Download presentation
Presentation is loading. Please wait.
Published byNoreen Warner Modified over 9 years ago
1
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access
2
Module 1: Windows 8.1 in the Enterprise Module 2: Installing & Upgrading to Windows 8.1 Module 3: Configuring & Managing Windows 8.1 Module 4: Implementing an Application Strategy for Windows 8.1 Module 5: Managing Devices & Resource Access Module 6: Securing Windows 8.1 Devices
3
Module Overview Options for Managing Non-Domain Member Devices Configuring Workplace Join Configuring Work Folders
4
Options for Managing Non-Domain Member Devices Challenges of Managing Non-Domain Member Devices Comparing Domain Member and Non-Member Devices Managing Data and Settings on Non-Domain Member Devices Security Enhancements for Devices That Are Not Joined to a Domain Managing Non-Domain Member Devices by Using Windows Intune and Configuration Manager
5
Challenges of Managing Non-Domain Member Devices Users: Expect to be able to work from any location Need access to their data and resources from anywhere Use any device Laptops, convertible laptops, tablets, and smart phones Device is often not company-owned (BYOD scenario) Device is not a member of the company domain Data access from user-owned devices must be compliant with company policy Protection, confidentiality, and automatic removal Companies have limited control over non-domain member devices Traditional management is for domain member devices
6
Comparing Domain Member and Non-Member Devices Non-domain member devices Do not have an account No trust with the domain Domain accounts cannot sign in Local users unknown to the domain Cannot be managed by Group Policy Cannot access company resources Need to be managed differently from domain member devices Domain member devices Have domain account Domain accounts can sign in Local users not used Can have company policies enforced Can be centrally administered Can access company resources if permissions are given Can be managed by using Group Policy
7
Managing Data and Settings on Non-Domain Member Devices Windows To Go Virtual Desktop Infrastructure (VDI) Workplace Join Open Mobile Device Management protocol Managing devices, enrolled into management system Web Application Proxy Publish web applications to external network Work Folders Access and synchronize file server data Remote Business Data Removal Automatically wipe company data from the device
8
Security Enhancements for Devices That Are Not Joined to a Domain Mandatory sign-in for all users Biometrics as proof of identity Pervasive device encryption Malware resistance – Windows Defender Assigned access (kiosk mode) Remote business data removal Internet Explorer 11
9
Managing Non-Domain Member Devices by Using Windows Intune and Configuration Manager Windows Intune is a cloud service Requires no infrastructure, only Internet connectivity Configuration Manager is installed on premises Can be integrated with Windows Intune Both manage PCs and devices Configuration Manager allows you to: Deploy applications Manage endpoint protection Deploy software updates Inventory hardware and software Reporting Windows Intune features: Updates Endpoint Protection Software deployment Monitoring and alerting Reporting
10
Configuring Workplace Join Workplace Join Scenarios for Using Workplace Join Workplace Join Components Registering and Enrolling Devices Demo: Enrolling Devices
11
Workplace Join Provides access to internal websites and company apps without entering the credentials every time Workplace Joined AD FS DC, CA SSO Web Server
12
Scenarios for Using Workplace Join Access company data from personal devices Consumerization of IT BYOD Devices that cannot or may not be domain members IT department has some control over the device Which company websites and apps can be accessed Device is represented in AD DS Device is an additional user authentication factor User can access resources only from known devices A user is associated with Workplace Joined device Multiple users can join the same device by using Workplace Join
13
Workplace Join Components Workplace Join Infrastructure requirements: Domain environment PKI Devices must trust the certificate authority (CA) Devices must be able to access CRL and AIA AD FS server Trusted certificate configured with required attributes Device registration service DNS record for a host named Enterpriseregistration Web Application Proxy for external devices Supported operating system on the device Windows 8.1, Windows RT 8.1, and iOS
14
Workplace Join Components AD FS Device Registration Service DNS CRL Distribution Point AD DS Domain Controller Workplace Join Enterpriseregistration.adatum.com
15
Registering and Enrolling Devices (cont.)
