control and manage your cloud clients
TRANSCRIPT
Control And
Manage Your Cloud Clients
Olav TvedtChief ConsultantMVP – Windows Expert-IT Pro
Twitter: @olavtwitt – Blog: http://olavtvedt.blogspot.com
2
A revolution occurs only when you have overlooked reality long enough to be surprised by it
• Classic
• Unmanaged
• Some Managed
• MDM
Agenda
OLAV TVEDT
Classic
Active Directory
Authentication (Users and
Computers)
AD LMS
Private PKI Access Token
Direct Access / VPN
Group Policy(Users and
Computers)Intune
Sytem Center SCCM & Intune
Airwatch
Citrix
MobileIron
DomainJoin Object Only
Need DA/VPN For Mobile
No Agent? Agent?
No Device Controll
User Driven
Unmanaged Some Managed MDM
Azure Active Directory
(Azure Directory Device Registration)
ADFS (Workplace Join)
Man
age
me
nt
Co
ns
Au
the
nti
cati
on
Classic
DEVICE MANAGEMENT
Unmanaged
Active Directory
Authentication (Users and
Computers)
AD LMS
Private PKI Access Token
Direct Access / VPN
Group Policy(Users and
Computers)Intune
Sytem Center SCCM & Intune
Airwatch
Citrix
MobileIron
DomainJoin Object Only
Need DA/VPN For Mobile
No Agent? Agent?
Co
ns
No Device Controll
User Driven
DEVICE MANAGEMENT
Classic Unmanaged Some Managed MDM
Au
the
nti
cati
on Azure Active Directory
(Azure Directory Device Registration)
ADFS (Workplace Join)
Man
age
me
nt
Some Managed
Active Directory
Authentication (Users and
Computers)
AD LMS
Private PKI Access Token
Direct Access / VPN
Group Policy(Users and
Computers)Intune
Sytem Center SCCM & Intune
Airwatch
Citrix
MobileIron
DomainJoin Object Only
Need DA/VPN For Mobile
No Agent? Agent?
Co
ns
No Device Controll
User Driven
DEVICE MANAGEMENT
Classic Unmanaged Some Managed MDM
Au
the
nti
cati
on Azure Active Directory
(Azure Directory Device Registration)
ADFS (Workplace Join)
Man
age
me
nt
Authentication
AD FS
Azure Active Directory
Office 365
Intune Dirsync
Active DirectoryDomain Controller
Users
Workplace Join
&
Azure Active Directory Device Registration
https://msdn.microsoft.com/en-us/dn788908
Workplace Join
Or
Azure Active Directory Device Registration
=
Device Based Conditional Access
• Supported Devices – Windows 7 domain joined devices.– Windows 8.1 personal and domain joined devices.– iOS 6 and later.– Android 4.0 or later, Samsung GS3 or above phones, Samsung Note2
or above tablets.
• Scenarios– On-Premises Appliaction– Office 365 Appliactions With Intune
Device Based Conditional Access
https://msdn.microsoft.com/en-us/dn788908
SHOW & TELL:
Azure Active Directory Device Registration
https://msdn.microsoft.com/en-us/6a14cb1f-a058-4453-8ede-d9f4a66a7073.aspx
Server Side
• Prepare Active Directory Forest
• Enable Device Authentication In AD FS
• Configure Directory Sync (DirSync) To Allow Device Object Write-Back
Prepare For Device Registration
Entry Type Address
enterpriseregistration.bergenevry.onmicrosoft.com CNAME enterpriseregistration.windows.net
Enterpriseregistration.ebergenevry.com CNAME enterpriseregistration.windows.net
Client Experience
Azure Experience
AD FS
• AD FS authentication policies, MFA and Workplace Join• Time: 12/02/2015, 11:20 - 12:20 • Location: Room 2
• Quick start guide to deploying AD FS• Time: 13/02/2015, 09:00 - 10:00 • Location: Room 1
• Troubleshooting ADFS and the Web Application Proxy• Time: 13/02/2015, 15:00 - 16:00 • Location: Room 1 John Craddock
Azure RMS
• Cloud based rights management with Azure RMSTime: 13/02/2015, 10:20 - 11:20 Location: Room 1
Morgan Simonsen
Modern Device Management
Mobile
Active Directory
Authentication (Users and
Computers)
AD LMS
Private PKI Access Token
Direct Access / VPN
Group Policy(Users and
Computers)Intune
Sytem Center SCCM & Intune
Airwatch
Citrix
MobileIron
DomainJoin Object Only
Need DA/VPN For Mobile
No Agent? Agent?
Co
ns
No Device Controll
User Driven
DEVICE MANAGEMENT
Classic Unmanaged Some Managed MDM
Au
the
nti
cati
on Azure Active Directory
(Azure Directory Device Registration)
ADFS (Workplace Join)
Man
age
me
nt
Modern Device Management
DEMO:
DEMO:
Random Dude From The Audience
Demonstrate Airwatch User Interface On The Fly
OneGet
-
How To Get What You Want
When You Want It
OneGet Private Store/Provider
If Time DEMO:
OneGet
…..And
Active Directory
Authentication (Users and
Computers)
AD LMS
Private PKI Access Token
Direct Access / VPN
Group Policy(Users and
Computers)Intune
Sytem Center SCCM & Intune
Airwatch
Citrix
MobileIron
DomainJoin Object Only
Need DA/VPN For Mobile
No Agent? Agent?
Co
ns
No Device Controll
User Driven
DEVICE MANAGEMENT
Classic Unmanaged Some Managed MDM
Au
the
nti
cati
on Azure Active Directory
(Azure Directory Device Registration)
ADFS (Workplace Join)
Man
age
me
nt
Avoid Unmanaged
MDM Related
• Empower the Mobile Ecosystem Evolution
• Time: 12/02/2015, 14:40 - 15:40
• Location: Room 7
• Discover Microsoft’s Enterprise Mobility Suite and how to deploy it
• Time: 13/02/2015, 12:20 - 13:20
• Location: Room 3
Lars Vestergaard
Peter De Tender
MDM Related
• Compliance: The new orange in Enterprise Client Management
• Time: 12/02/2015, 16:00 - 17:00
• Location: Room 3
• Welcome to your new life as an Enterprise Client Hybrid Management expert
• Time: 13/02/2015, 10:20 - 11:20
• Location: Room 3 Kent Agerlund
MDM Related
• Microsoft Intune: Client and Device management Chuck Norris style
• Time: 13/02/2015, 09:00 - 10:00
• Location: Room 3Alex de Jong
ENJOY NIC!