67% of the people who use a
smartphone for work and
70% of people who use a
tablet for work are
choosing the devices
themselves
905M tablets in use for work and
home globally by 2017
Before
Now
32%
of employees use two or three PCs for
work from multiple locations
Forrester Research The state of workforce technology adoption: global benchmark 2012, Forrester Research, Inc., April 12, 2012
90%
of enterprises will have to support two or
more mobile operating systems in 2017
Gartner Gartner press release, Gartner says two-thirds of enterprises will adopt a mobile device management solution for corporate liable users through 2017, October 25, 2012, http://www.Gartner.Com/newsroom/id/2213115
Today
50%
of mobile subscribers own
a smartphone of some
kind, and those smart-
phone owners average 41
apps per device
Nielsen Appnation, 2012
32%
of your employees—power
laptop users—access 21
different applications, while
desktop users—36% of your
employees—use 9.8
applications at work
Forrester Research The state of workforce technology adoption: global benchmark 2012, Forrester Research, Inc., April 12, 2012
The logos above may be the property of their respective owners.
PC management
The growth of devices and enterprise applications
will continue to impact the IT service desk so
much that by 2016, 25% of contacts to the IT
service desk will be related to mobile devices, up
from fewer than 10% today.
Gartner The impact of mobility on the it service desk, Terrence Cosgrove, July 17 2013 The logos above may be the property of their respective owners.
To work across multiple devices
With access to the apps and data they need
While enjoying a consistent experience
All through a single, verified identity
Windows Intune
Microsoft System Center
2012 R2 Configuration
Manager
Windows Server
Windows Azure
Sessions Personal VMs Pooled VMs
Ease of management
App compatibility
Personalization
Cost effectiveness
Good
Better
Best
Use direct-attached storage, network-attached storage, and clustered or SAN storage
Leverage tiered storage to automatically optimize performance
Reduce storage cost by leveraging disk deduplication
End User Experience
Available in the
Windows Store
Windows Phone iOS
Side-loaded
during enrollment
Available in the
Apple App store
Windows Android
Available in the
Google Play Store
IT
Administrators publish software
titles to catalog, complete with
meta data to enable search
• Deliver best user experience
on each device
Users can browse, select and install
directly from Catalog
• Application model determines
format and policies for delivery
User
18
Delivery Evaluation Criteria
• User
• Device type
• Network connection
User/Device Relationships
Primary Devices
• MSI
• App-V
• Windows 8 Apps
• Windows 8 Apps in the Windows Store
Non-primary Devices
• VDI
• Remote Desktop
Detection Method
Install Command
Requirement Rules
Dependencies
Supersedence
Administrator Properties
End User Metadata
App-V
Windows Script
.XAP, .APK, .IPA
Windows Installer
General Information
Deployment Type
Application “Package”
20
IT can keep corporate assets safe
Through secure access to apps and data
While maintaining control of sensitive or valuable information and data
Windows Intune
Microsoft System Center
2012 R2 Configuration
Manager
Windows Server
Windows Azure
Registering and Enrolling Devices
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Multi-Factor Authentication integration with Active Directory Federation Services.
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device record is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud
Single sign-on with device registration
User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information.
Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information
Domain joined computers are under the full control of IT and can be provided with complete access to corporate information
Browser session single
sign-on
Seamless 2-Factor Auth
for web apps
Enterprise apps single
sign-on
Desktop Single Sign-On
Proxy capabilities
Network Isolation
Hostname/FQDN translation
Selective application publishing
Single Sign On experience
Device and user authorization
Personal Apps and Data
Lost or Stolen
Company Apps and Data
Remote App
Protect your data Help protect corporate information and manage risk
Centralized Data
Enrollment Retired
Company Apps and Data
Remote App
Policies
Policies
Lost or Stolen
Company Apps and Data
Remote App
Policies
Personal Apps and Data
Retired
Personal Apps and
Data
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.
Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.
• Selective wipe removes corporate applications,
data, and policies based as supported by each
platform
• Full wipe if supported by each platform
• Can be executed by IT or by user via Company
Portal
• Sensitive data or applications can be kept off
device and accessed via Remote Desktop Services
Protect data with Dynamic Access Control
Centrally manage access control and audit polices from Windows Server Active Directory.
Automatically identify and classify data based on content. Classification applies as files are created or modified.
Integration with Active Directory Rights Management Services provides automated encryption of documents.
Central access and audit policies can be applied across multiple file servers, with near real-time classification and processing of new and modified documents.
File classification, access policies and automated Rights Management works against client distributed data through Work Folders.
29
Co
nsu
mer
/
pers
on
al d
ata
Ind
ivid
ual
wo
rk d
ata
Team
/ g
rou
p
wo
rk d
ata
Pers
on
al
devic
es
Data location
OneDrive Public cloud
OneDrive Pro SharePoint / Office 365
Work Folders File server
Build on existing investments and resources
While providing a single view across all devices
To manage the experience at the user level
And simplify IT
Windows Intune
Microsoft System Center
2012 R2 Configuration
Manager
Windows Server
Windows Azure
Selecting the Management Platform
Unified Device Management System Center 2012 R2 Configuration
Manager with Windows Intune
Cloud-based Management
Standalone Windows Intune
No existing Configuration Manager deployment
Simplified policy control
Less than 7,000 devices and 4,000 users
Simple web-based administration console
Mac OS X
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Windows RT,
Windows Phone 8
iOS, Android
35
Platform Support
OS Platform Management Agent End User Experience
Windows 8.1 PC ConfigMgr Agent
Or
Management Agent(OMA-DM)
Software Center/Application Catalog
Windows Company Portal app
Windows PC
(Win8,Win7,Vista,XP)
ConfigMgr Agent Software Center/Application Catalog
Windows RT Management agent (OMA-DM) Windows Company Portal app
Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app
iOS Apple MDM Protocol Native iOS Company Portal App
Android Android MDM agent (OMA-DM) Native Android Company Portal App
Mac ConfigMgr Agent Limited self service experience
Linux/Unix ConfigMgr Agent N/A
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IIS MSI
Script SQL
Software
Updates File
Active
Directory
Baseline Configuration Items
Auto Remediate
OR
Create Alert (to Service Manager) !
Improved functionality Copy settings
Trigger console alerts
Richer reporting
Enhanced versioning and audit tracking Ability to specify versions to be used in baselines
Audit tracking includes who changed what
Pre-built industry standard baseline templates
through IT Governance, Risk & Compliance(GRC) Solution
Accelerator
Assignment to
collections Baseline drift
37
CAS
Primary Site MP Role
Primary Site DP Role
Assigns policy to scan for
update status or to deploy
update
Distributes updates Reports
compliance
Microsoft Update
Primary Site SUP Role/WSUS
Identifies who needs updates
and reports on compliance Downloads updates
Auto Deployment Faster deployment through search.
Schedule content download and deployment to avoid
reboot during work hours.
State-based Updates Allows individual or group deployment.
Updates added to groups auto deploy to targeted
collections .
Optimized for New Content Model Reduce replication and storage.
Expired updates and content deleted.
38
Distribution Point for Windows Azure
Rich feature set
•
•
•
PR1
MP MP
DP
Windows Azure Distribution Point
Microsoft Update
Policy
Content
Firewall
Corporate Network Integrated monitoring In-console content monitoring
Ability to monitor storage and traffic out
usage
Content is fully encrypted
39
Operating System Deployment
PXE initiated deployment allows client
computers to request deployment over the
network
Multi-cast deployment to conserve
network bandwidth
Stand-alone media deployment for no
network connectivity or low bandwidth
Pre-staged media deployment allows you to
deploy an operating system to a computer that
is not fully provisioned
User State Migration Tool (USMT) 4.0 UI
integration makes it easier transfer files and
user settings from one machine to another
CAS
Primary Site
MP Role
Primary Site
DP Role
Image Task Sequence
Report
WDS PXE Server
40
Core Operating System Deployment Scenarios
Scenario Key Functionality
New computer • Fresh install of a new operating system on client or server system
• New or repurposed hardware
PXE boot • Integrate with Windows Deployment Services (WDS) PXE server
• Self-provisioning via F12
Wipe-and-load • Install new version of operating system
• Reinstall applications and user state under new operating system
Side-by-side • Similar to wipe-and-load, except between two different devices
Offline with
removable media
• With low bandwidth or no connectivity
• Large software packages are on the media
Prestaged Media • Optimized for network bandwidth
• Speeds up end to end deployment
41
42
Understand software installation profiles
Plan for hardware upgrades
Identify over or under licensing issues
Track custom apps or groups of titles
Software Metering and License Reports
Asset Intelligence Service
Asset Intelligence Catalog
Real-Time Application
and Hardware Intelligence
ConfigMgr Inventory
43
ios (version 6 or below):
Please input the below URL:
http://aka.ms/MDC234
Other platform:
QR Code: