Empowering people-centric IT Mobile Device Management Desktop Virtualization Hybrid Identity Access and information protection Users Devices Apps Data Mobile Device Management √ Unify your environment Enable users Protect your data On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Identify which mobile devices have been compromised Devices & Platforms Accessing apps the right way, on the right device App (Example: PDF Reader) • • • MSI Start App-V Web apps Appx (MDOP) Start Start WP8 iOS Android App Store Links • • • • • • • • • • App package (.appx) • App resources (.appx) • Can have more than one app packages and each can be architecture specific Allows you to separate the core app package from additional resources (e.g. language specific strings or images) • • • • Side-loading key required? Edition OS Version Enterprise Windows 8, 8.1 & 8.1 Update No Yes Windows 8.1 Update No Yes Domain-joined Non Domain-joined Professional RT Windows 8 and 8.1 Yes Windows 8, 8.1 & 8.1 Update Yes Cannot be joined to a domain. A side-loading key is always required. ConfigMgr or Intune Full Client Sideloading Key Activation AllowAllTrustedApps Reg Key Code signing certificate MDM Channel 1. Obtain a side-loading key from VLSC 2. Create and deploy script/software package to call slmgr.vbs to activate side-loading 2. Upload the side-loading key to the ConfigMgr/Intune admin console; automatically activated at enrollment time or next maintenance window after the key is uploaded to admin console Use script/software package, group policy or DCM to set ‘AllowAllTrustedApps’ reg key Automatically sets the reg key at enrollment time 1. Obtain a code signing certificate 2. Deploy the cert through DCM or software package to the ‘Trusted Root authority store’ on the target machines. 2. Upload the cert to ConfigMgr/Intune admin console. Automatically installs at enrollment time or next maintenance window after the cert is uploaded to admin console Publish Create an app Specify requirement rules Deploy Create Deployment, Support both user and machine targeting Available or required install HKCU\Software\Microsoft\Windows\CurrentVersion\MDM\JobDB Initialized DownloadinProgress DownloadFailed DownloadCompleted • 10 • 20 • 30 • 40 UninstallInProgress InstallCompleted InstallFailed InstallInProgress • 80 • 70 • 60 • 50 UninstallFailed UninstallCompleted HashMismatch SideloadingNotEnabled • 90 • 100 • 110 • 120 BITS BITSAdmin HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MDM dmpuploader.log outgoingcontentmgr.log App-V 5.0 ConfigMgr 2012 SP1 R2 RTM Yes Yes SP1 Yes Yes SP2 No* Yes** * Should Apply ConfigMgr SP1 CU4 before installing App-v 5 SP2 ** Apply ConfigMgr R2 CU1 for full support App Origination Line of Business (Sideloading) Public Store Scenarios Windows 8 RT Windows 8.1 (RT, Pro, Ent) Windows Phone 8 Windows Phone 8.1 iOS Android Available Install deployed to users Required Install deployed to users and devices Explicit Uninstall deployed to users and devices In console monitoring Available user targeted deep linked application User Consent required User Consent required User Consent required (coming soon…) Download Center • • Name Platforms Public Store Sideloading Windows Intune Company Portal Windows 8, Windows RT, Windows Store Windows 8.1 and Windows RT 8.1 Microsoft Download Center System Center Configuration Manager Company Portal (“On-Prem”) Windows 8 and Windows 8.1 (x86/x64 only) N/A Microsoft Download Center Windows Intune Company Portal for Windows Phone 8 Windows Phone 8 N/A Microsoft Download Center Windows Intune Company Portal for iOS iOS 6.0 or later App Store on iTunes N/A Windows Intune Company Portal for Android Android 4.0 or later Google Play N/A Conditional Access Policy Managed Mobile Apps Protected Data • • • • Deployment of certificates and Wi-Fi, Email, VPN profiles Configure email profiles across devices Provide access to email and documents only if device is managed Deny access if device falls out of compliance • existing iOS, Android line-of-business apps • Application provisioning iOS apps through Apple volume channel • Convenient access to internal resources via per-app VPN configurations • Required app install/uninstall • Protected web browser • Managed PDF, audio, video viewers • Selective wipe for managed apps and documents Bulk Enrollment • Support for Apple Device Enrollment Program and Apple Configurator • Service account enrollment Configuration Policies • Device lockdown through supervisor mode • Policies and apps targeted to devices • Application install allow/deny list • URL allow/deny Mobile Device Management Review √ Unify your environment Enable users Protect your data On-premises and cloud-based management of devices within a single console. Simplified, user-centric application management across devices Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Access to company resources consistently across devices Simplified registration and enrollment of devices Synchronized corporate data Protect corporate information by selectively wiping apps and data from retired/lost devices A common identity for accessing resources on-premises and in the cloud Identify which mobile devices have been compromised Enterprise Mobility Suite EMS will enable customers with: Hybrid Identity Management • Group management & Self Service Password Reset • Security audit reports & MultiFactor Authentication • Connection between AD / Azure AD Mobile Device Management • Mobile device settings management • Mobile app management • Selective wipe Data Protection • Information protection • Connection to on-premises assets Enterprise Agreement Prices starting at $4 per user per month* * Limited time EA Level A promo pricing. Requires 250 seat minimum purchase and underlying CAL Suite license (CoreCAL/ECAL/BridgeCAL) Session Title Timeslot FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Monday, May 12 11:00 AM - 12:00 PM PCIT-B212 Design Considerations for BYOD Tuesday, May 13 10:15 AM - 11:30 AM PCIT-B213 Access Control in BYOD and Directory Integration in a Hybrid Identity Infrastructure Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B310 Empowering Your Users and Protecting Your Corporate Data Monday, May 12 1:15 PM - 2:30 PM PCIT-B313 Hybrid Identity: Extending Active Directory to the Cloud Monday, May 12 4:45 PM - 6:00 PM PCIT-B314 Understanding Microsoft’s BYOD Strategy and an Introduction to New Capabilities in Windows Server 2012 R2 Tuesday, May 13 8:30 AM - 9:45 AM PCIT-B321 Deploying the New RMS for Cloud-Friendly and Cloud-Reluctant Customers Tuesday, May 13 5:00 PM - 6:15 PM PCIT-B322 Deploying and Managing Work Folders Wednesday, May 14 10:15 AM - 11:30 AM PCIT-B324 How to Rapidly Design and Deploy an Active Directory Federation Services Farm: The Do's and the Don'ts Wednesday, May 14 8:30 AM - 9:45 AM PCIT-B326 Providing SaaS Single Sign-on with Microsoft Azure Active Directory Thursday, May 15 10:15 AM - 11:30 AM PCIT-B327 Introducing Web Application Proxy in Windows Server 2012 R2: Enable Work from Anywhere Wednesday, May 14 3:15 PM - 4:30 PM PCIT-B328 Microsoft Identity Manager vNext Overview Wednesday, May 14 5:00 PM - 6:15 PM PCIT-B330 Active Directory + BYOD = Peace of Mind Thursday, May 15 8:30 AM - 9:45 AM Code Title Time FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server Mon, May 12 11:00 AM PCIT-B311 What's New in Enterprise Management with Microsoft System Center Configuration Manager and Windows Intune Mon, May 12 1:15 PM PCIT-B215 What's New in Microsoft System Center 2012 R2 Configuration Manager Infrastructure Mon, May 12 3:00 PM PCIT-B410 Microsoft System Center 2012 Configuration Manager: MVP Experts Panel Mon, May 12 4:45 PM PCIT-B216 Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune Tue, May 13 8:30 AM PCIT-B317 Enrollment and Management of Mobile Devices with Microsoft System Center Configuration Manager and Windows Intune Tue, May 13 1:30 PM PCIT-B320 Microsoft System Center Configuration Manager Community Jewels Tue, May 13 5:00 PM PCIT-B323 Application Management with Microsoft System Center Configuration Manager and Windows Intune Wed, May 14 8:30 AM PCIT-B325 Protecting Your Corporate Data with Microsoft System Center Configuration Manager and Windows Intune Wed, May 14 10:15 AM PCIT-B340 What’s New with OS Deployment in Configuration Manager and the Microsoft Deployment Toolkit Wed May 14 5:00 PM PCIT-B336 Managing Mac OS X Clients and Linux Servers Using Microsoft System Center Configuration Manager Thu May 15 8:30 AM PCIT-B339 How Microsoft IT Manages Their Microsoft System Center Configuration Manager Application Lifecycle with Zero Touch Thu, May 15 10:15 AM PCIT-B333 How Microsoft IT Solves BYOD Using Microsoft System Center 2012 R2 Configuration Manager and Windows Intune Thu, May 15 1:00 PM Code Title Time PCIT-IL200 Introduction to Microsoft System Center 2012 R2 Configuration Manager Mon, May 12 3:00 PM Wed, May 14 5:00 PM PCIT-IL201 Upgrading from Configuration Manager 2012 SP1 to Microsoft System Center 2012 R2 Configuration Manager Thu, May 15 10:15 AM PCIT-IL300 Deploying Windows 8.1 to Bare Metal Clients Wed, May 14 1:30 PM Thu, May 15 1:00 PM PCIT-IL305 Basic Software Distribution with Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 5:00 PM Wed, May 14 3:15 PM PCIT-IL306 Implementing Endpoint Protection in Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 10:15 AM Thu, May 15 8:30 AM PCIT-IL307 Managing Microsoft Software Updates in Microsoft System Center 2012 R2 Configuration Manager Tue, May 13 1:30 PM Wed, May 14 8:30 AM PCIT-IL308 Migrating from Configuration Manager 2007 to Microsoft System Center 2012 R2 Configuration Manager Wed, May 14 10:15 AM Code Title PCIT-H302 Deploying a Microsoft System Center 2012 R2 Configuration Manager Hierarchy PCIT-H303 Deploying Microsoft System Center 2012 R2 Configuration Manager PCIT-H304 Deploying Windows 8.1 to Bare Metal Clients PCIT-H309 Implementing App-V 5.0 in Microsoft System Center 2012 R2 Configuration Manager PCIT-H310 Implementing Endpoint Protection in Microsoft System Center 2012 R2 Configuration Manager PCIT-H311 Implementing Linux Clients in Microsoft System Center 2012 R2 Configuration Manager PCIT-H312 Implementing Role-Based Administration in Microsoft System Center 2012 R2 Configuration Manager PCIT-H314 Managing Clients with Microsoft System Center 2012 R2 Configuration Manager PCIT-H315 Managing Content in Microsoft System Center 2012 R2 Configuration Manager PCIT-H316 Managing Software Updates in Microsoft System Center 2012 R2 Configuration Manager http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn