Quo vadis?
System Center Configuration Manager• Full managed desktop
Mobile device management• Light managed device – policies, inventory, …
Hybrid management• „One pane of glass“
• Integration of mobile device management into traditional client management
Future platform challenges
Device choice. Simplified management.
Desktop virtualization
Access & information protection
Mobile device & application
management
Hybrididentity
Simplified device enrollment and registration
Single console to manage all devices
Managed productivity with Office mobile apps
Conditional access to corporate resources
Desktop Virtualization
Continue to enable customers to extend their existing
investment in Configuration Manager
Provide a pure cloud based device management service,
Intune…growing at 50% since beginning of calendar year
Build for Service first, then integrate on-prem
Continual ROI on existing investments and rapid support for an ever changing technology landscape
Intune web console
Mobile devices and PCs
ConfigMgr console
Microsoft Intune
Mobile devices
System CenterConfigMgr
Domain joined PCs
ConfigMgr integrated with Intune (hybrid)Intune standalone (cloud only)
Microsoft Intune
System Center 2012 R2 Configuration Manager with Microsoft Intune
Build on existing Configuration Manager deploymentFull PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting)Deep policy control requirementsScale to 100,000 devicesExtensible administration tools (RBA, PowerShell, SQL Reporting Services)
Cloud-based ManagementMicrosoft Intune
No existing Configuration Manager deploymentSimplified policy controlPC+MDM: 4K users, 6K PCs, and 7K devicesMDM Only: 25k users and 50k mobile devicesSimple web-based administration console
The How
Single pane of glass
Intune: Simple web-based Administration Console and a richer experience for Information Workers
SCCM Administration Console and a richer experience for Information Workers
New device capabilities are releasing faster
Update Intune service and provide Extensions for Intune as
soon as technology allows
Goal: Minimize major on-prem upgrades to deploy support
for new features
Rapid and agile support of technology changes
Continuous delivery of EMM features for ConfigMgr
Updates are automatically downloaded and optionally enabled
through admin console.
Extensions for Microsoft Intune
Admin is notified that an extension is available
when console is launched
Admin goes to Extensions for
Intune in console, and enables the extension
Extension is activated in
Configuration Manager
Admin restarts
console, and console is
updated with the extension
Admin uses feature
delivered by the extension
Admin may wish to
disable the extension
Features we have today
October 2013
• Depth of
settings
• Native
Company
Portal for iOS
and Android
• App
management
• Certificates,
VPN/WiFi
profiles
January 2014
• Standalone
MDM
Profiles/Wipe
• iOS 7 Data
Protection
Settings
• Remote
Lock/PIN Reset
May 2014
• Windows
Phone 8.1
Support
• Samsung
KNOX
Standard
Support
• Remote to My
PC for iOS and
Android
Find the OMA URI (Open Mobile Alliance Uniform Resource
Identifier) to target Configuration Service Providers (CSPs)
on a device• Windows Phone 8.1: Windows Phone 8.1 MDM protocol documentation
http://msdn.microsoft.com/en-us/library/dn499787.aspx?WT.mc_id=Blog_Intune_General_PCIT
Create the ConfigMgr Configuration Item
Extending the management policies
Managing devices with Windows 8.1
BASIC FULL CONTROLLIGHTWEIGHT
CONTROL
Windows Phone 8.1
Windows 8.1
EXCHANGE ACTIVESYNC
ALLOW E-MAIL ACCESS BYOD-STYLE
MANAGEMENT
FULLY-MANAGED
CORPORATE DEVICE
MOBILE DEVICE MANAGEMENT
PLATFORMACTIVE DIRECTORY
GROUP POLICYSYSTEM CENTER
Managing mobile devices with WINDOWS 10
BASIC FULL CONTROLLIGHTWEIGHT
CONTROL
Windows Mobile
Windows
EXCHANGE ACTIVESYNC
ALLOW E-MAIL
ACCESSBYOD-STYLE
MANAGEMENT
FULLY-MANAGED
CORPORATE DEVICE
MOBILE DEVICE MANAGEMENT
PLATFORM
ACTIVE DIRECTORYGROUP POLICY
SYSTEM CENTER
RECENT PAST
9-to-5 Monday-Friday employees at work
PCs on a LAN, connected to domain
Corporate supplied and managed devices
One device ecosystem
Extended operating system/servicing lifecycle
On-premises applications and file sharing
Access controls contained within organizational
Deep corporate management controls and policies
Malware as vandalism and criminal activity
Network perimeter as a viable defense boundary
Vertically-integrated devices for task workers
MOBILE-FIRST, DEVICE-FIRST
24x7x365 blur of work & personal activity
Laptops, tablets, phones anywhere (on any network)
Corporate and BYOD, business & personal apps/data
Heterogeneous ecosystems (Windows, iOS, Android, Chrome)
A faster upgrade cadence; shorter device lifecycle
SaaS applications and file sharing services
Access controls span organizations, apps, individuals
Lighter cloud-based management with fewer controls
Malware as espionage and weaponry
Must operate under assumed breach of network
Dynamically adapting devices for task workers
Evolving Enterprise Requirements
AVAILABLE CHOICES
IDENTITY Active Directory; Azure Active Directory
MANAGEMENTGroup Policy, System Center Configuration Manager, 3rd party PC management; Intune,
3rd party MDM
INFRASTRUCTURE On-premises or in the cloud
OWNERSHIP Corporate-owned, CYOD; BYOD
Management choices
Organizations may mix and match, depending on their specific scenario
How to get from current OS to the new OS?
Standardized on Windows 7 – how to bridge the gap?
Faster development cycle – can I complete deployment?
New OS -> New tools? (Infrastructure upgrade required?)
Deployment
Tools for compatibility; reduced validation/deployment cost
Managed in-place upgrade
Runtime configuration – customize without imaging
The end of wipe and reload!
Enabling Windows adoption
Don’t break things Know the customer Ensure readiness Make it simple and flexible
Apps, web pages, and
drivers should just work
Collect data, target what
they have and what they
need
Previews and TAPs early
and often enable feedback
Provide options, eliminate
complexity and cost
The enterprise
deployment perspective
Hardware requirements are unchanged
Strong desktop app compatibility
Windows Store apps are compatible
Internet Explorer enterprise investments
App & Device Compat
Focused on Windows 7 and up
Enable in-place upgrade
Seamless handoff to CM
Device upgrade Readiness
Driver availability check
Integrated with WSUS
Identify test targets
Delegate testing
Record test results
Improved app inventory
Includes web apps/sites
Dependency tracking
App usage metrics
Telemetry from Microsoft
Reduced test matrix
Easily apply mitigations
Maintain collection structure
Leverage CM for inventory
Integrated with WSUS
Experience
Enterprise upgrade core investment areas
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all scenarios
Wipe-and-Load In-Place Provisioning
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Recommended for existing
devices (Windows 7/8/8.1)
Configure new devices
• Transform into an Enterprise
device
• Remove extra items, add
organizational apps and
config
New capability for new devices
Deployment choices
Enhancements to existing tools Minimal changes to existing deployment processes
• New Assessment and Deployment Kit includes
support for Windows 10, while continuing to
support down to Windows 7
• Minor updates to System Center 2012 (through a
hotfix or cumulative update) to add support
• Minor updates to Microsoft Deployment Toolkit
2013 to add support
• Will feel “natural” to IT Pros used to deploying
Windows 7 and Windows 8.1
• Drop in a Windows 10 image, use it to create your
new master image
• Capture a Windows 10 image, use it for wipe-and-
load deployments
Traditional Deployment
Coming from Windows 7 or Windows 8?
Coming from Windows 8.1?
• Automated in-place upgrade
• System Center and MDT support for managing
the workflow, or just use WSUS
• Automated servicing operation (an update)
• Driven from WSUS or other patching tools
Simplified process, builds on prior experience
• Uses the standard Windows 10 image
• Automatically preserves existing apps, settings,
and drivers
• Fast and reliable, with automatic roll-back if issues
are encountered
• Strong customer demand
• Popular for Windows 8 to Windows 8.1
• Piloting now with Windows 7 to Windows 8.1,
to learn
• Working with ISVs for disk encryption
Moving in-place
Provisioning, not reimaging
TAKE OFF-THE-SHELF HARDWARE
APPLY A PROVISIONING PACKAGE
DEVICE IS READY FOR PRODUCTIVE USE
Provisioning, not reimaging
TRANSFORM A DEVICE• Enable the Enterprise SKU• Install apps and enterprise configuration• Enroll the device to be managed via MDM
FLEXIBLE METHODS• Automatically trigged from the cloud or connection
to a corporate network• Using media, USB tethering, or even e-mail
for manual distribution• Leverage NFC or QR codes