unified client management session from microsoft partner boot camp
Post on 19-Oct-2014
676 Views
Preview:
DESCRIPTION
TRANSCRIPT
UNIFIED MANAGEMENT OF
Olav Tvedt
Chief Consultant
MVP -
Twitter: @olavtwitt – Blog: http://olavtvedt.blogspot.com
CLIENTS
AGENDA:
Data Access
Remote System Access
Client Control
Data Access
Data Access
• SkyDrive
• SkyDrive Pro
• Folder Redirection
• Work Folders
5
Consumer /
personal data
Individual work
data
Team / group
work data
Personal
devicesAccess protocol Data location
SkyDrive X X HTTPS Public cloud
SkyDrive Pro X X X HTTPSSharePoint / Office
365
Work Folders X X HTTPS File server
Folder
Redirection /
Client-Side
Caching
X
SMB (only from on-
prem or using
VPN/DA)
File server
http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
7
Work Folders
8
Work Folders Requirements
• A server running Windows Server 2012 R2 for hosting sync shares and user files
• A volume formatted with the NTFS file system for storing user files
• Work Folders has the following software requirements for client PCs:
• Client side (More client OS support to come):- Windows 8.1- Windows RT 8.1- Enough free space on a local, NTFS-formatted drive to store all files in Work Folders. Work Folders uses the %USERPROFILE%\Work Folders location by default, although users can change the location during setup (microSD cards and USB drives are supported locations). The maximum size for individual files is 10 GB by default and there is no per-user storage limit, though administrators can use File Server Resource Manager to implement quotas.
9
Work Folders Offline Files SkyDrive Pro SkyDrive
Intended for providing
user access to work filesYes Yes Yes No
Summary
Syncs files stored on a file
server with PCs and
devices
Syncs files stored on a file
server with PCs that have
access to the corporate
network (can be replaced
by Work Files)
Syncs files stored in Office
365 or in SharePoint with
PCs and Windows
Phones inside or outside a
corporate network and
provides document
collaboration functionality
Syncs personal files
stored in SkyDrive with
PCs and popular devices
Cloud service None None Office 365 Microsoft SkyDrive
Internal network servers
File servers running
Windows Server 2012 R2
Preview
File serversSharePoint server
(optional)None
Supported clients
PCs inside or outside of a
corporate network,
popular devices*
PCs in a corporate
network (or connected via
DirectAcces, VPNs, or
other remote access
technologies)
PCs, Windows PhonePCs, Macs, Windows
Phone, iOS, Android
11
.
*Work Folders apps not yet announced.
Work Folders Requirements
• To enable users to sync across the Internet, there are additional requirements:- A server certificate from a certification authority (CA) that is trusted by your users – ideally a public CA- The ability to make a server accessible from the Internet by creating publishing rules in your organization’s reverse proxy or network gateway- A publicly registered domain name and the ability to create additional public DNS records for the domain
• (Optional) An Active Directory Domain Services forest with the Windows Server 2012 R2 schema extensions to support automatically referring client PCs and devices to the correct sync server when using multiple sync servers
• (Optional) Active Directory Federation Services (AD FS) infrastructure, when using AD FS authentication
12
13
Windows Server 2012 R2 - Web Application Proxy
http://technet.microsoft.com/en-us/library/dn280944.aspx
1
5
More Info: Work folder
• Introducing Work Folders On Windows Server 2012 R2:http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
• Technet:http://technet.microsoft.com/en-us/library/dn265974.aspx
• Work Folder Best Practices Analyser:http://technet.microsoft.com/en-us/library/dn292741.aspx
• Work Folders Test Lab Deployment:http://blogs.technet.com/b/filecab/archive/2013/07/10/work-folders-test-lab-deployment.aspx
• Work Folders Certificate Management:http://blogs.technet.com/b/filecab/archive/2013/08/09/work-folders-certificate-management.aspx
16
Remote System Access
WORKPLACE JOIN
18
IT can publish access to resources with the Web Application Proxybased on device awareness and the users identity
IT can provide seamless corporate access with DirectAccess and automatic VPN connections.
Users can work from anywhere on their device with access to their corporate resources.
Users can register devices for single sign-on and access to corporate data with Workplace Join
Users can enroll devices for access to the Company Portal for easy access to corporate applications
IT can publish Desktop Virtualization (VDI) for access to centralized resources
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificateis installed on the device
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud
Not Joined Workplace Joined Domain Joined
User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information.
Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information
Domain joined computers are under the full control of IT and can be provided with complete access to corporate information
Browser session single
sign-on
Seamless 2-Factor Auth
for web apps
Enterprise apps single
sign-on
Desktop Single Sign-On
DIRECTACCESS
23
24
25
DirectAccess Limitations
Supported Clients
• Windows 8 Enterprise
• Windows 7 Enterprise
• Windows 7 Ultimate
• Domain-Joined
Non-Supported Clients
• Windows 8 Professional
• Windows Vista
• Windows XP
• Non Domain-Joined
DirectAccess Limitations
• Protocols with Embedded IPv4 Addresses
• Applications with Hard Coded IPv4 Addresses
• IP Protocol Communication
Client Compatibility Issues
DIRECTACCESS
28
29
30
31
32
33
34
35
DIRECTACCESS
36
Client Control
Controlling With Group Policy
Controlling The Group Policy
•
•
•
•
•
•
• Intune • System Center Config Manager w/Intune
43
Client Control
Windows Intune Alone
44
SCCM With Windows Intune
45
User Actions
Company portal actions available
to users From Windows 8.1 Preview From Windows Phone 8 From iOS From Android
Enroll device. Yes Yes Yes No
Retire local device. Yes Yes No No
Wipe mobile devices remotely. Yes No No No
Install line-of-business apps. Yes Yes Yes Yes
Install apps from the store that the
device connects to for Windows
Store, Windows Phone Store,
App Store, or Google Play.
Yes Yes Yes Yes
Administrator Management Options
Management tasks Windows RT Windows Phone 8 iOS Android
Device life cycle management
such as the ability to retire, wipe,
remote wipe, remove, and block
devices.
Yes Yes Yes No
Compliance settings that include
settings for password settings,
email management, security,
roaming, encryption, and
wireless communication.
Yes Yes Yes No
Line-of-business app
management.Yes Yes Yes Yes
App installation from the store
that the device connects to
(Windows Store, Windows Phone
Store, App Store, Google Play).
Yes Yes Yes Yes
Hardware inventory. Yes Yes Yes No
Why Use Intune
• Get Controll
• Office365 Exchange Integration (built-in connector)
• On Premies Active Directory Integration
• SCCM Integration
48
Why Use Configuration Manager?
• One Interface
o Servers
o Computers
o Tablet
o Phones
• Line-Of-Business Apps Sideloading
• Extended Features
o Multipe Client settings
o Wipe Company Content (Sideloaded App And Stuff Controlled By SCCM)
49
50
SCCM Mobile Management
51
SCCM Or Intune Mobile Management
Hardware Inventory Not Available With The Exchange Server Connector
52
Hardware Inventory Class Windows Phone 8 Windows RT iOS
Serial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber
Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable
Service Pack Major Version Not applicableWin32_OperatingSystem.ServicePackMajorVersi
onNot applicable
Operating System Language Device_OSInformation.Language Not applicable Not applicable
Total Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity
Free Storage Space Not applicable Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity
Mobile Equipment Identifier (MEID) Not applicable Not applicable Device_ComputerSystem.MEID
Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Not applicable
Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology
Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC
5
3
top related