Conduct a successful pilot deployment of Microsoft Intune 5/19/2018 8:33 AM BRK3010 Conduct a successful pilot deployment of Microsoft Intune Peter Daalmans Senior Consultant, CTGlobal @pdaalmans pds@ctglobalservices.com Niall Brady MVP/Blogger, windowsnoob @ncbrady niall@windowsnoob.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda for successful pilot deployment of Intune 5/19/2018 8:33 AM Agenda for successful pilot deployment of Intune 1. Plan Secure a Sponsor Create a plan Setup a Test / Proof of Concept Environment Prepare infrastructure Learn and prep for Mobile Device Management (MDM) Choose a Mobile Device Provisioning and Enrollment approach Allow to Work from Anywhere from any Device, or not Protect Your Data Make your Applications mobile and manageable Start pilot deployment Verify if you met your and the companies goals 2. Prepare/pilot 3. Verify © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Plan the Intune deployment

Secure a Sponsor Why a good sponsor is important? Resources Escalations New standards and policies How to find the best sponsor? Who will profit most Show business value Come well prepared

Create a plan - 1 Ask the Business for their functional mobility needs 5/19/2018 8:33 AM Create a plan - 1 Ask the Business for their functional mobility needs Common Understanding Define the End-Goal (Not Technical!) Quantify the requirements based on business impact Examples: Improved Productivity through…, lower TCO via…., etc.) Gather functional requirements and add it to a list For example: Different departments may require different access to resources Some workers are working from home versus in the office Users collaborating across different devices with the same apps and data © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Create a plan - 2 Ask IT for their (non-functional) mobility needs 5/19/2018 8:33 AM Create a plan - 2 Ask IT for their (non-functional) mobility needs Common Understanding Align with Security, Risk and Compliance departments Agree on the End-Goal The Business Needs is still the End-Goal, but you need to resolve technical issues Quantify requirements based on business impact Accept that (security) policies and standards most likely need to be revised Structure Your Requirements in a requirements list Identity model (MFA etc) MDM MAM Security, etc. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Bitlocker and Intune Niall Brady 5/19/2018 8:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Setup a Test Environment 5/19/2018 8:33 AM Setup a Test Environment Proof of concept – Validate Requirements Identify issues and gaps early Education © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Prepare and proof the solution

Prepare infrastructure 5/19/2018 8:33 AM Prepare infrastructure Identify the identity model Identify management platform Identity certificate requirements Identify O365 / Exchange on premises requirements Identity Remote Access requirements © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Choose the right Identity Solution / right license 5/19/2018 8:33 AM Choose the right Identity Solution / right license Cloud Identity Independent cloud identity Azure Active Directory Active Directory Directory Sync and Password Hash Sync Synchronized Identity  Single identity, enabling a same sign-on experience with password hash sync Azure Active Directory Federated Identity Active Directory Directory Sync Single federated identity, enabling single sign-on in some scenarios and additional flexibility Azure Active Directory Federation © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What management platform do we use? 5/19/2018 8:33 AM What management platform do we use? MAM without enrollment Intune cloud only Intune hybrid IT IT IT Intune Admin Portal Intune Admin Portal Configuration Manager console System Center Configuration Manager Intune MAM / WIP apps Mobile devices and PCs Mobile devices and PCs Domain-joined PCs Mobile devices © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why are certificates important? 5/19/2018 8:33 AM Why are certificates important? Security for Mobile solutions = certificates PKI is often challenge number 1 Certificates / PKI required for: Apple Push Notification Windows Information Protection / Application Protection Signing mobile applications S/MIME Signing and Encryption Remote Access (VPN and Reverse Proxy) Simple Certificate Enrollment Protocol (SCEP) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Office 365 / Exchange on-premises 5/19/2018 8:33 AM Office 365 / Exchange on-premises Office 365 with Exchange Online, Azure AD and Intune are the best fit But also SharePoint, Teams and other Azure / O365 services Exchange on-premises Install Exchange Connector to provide conditional access Support for Outlook app is not there yet © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Remote access to on-premises resources 5/19/2018 8:33 AM Remote access to on-premises resources Identify need for VPN access Current VPN profiles Partnership with Citrix for micro-VPN solution with Netscaler Identify need for Azure AD Application Proxy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

App based CA Peter Daalmans 5/19/2018 8:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Learn and prep for MDM? Here´s your own Choose your own Bring your own 5/19/2018 8:33 AM Learn and prep for MDM? High Trust Here´s your own Enterprise device Predefined devices with strict policies Choose your own Enterprise device Whitelisted devices with looser policies Low Freedom High Freedom Bring your own Consumer device Enterprise exercises limited management On your own Consumer device Enterprise provides no management Low Trust Source: Enterprise Mobility Suite Managing BYOD and Company-Owned Devices © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Choose the right enrollment option(s) 5/19/2018 Choose the right enrollment option(s) ORGANIZATION OWNED PERSONALLY OWNED (BYOD) Active Directory Azure AD Computer joins AD to establish trust User signs on using AD account Group Policy + System Center Computer joins AAD to establish trust User signs on using AAD account MDM Computer registers with AAD via Workplace Join to establish trust for remote resource access User signs in with a Microsoft account, associates an AAD account MDM Single sign-on to enterprise and cloud-based services © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/19/2018 8:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Work from any Device? Corporate owned and/or Bring your own 5/19/2018 8:33 AM Work from any Device? Corporate owned and/or Bring your own Operating system versions Device types © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

iOS Supervised Mode Peter Daalmans 5/19/2018 8:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect your data! How to prevent access to Company data by non-compliant mobile devices Insecure devices put your company data at risk Keep Company data separate from Personal Data Company owned data should be protected and controlled End users don’t like “Containerized” solutions Users prefer to work with applications they are familiar with (e.g. Mail, Web browser, File Explorer) Users don’t like to switch between different environments on the same device How to prevent data loss by lost devices and unenrolled (BYOD) devices Ensure Company Data will be wiped or is unaccusable

WIP without enrollment 5/19/2018 8:33 AM WIP without enrollment Niall Brady © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Verify

Start pilot deployment 5/19/2018 8:33 AM Start pilot deployment Deploy your “friends and family” first Create a decent deployment plan Migrating from other MDM solutions? Look in to the EBF Intune onboarder to help ease the migration process © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Verify Verify with your users how deployment went 5/19/2018 8:33 AM Verify Verify with your users how deployment went Did they saw issues? Adjust end user documentation Verify if scope and requirements are met Start final deployment after a go/no go moment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Wrap up – lessons learned 5/19/2018 8:33 AM Wrap up – lessons learned Are you missing features? Go to https://microsoftintune.uservoice.com Got issues?, use the free support via the Intune portal! Got questions?, use Microsoft Support forums or reach out to the community! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/19/2018 8:33 AM Questions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 5/19/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/19/2018 8:33 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.