Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure

Exchange

Set-ActiveSyncOrganizationSettings New-ActiveSyncDeviceAccessRule Set-ActiveSyncDeviceAccessRule New-ActiveSyncMailboxPolicy Set-CasMailbox Exchange - Protecting your Infrastructure

Set-ActiveSyncOrganizationSettings Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine - AdminMailRecipients Exchange - Protecting your Infrastructure

New-ActiveSyncDeviceAccessRule New-ActiveSyncDeviceAccessRule -QueryString iPhone -Characteristic DeviceModel -AccessLevel Block New-ActiveSyncDeviceAccessRule -QueryString NokiaE521/2.00()MailforExchange -Characteristic UserAgent - AccessLevel Allow Exchange - Protecting your Infrastructure

Set-ActiveSyncDeviceAccessRule Set-ActiveSyncDeviceAccessRule 'ContosoPhone(DeviceModel)' - AccessLevel:Quarantine Get-ActiveSyncDeviceAccessRule | Where {$_.AccessLevel -eq 'Allow'} | Set-ActiveSyncDeviceAccessRule -AccessLevel:Quarantine Exchange - Protecting your Infrastructure

Mobile Device Mailbox Policies When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy. Exchange - Protecting your Infrastructure

New-ActiveSyncMailboxPolicy New-ActiveSyncMailboxPolicy -Name 'All Users' - AllowNonProvisionableDevices $false -DevicePasswordEnabled $true - AlphanumericDevicePasswordRequired $false - MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true - AttachmentsEnabled $true -AllowSimpleDevicePassword Exchange - Protecting your Infrastructure

Adding and Removing Users from a Mobile Mailbox Policy Get-CASMailbox -Identity -ActiveSyncMailboxPolicy "Sales" Get-Mailbox | where { $_.CustomAttribute1 -match "Manager"} | Set- CASMailbox -activesyncmailboxpolicy(Get-ActiveSyncMailboxPolicy "Contoso").Identity Exchange - Protecting your Infrastructure

Current list of available settings per device OS nts Exchange - Protecting your Infrastructure

Exchange Connector

Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premises or online) by using the Microsoft Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager. Exchange Connector – Managing and Securing Devices

Settings you can control General Password Management Security Application Exchange Connector – Managing and Securing Devices

Option to control settings via Active Sync Exchange Access rules control Allow, Block, or Quarantine Remotely Wipe via ConfigMgr Self Wipe via Application catalog On-premise automatically added to catalog on sync Hosted requires manual user device affinity before visible in catalog. Exchange Connector – Managing and Securing Devices

When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices. Some management functions are therefore limited. For example, you cannot install software on these devices or use configuration items to configure these devices. Exchange Connector – Managing and Securing Devices

When you use the Exchange Server connector, the mobile devices are managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies. Exchange Connector – Managing and Securing Devices

An account is required to configure the Exchange Connector in Configuration Manager. The account can be the computer account of the site server or a Windows user account, and must have rights in Exchange to certain cmdlets. Exchange Connector – Managing and Securing Devices

An account is required to configure the Exchange Connector in Configuration Manager. The account can be the computer account of the site server or a Windows user account, and must have rights in Exchange to certain cmdlets. Exchange Server management roles that contain the required cmdlets are the Recipient Management, View-Only Organization Management, Server Management, and above. Exchange Connector – Managing and Securing Devices

Intune

System Center Intune has various access points and knowing each one is important to not confuse users and get the most of the subscription. Portal.Manage.Microsoft.com (Users) Account.Manage.Microsoft.com (Subscription Administration) Manage.Microsoft.com (Intune Administration) System Center Intune - Managing and Securing Devices

There are various pre-requisites that must be configured and working before Intune can manage mobile devices or be connected to System Center Configuration Manager. Intune Account Verified Public Domain Domain UPN Dirsync/SSO DNS Alias (CNAME) Certificate Keys System Center Intune - Managing and Securing Devices

Certificates are used with System Center Intune to secure software deployments to devices that are either company developed or push or to allow Notifications. Below is a list by OS type of cert required. Windows Phone 8 – Code Sign Cert (Symantec) Support Tool for Windows Intune Trial (temp cert for testing) Windows devices (Side loading Keys) IOS – Apple Push Notification (APN) Android (None) System Center Intune - Managing and Securing Devices

System Center Intune support many Mobile devices in Direct Managed mode or connected with System Center Configuration Manager 2012 R2. Windows Phone 8 Devices Windows 8 RT Windows 8.1 RT Windows 8.1 iOS 5.0, 6.0, and 7.0 Android Devices 2.3 and Later System Center Intune - Managing and Securing Devices

When integrating System Center Intune with System Center Configuration Manager there is a few configuration changes and system roles to be setup. Subscription Connector Setup Windows Intune Connector Role Logs ConnectorSetup CloudMgr CloudUsersSync dmpDownloader dmpuploader System Center Intune - Managing and Securing Devices

Source intune.aspx `

Company Applications Deeplinking (Store Apps) User Enrollment Managing Devices – Managing and Securing Devices

Method to deploy Vendor store apps via System Center Configuration Manager. iTunes Google Play Windows Phone Store Windows (Use reference computer) Deeplinking – Managing and Securing Devices

Windows Phone (Settings – Company Apps) Windows RT (System Configuration – Company Apps) Windows 8.1 and RT 8.1 (Workplace) iOS (ITunes – Windows Intune Company Portal) If Service Pack 1 (m.manage.Microsoft.com) Android (Google Play – Windows Intune Company Portal) User Enrollment – Managing and Securing Devices

The enterprise feature pack will include: S/MIME to sign and encrypt Access to corporate resources behind the firewall with app aware, auto-triggered VPN Enterprise Wi-Fi support with EAP-TLS Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps Certificate management to enroll, update, and revoke certificates for user authentication Windows Phone Enterprise Feature Pack – Managing and Securing Devices

Samsung Knox and Intune– Managing and Securing Devices

Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure