Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exam Prep : Section 2: Design for Device Access and Protection

Published byDelilah Alexander Modified over 6 years ago

Similar presentations

Presentation on theme: "Exam Prep : Section 2: Design for Device Access and Protection"— Presentation transcript:

1 Exam Prep 70-398: Section 2: Design for Device Access and Protection
Joe Lurie MCS Northeast Alfred Ojukwu MCS Northeast

2 Agenda - list all main modules
1 Design for Cloud/Hybrid Identity (15-20%) 2 Design for device access and protection (15-20%) 3 Design for data access and protection (15-20%) 4 Design for Remote Access (15-20%) 5 Plan for apps (15-20%) 6 Plan updates and recovery (15-20%)

3 Design for device access and protection

4 Design for Device Access and Protection
Plan for Device Enrollment Plan for the Company Portal Plan Protection for Data on Devices Design device inventory Mobile device management authority Device management prerequisites Device enrollment profiles Customize the Company Portal and company t&c Intune Design policies and policy conflicts Configuration policies, compliance policies, Conditional Access policies, Exchange ActiveSync policies, policy conflicts Design for protection of data in and SharePoint when accessing them from mobile Design for protection of data of applications by using encryption Design for full and selective wipes

5 Plan for Device Enrollment
First step in Device Management Lifecycle User-facing activity Can enroll devices as computers or mobile devices Supported platforms: Apple iOS 7.1 and later Google Android 4.0 and later (including Samsung KNOX) Windows Phone 8.0 and later Windows RT and Windows 8.1 RT PCs running Windows 8.1 PCs running Windows 10 (Home, Professional, and Enterprise versions) Mac OS X 10.9 and later Device Management Lifecycle

6 Plan Device Inventory Options for Managing Devices Intune Standalone
6/15/2018 Plan Device Inventory Intune Standalone Intune Hybrid Options for Managing Devices © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Design Device Inventory – Intune Reports
6/15/2018 Design Device Inventory – Intune Reports Report Description Update* Displays current software update status (needed, pending, successful, failed) for enrolled computers. Detected Software Displays the software installed on enrolled computers. Attributes include product name, publisher, and version number. Computer Inventory* Displays machine-specific inventory for enrolled computers. Attributes include name, model, manufacturer, operating system, etc. Mobile Device Inventory Displays device-specific inventory for enrolled mobile devices. Attributes include name, model, manufacturer, operating system, compliance status, jailbroken status, etc. Terms & Conditions Displays the status of acceptance for existing T&C policies on a per-user basis Noncompliant Apps Displays users and their corresponding mobile devices based on app compliance Certificate Compliance Displays the certs that have been issued to users and devices via Network Device Enrollment Service (NDES) and whether they are issued, expired, or revoked Device History Displays an audit log for retire, wipe, and delete actions Mac OS X Hardware Displays machine-specific inventory for enrolled Macs Mac OS X Software Displays the software installed on enrolled Macs. Includes product name and version * No longer exists in Intune © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Set the Mobile Device Management Authority
Defines which system has permissions to manage enrolled devices Be careful…can only be set ONCE!

9 Device Management Prerequisites
Step 1: Determine which devices need to be managed and their compatibility with the various management solutions.

10 Steps for Setting up iOS and Android
Company Portal is Required on Android Good idea to push Company Portal on all devices that are MDM enrolled iOS Upload an Apple Push Notification (APN) cert Assign a Device Enrollment Program (DEP) token **optional** Open-In Management restrictions Data transfer cannot be blocked via Open-In Data is encrypted and obfuscated in transit

11 Steps for Setting up Windows
Windows Phone Assign an enrollment server address Obtain an Enterprise ID and Symantec Code-Signing Cert (Required if managing Windows Phone 8 or deploying Line of Business (LOB) apps) Download and Sign the Company Portal app (Required if managing Windows Phone 8) Upload and Deploy the Signed Company Portal app (Required if managing WP 8) Windows Add sideloading keys for LOB apps Upload code-signing certificate (Required only for LOB apps that are not already trusted)

12 Device Enrollment Profiles
Provides a solution that scales for larger deployments Device enrollment profiles are for iOS/OS X and are created from Intune or the Apple Configurator desktop application Assign an Intune account as a Device Enrollment Manager (DEM), which can enroll more than the default limit of 5 devices Create a device group Create a Device Enrollment Profile Import Pre-Enrolled Devices and assign an Enrollment Profile Enroll devices using a Device Enrollment Profile Enable the Device Enrollment Program Update the Device Enrollment Profile

13 Plan for the Company Portal
Customize company portal Provides users access to company data and apps App available for Windows, iOS, and Android devices Available from most web browsers: Customize company name and info, support contacts, colors and themes, and logos

14 Terms & Conditions Policies
6/15/2018 Terms & Conditions Policies Require users to accept terms before accessing company data Users need to review and accept each time a new version of T&C is released T&C policies are deployed to user groups, not device groups Multiple policies can be created and deployed Version number attribute helps track in the T&C report © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Intune Policy Types EXAM TIP: Look for clues in how the question is asked! For example, if it asks, “You need to configure [feature]. Which type of policy would you use?” the answer is likely Configuration Policy.

16 Types of Policies Compliance Policies (Apply to all device types)
Define settings/rules that device MUST conform to PIN and Password Requirements Encryption Requirements Whether a Device can be Jailbroken/Rooted Whether Account Must Be Managed by Intune Used to set up Conditional Access Configuration Policies (Platform-specific) Like compliance policies, but with more granularity System Settings (Screen Capture, Factory Reset, etc.) Cloud Settings & Accounts (Backup to iCloud or Google’s Cloud) Hardware Settings (Bluetooth, NFC, Wi-Fi, Camera, etc.) Application Compliance

17 Types of Policies – con’t…
Conditional Access Polices Checks to see if an enrolled device is compliant Restricts access to corporate data if non-compliant Exchange on-prem or online SharePoint Online Exchange ActiveSync Policies Requires connection to Exchange environment Exchange on-prem Exchange on-line Both options allow for management of existing EAS devices without requiring them to enroll in Intune

18 Conditional Access Policies
What Is It Checks to see if a device is enrolled in Intune and compliant (based on compliance policies) and restricts access to corporate data if not compliant Restricts Access to: Exchange Server Exchange Online SharePoint Online

19 Exchange ActiveSync Policies
Requires setup of connection to Exchange environment Options for managing EAS devices: Exchange On-Prem > Install Microsoft Intune Exchange Connector Exchange Online > Configure Service-to-Service Connector Both options allow for management of existing EAS devices without requiring them to enroll in Intune

20 Policy Conflicts Battling Policies Winner
Group Policy vs. Any Other Policy (Configuration/Compliance) Group Policy Compliance Policy vs. Compliance Policy Conflicts judged on a per-setting basis, where most restrictive setting wins Compliance Policy vs. Configuration Policy Compliance Policy Configuration Policy vs. Configuration Policy

21 Practice exam question
6/15/2018 Practice exam question Your network contains an Active Directory Domain Services (AD DS) forest that has one domain and an Exchange Server organization All exchange servers run Exchange Server 2010 SP1 on Windows Server 2008 R2. All domain member servers run at least windows Server 2008 R2. Your company purchases a Microsoft Intune tenant and configures it to manage 300 mobile devices. You need to ensure that only approved devices can connect to the Exchange organization. What should you do first? Upgrade all Exchange servers to Windows Server 2012 Upgrade to Microsoft Exchange Server 2013 Install the on-premises connector on a member server Install the Exchange on-premises connector on an Exchange server © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Company Portal Customization

23 Company Portal Customization

24 Download the Company Portal App
6/15/2018 Download the Company Portal App Windows Phone iOS Android © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Protection of Data in Email and SharePoint
What is it Control how data is stored and shared on an enrolled mobile device through: Configuration Policies Mobile Device Security Policy, which allows for restriction of screen captures, downloading attachments, etc. Published Applications Apps published to Company Portal can be assigned a MAM policy, which controls how data is protected within the app Apps compatible with MAM policies include LOB apps wrapped with the Intune App Wrapping Tool OR apps from published compatible list

26 Using Encryption to Protect App Data
Device Encryption Create and deploy a configuration policy that requires enrolled devices to use a password Enable encryption enforcement in the configuration policy Create a compliance policy that checks devices for encryption App Encryption If a device is left unlocked, the data in corporate apps can remain encrypted Controlled through MAM policies Option to encrypt application data and require a PIN to access the encrypted app

27 Full and Selective Wipes
Full Wipe Restores the device to factory settings (erases all content and settings and removes the device from Intune management) Selective Wipe Erases all company data and settings while preserving user’s personal data and settings (removes the device from Intune management)

28 Additional Remote Tasks
Remote Lock Sends a command to the mobile device that requires the user to enter the device passcode before continuing to use the device Passcode Reset Behavior differs based on platform Either clears the passcode and requires the user to enter a new, compliant passcode OR applies a temporary passcode

29 Design for Device Access and Protection – EXAM TIPS
Enrollment brings the device into MDM Management Tip #2 Know the different Intune policies, and the difference between them: Configuration Compliance Conditional Access Exchange ActiveSync Tip #3 Company Portal app is available for Apple iOS, Android, and Windows Phone or is available from most web browsers

30 6/15/ :34 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Exam Prep : Section 2: Design for Device Access and Protection"

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is.

The explosion of devices is eroding the standards-based approach to corporate IT. Devices Deploying and managing applications across platforms is.
Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Microsoft Virtual Academy Windows Intune for IT Pros Jump Start M05: Windows Intune Policies David Tesar Richard Harrison.

Microsoft Virtual Academy Windows Intune for IT Pros Jump Start M05: Windows Intune Policies David Tesar Richard Harrison.
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.

Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Office 365 Upsell Paths.

Office 365 Upsell Paths.
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Microsoft Virtual Academy

Microsoft Virtual Academy
Deployment Planning Services

Deployment Planning Services
People-Centric Management

People-Centric Management
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
Microsoft Virtual Academy

Microsoft Virtual Academy

Similar presentations

Ads by Google