quo vadis? configmgr console microsoft intune mobile devices system center configmgr domain joined...

Download Quo vadis? ConfigMgr console Microsoft Intune Mobile devices System Center ConfigMgr Domain joined PCs

Post on 07-Jul-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Quo vadis?

    System Center Configuration Manager • Full managed desktop

    Mobile device management • Light managed device – policies, inventory, …

    Hybrid management • „One pane of glass“

    • Integration of mobile device management into traditional client management

    Future platform challenges

  • The End User Experience Family

  • Device choice. Simplified management.

    Desktop virtualization

    Access & information protection

    Mobile device & application

    management

    Hybrid identity

    Simplified device enrollment and registration

    Single console to manage all devices

    Managed productivity with Office mobile apps

    Conditional access to corporate resources

    Desktop Virtualization

  • Continue to enable customers to extend their existing

    investment in Configuration Manager

    Provide a pure cloud based device management service,

    Intune…growing at 50% since beginning of calendar year

    Build for Service first, then integrate on-prem

    Continual ROI on existing investments and rapid support for an ever changing technology landscape

  • Intune web console

    Mobile devices and PCs

    ConfigMgr console

    Microsoft Intune

    Mobile devices

    System Center ConfigMgr

    Domain joined PCs

    ConfigMgr integrated with Intune (hybrid)Intune standalone (cloud only)

    Microsoft Intune

    System Center 2012 R2 Configuration Manager with Microsoft Intune

    Build on existing Configuration Manager deployment Full PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting) Deep policy control requirements Scale to 100,000 devices Extensible administration tools (RBA, PowerShell, SQL Reporting Services)

    Cloud-based Management Microsoft Intune

    No existing Configuration Manager deployment Simplified policy control PC+MDM: 4K users, 6K PCs, and 7K devices MDM Only: 25k users and 50k mobile devices Simple web-based administration console

    The How

  • Single pane of glass

    Intune: Simple web-based Administration Console and a richer experience for Information Workers

    SCCM Administration Console and a richer experience for Information Workers

  • New device capabilities are releasing faster

    Update Intune service and provide Extensions for Intune as

    soon as technology allows

    Goal: Minimize major on-prem upgrades to deploy support

    for new features

    Rapid and agile support of technology changes

  • Continuous delivery of EMM features for ConfigMgr

    Updates are automatically downloaded and optionally enabled

    through admin console.

    Extensions for Microsoft Intune

    Admin is notified that an extension is available

    when console is launched

    Admin goes to Extensions for

    Intune in console, and enables the extension

    Extension is activated in

    Configuration Manager

    Admin restarts

    console, and console is

    updated with the extension

    Admin uses feature

    delivered by the extension

    Admin may wish to

    disable the extension

  • Features we have today

    October 2013

    • Depth of

    settings

    • Native

    Company

    Portal for iOS

    and Android

    • App

    management

    • Certificates,

    VPN/WiFi

    profiles

    January 2014

    • Standalone

    MDM

    • Email

    Profiles/Wipe

    • iOS 7 Data

    Protection

    Settings

    • Remote

    Lock/PIN Reset

    May 2014

    • Windows

    Phone 8.1

    Support

    • Samsung

    KNOX

    Standard

    Support

    • Remote to My

    PC for iOS and

    Android

  • Find the OMA URI (Open Mobile Alliance Uniform Resource

    Identifier) to target Configuration Service Providers (CSPs)

    on a device • Windows Phone 8.1: Windows Phone 8.1 MDM protocol documentation

    http://msdn.microsoft.com/en-us/library/dn499787.aspx?WT.mc_id=Blog_Intune_General_PCIT

    Create the ConfigMgr Configuration Item

    Extending the management policies

    http://msdn.microsoft.com/en-us/library/dn499787.aspx?WT.mc_id=Blog_Intune_General_PCIT

