Laat ons weten wat u vindt van deze sessie! Vul de evaluatie in via www.techdaysapp.nl en maak kans op een van de 20 prijzen*. Prijswinnaars worden bekend gemaakt via Twitter (#TechDaysNL). Gebruik hiervoor de code op uw badge. Let us know how you feel about this session! Give your feedback via www.techdaysapp.nl and possibly win one of the 20 prizes*. Winners will be announced via Twitter (#TechDaysNL). Use your personal code on your badge. * Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are examples Application deployment across several devices with ConfigMgr 2012 R2 Kenneth van Surksum & Peter Daalmans Agenda • Introduction • Microsoft’s Cross Plaform Architecture • Enrollment • Deployment Types for Mobile Applications • Settings Management Introduction Who we are Kenneth van Surksum Consultant at itgration Microsoft MVP for 3 yrs, vExpert for 2 yrs Authoring: • Contributor System Center 2012 Configuration Manager Unleashed • Contributor System Center 2012 R2 Configuration Manager Unleashed • Contributor System Center 2012 R2 Service Manager Unleashed • Co-Author Mastering Windows 7 Deployment Communities: • Co-founder WMUG NL (http://wmug.nl) • Founder and Blogger www.vansurksum.com • Chief Editor at virtualization.info en cloudcomputing.info Speaker: • Microsoft Techdays • Microsoft Management Summit Follow me: @kennethvs / www.vansurksum.com Who we are Peter Daalmans Senior Technical Consultant at IT-Concern 3 year Microsoft MVP: Enterprise Client Management (ConfigMgr and Windows Intune) Author: • Mastering System Center 2012 Configuration Manager • Mastering System Center 2012 R2 Configuration Manager Communities: • Co-founder WMUG NL (http://wmug.nl) • Founder and Blogger ConfigMgrBlog.com Speaker: • Spoke on several events like TechDays Netherlands, ExpertsLive, User Group meetings, TechEd New Zealand and TechEd Australia. Follow me: @pdaalmans / ConfigMgrBlog.com / peter.daalmans@it-concern.nl Cross platform support Microsoft’s cross-platform management Microsoft’s cross-platform Architecture Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013 or Office 365 Windows Intune & ConfigMgr 2012 R2 • Infrastructural requirements: • Windows Intune subscription • Windows Azure Active Directory Sync tool (DirSync) • Windows Intune Connector site role Single Sign On • Two options: • Via Windows Azure Active Directory Sync tool (DirSync) • Passwords need to be synced to Azure Active Directory • Authentication is done on Azure Active Directory • DirSync and Active Directory Federation Services • No passwords are saved in the cloud • Authentication happens on your Active Directory • Not supported but you can configure DirSync what to synchronize. How does ADFS work? 1. User goes to Windows Intune portal.manage.microsoft.com 6. User presents security token and gets access (or not) Active Directory Windows Azure Active Directory Sync tool without password sync 2. User is redirected to ADFS Proxy 3. User provides AD credentials 5. User receives security token 4. Credentials are verified AFDS Proxy DMZ ADFS / DC Setting up Windows Intune 1. 2. 3. 4. 5. 6. 7. Go to http://www.windowsintune.com and sign up for a trial Setup Domain Name in Windows Intune Setup UPN in your Active Directory (if different from domain name in Windows Intune) Setup DirSync Setup ADFS / ADFS Proxy Activate Users in Windows Intune Portal (https://account.manage.microsoft.com/) Install and configure Windows Intune Connector in Configuration Manager 2012 R2 (set MDM Authority) Demo Windows Intune and ConfigMgr together How does ConfigMgr keep up with Windows Intune and the market? • Updates of Windows Intune are done quarterly • Via the Extensions for Windows Intune Microsoft is able to add Windows Intune features to Configuration Manager 2012 R2 • Recently added: • Email Profiles Extension (Configure and wipe Exchange ActiveSync accounts on managed iOS and Windows Phone 8 devices.) • iOS 7 Security Settings (Adds functionality for iOS 7 security settings such as “Open In” and lock screen settings.) Demo Extensions for Windows Intune Mobile Device Enrollment • Enrollment is done by the users themselves • Enrollment can be done from the Company Portal for • Android • iPhone / iPad • Enrollement via build in OMA-DM agent • Windows RT • Windows Phone Demo Enrollment Android & iPad End User Experience Windows RT Company Portal Native Windows app package (.appx) Available in the Windows Store Windows Phone 8 Company Portal Native Windows Phone 8 app (.xap) Needs to be sideloaded iOS/Android Company Portal Web based portal Hosted in Windows Intune Deployment Types for Mobile Applications Platforms Windows App Windows Phone Apple iOS Android Application install (sideloading) *.appx *.xap *.ipa *.apk Deep links from store Windows Store Windows Phone Store Apple App Store Google Play Deeplinking Applications • Deeplinking • Providing direct links to the application in the Application Store • • • • Windows Store Windows Phone Store Apple Store Google Play Demo Deeplinking Mobile Applications Sideloading • Sideloading • In house/company custom developed applications • Requires development tools/license • Microsoft: Visual Studio • Apple: Xcode • Google: Android Developer Tools plugin for Eclipse Testing Sideloaded Applications • Testing Applications • Google: Just enable installation on a per device basis • Apple: UUID of device must be registred to developer (100 max/year) - http://developer.apple.com/programs/ios/enterprise • Microsoft: Domain Joined Machines via GPO and a Certificate • Microsoft Phone: Emulator for Windows Phone 8/Windows Intune Trial Management for Windows Phone 8 Installing Sideloaded Applications • Microsoft: Domain Joined (GPO/Certificate) or non domain joined or specific editions (Pro) then sideloading key (per 100) • Microsoft Windows (Phone): Code signing using Verisign Certificate (http://www.symantec.com/verisign/code-signing/windows-phone) • Google: Just install • Apple: Encrypted file must be authorized (uses Apple Fairplay DRM) and Installation must be done via Web Company Portal (http://m.manage.microsoft.com) Demo Sideloading Mobile Applications Web Applications • Deploy a link to a website, just like an application Settings Management • Settings Management • Retire/Wipe devices Demo Settings Management Laat ons weten wat u vindt van deze sessie! Vul de evaluatie in via www.techdaysapp.nl en maak kans op een van de 20 prijzen*. Prijswinnaars worden bekend gemaakt via Twitter (#TechDaysNL). Gebruik hiervoor de code op uw badge. Let us know how you feel about this session! Give your feedback via www.techdaysapp.nl and possibly win one of the 20 prizes*. Winners will be announced via Twitter (#TechDaysNL). Use your personal code on your badge. * Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are examples