pro wants to enable IWs to work from BYOD devices Initial Configuration Setting up Windows Intune MDM Setting up Windows Intune for Mobile software distribution Enrolling devices for management MDM Settings management Hardware inventory User centric mobile software distribution M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Recap: MDM features per platform Management Feature Windows RT Windows Phone 8 iOS Android

Over-the-air Enrollment Y Y Y N Y Y Y Y Settings Management Y Y Y Y Software Distribution Y Y Y Y

N Y Y Y Inventory Remote Wipe M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Information Worker(IW) self-service experience Connect every user s device to the service Each platform is supported with an end user experience Enable them to discover applications Access applications or web links recommended by the IT pro Install Line Of Business (LOB) applications supplied by the IT pro Let users manage their own devices and data End user in control of their mobile devices End users can enroll, rename and un-enroll devices End users can wipe data or email Users in control of configuring their devices Provide a premium end user experience Productive on their own device

Minimal interruptions from management tasks End user privacy is respected Choose their applications on their devices M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y End User Experience Consistent self service experience for end user across mobile platforms Windows RT Company Portal Native Windows app package (.appx) Available in the Windows Store Windows Phone 8 Company Portal Native Windows Phone 8 app (.xap) Needs to be sideloaded M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y iOS/Android Company Portal Web based portal Hosted in Windows Intune Recap: End user capabilities for each platform Windows 8 Ent/Pro

Windows RT Window s Phone 8 iOS Androi d Enroll (local device) Yes Yes Yes Yes EAS Rename devices Yes Yes No No No Retire (un-enroll local device) Yes Yes

Yes No No Wipe (remotely other devices) Yes Yes No No No Install enterprise LOB applications Yes Yes Yes Yes Yes Install publicly available applications Yes Yes Yes

Yes yes Browse to web links Yes Yes Yes Yes Yes Yes (only msi/exe) Yes (only msi/ exe) No No No Yes Yes No Yes Yes Install apps (remotely on other

devices) Contact IT M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Corporate Data Protection Retire and Wipe All devices and PCs can be retired Retiring a device removes the record of the device from Intune management Retiring a device impacts Application distribution and Policies on the retired device Wipe option depends on the platform and management type (EAS or native) Complete wipe and reset to factory defaults iOS and WP8 EAS mailbox removal only - Android Only EAS mailbox removal if managed through EAS - Windows RT and Windows 8 Enterprise and Professional No wipe - Windows 7 and below (no change from previous release) M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Data Protection Retire and Wipe Susan Smith M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Retire only summary Windows 8 Ent/Pro Windows RT Windows Phone 8 iOS Android (EAS managed)

Device record removed from Intune DB and UI Yes Yes Yes Yes Yes Device record removed from Exchange (no email) No (see note below) No (see note below) No No Yes Removal of Side-loaded keys No Yes Yes (Application Enrollment Token is removed) --

-- Already installed applications Side-loaded apps wont run (?) Side-loaded apps wont run Side loaded apps are uninstalled Installed apps will still run Installed apps will still run Installing new applications Apps cannot be installed Apps cannot be installed SSP is uninstalled so no apps are available Apps cannot be installed Apps can be installed from the MIWP Policies Existing Intune policies are removed

during uninstall of Windows Intune agent Intune policies are retained on the device even after the uninstall of the agent Expected behavior is similar to Windows RT Expected that policy will be removed Intune Policy is removed from Exchange server and the device receives the default Exchange server policy Note: When a device is managed natively and through EAS, retiring a device also removes the device record from Exchange as well as Intune. M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y Retire with Wipe summary Windows 7 and below Windows 8 Ent/Pro Windows RT Windows Phone 8

iOS Android (EAS managed) Management agent removed Yes Yes -- -- -- -- Data removed No No No Yes Yes No Mailbox removed

No Yes (EAS mailbox only) Yes (EAS mailbox only) Yes Yes Yes M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y In review: Session Objectives and Key Takeaways Session Objectives Discuss Consumerization of IT(COIT) Management challenges and opportunities Introduce Windows Intune - Unified PC and Mobile Device Management service Demonstrate User Centric Management with Windows Intune Key Takeaways Windows Intune capabilities, scale and configurations How to embrace Consumerization of IT today with Windows Intune M i c r o s o f t C o n fi d e n t i a l I n t e r n a l O n l y 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recently Viewed Presentations

  • Air Masses &amp; Weather Fronts - leonschools.net

    Air Masses & Weather Fronts - leonschools.net

    WEATHER PATTERNS WORKSHEET . Lab worksheet . ... Classify the four major air masses that affect weather in the United States by their characteristics . Distinguish between and air mass and a front. Describe how a weather front forms. Pressure...
  • Folie 1 - st-nso-export.resource.bosch.com

    Folie 1 - st-nso-export.resource.bosch.com

    Providing support on defining individual technical concepts and system designs for your solution. Strong application design support. Security Systems. Complete solution incl. 3rd party integration. Providing complete solutions by cooperation with (y)our dedicated technology partners
  • CPSC 3200 Algorithm Analysis and Advanced Data Structure

    CPSC 3200 Algorithm Analysis and Advanced Data Structure

    The Stack ADT. The Stack ADT stores arbitrary objects. Insertions and deletions follow the . last-in first-out . scheme. Think of a spring-loaded plate dispenser
  • What is a Robot? - TeachEngineering

    What is a Robot? - TeachEngineering

    First you have to assemble the NXT Robot using the documentation in the pdf "How to assemble an NXT Taskbot ". This in the attachment section in the TeachEngineering Activity "Understanding Communication with a Robot". The process of assembling takes...
  • U.S. Department of Energy Perspectives on Waste Classification

    U.S. Department of Energy Perspectives on Waste Classification

    DOE O 5820.2A = Sept 26, 1988 Approved date. DOE O 5820.2 = Feb, 6, 1984 Approved date. USDOE On-Site Facilities and Commercial Options. Fernald. Los Alamos National Laboratory. Technical Area 54, Area G. Portsmouth. Paducah. Idaho National Laboratory.
  • Puyallup School District

    Puyallup School District

    Overview In order to take the following leave you must go through your regional substitute coordinator and/or the HR director, approvals by your building principal is not authorization.
  • Counseling the Elderly - Yola

    Counseling the Elderly - Yola

    Counseling Adult Neurogenic Disordered Patients and Their Families Scott A. Jackson, M.S., CCC-SLP Relationships Maintaining relationships Vanhook (2009) Maintenance of relationships within the family and those within the community provide a support system for anyone with a chronic illness.
  • The Health Care Safety Net in a Post-Reform

    The Health Care Safety Net in a Post-Reform

    Jack Needleman & Michelle Ko, UCLA. Alison Snow Jones, 1949 - 2011. Challenges. Reform will reduce by the number of uninsured by more than half. But, newly insured will face access challenges. And, perception of no need for remaining uninsured,...