windows 10 og intune
TRANSCRIPT
Windows 10 og Intune
#WhatsNext – Forsommerens kuleste roadshow på 9 lokasjoner02.06.2015 Brummundal
Jan Ketil Skanke http://jankesblog.comTwitter @janke75
2
Hva er Microsoft Intune
Windows 8.1 Windows 10
Enkle sikkerhetsinstillinger
Nedlåsing av enheten
Full administrasjon
Phone PC Phone PC
Store investeringer i ny funksjonalitet for både mobil og PC
Mobil Administrasjon (MDM)
#EVRYWhatsNext
• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start menu
configuration and control
• Curated Windows Store• Business Store Portal (BSP) app
deployment; license reclaim• Enterprise App management• Simplified LOB app management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via Applocker• Enterprise data protection
• Full device wipe • Remote Lock, PIN reset, Ring,
& Find• Enhanced inventory for compliance
decisions
• Unenrollment with alerts• Removal of Enterprise configuration
(apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
• Additional device inventory
• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start
menu configuration and control
• Curated Windows Store• Business Store Portal (BSP) app
deployment; license reclaim• Enterprise App management• Simplified LOB app
management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via
Applocker• Enterprise data protection
• Full device wipe • Remote Lock, PIN reset, Ring,
& Find• Enhanced inventory for
compliance decisions
• Unenrollment with alerts• Removal of Enterprise
configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
• Additional device inventory
ENROLLMENT
INV
EN
TO
RY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
ASS
ISTA
NC
E
UNENROLLMENT ENROLLMENT
INV
EN
TO
RY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
ASS
ISTA
NC
E
UNENROLLMENT
Windows 10 og MDM
#EVRYWhatsNext
Auto MDM registrering med Azure AD
AAD join: Bedriftseid eller BYOD
Add AAD account: Personlig enhet
Bulk registrering av IT
Bruk provisjoneringspakker på “Vanilla” PC
Windows 10 gir deg flere valg for innrullering
Password
Sign in to your work or school account
Sign inCancelPrivacy statement
Forgot your password?
If your organization uses Office 365 or other business services from Microsoft, use the same user name and password to sign in here.
Sign in
What account should I
use?
Work or school account
Allow this PC to be managed ?
Accept
Cancel
Contoso requires this PC to be managed before it can access org resources.
What you get on this PC:• Email, Calendar, Contacts• OneDrive for Business • Access to company apps
How this PC is controlled by Contoso:• Enforce PIN lock• Partial device wipe• Enforce password policy• Monitor device location
Questions? Contact Contoso IT Help Desk at (206) 555-1234.
StartStart
#EVRYWhatsNext
Du har flere policies for bedre kontroll
Kamera policiesBluetooth
Synkronisering instillingerRoaming
Exchange Active Sync policiesKonfigurering av epost-profiler
Microsoft “Passport” PIN policiesFirewall & Defender
Blokker internettdeling via WifiAuto connect VPN
CortanaTema bakgrunn & farge
Sikkerhet Tilkobling Opplevelse
Hardware System Epost
Dette er bare noen eksempler, det kommer over 100 nye policies#EVRYWhatsNext
Auto connect VPN
VPN trafikk filterApplikasjonsbaserte filter
En plattformVPN: åpen for 3-parts plug-ins
Bedre VPN administrasjon
#EVRYWhatsNext
MDM evaluates compliance
Device health attestation
Windows health attestation service
Trenger du tilgang? Bevis at du er “frisk”!
Important resources
Documents
1
2
Access please
You’re in
Important resources
Documents
Email2
1
5
3
4
Here is my proof
Prove to me you are healthy
Access please
MDM & Windows Attestation Service
#EVRYWhatsNext
Administrere oppdateringer via MDM
Kontroller når og hvordan
Søk og nedlastning Godkjenning for auto install
Velg din kilde Microsoft Update
Bedriftens oppdatering server (WSUS)
Oppdateringsstatus#EVRYWhatsNext
Bedriftens data holdes sikret og separert
“Enterprise data protection”
Brukervennlig separering av jobbdata og personlig data
Administrer hva som er “Enterprise”-data
Logg beviste datalekasjer
for business
personal
Business Apps & DataManaged
Personal Apps & Data
Unmanaged
Data exchange is blocked or audited
#EVRYWhatsNext
Enterprise Data Protection
#EVRYWhatsNext
1
Bruker registerer i Intune eller AADomain join
Intune provisjonerer policies og krypteringsnøkler
User2
PROVISJONERING: NØKLER OG POLICIES
Policies:Enterprise allowed appsNetwork policiesApp restriction policy
Enterprise Data Protection
#EVRYWhatsNext
User
DATA SYNK
Data som kommer inn fra en enterprise nettverkslokasjon er kryptert på enheten.
Eksempler: OneDrive For Business, Corp Exchange mail, filer, etc.
Enterprise Data Protection
#EVRYWhatsNext
User
DATA SEGMENTATION
Brukere kan lagre til enterprise mapper og dette vil da automatisk krypteres.
Brukere får opp et valg om å lagre som privat- eller bedriftsdata.
IT administrator kan konfigurere hvilke apps som alltid vil beskytte data.
Skaffe “store apps” via Business Store
Bulk kjøpt av apperGratis og Prislagte apper
Fleksible distribusjonmodellerAzure AD for store
Windows app license mgmt.
#EVRYWhatsNext
Smartere fjerning av innholdSertifikater, VPN, Wifi, Epost profiler, policiesApplikasjoner & App data“Enterprise data protection” data
Enten admin eller bruker kan sletteServer varslet om bruker sletter tilkoblingAdmin kontrollerer om bruker kan slette seg
Konsistent opplevelse
Fjern bedriftens data på en enkel måte
#EVRYWhatsNext
• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start menu
configuration and control
• Curated Windows Store• Business Store Portal (BSP) app
deployment; license reclaim• Enterprise App management• Simplified LOB app management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via Applocker• Enterprise data protection
• Full device wipe • Remote Lock, PIN reset, Ring,
& Find• Enhanced inventory for compliance
decisions
• Unenrollment with alerts• Removal of Enterprise configuration
(apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
• Additional device inventory
• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start
menu configuration and control
• Curated Windows Store• Business Store Portal (BSP) app
deployment; license reclaim• Enterprise App management• Simplified LOB app
management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via
Applocker• Enterprise data protection
• Full device wipe • Remote Lock, PIN reset, Ring,
& Find• Enhanced inventory for
compliance decisions
• Unenrollment with alerts• Removal of Enterprise
configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
• Additional device inventory
ENROLLMENT
INV
EN
TO
RY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
ASS
ISTA
NC
E
UNENROLLMENT ENROLLMENT
INV
EN
TO
RY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
ASS
ISTA
NC
E
UNENROLLMENT
Windows 10 og MDM
#EVRYWhatsNext
Jan Ketil Skanke http://jankesblog.comTwitter @janke75