People Centric IT Unified Device Management with SCCM + Windows Intune Cloud OS Week People Centric IT Unified Device Management with SCCM + Windows Intune

All about you! Raphael Perez, MVP: Enterprise Client Management, MCT System Center consultant, specialized in SCCM & related technologies (ie. Windows Deployment, automation, patch management, etc) - Ex-Developer - SCCM Book Author - TheDesktopTeam Community leader http://www.thedesktopteam.com @dotraphael | http://uk.linkedin.com/in/dotraphael/ raphael@rflsystems.co.uk

Agenda The Story so far… Cloud-only or Unified? Unified Device Management Work from Anywhere Registering and Enrolling Devices User-centric Application Delivery Administration Protect your Data Help protect corporate information and manage risk Demo Unified Device Management Recap

THE STORY SO FAR… April 2012 June 2012 September 2012 December 2012 User-centric application delivery MDM via EAS Unified management MDM for Windows RT, Windows Phone 8, iOS Mac OS X support Selective Wipe Granular Device Settings Corporate Portal Certificate, VPN, Wi-Fi Provisioning Preview SP1 App sideloading for iOS, EAS support RDS and RDP8.0 improvements Dynamic Access Control DA/RRAS Work Folders Workplace Join Web Application Proxy Preview

THE STORY SO FAR… 2014 Windows Intune Extensions Windows Phone 8.1 Enterprise Features Email profile

Cloud-only or Unified? Unified Device Management System Center 2012 R2 Configuration Manager with Windows Intune Build on existing Configuration Manager deployment Full PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting) Deep policy control requirements Scale to 100,000 devices Extensible administration tools (RBA, PowerShell SQL Reporting Services) Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Less than 7,000 devices and 4,000 users Simple web-based administration console

Unified Device Management Governance Lightweight Control Full Control Exchange ActiveSync OMA-DM Mobile Device Management Windows Phone 8.1 Windows RT 8.1 Active Directory Group Policy System Center Windows 8.1 Allow e-mail access BYOD-style management Fully-managed corporate device

Unified Device Management Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X IT Single Admin Console Windows RT, Windows Phone 8 iOS, Android

Work from Anywhere Users can enroll devices for access to the Company Portal for easy access to corporate applications IT can publish Desktop Virtualization (VDI) for access to centralized resources RD Gateway Session host VDI Users can work from anywhere on their device with access to their corporate resources. IT can publish access to resources with the Web Application Proxy based on device awareness and the users identity Web Application Proxy Web Apps Files LOB Apps Remote Access IT can provide seamless corporate access with DirectAccess and automatic VPN connections. Active Directory Users can register devices for single sign- on and access to corporate data with Workplace Join

Registering and Enrolling Devices Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud Active Authentication Active Directory ADFS Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device Web Application Proxy IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device

User-centric Application Delivery Administration Delivery Evaluation Criteria User Device type Network connection User/Device Relationships Primary Devices MSI App-V Windows 8 Apps Windows 8 Apps in the Windows Store Non-primary Devices VDI Remote Desktop

Protect your Data Help protect corporate information and manage risk Lost or Stolen Lost or Stolen Retired Enrollment Personal Apps and Data Personal Apps and Data Company Apps and Data Company Apps and Data Company Apps and Data Retired Personal Apps and Data Centralized Data Remote App Remote App Remote App Policies Policies Policies

DEMO

Unified Device Management Recap Unregistered Registered MDM Enrolled Fully Managed Publish email to users (EAS) Yes Publish work folders to users Conditional access based on user, device, location Block device only Audit logging and monitoring Unified Device Management Unified Application Management Selective data wipe Compliance reporting Group Policy and login scripts OS deployment and imaging Configuration management Patch management Anti malware management Full application management BitLocker management

Raphael Perez, MVP: Enterprise Client Management, MCT http://www Raphael Perez, MVP: Enterprise Client Management, MCT http://www.thedesktopteam.com @dotraphael | http://uk.linkedin.com/in/dotraphael/ raphael@rflsystems.co.uk Cloud OS website http://www.microsoft.com/en-us/server-cloud/cloud- os/default.aspx#fbid=h40PL5JDtJG Find out more about the MVP community https://mvp.microsoft.com/en- US/default.aspx

Please end the video with: Your contact details Link to the Cloud OS website http://www.microsoft.com/en-us/server- cloud/cloud-os/default.aspx#fbid=h40PL5JDtJG Link to your User Group # for Twitter Find out more about the MVP community https://mvp.microsoft.com/en- US/default.aspx