Managing Windows 8.1 With Windows Intune

advertisement
Windows 8.1 Device Management
With Windows Intune
Mark O’Shea
MVP Windows Expert – IT Pro
30 June 2014
Today’s challenges
Users
Devices
Apps
Data
Users expect to be able to
work in any location and
have access to all their
work resources.
The explosion of devices is
eroding the standards-based
approach to corporate IT.
Deploying and managing
applications across
platforms is difficult.
Users need to be productive
while maintaining
compliance and reducing
risk.
Empowering People-centric IT
Enable users
Allow users to work on the
devices of their choice and
provide consistent access to
corporate resources.
Unify your environment
Users
Devices
Apps
Data
Deliver a unified application and
device management onpremises and in the cloud.
Protect your data
Management. Access. Protection.
Help protect corporate
information and manage risk.
Selecting the Management Platform
Unified Device Management – System Center 2012
R2 Configuration Manager with Windows Intune
Cloud-based Management - Standalone
Windows Intune
No existing Configuration Manager deployment
Simplified policy control
Simple web-based administration console
Windows Intune – Standalone service
Windows PCs
(x86/64, Intel SoC)
Windows RT,
Windows Phone 8.x
iOS, Android
Manage and Secure PCs and Devices Anywhere
Simple web-based Administration Console and a
richer experience for Information Workers
 Help protect PCs from malware
 Manage updates
 Distribute software
 Proactive monitoring and alerts
 Provide remote assistance
 Inventory hardware and software
 Monitor & track licenses
 Increase insight with reporting
 Set security policies
 Richer Mobile Device Management
Windows Intune Web Console
Windows 8.1 with Windows Intune
client software installed
Demonstrations
Non-intrusive Management
Management tasks can work with the Windows 8.x maintenance window
Management tasks do not interrupt if the end user immersed in a modern application
Mobile Device Management with Windows Intune
Direct management (Windows RT,
Windows Phone 8.x, iOS,
Android)
EAS based management
Information Worker Self-service Experience
Connect every user ‘s device to the service
Enable them to discover applications
Let users manage their own devices and data
Provide a premium end user experience
Windows 8.1 with Windows Intune
Mobile Device Management Enabled
Demonstration
End User Experience
Consistent self service experience for end user across mobile platforms
Windows
Windows Phone
Available in the
Windows Store
Side-loaded
during enrollment
Android
Available in the
Google Play Store
iOS
Available in the
Apple App store
End User Capabilities for each Platform
Windows 8 &
Windows 8.1
Windows RT &
Windows 8.1 RT
Windows
Phone 8
iOS
Android
(4.x)
Enroll (local device)
Yes
Yes
Yes
Yes
Yes
Rename devices
Yes
Yes
Yes
Yes
Yes
Retire (un-enroll local device)
Yes
Yes
Yes
Yes
Yes
Remotely wipe other devices
Yes
Yes
Yes
Yes
Yes
Install enterprise LOB applications
Yes
Yes
Yes
Yes
Yes
Install publicly available applications
Yes
Yes
Yes
Yes
Yes
Shortcut
Shortcut
Launch
Web clip
Shortcut
Yes
Yes
Yes
Yes
Yes
Access web applications
Contact IT
Mobile Device Inventory
Hardware properties for mobile
devices are collected through the
Device Management Authority as
well as Exchange ActiveSync.
No software inventory for mobile
devices to respect the Information
Worker’s privacy on their own
device.
IT Pros can track storage on
mobile devices which help them
anticipate/troubleshoot issues.
Settings Management
Security policy on devices by
Direct management and
Exchange ActiveSync.
New expanded policy set.
Reporting available on
each setting whether it is
applicable, conformant or
has an error.
The same security policy
template is used for
both Direct
Management and EAS
to help Admins
Older Android and
Windows Phone 7
devices can be managed
through EAS
Mobile Device Settings in Windows Intune
Category
Win 8.1 PC & RT
WP8.1
iOS
Android
Password




Encryption




Malware

System Settings



Cloud

Windows Server Work Folders

Browser



Applications & Gaming



Device restrictions


Store access


Roaming



* Subset of settings
Note: Table applicable to direct MDM and not EAS
Software Distribution Summary
Platform
Windows 8 Pro/Ent
Desktop Apps
(.msi, .exe)*
√
Windows RT
Modern App Types
Side loading
Deep
Links
Web
apps
√
√
√
√
√
√
√
√
√
√
√
√
.appx
.xap
.apk
√
iOS
√
Android
√
WP8
Windows 7 and below
.ipa
√
√
Protect your data
Help protect corporate information and manage risk
Lost or Stolen
LostRetired
or Stolen
Enrollment
• Selective wipe removes corporate applications,
data, and policies based as supported by each
Users can access
corporate data regardless
of device or location with
Work Folders for data
sync and desktop
virtualization for
centralized applications.
IT can provide a secure and
familiar solution for users to
access sensitive corporate data
from anywhere with VDI and
RemoteApp technologies.
platform
Personal Apps
and Data
Personal
Apps and
Data
Company Apps
and Data
Company Apps
• Full wipe if supported by each platform
and Data
• Can be executed by IT or by user via Company
Portal
Retired
Remote App
Centralized
Data
Remote App
• Sensitive data or applications can be kept off
Policies
Policies
device and accessed via Remote Desktop
Services
Windows 8.1 with MDM, Workplace
Join and Work Folders
Demonstration
Mobile device wipe and retire
Category
Windows 8.1 (x86/RT
OMA-DM managed)
Windows 8 RT
Windows Phone
8.1
iOS
Android (EAS)



Apps originally installed
through the company
portal are uninstalled.
Company app data is
removed.
Apps are uninstalled.
Company app data is
removed.
Apps and data remain
installed.
Full Wipe
Retire (Selective wipe)
Email
 (Email through EAS)
Apps originally installed
through the company portal
Company apps
are uninstalled and
and associated sideloading keys are removed.
data installed by Apps using Windows Selective
Windows Intune. Wipe will have the encryption
key revoked and data will no
longer be accessible.
Settings
Requirements removed
Management
Client
Not applicable. Management
agent is built-in
 (Email through EAS)
Sideloading keys are
removed but apps
remain installed.
Requirements removed Requirements removed Requirements removed Requirements removed
Not applicable.
Management agent is
built-in
Not applicable.
Management agent is
built-in
Management profile is
removed
Device Administrator
privilege is revoked.
For More Information
Windows Intune
http://www.microsoft.com/en-us/windows/windowsintune/try-andbuy
My blog
http://intunedin.net
Download