  • Managing devices with Windows 8.1

    BASIC FULL CONTROLLIGHTWEIGHT

    CONTROL

    Windows Phone 8.1

    Windows 8.1

    EXCHANGE ACTIVESYNC

    ALLOW E-MAIL ACCESS BYOD-STYLE

    MANAGEMENT

    FULLY-MANAGED

    CORPORATE DEVICE

    MOBILE DEVICE MANAGEMENT

    PLATFORM ACTIVE DIRECTORY

    GROUP POLICY SYSTEM CENTER

  • Managing mobile devices with WINDOWS 10

    BASIC FULL CONTROLLIGHTWEIGHT

    CONTROL

    Windows Mobile

    Windows

    EXCHANGE ACTIVESYNC

    ALLOW E-MAIL

    ACCESS BYOD-STYLE

    MANAGEMENT

    FULLY-MANAGED

    CORPORATE DEVICE

    MOBILE DEVICE MANAGEMENT

    PLATFORM

    ACTIVE DIRECTORY GROUP POLICY

    SYSTEM CENTER

  • RECENT PAST

    9-to-5 Monday-Friday employees at work

    PCs on a LAN, connected to domain

    Corporate supplied and managed devices

    One device ecosystem

    Extended operating system/servicing lifecycle

    On-premises applications and file sharing

    Access controls contained within organizational

    Deep corporate management controls and policies

    Malware as vandalism and criminal activity

    Network perimeter as a viable defense boundary

    Vertically-integrated devices for task workers

    MOBILE-FIRST, DEVICE-FIRST

    24x7x365 blur of work & personal activity

    Laptops, tablets, phones anywhere (on any network)

    Corporate and BYOD, business & personal apps/data

    Heterogeneous ecosystems (Windows, iOS, Android, Chrome)

    A faster upgrade cadence; shorter device lifecycle

    SaaS applications and file sharing services

    Access controls span organizations, apps, individuals

    Lighter cloud-based management with fewer controls

    Malware as espionage and weaponry

    Must operate under assumed breach of network

    Dynamically adapting devices for task workers

    Evolving Enterprise Requirements

  • AVAILABLE CHOICES

    IDENTITY Active Directory; Azure Active Directory

    MANAGEMENT Group Policy, System Center Configuration Manager, 3rd party PC management; Intune,

    3rd party MDM

    INFRASTRUCTURE On-premises or in the cloud

    OWNERSHIP Corporate-owned, CYOD; BYOD

    Management choices

    Organizations may mix and match, depending on their specific scenario

  • How to get from current OS to the new OS?

    Standardized on Windows 7 – how to bridge the gap?

    Faster development cycle – can I complete deployment?

    New OS -> New tools? (Infrastructure upgrade required?)

    Deployment

  • Tools for compatibility; reduced validation/deployment cost

    Managed in-place upgrade

    Runtime configuration – customize without imaging

    The end of wipe and reload!

  • Enabling Windows adoption

    Don’t break things Know the customer Ensure readiness Make it simple and flexible

    Apps, web pages, and

    drivers should just work

    Collect data, target what

    they have and what they

    need

    Previews and TAPs early

    and often enable feedback

    Provide options, eliminate

    complexity and cost

    The enterprise

    deployment perspective

  • Hardware requirements are unchanged

    Strong desktop app compatibility

    Windows Store apps are compatible

    Internet Explorer enterprise investments

    App & Device Compat

  • Focused on Windows 7 and up

    Enable in-place upgrade

    Seamless handoff to CM

    Device upgrade Readiness

    Driver availability check

    Integrated with WSUS

    Identify test targets

    Delegate testing

    Record test results

    Improved app inventory

    Includes web apps/sites

    Dependency tracking

    App usage metrics

    Telemetry from Microsoft

    Reduced test matrix

    Easily apply mitigations

    Maintain collection structure

    Leverage CM for inventory

    Integrated with WSUS

    Experience

    Enterprise upgrade core investment areas

  • Traditional process

    • Capture data and settings

    • Deploy (custom) OS image

    • Inject drivers

    • Install apps

    • Restore data and settings

    Still an option for all scenarios

    Wipe-and-Load In-Place Provisioning

    Let Windows do the work

    • Preserve all data, settings,

    apps, drivers

    • Install (standard) OS image

    • Restore everything

    Recommended for existing

    devices (Windows 7/8/8.1)

    Configure new devices

    • Transform into an Enterprise

    device

    • Remove extra items, add

    organizational apps and

    config

    New capability for new devices

    Deployment choices

  • Enhancements to existing tools Minimal changes to existing deployment pro