here - Configuration Manager Blog

advertisement
Laat ons weten wat u vindt van deze sessie! Vul de evaluatie
in via www.techdaysapp.nl en maak kans op een van de 20
prijzen*. Prijswinnaars worden bekend gemaakt via Twitter
(#TechDaysNL). Gebruik hiervoor de code op uw badge.
Let us know how you feel about this session! Give your
feedback via www.techdaysapp.nl and possibly win one of
the 20 prizes*. Winners will be announced via Twitter
(#TechDaysNL). Use your personal code on your badge.
* Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are
examples
Application deployment
across several devices
with ConfigMgr 2012 R2
Kenneth van Surksum & Peter Daalmans
Agenda
• Introduction
• Microsoft’s Cross Plaform Architecture
• Enrollment
• Deployment Types for Mobile Applications
• Settings Management
Introduction
Who we are
Kenneth van Surksum
Consultant at itgration
Microsoft MVP for 3 yrs, vExpert for 2 yrs
Authoring:
• Contributor System Center 2012 Configuration Manager Unleashed
• Contributor System Center 2012 R2 Configuration Manager Unleashed
• Contributor System Center 2012 R2 Service Manager Unleashed
• Co-Author Mastering Windows 7 Deployment
Communities:
• Co-founder WMUG NL (http://wmug.nl)
• Founder and Blogger www.vansurksum.com
• Chief Editor at virtualization.info en cloudcomputing.info
Speaker:
• Microsoft Techdays
• Microsoft Management Summit
Follow me: @kennethvs / www.vansurksum.com
Who we are
Peter Daalmans
Senior Technical Consultant at IT-Concern
3 year Microsoft MVP: Enterprise Client Management
(ConfigMgr and Windows Intune)
Author:
• Mastering System Center 2012 Configuration Manager
• Mastering System Center 2012 R2 Configuration Manager
Communities:
• Co-founder WMUG NL (http://wmug.nl)
• Founder and Blogger ConfigMgrBlog.com
Speaker:
• Spoke on several events like TechDays Netherlands, ExpertsLive,
User Group meetings, TechEd New Zealand and TechEd Australia.
Follow me: @pdaalmans / ConfigMgrBlog.com /
peter.daalmans@it-concern.nl
Cross platform
support
Microsoft’s cross-platform management
Microsoft’s cross-platform Architecture
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Mac OS X
Windows RT,
Windows Phone 8
iOS, Android
Microsoft Exchange Server 2010 SP3
Microsoft Exchange Server 2013
or
Office 365
Windows Intune & ConfigMgr 2012 R2
• Infrastructural requirements:
• Windows Intune subscription
• Windows Azure Active Directory Sync tool (DirSync)
• Windows Intune Connector site role
Single Sign On
• Two options:
• Via Windows Azure Active Directory Sync tool (DirSync)
• Passwords need to be synced to Azure Active Directory
• Authentication is done on Azure Active Directory
• DirSync and Active Directory Federation Services
• No passwords are saved in the cloud
• Authentication happens on your Active Directory
• Not supported but you can configure DirSync what to
synchronize.
How does ADFS work?
1. User goes to Windows Intune
portal.manage.microsoft.com
6. User presents security token
and gets access (or not)
Active Directory
Windows Azure Active Directory Sync tool
without password sync
2. User is redirected to ADFS Proxy
3. User provides AD credentials
5. User receives security token
4. Credentials are
verified
AFDS Proxy
DMZ
ADFS / DC
Setting up Windows Intune
1.
2.
3.
4.
5.
6.
7.
Go to http://www.windowsintune.com and sign up for a trial
Setup Domain Name in Windows Intune
Setup UPN in your Active Directory (if different from domain
name in Windows Intune)
Setup DirSync
Setup ADFS / ADFS Proxy
Activate Users in Windows Intune Portal
(https://account.manage.microsoft.com/)
Install and configure Windows Intune Connector in
Configuration Manager 2012 R2 (set MDM Authority)
Demo
Windows Intune and ConfigMgr together
How does ConfigMgr keep up
with Windows Intune and the market?
• Updates of Windows Intune are done quarterly
• Via the Extensions for Windows Intune Microsoft is
able to add Windows Intune features to Configuration
Manager 2012 R2
• Recently added:
• Email Profiles Extension (Configure and wipe Exchange
ActiveSync accounts on managed iOS and Windows Phone 8
devices.)
• iOS 7 Security Settings (Adds functionality for iOS 7 security
settings such as “Open In” and lock screen settings.)
Demo
Extensions for Windows Intune
Mobile Device Enrollment
• Enrollment is done by the users themselves
• Enrollment can be done from the Company Portal
for
• Android
• iPhone / iPad
• Enrollement via build in OMA-DM agent
• Windows RT
• Windows Phone
Demo
Enrollment Android & iPad
End User Experience
Windows RT
Company Portal


Native Windows app package
(.appx)
Available in the Windows
Store
Windows Phone 8
Company Portal
 Native Windows Phone 8 app
(.xap)
 Needs to be sideloaded
iOS/Android
Company Portal


Web based portal
Hosted in Windows Intune
Deployment Types for Mobile
Applications
Platforms
Windows App
Windows Phone
Apple
iOS
Android
Application install
(sideloading)
*.appx
*.xap
*.ipa
*.apk
Deep links from
store
Windows Store
Windows Phone
Store
Apple App Store
Google Play
Deeplinking Applications
• Deeplinking
• Providing direct links to the application in the Application Store
•
•
•
•
Windows Store
Windows Phone Store
Apple Store
Google Play
Demo
Deeplinking Mobile Applications
Sideloading
• Sideloading
• In house/company custom developed applications
• Requires development tools/license
• Microsoft: Visual Studio
• Apple: Xcode
• Google: Android Developer Tools plugin for Eclipse
Testing Sideloaded Applications
• Testing Applications
• Google: Just enable installation on a per device basis
• Apple: UUID of device must be registred to developer (100
max/year) - http://developer.apple.com/programs/ios/enterprise
• Microsoft: Domain Joined Machines via GPO and a Certificate
• Microsoft Phone: Emulator for Windows Phone 8/Windows Intune
Trial Management for Windows Phone 8
Installing Sideloaded Applications
• Microsoft: Domain Joined (GPO/Certificate) or non domain joined
or specific editions (Pro) then sideloading key (per 100)
• Microsoft Windows (Phone): Code signing using Verisign
Certificate (http://www.symantec.com/verisign/code-signing/windows-phone)
• Google: Just install
• Apple: Encrypted file must be authorized (uses Apple Fairplay DRM)
and Installation must be done via Web Company Portal
(http://m.manage.microsoft.com)
Demo
Sideloading Mobile Applications
Web Applications
• Deploy a link to a website, just like an application
Settings Management
• Settings Management
• Retire/Wipe devices
Demo
Settings Management
Laat ons weten wat u vindt van deze sessie! Vul de evaluatie
in via www.techdaysapp.nl en maak kans op een van de 20
prijzen*. Prijswinnaars worden bekend gemaakt via Twitter
(#TechDaysNL). Gebruik hiervoor de code op uw badge.
Let us know how you feel about this session! Give your
feedback via www.techdaysapp.nl and possibly win one of
the 20 prizes*. Winners will be announced via Twitter
(#TechDaysNL). Use your personal code on your badge.
* Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are
examples
Download