4/17/2017 6:13 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft System Center Mobile Device Manager 2008 SP1: Overview Tech·Ed  North America 2009 4/17/2017 6:13 AM Microsoft System Center Mobile Device Manager 2008 SP1: Overview Mornè Blake Enterprise Architect iSolve Business Solutions Session Code: WMB301 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Key End User Priorities Customer Priorities Key BDM Priorities Key IT Priorities Key End User Priorities Platform on which to build, deploy, and manage apps End user productivity Scalable and reliable procurement Minimize support and TCO Secure data Secure network access Manageable, scalable Standards Based Integrate with existing IT infrastructure Training and support Anytime access to corporate info Dependable Superior productivity including unified communications “I need a strong ROI justification if I am going to roll out mobile devices to most of my organization and not just the managers.” Director of business group for major manufacturer “Make it just another device on my network that I control and manage, and as an integral part of my existing architecture and security framework.” VP of IT for large Wall Street bank “Provide me with always available access to the people, information and applications I need even when I am on the go” Sales Manager at global pharmaceutical firm

System Center Mobile Device Manager Helps IT Pros manage Windows Mobile Smartphone's in the same way as laptops and PCs Manages security, policy, and applications for Windows Mobile phones Provides increased access to Corporate data, applications, and services through a single point and your firewalls

Core Feature Areas Security Management Device Management System Center Mobile Device Manager enables Windows Mobile phones to be deployed and managed (device and security) like PCs and laptops in the IT infrastructure, providing network access to corporate data Security Management Device Management Network Access

Security Management Benefits Windows Active Directory user and device memberships AD based Group Policy targeting Security Management 130+ manageable configuration settings (Bluetooth, Wi-Fi, SMS/MMS, IR, Camera, mail, etc.) Extensible for customer apps through custom ADM templates Device File Encryption Remote Device Wipe

Device Management Benefits Enterprise Software Distribution OTA Using Windows Software Update Service (WSUS) 3.0 Device Management Device Provisioning OTA Role Based Administration Rich inventory and reporting Robust hardware and software inventory capabilities SQL Reporting infrastructure Familiar Management Tools MMC Snap-Ins Windows PowerShell ADGP, WSUS

Mobile VPN Benefits Network Access Security Efficiency Extensible Allows end-to-end security Headless gateway deployed in the DMZ Standards based (IKEv2, IPSEC tunnel) Security Network Access Use best available channel Adapt, minimize keep alive traffic Fast Reconnect, Session Persistence Efficiency Transparent to mobile application Transparent to LOB services Extensible Always connected Allows pushed technology Reliability Minimum user configuration Transparent to user and to applications Simplicity

MDM SP1 Feature Updates Multiple Instances Enrollment Auto Discovery More than one instance of MDM within the same AD Forest Enrollment Auto Discovery Enrollment server matches the user with the correct MDM instance Windows Server Infrastructure SP1 will run within Windows Server 2008 AD Domain and CA Services Support for Hyper-V hosting MDM server roles on Windows Server 2003 Performance and Scalability Supports deployment of more than 30,000 devices within a single forest More! Self Service Portal Software Package CAB Signing Wizard Device PIN Recovery Self Service Portal

MDM Deployment Topology 4/17/2017 6:13 AM MDM Deployment Topology Corporate Intranet E-mail and LOB Servers Device Mgmt Server HTTPS or HTTP Mobile VPN Initial OTA Device Enrollment Perimeter Internet Edge Firewall Back Firewall Mobile VPN GW Enrollment Server AD/DNS/CA/SQL Self Service Portal This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. ©2005 Microsoft Corporation. All rights reserved.

Initial OTA Device Enrollment 4/17/2017 6:13 AM The Enrollment Server Corporate Intranet E-mail and LOB Servers Device Mgmt Server HTTPS or HTTP Mobile VPN Initial OTA Device Enrollment Perimeter Internet Edge Firewall Back Firewall Mobile VPN GW Enrollment Server AD/DNS/CA/SQL Self Service Portal This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. ©2005 Microsoft Corporation. All rights reserved.

Enrollment Server Location Purpose Other Intranet based (domain joined server/service) Purpose Manage the process flow of enrollment Create domain objects Create certificates Supply provisioning instructions Other Best practice: protected by a Proxy (e.g., ISA) Can co-exist on DM Server in integrated implementation

The Enrollment Process Firewall Enrollment Server Active Directory Negotiate SSL Root Create Acct. Submit Cert Request Receive Cert Issue Cert Discovery Certification Authority Public DNS

SCMDM Device Enrollment 4/17/2017 6:13 AM Demo SCMDM Device Enrollment Morne Blake Enterprise Architect © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Initial OTA Device Enrollment 4/17/2017 6:13 AM The Mobile VPN Gateway Corporate Intranet E-mail and LOB Servers Device Mgmt Server HTTPS or HTTP Mobile VPN Initial OTA Device Enrollment Perimeter Internet Edge Firewall Back Firewall Mobile VPN GW Enrollment Server AD/DNS/CA/SQL Self Service Portal This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. ©2005 Microsoft Corporation. All rights reserved.

Mobile VPN Server Location Purpose Other Corporate DMZ (remotely managed) Purpose Enables access to corporate data and LOB resources Assigns a stable internal IP address for the device Authenticates incoming connections for authorized devices Negotiates keys to encrypt traffic over the Internet Other Standards Based (IPSec Tunnel Mode, MobIKE, IKEv2) Enables fast resume/reconnect features for devices and applications

VPN Scenario: LOB Application Kerberos delegation FW LOB 2 Proxy ISA Double envelope security FW User Authentications: 1) Certificate 2) NTLM v2 3) Basic LOB 1 17

Accessing Corporate Applications 4/17/2017 6:13 AM Demo Accessing Corporate Applications Morne Blake Enterprise Architect © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Device Management Server 4/17/2017 6:13 AM Device Management Server Corporate Intranet E-mail and LOB Servers Device Mgmt Server HTTPS or HTTP Mobile VPN Initial OTA Device Enrollment Perimeter Internet Edge Firewall Back Firewall Mobile VPN GW Enrollment Server AD/DNS/CA/SQL Self Service Portal This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. ©2005 Microsoft Corporation. All rights reserved.

Device Management Server Location Intranet based (domain joined server/service) Multi-Purposed Primary administration and management point for all managed devices Group Policy management, device software distribution, and device data wipes Application allow/deny; Inventory and Reporting Proxies information and commands between core Windows Servers (AD/CA) and devices Other OMA-DM compliant

SCMDM Device Management Server Console 4/17/2017 6:13 AM Demo SCMDM Device Management Server Console Morne Blake Enterprise Architect © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Group Policy SYSVOL MDM DM Server Group Policy Editor GPMC 4/17/2017 6:13 AM Group Policy Group Policy Editor SYSVOL Modeling MDM DM Server GPMC Group Policy Driver Results OMA Proxy Engine MDM DB Windows Mobile Device

SCMDM Software Distribution 4/17/2017 6:13 AM Demo SCMDM Software Distribution Morne Blake Enterprise Architect © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Software Distribution May not use Software Distribution DB 1 3 2 4 4 5 5 GW Server DM Server 1. The device is connected to the GW Server 2. The device connects to the DM Server 3. The DM Server obtains the OMA DM commands for the device 4. The DM Server offers the software packages applicable to the device; The device downloads and automatically installs the software packages 5. The device reports the result of the installation of software packages to the DM Server

Creating a SCMDM Software Package 4/17/2017 6:13 AM Demo Creating a SCMDM Software Package Morne Blake Enterprise Architect © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

IT Infrastructure Details Required Windows Server 2003 SP2 64 bit SQL Server 2005 Windows 2003/2008 Active Directory Microsoft CA Group Policy Windows Mobile 6.x Optional Exchange Server System Center Operation Manager Systems Center Configuration Manager ISA Server

MDM Foundations – Familiarity and Stability Microsoft Systems Infrastructure Windows Server Windows Mobile Smartphones IIS & SQL SQL Server Reporting Services Certificate Services Active Directory SSL and IKE WSUS Interoperability Tools ISA Server Exchange Server Office SharePoint Server Office Communications Server MMC ADGP and RSoP Group Policy Editor Windows Mobile SDK

Which Solution fits my Needs? Scenarios Exch 2007 SP1 SCCM 2007 SCMDM 2008 SCMDM 2008 Security Management Exchange 2007 SP1 SCCM 2007 Device Management Mobile VPN Platforms EAS Licensees WM 2003 to 6.x CE 4.2/5.0 WM 6.x

System Center Evolution ConfigMgr v.Next Retain MDM & ConfigMgr 07 DM Scenarios Windows Mobile and CE device mgt (based on device capability) For desktop, laptop, and Windows Mobile devices: ‘Single pane of glass’ admin Unified infrastructure Migration path for both products MDM 2008 SP1 Comprehensive Windows Mobile 6.x device management, enabling IT control for security, management and access. ConfigMgr 2007 Delivers proven, robust capabilities for managing your IT systems including your desktop, laptop, server, and mobile devices.

Both Products are capable and adoption ready Roadmap Summary MDM 2008 is a complete mobile solution Great for new device rollouts where mobile applications policies, and corporate network access are vital System Center Configuration Manager 2007 Great single point of management for both desktops and Windows Mobile devices Both Products are capable and adoption ready Both Products have a roadmap toward SCCM v.Next to meet your device management needs

question & answer

Resources Required Slide Speakers, www.microsoft.com/teched TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings from Tech-Ed website. These will only be available after the event. Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za www.microsoft.com/teched International Content & Community www.microsoft.com/learning Microsoft Certification & Training Resources http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers

Related Content Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Any queries, please check with your Track Owner. Related Content What's New for Developers in Windows Mobile 6.5 (WMB303) Mobility Smackdown (WMB201) Real World Windows Mobile Development (WTB229) Windows Mobile Tips and Tricks for Developers (WMB302)

Track Resources Required Slide Track Owners to provide guidance. Please address any queries to your track owners. Track Resources Resource 1 Resource 2 Resource 3 Resource 4

10 pairs of MP3 sunglasses to be won Required Slide 10 pairs of MP3 sunglasses to be won Complete a session evaluation and enter to win!

Required Slide 4/17/2017 6:13 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.