CLOUD OS WEEK People Centric IT Unified Device Management with SCCM + Windows Intune ALL ABOUT YOU! Raphael Perez, MVP: Enterprise Client Management, MCT System Center consultant, specialized in SCCM & related technologies (ie. Windows Deployment, automation, patch management, etc) - Ex-Developer - SCCM Book Author - TheDesktopTeam Community leader http://www.thedesktopteam.com @dotraphael | http://uk.linkedin.com/in/dotraphael/ raphael@rflsystems.co.uk AGENDA The Story so far… Cloud-only or Unified? Unified Device Management Work from Anywhere Registering and Enrolling Devices User-centric Application Delivery Administration Protect your Data Help protect corporate information and manage risk Demo Unified Device Management Recap THE STORY SO FAR… THE STORY SO FAR… CLOUD-ONLY OR UNIFIED? Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Less than 7,000 devices and 4,000 users Simple web-based administration console Unified Device Management System Center 2012 R2 Configuration Manager with Windows Intune Build on existing Configuration Manager deployment Full PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting) Deep policy control requirements Scale to 100,000 devices Extensible administration tools (RBA, PowerShell SQL Reporting Services) UNIFIED DEVICE MANAGEMENT Governance Lightweight Control Exchange ActiveSync OMA-DM Mobile Device Management Full Control Windows Phone 8.1 Windows RT 8.1 Windows 8.1 Allow e-mail access BYOD-style management Fully-managed corporate device UNIFIED DEVICE MANAGEMENT Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android WORK FROM ANYWHERE Users can enroll devices for access to the Company Portal for easy access to corporate applications IT can publish Desktop Virtualization (VDI) for access to centralized resources Users can work from anywhere on their device with access to their corporate resources. IT can publish access to resources with the Web Application Proxy based on device awareness and the users identity Users can register devices for single signon and access to corporate data with Workplace Join IT can provide seamless corporate access with DirectAccess and automatic VPN connections. REGISTERING AND ENROLLING DEVICES Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication. Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device USER-CENTRIC APPLICATION DELIVERY ADMINISTRATION Delivery Evaluation Criteria • User • Device type • Network connection User/Device Relationships Primary Devices • MSI • App-V • Windows 8 Apps • Windows 8 Apps in the Windows Store Non-primary Devices • VDI • Remote Desktop PROTECT YOUR DATA HELP PROTECT CORPORATE INFORMATION AND MANAGE RISK Lost or Stolen LostRetired or Stolen Enrollment Retired Personal Apps and Data Personal Apps and Data Company Apps and Data Remote App Company Apps and Data Centralized Data Remote App Policies Policies DEMO UNIFIED DEVICE MANAGEMENT RECAP Unregistered Registered MDM Enrolled Fully Managed Publish email to users (EAS) Yes Yes Yes Yes Publish work folders to users Yes Yes Yes Yes Block device only Yes Yes Yes Yes Yes Yes Unified Device Management Yes Yes Unified Application Management Yes Yes Selective data wipe Yes Yes Compliance reporting Yes Yes Conditional access based on user, device, location Audit logging and monitoring Group Policy and login scripts Yes OS deployment and imaging Yes Configuration management Yes Patch management Yes Anti malware management Yes Full application management Yes BitLocker management Yes Raphael Perez, MVP: Enterprise Client Management, MCT http://www.thedesktopteam.com @dotraphael | http://uk.linkedin.com/in/dotraphael/ raphael@rflsystems.co.uk Cloud OS website http://www.microsoft.com/en-us/server-cloud/cloudos/default.aspx#fbid=h40PL5JDtJG Find out more about the MVP community https://mvp.microsoft.com/enUS/default.aspx PLEASE END THE VIDEO WITH: - Your contact details - Link to the Cloud OS website http://www.microsoft.com/en-us/servercloud/cloud-os/default.aspx#fbid=h40PL5JDtJG - Link to your User Group - # for Twitter - Find out more about the MVP community https://mvp.microsoft.com/enUS/default.aspx