Desktop and Device Management Andy Taylor – Susan Smith –
Agenda Introduction System Center 2012 Configuration Manager Windows Intune Close
System Center 2012 Configuration Manager
SYSTEM CENTER 2012 CONFIGURATION MANAGER Empower Users Empower people to be more productive from almost anywhere on almost any device. Simplify Administration Improve IT effectiveness and efficiency. Unify Infrastructure Reduce costs by unifying IT management infrastructure.
NEED FOR NEW APPLICATION MODEL Your end-users are changing – and apps are what they use to do work – Ultra mobility – Lots of devices – New generation with new expectations Your apps are changing – AppV – SaaS – Datacenter hosted (VDI, remote/seamless apps) – Mobile apps/catalogs Management Server Traditional ModelUser Centric Model
APPLICATION MODEL Manage applications; not scripts Application Management: – Detection method – re-evaluated for presence: Required application – reinstall if missing Prohibited application – uninstall if detected – Requirement rules – evaluated at install time to ensure the app only installs in places it can, and should – Dependencies – relationships with other apps that are all evaluated prior to installing anything – Supersedence – relationships with other apps that should be uninstalled prior to installing anything – Update an app – Automatic revision management Manage applications; not scripts Application Management: – Detection method – re-evaluated for presence: Required application – reinstall if missing Prohibited application – uninstall if detected – Requirement rules – evaluated at install time to ensure the app only installs in places it can, and should – Dependencies – relationships with other apps that are all evaluated prior to installing anything – Supersedence – relationships with other apps that should be uninstalled prior to installing anything – Update an app – Automatic revision management
Secure over-the-air enrollment Monitor and remediate out-of- compliance devices Deploy and remove applications Inventory Remote wipe (WinCE 5.0, 6.0; Windows Mobile 6.0, 6.1, 6.5.x) 7NOKIA EAS-based policy delivery Discovery and inventory Settings policy Remote Wipe Light Management Depth Management Mobile Device Management
DEMO APPLICATION MANAGEMENT
WHAT IS USER DEVICE AFFINITY (UDA)? Key feature to help move to User Centric Application Deployment – Provides the ability to define a relationship between a user and a device, then leverage this in app deployment Ensure the application is not installed everywhere the user logs on Change the “deployment type” based on UDA Predeploy to systems when the user is not logged in for workgroup and after-hours deployments Configuration Manager 2012 supports: – Single primary user to primary device – Multiple primary devices per user – Multiple primary users per device < Windows Embedded
APPLICATION CATALOG IT Administrators publish software titles to catalog, complete with meta data to enable search Deliver best user experience on each device Users can browse, select and install directly from Catalog Application model determines format and policies for delivery User
DEMO INSTALLING SOFTWARE FROM APPLICATION CATALOG
SIMULATE APPLICATION
DEMO SIMULATE APPLICATION DEPLOYMENT
SIMULATE DEPLOYMENT GRAPH
ROLE-BASED ADMINISTRATION Central management for security Role-Based Administration lets you map the organizational roles of your administrators to defined security roles: Removes clutter from the console – Supports “Show me what’s relevant to me” based on my Security Role and Scope
CLIENT STATUS Goal -> Enable Administrators to monitor the activity and status of ConfigMgr client computers in their hierarchy. Following two methods have been used to evaluate the overall status of client computers they are managing Client Activity: Monitored from the Server: Configure thresholds to determine if a client is active Client Check: Monitored from the Client: A client evaluation engine is installed with the ConfirMgr client, which periodically evaluates its health and state of dependencies. This engine can also remediate some problems with the client. Goal -> Enable Administrators to monitor the activity and status of ConfigMgr client computers in their hierarchy. Following two methods have been used to evaluate the overall status of client computers they are managing Client Activity: Monitored from the Server: Configure thresholds to determine if a client is active Client Check: Monitored from the Client: A client evaluation engine is installed with the ConfirMgr client, which periodically evaluates its health and state of dependencies. This engine can also remediate some problems with the client.
