Spark the future.

May 4 – 8, 2015Chicago, IL

Deep Dive on Android and iOSChris Baldwin & Kieran GuptaProgram ManagersMicrosoft Intune Device Experiences

BRK3866

(and Mac!)

Enterprise Mobility Vision

Protect your data

Enable your users

User IT

Unify Your Environment

Devices Apps Data

Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure

Secure your Data/Files

Secure your identities

Secure your Apps

Secure yourDevices

AndroidData Protection

Conditional AccessSecure access to email, SharePoint Online services using conditional access policy

Data ProtectionPrevent data leakage from mobile apps using Intune data protection SDK

Resource AccessDeploy VPN, Wi-Fi, Certificate profiles to easily enable access

Data Loss PreventionSelectively wipe corporate data off lost/stolen devices

Secure Android Devices and Applications with Microsoft Intune

Wide range of supportSupport for all Android devices 4.0+

UX consistencyConsistent management and user experience across all device OEMs

Best productivity suiteProductivity with Microsoft Office

Separation of business and personal dataIdentity-aware apps let IT control corporate data while leaving personal data untouched

Emphasis on User Experience

What to consider for secure Android email and collaborationDevice & compliance policy

• PIN• Encryption• Root detection

Publish managed apps

• Office• Intune viewer

apps

AndroidApps, remote actions, and troubleshooting

Architecture: Android MDM and MAM

App Code

MAM External

Managed App

Company Portal App

Company Portal UI

Intune MDM Agent

MAM Internal

When does check in occur?Upon enrollmentEvery 3 mins 5 times Every 15 mins 8 timesEvery 8 hrs thereafter

On demandPress “Sync” in Contact IT menu

When notifiedIT Pro remote action (retire, wipe, remote lock, passcode reset)App or policy deployment

Anatomy of a remote retire

Google Cloud

Messaging Service

Intune1: IT Pro sends retire command

2: Intune tells GCM to notify device

3: “Wake up and check for new policy!”

4: “Got any new stuff for me?”

5: Sends down retire command

6: Device wipes

Application Installation

Samsung supports install without user confirmation

Play Store Apps

Side loading (APK)

Web links

Required installation (mandatory)

Yes Yes Yes

Available installation (in catalog)

Yes Yes Yes

Uninstall No Yes Yes

Remove on Retire

No Yes(KNOX only)

Yes

New

Three Ways to Obtain Logs

Prompt after enrollment failure

On the “Welcome” Page

On the Contact IT tab

iOS Hi! Ask me about managing

Apple devices!

Kieran Gupta

Microsoft IntuneApple Cloud Services

iOS Device

AppleMDM Agent

Microsoft Intune Company Portal

Enrollment

PoliciesConfig Profiles

Remote commands

LOB apps

App Store apps

Inventory

check-in

Retire

Microsoft IntuneApple Cloud Services

iOS Device

AppleMDM Agent

Microsoft Intune Company Portal

Enrollment

Remote commands

LOB apps

App Store apps

RetirePoliciesConfig Profiles

Inventory

check-in

Company Portal AppUser-based enrollmentInstall from the App StoreApple ID requiredExample: BYOD

Apple Configurator / DEPUser-less bulk enrollment via Service AccountUser-based enrollmentPre-enroll / out-of-box enrollment Examples: kiosk, retail, corporate-owned CYOD

CorporateBYOD

Users brings device

Install Comp. Portal + Enroll

Apply policy + configuration

Configuring Corporate-Owned Mobile Devices with Intune | Fri 9AM

Out-of-box enrollment

Apply policy + configuration

Install Comp. Portal (user)

+ jailbreak detection+ AAD device registration (conditional access / compliance)+ SSO and selective wipe (managed Office apps)

i

+ lock MDM profile to device+ enable Supervised mode

Supervised modeKiosk mode Activation Lock bypass (Find My iPhone)Silent app installation + prevent app uninstallationCustom background, lock screen message, device nameGlobal HTTP proxy + always-on VPNPrevent device factory resetPrevent USB tetheringmore…

Configuring Corporate-Owned Mobile Devices with Intune | Fri 9AMi

Supervise yourcorporate devices

Jailbreak detection

SymptomsLook for symptoms of jailbroken device changes in OS

behavior binaries, config

files presence of

certain apps/libraries

Future ProofDetection logic not tied to any specific jailbreak kit or version

TestingRegularly verify against latest jailbreak kits

iOS Custom Policy

ConfigureDefine any iOS setting or config payload available in

[ Config Profile Reference]

2 methods Apple Configurator Custom-written

XML

Deploy Custom iOS Policy Import.

mobileconfig Deploy to users

<key>PayloadType<key><string>com.apple.appaccess<string><key>allowCamera</key><false/>…

DemoApple Configurator + iOS Custom Policy

Forward-thinking: iOS 9

Day 0 supportYour users can upgrade worry-free at GA

How we do it Compatibility

testing against beta drops

Proactive & regular communication with Apple

New FeaturesPrioritized and delivered based on customer demand.

MacMacBook Pro

push wrapped app packages

Configuration Manager 2012 R2 / HybridConfig Manager Agent

push settings to device via plist or script

defaults write /Library/Preferences/ com.apple.screensaver askForPassword -integer 1

Intune MDM-managedWindows Phone

Android iOS Mac OS X

XX

Mac Support – v1

SecureWeb-based enrollmentPasscode policiesDisk encryption

ConfigurePush WiFi/VPN profilesPush custom policies

AuditHardware inventorySoftware inventoryDevice reports

MacBook Pro

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

10.9 10.1010.8

10.7

10.6

20132010

MDM support

DemoEnrolling a Mac device

Agent

Level 1 Level 2 Level 3

Self-Service Portal

Mac Management: Our Philosophy

MDM

Questions.

FREE UPGRADE to Visual Studio Enterprise with MSDNLearn more about this offer: http://aka.ms/nbtbvs

Learn more about Visual Studio 2015 at our in-person or online events: http://aka.ms/nbtbevents

There’s no better time than now to get ready for the release of Visual Studio 2015!

For a limited time, get a free upgrade to Visual Studio Enterprise with MSDN

Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.

Please evaluate this sessionYour feedback is important to us!

© 2015 Microsoft Corporation. All rights reserved.