configuration manager and intune

Download Configuration  Manager  and InTune

If you can't read please download the document

Post on 01-Jan-2016

30 views

Category:

Documents

6 download

Embed Size (px)

DESCRIPTION

Configuration Manager and InTune. Gemeinsam oder einsam?. Introduction. It’s all about me !. Who am I? Andrew Craig Where am I from ? And now ? Living three years in Switzerland Working for Syliance IT Services GmbH as System Center Senior Consultant www.syliance.com - PowerPoint PPT Presentation

TRANSCRIPT

Configuration Manager and InTuneGemeinsam oder einsam?1Introduction2Its all about me!Who am I?Andrew CraigWhere am I from?And now?Living three years in SwitzerlandWorking for Syliance IT Services GmbH as System Center Senior Consultant

www.syliance.comandrewdcraig.wordpress.comTwitter: @mracraig @syliance

34AgendaWas heisst einsam?Was heisst gemeinsam?Warum gemeinsam?Windows Azure Active Directory (WAAD) integrationHow quickly can I set up InTune?What can I do to my mobile devices?Apps, hints, tips, tricksSpoiler Alert5Was heisst einsam?6Cloud-Only Configuration

8.1Cloud-Only Configuration heisst alles wird bers Webkonsole verwaltet. Keine Onsite Architektur ntig. Ok fr KMG Organisationen ohne AD Requirements. AD Synchronisation auch mglich, sonst muss man manuell eintragen. Bis 4000 Clients7Cloud Management CapabilitiesCapability / PlatformWindows 8Windows 7, Windows Vista, Windows XPWindows RTWindows Phone 8iOSAndroidApplication managementEndpoint ProtectionOOOOHardware InventorySoftware Inventory1111Remote control33OOOReportingSoftware updatesOOOOCompliance settings2222221 = Managed applications only 2 = Compliance reporting but no remediation automation3 = Via Remote AssistanceDie sind die Standard Feature Set in einer Cloud-Only Konfiguration.8Windows Intune Cloud Architecture

Windows Phone 8Windows RTDirect Management & App PublishingiOS

CorpNetInternetx86 / x64x86 / x64Windows 8Windows 7Windows VistaWindows XPWindows 8Windows 7Windows VistaWindows XPEAS Policy & Inventory

DirSyncAndroid App PublishingAndroid

9Was heisst gemeinsam?10Unified Configuration

R28.1MDM: Mobility in business, managing mobile devices likes smart phones or RTs but ConfigMgr can also manage WTG. With Unified Config and Enterprise SA. WTG: Work from home, travel light, pre-provisioned Apps. BYOD, really. Test, evaluate Windows 8.1, and in 8.1. Eliminate downtime with rapidly-deployed business work units.11Unified Management Capabilities Capability / PlatformWindows 8Windows 7, Windows Vista, Windows XPWindows EmbeddedWindows To GoMac OSWindows RTWindows Phone 8iOSAndroidApplication managementEndpoint ProtectionOOOOHardware Inventory1Software Inventory2222Remote controlO5OOOReportingSoftware updatesO4OCompliance settings3333OS deploymentN/AON/AN/AN/AN/AOut of band managementN/AN/AON/AN/AN/AN/APower managementOOOOOSoftware meteringOOOOO1 = Basic information only through Exchange ActiveSync2 = Managed applications only3 = Compliance reporting but no remediation automation4 = Device User has to accept the update5 = Via Remote Assistance12Windows Intune Unified Architecture

EAS Policy & Inventory

AndroidAndroid App Distribution

R2

Windows Phone 8Windows RTDirect Management & App DistributioniOSx86 / x64Windows 8Windows To GoWindows 7Windows EmbeddedWindows VistaWindows XPMac

Corporate NetInternet

x86 / x64Windows 8Windows 7Windows VistaWindows XP

DirSyncADFSADFSProxy

Active Directory 13Warum gemeinsam?14

A house with many windows

Single pane of glass

SPOG fr Device VerwaltungManage Exchange Policies through ConfigMgrUser-Centric Views of DevicesDistribute Applications (External link on App Stores or with Software Installer)Direct contact to ITDiscover and download internal LOB ApplicationsRicher policy settings through InTune, composite settings applied with most secure winningManage RT, WinPhone 8, Android, iOS without on-premise infrastructure15Exchange Connector/ActiveSyncEAS Application layerInTune MDM OS LayerConfigMgr Manage Exchange PoliciesPros:Inventory Mobile DevicesRemote Wipe Devices (and Mailboxes)Manage some settings over the internetNo PKI requiredDevice discoveryDual management by Exchange and ConfigMgrHINV consolidatedApply settings from ConfigMgr Cons:No software deploymentNo software inventorySettings management limited by mailbox policyHardware inventory limited by Exchange configurationBlock only indirectly via ExchangeDirect MDM provides significantly greater capabilities than EAS. In particular, note that EAS is only a policy mechanism that works at the application level. If a users loads a rogue email application that claims to apply EAS policies to the Exchange server (and they do exist for Android), then security is ineffective.

In contrast, direct management works at the device OS layer so provides a more secure management layer integrated with the device capabilities.16Unified Management Capabilities Capability / PlatformWindows 8Windows 7, Windows Vista, Windows XPWindows EmbeddedWindows To GoMac OSWindows RTWindows Phone 8iOSAndroidApplication managementEndpoint ProtectionOOOOHardware Inventory1Software Inventory2222Remote controlO5OOOReportingSoftware updatesO4OCompliance settings3333OS deploymentN/AON/AN/AN/AN/AOut of band managementN/AN/AON/AN/AN/AN/APower managementOOOOOSoftware meteringOOOOO1 = Basic information only through Exchange ActiveSync2 = Managed applications only3 = Compliance reporting but no remediation automation4 = Device User has to accept the update5 = Via Remote AssistanceRicher set of featuresCompliance Settings in BaselinesDeploy Software Updates to mobile devicesManage WiFi and VPN profiles17Oder doch einsam?18Selection CriteriaCurrent InfrastructureOn-premise ConfigMgr?Something else?Scale of SolutionApprox. Max of 5000 Users?Approx. Max of 100,000 Users?Required Feature SetCapabilitiesSupported PlatformsSomething else? Another client management system? Another MDM or EMM solution?Overhead of building a ConfigMgr infrastructure.The Windows Intune scale in the current release is 7.000 devices and 4.000 users.ConfigMgr Standalone Primary Site scales to 100,000 clients.Capabilities: SW Deployment, SW Updates, Compliance, InventoryPlatforms: Windows, RT, WinPhone, Android, iOS19Windows Azure Active Directory (WAAD) integration20Provisioning UsersAutomated

Scriptable

Manual

ManualHow?Create objects in Windows Azure AD via Admin Portal or Bulk Import

Why?Low volume of objects to createNo long term management/consistency required

Simple Web based user interfaceBulk import of userBest for small customersScriptableHow?PowerShell cmdletsGRAPH API

Why?Need automated process, but dont require access to all attributes in directoryOK to not have full consistency between source and cloud

PowerShell module for windows(NEW) GRAPH APILimited attribute set/object typesAutomatedHow?DirSync, FIM + Connector

Why?Large volume of objectsRequire access to all attributes in directoryRequire consistency between on-premise & cloudSingle Sign-On

Directory Synchronization with delta Full fidelity of attributes and object typesOptimized for large object sets21

WindowsIntuneContoso customer premisesCloud-Only / No IntegrationADWindows Azure Active DirectoryProvisioningplatformLyncOnlineSharePoint OnlineExchange OnlineIdPDirectoryStoreAdmin Portal/PowerShell/GRAPHAuthentication platformIdP

Cloud Only / No IntegrationDirectory SynchronizationDirectory and Federated SSO

Joe@contoso.msonline.comJoe@contoso.com22

WindowsIntuneContoso customer premisesDirectory SynchronizationADDirectory Sync(DirSync)Windows Azure Active DirectoryProvisioningplatformLyncOnlineSharePoint OnlineExchange OnlineIdPDirectoryStoreAdmin Portal/PowerShell/GRAPHAuthentication platformIdP

No IntegrationDirectory SynchronizationDirectory and Single sign-on (SSO)23

WindowsIntuneContoso customer premisesDirectory and Federated SSOADDirectory Sync(DirSync)Windows Azure Active DirectoryProvisioningplatformLyncOnlineSharePoint OnlineExchange OnlineActive Directory Federation Server 2.0TrustIdPDirectoryStoreAdmin Portal/PowerShell/GRAPHAuthentication platformIdP

No IntegrationDirectory SynchronizationDirectory and Federated SSO24Integration Comparison1. No IntegrationAppropriate forSmaller orgs without AD on-premiseProsNo servers required on-premiseSame Domain name for users possibleConsNo SSONo 2FA2 sets of credentials to manage with differing password policiesIDs mastered in the cloud2. Directory OnlyAppropriate forMedium/Large orgs with AD on-premiseProsUsers and groups mastered on-premiseEnables co-existence scenariosConsNo SSONo 2FA2 sets of credentials to manage with differing password policies or manual / 3rd Party password syncSingle server deployment3. Directory and SSOAppropriate forLarger enterprise orgs with AD on-premiseProsSSO with corporate credIDs mastered on-premisePassword policy controlled on-premise2FA solutions possibleEnables hybrid scenariosLocation isolationConsAdditional Servers required for ADFS25Activating Windows Intune Users

Built-in group associated with a customers Windows Intune account Membership required for:Users to appear in administrator consoleUsers to access company portalUsers added to user groupWhen createdWhen editedUsers removed from groupWhen editedVerify domain(s)Export or define your list of desired UsersImport your usersActivate your users

26Online Services Directory Synchronization Tool

Prepare for directory synchronizationVerify domainsRun Office 365 Deployment Readiness ToolActivate Active Directory SynchronizationInstall and Configure the Directory Synchronization toolSynchronize directoriesVerify directory synchronizationActivate synched users and groupsManage directory synchronizationProvide credentials with admin permissions for Microsoft Online Services and Enterprise Admin rights in AD:If you use an account in a root domain which has a corresponding account in the child domain that you are synchronizing then you will have a problem: perhaps the same-named account in the child domain is not enterprise admin, but DirSync will try to use this one.

27

Configuring DirSync through the Account Portal

28How quickly can I set up InTune?2930Do the

Recommended

View more >