SOFTWARE UPDATES Auto Deployment Rules – Use filter to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc. – Schedule content download State-based Update Groups – Deploy updates individually or in groups – Updates added to an update group automatically deploy to collections targeted with the group Auto Deployment Rules – Use filter to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc. – Schedule content download State-based Update Groups – Deploy updates individually or in groups – Updates added to an update group automatically deploy to collections targeted with the group
Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure SYSTEM CENTER 2012 ENDPOINT PROTECTION Easy to setup and operate the management infrastructure Easy client install and migration Automated deployment of updates using ConfigMgr infrastructure Simplified deployment of antimalware policies
SETTINGS AND COMPLIANCE MANAGEMENT ConfigMgr MPBaseline ConfigMgr Agent WMIXML RegistryIISMSI ScriptSQL Software Updates File Active Directory Baseline Configuration Items Auto Remediate OR Create Alert ! Deploy baselines to collections Baseline drift Improved functionality Copy settings Trigger console alerts Richer reporting Enhanced versioning and audit tracking Ability to specify versions to be used in baselines Audit tracking includes who changed what Pre-built industry standard baseline templates through IT GRC Solution Accelerator
REPORTING EXPERIENCES Report Viewer (in-console) Report Viewer (in-console) Report Manager (Web)
REMOTE CONTROL What's New in Remote Control – Ability to send Ctrl-Alt-Del keystroke to host device – Able to traverse the all Windows Secure Desktop modes Winlogon, SAS, UAC, Locked screen, – Granular client settings per collection – Lock keyboard and Mouse – Ability to create Firewall exception rule – Ccmeval monitors and remediates Remote Control Service What's New in Remote Control – Ability to send Ctrl-Alt-Del keystroke to host device – Able to traverse the all Windows Secure Desktop modes Winlogon, SAS, UAC, Locked screen, – Granular client settings per collection – Lock keyboard and Mouse – Ability to create Firewall exception rule – Ccmeval monitors and remediates Remote Control Service
Unified Management; On-Premise and from the Cloud Active Directory
Windows Intune WINDOWS INTUNE
MANAGE, SECURE PCS AND DEVICES ANYWHERE Simple Web-Based Administration Console and a friendly IW experience
MOBILE CAPABLITIES Unified experience across all devices – Automatic discovery of mobile devices that access Exchange – Single console to manage computers and mobile devices – User centric views for device inventory Protect corporate data on mobile device – Deploy Active Sync policies to user groups (password, encryption…) – Define mobile device access rules by device family/model – Remove mobile devices that access Exchange (with option to wipe) IW empowerment through mobile LOB apps – Hosts & target in-house mobile apps to user groups (e.g. corp app store) – Provide mobile self-service to download mobile apps or contact IT
LOGICAL ARCHITECTURE EXCHANGE WINDOWS INTUNE ACTIVE DIRECTORY EXCHANGE CONNECTOR IDENTITY CLOUD INFRASTRUCTURE (MSODS) Sync AD user data into the cloud Sync managed users to Windows Intune ActiveSync Policy/Config Sync mobile devices for managed users Apply EAS policies or remediation tasks ON-PREMISE INFRASTRUCTURE MICROSOFT CLOUD
POLICY TRACKING Track compliance against policies – Unified Policy status across PCs and mobile devices – Consistent look and feel for device settings report Policy status for User groups and individual users – Display # of users who have devices with policy issues – Drill down into users and their devices with issues Noncompliance action for mobile device – Reports if access has been allowed or denied to non-compliant devices
APP MANAGEMENT Publish – The IT administrator uploads in-house apps to Windows Intune – The IT administrator deploys each app, specifying which targeted user groups have access to each app Consume – Information workers sign in to the Windows Intune company portal using their corporate credentials – In the mobile portal, information workers can do the following: View a detailed list of available apps Download an app Contact IT (in case of a problem) Track – The IT administrator tracks app adoption, using the aggregated and detailed statistics provided by Windows Intune
DEMO WINDOWS INTUNE
Device Management Key Points User Centric Management Applications that user needs them on the multiple devices they use User empowerment Public and Private cloud Management Windows Intune System Center 2012 Configuration Manager Manage all your devices
Next Steps Microsoft System Center 2012: center/default.aspx center/default.aspx Windows Intune: Current version - us/windows/windowsintune/try-and-buy.aspxhttp:// us/windows/windowsintune/try-and-buy.aspx Try the next version - beta.microsoft.com/Signup/MainSignUp.aspx?OfferId=1A C1CF-1C F8229EC1411&ali=1https://account.manage- beta.microsoft.com/Signup/MainSignUp.aspx?OfferId=1A C1CF-1C F8229EC1411&ali=1 System Center Marketplace: rosoft.com rosoft.com Blogs: center center m/wiki/contents/articles/7075.sy stem-center-2012-configuration- manager-survival-guide-en- us.aspx Download and EvaluateMore Resources
Some information relates to pre-released product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here