19
Registering and Enrolling Devices
20
ENROLLING DEVICES Demo
21
Configuring Work Folders Overview of Work Folders Comparing Work Folders with Other File Synchronization Technologies Components Required for Work Folders How Work Folders Are Synchronized Configuring Work Folders Integrating Workplace Join and Work Folders Using GPOs to Manage Work Folders Demo: Configuring Work Folders
22
Overview of Work Folders Work Folders allow users to access their individual company data from any device Work Folders are stored centrally on traditional file servers File servers must be running Windows Server 2012 R2 Users can use multiple devices to access Work Folders You can synchronize local Work Folder data with data on the file server from any location with connectivity Local copy is available without network connectivity Allows you to ensure compliance with company policy Access control, quotas, file screening, classification Local copy of data can be encrypted and remotely wiped
23
Comparing Work Folders with Other File Synchronization Technologies SkyDriveSkyDrive ProWork FoldersFolder Redirection Single-user data Yes, but files often shared NoYes Data locationPublic cloud SharePoint, Office 365 File server Local server requiredNoSharePoint (optional) Windows Server 2012 R2 Windows Server Support included in Windows 8.1 YesNoYes Supported devices PCs, Macs, Windows Phone, iOS, Android PCs, Windows PhonePCs, iPadDomain member PCs
24
Components Required for Work Folders A Work Folders Server The File and Storage Services role must be installed An additional access protocol is added Server Manager for a consolidated view of sync activity A Sync Share Multiple sync shares per Work Folders server Users can associate with a single sync share Device policy is defined per sync share User Devices Files stay in sync across all user devices Local changes sync to the server and then to other devices
25
How Work Folders are Synchronized User limited to single Work Folder Client always initiates sync Device which applies the change is responsible for conflict resolution Data directory Version database Download staging directory Data directory Version database Download staging directory Data directory Version tables Upload staging directory
26
Configuring Work Folders Create a sync share on a file server You must install the Work Folders role service first You can deploy Work Folders in three ways Manually Auto-discovery of the server based on users’ email addresses Users need to manually enter the URL for the Work Folder server Opt-in Settings delivered by using Group Policy, System Center 2012 R2 Configuration Manager, or Windows Intune Users decide if they want to use Work Folders on their devices Mandatory Settings delivered by using Group Policy, System Center 2012 R2 Configuration Manager, or Windows Intune No user action required
27
Integrating Workplace Join and Work Folders Both features are targeted for non-domain member devices Domain member devices can also use Work Folders Devices must trust the CA to use Work Folders Workplace-joined devices already trust the CA Work Folders work with workplace-joined devices as well as with workgroup or domain member devices Workplace-joined Devices Domain Members The Work Folders Server
28
Using GPOs to Manage Work Folders The Work Folder settings are in Group Policy Computer: Force automatic setup for all users User: Specify the Work Folders settings
29
CONFIGURING WORK FOLDERS Demo
30
Module 1: Windows 8.1 in the Enterprise Module 2: Installing & Upgrading to Windows 8.1 Module 3: Configuring & Managing Windows 8.1 Module 4: Implementing an Application Strategy for Windows 8.1 Module 5: Managing Devices & Resource Access Module 6: Securing Windows 8.1 Devices
31
Configuring Windows 8.1 (20687) http://aka.ms/configwin8-1 Supporting Windows 8.1 (20688) http://aka.ms/mlesvh Upgrading Your Skills to MCSA Windows 8.1 (20689) http://aka.ms/Ou31ho Microsoft Learning: http://aka.ms/Djv62ghttp://aka.ms/Djv62g
32
Deep technical content and free product evaluations Hands-on deep technical labs Free, online, technical courses Download Microsoft software trials today. Find Hand On Labs.Take a free online course. Technet.microsoft.com/evalcenterTechnet.microsoft.com/virtuallabsmicrosoftvirtualacademy.com TechNet Virtual Labs
33
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.