People-Centric Management

Management The past – device-centric management Today – mixed management Tomorrow – user-centric management

The Times, They Are A Changing….. Your computer IS your tool for work Your computer CONTAINS your tool for work

Circle of Influence is Shrinking…. …. To this From this…. Well its really a square…..

Why Implement UCM Users IT Empowering User Productivity Unifying Management Infrastructure Device Choice Application Self-service Personalized Application Experience Non-intrusive management Manage all devices through single interface Deliver applications to the user, not the device Integrated security and compliance Reduced infrastructure complexity Access to corp resources across devices & platforms Single admin console Users IT

Managing Devices in the Enterprise Homogenous environment Organization-owned devices IT knowledge Control Way Back Then More devices and platforms User-owned Less depth of support experience Governance Today

Evolution of Microsoft Management 2012 2013 + 2012 2011 2007 2003 1999 SMS 2.0 1994 SMS 1.0 Client Management Infancy (NT Domain) Groups Model Laptops, Servers, Enterprise Scale Comprehensive Management Management from the Cloud Consumerization of IT

The User is the Focus User-centric management 5/12/2018 The User is the Focus User-centric management Common user accounts and security groups Repository for inventory and device data Central policy control Consistent experience across on- premises or cloud-based services Windows Azure AD federates and synchronizes with on-premises AD User accounts in Windows Azure AD can access Azure and 3rd party applications Windows Azure AD Active Directory People-centric IT is predicated on being able to identify who the user is and what their permissions are for accessing data and resources. Active Directory is a critical tool to enable this, with common user accounts and security groups, a repository for inventory and device data, and central policy control. It also gives you a way to manage users consistently across the datacenter and the cloud, with federation to synchronize identity and the ability to access user accounts for third-party applications. Our management solutions – Configuration Manager and Windows Intune – leverage this consistent identity to manage and secure user activity appropriately. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Bring Your Own Device Many companies embracing this (if they know it or not) More users are than administrators know about generally The first vast BYOD solution was VDI (VMware View or XenDesktop) Offered broad device support to get to a Windows Desktop Issue is that the Windows Desktop (<8) does not work well with touch The “desktop” was the “app” Today, apps are cross-platform and multi-platform You can deliver just the app, without the desktop You need a way to manage all of this

The Process Understand your existing device-centric models Configuration Manager – move to User Collections Configuration Manager – implement Application Catalog Intune – extend to non-managed devices Federation – single management infrastructure

Device Centric Management You (IT) owned the device (PC) The PC was the “tool” for work In manage cases restricted, locked down, and highly controlled Encouraged the “Work Computer” and “Home Computer” model Simplified access to work tools DA VPN VDI

Why it Does Not Work Today Devices are prolific, cheap, and available There is more than one choice in operating system Users are more savvy, and have more devices There is a trend towards “apps” as tools instead of “hardware” as tools The boundaries of “work” are gone Both physical and chronological

Modern Device Management Devices & Platforms Mac OS X Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Single admin console Windows RT, Windows Phone 8 iOS, Android IT

Designing a User-Centric Delivery 5/12/2018 Designing a User-Centric Delivery Deliver best user experience on each device Define application once Delivery Evaluation Criteria User Device type Network connection < > User/Device Relationships Primary Devices MSI App-V Windows 8 apps Windows 8 apps in the Windows Store Non-primary devices VDI Remote Desktop © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

User-Centric Application Delivery New application model General Information Application “Package” Administrator Properties End User Metadata Keep your apps organized and managed The “friendly” information for your users (appears in Catalog) < > Deployment Type Detection Method Install Command Requirement Rules Dependencies Supersedence Is app installed? App-V Windows Script Command line and options Windows Installer Can/cannot install app CAB Apps that must be present Application version control

User-Centric Application Delivery End user self-service 5/12/2018 User-Centric Application Delivery End user self-service Administrators publish software titles to catalog, complete with meta data to enable search Deliver best user experience on each device IT Users can browse, select and install directly from Catalog Application model determines format and policies for delivery User © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Components User collections User deployments Mixed deployment types Application Catalog Primary device settings and rules User policies

User Collections Target specific users or groups of users Function same way as device collections Populated through Active Directory User and Group Discovery

User Deployments Function similar to standard device deployments A user deployment is a deployment to a user collection, it is not a different type of deployment Must deploy to user collection for user centric delivery

Mixed Deployment Types Each app has multiple deployments Deployments are platform specific Enables uses to get the same app, from the same portal, on any device

Application Catalog Web service and website point Navigate http://<Server>/CMApplicationCatalog Automatically determines all applications available to the user

Primary Device Settings and Rules Act as a deployment modifier Common scenario is MSI versus App-V A condition, similar to OS type User can have multiple primary devices Can be manually assigned or automatically determined

Policies Set of user or device specific polices that can be deployed to a collection of users Includes Ability to use cloud distribution Rules for primary device assignment Device enrollment Device policies can be used to control automatic assignment of primary user User policies permit user to self assign

Demo: Moving From Device-Centric to People-Centric Management

Demo: System Center 2012 – Endpoint Protection

Summary Application Catalog User Collections key to User Centric Deployment Application Catalog Primary User Device specific deployments Summary In this session we’ve seen how Configuration Manager SP1 and Intune can be used together to provide wider OS and application support, better feature support and greater manageability of mobile devices.

© 2012 Microsoft Corporation. All rights reserved © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.