powerpoint presentationdownload.microsoft.com/documents/hk/technet/techdays2013/day 1...pre-built...
TRANSCRIPT
• Device Choice
• Application Self-service
• Personalized Application Experience
• Non-intrusive management
• Manage all devices through single interface
• Deliver applications to the user, not the device
• Integrated security and compliance
• Reduced infrastructure complexity
Access to corp resources
across devices & platforms
Single admin
console
Empower Users
Empower people to be
more productive from
almost anywhere on
almost any device.
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Simplify
Administration
Improve IT effectiveness
and efficiency.
Empower Users
Empower people to be
more productive from
almost anywhere on
almost any device.
Modern Device Management
User-centric Application Delivery
Unify Infrastructure Simplify
Administration
Improve IT effectiveness
and efficiency.
• Windows XP Embedded• Windows Embedded Standard 2009• Windows Embedded Standard 7
Thin Clients
Same as Thin Clients, plus
• POS Ready 2009
• POS Ready 8POS/Kiosk
• Windows Embedded Standard 2009
• Windows Embedded Standard 7Digital Signage
• Windows Thin PCRepurposed PC
Supported Write Filters
• File Based Write Filters (FBFW)
(preferred for scalability)
• Enhanced Write Filters (EWF) RAM
Ability to force persistence of changes for
• Applications
• Packages and programs
• Software updates
• Task sequences
• Endpoint Protection client installation
Eventual persistence of changes for
• Client agent settings
• Settings management remediation
• Power management
Without write filters enabled, embedded devices can be managed like any other Windows client. When write filters are enabled, they require special handling, now provided seamlessly in SP1
• Version 5.3 (Power)
• Version 6.1 (Power)
• Version 7.1 (Power)
AIX
• Version 11iv2 (PA-RISC/IA64)
• Version 11iv3 (PA-RISC/IA64)HP-UX
• Version 4 (x86/x64)
• Version 5 (x86/x64)
• Version 6 (x86/x64)
Red Hat Enterprise Linux
• Version 9 (SPARC)
• Version 10 (SPARC/x86)
• Version 11 (SPARC/x86)
Solaris
• Version 9 (x86)
• Version 10 SP1 (x86/x64)
• Version 11 (x86/x64)
SUSE Linux Enterprise Server
Supported OS’s across both:
• Configuration Manager
• Operations Manager
Old versions supported as long as vendor provides support
Broader Linux distro support being evaluated
for future releases
Hardware and Software Inventory
Software Deployment
• Using the Package and Program model
• Deploy/patch software, deploy OS patches and run
maintenance scripts that target a collection
Consolidated reports
• Deliver best user experience on each device
• Define application onceDelivery Evaluation Criteria
• User
• Device type
• Network connection
User/Device Relationships
Primary Devices
• MSI
• App-V
• Windows 8 Apps
• Windows 8 Apps in the Windows Store
Non-primary Devices
• VDI
• Remote Desktop
< >
Detection Method
Install Command
Requirement Rules
Dependencies
Supersedence
Administrator Properties
End User Metadata
Application “Package”
App-V
Windows Script
CAB
Windows Installer
General Information
Deployment Type
< >
IT
Administrators publish software titles
to catalog, complete with meta data to
enable search
• Deliver best user experience
on each device
Users can browse, select and install
directly from Catalog
• Application model determines
format and policies for delivery
User
Unify Infrastructure
Reduce costs by unifying
IT management
infrastructure.
Reduced Infrastructure Requirements
Unified Management of Virtual Clients
Endpoint Protection
Software Update Management
Compliance & Settings Management
Distribution Point for Windows Azure
Central Administration Site
• Central primary site administration
• Reporting
Primary Sites
• Client management and settings
• Delegated administration
Secondary Sites
• Content routing
• Distributions points
Central
Administration
Site
Primary Site Primary Site
Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site
Unified Infrastructure
• Simplified server
and client deployment
• Streamlined updates
• Consolidated reporting
Comprehensive Protection Stack
• Behavior monitoring
• Antimalware
• Dynamic Translation
• Windows Firewall Management
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
Software
UpdatesFile
Active
Directory
Baseline Configuration Items
Auto Remediate
OR
Create Alert (to Service Manager)!
Improved functionality• Copy settings
• Trigger console alerts
• Richer reporting
Enhanced versioning and audit tracking• Ability to specify versions to be used in baselines
• Audit tracking includes who changed what
Pre-built industry standard baseline templates
through IT GRC Solution Accelerator
Assignment to
collectionsBaseline drift
CAS
Primary SiteMP Role
Primary SiteDP Role
Assigns policy to scan for update
status or to deploy updateDistributes updates
Reports
compliance
Microsoft Update
Primary SiteSUP Role/WSUS
Identifies who needs updates
and reports on compliance
Downloads updates
Auto Deployment• Faster deployment through search
• Schedule content download and
deployment to avoid reboot during work
hours
State-based Updates• Allows individual
or group deployment
• Updates added to groups auto deploy to
targeted collections
Optimized for New Content Model• Reduce replication and storage
• Expired updates and content deleted
PR1
MP
MP DP
Windows Azure
Distribution Point
Microsoft
Update
Policy
Content
FIREWALL
Corporate Network
Simplify
Administration
Improve IT effectiveness
and efficiency.
Modern Management Console
Role-based Administration
Operating System Deployment
Asset Intelligence
Client Health
Functionality ConfigMgr 2007 ConfigMgr 2012
Meg- WW Central System
Administrator
Louis-Software Update
Manager for France
Bob- US & France
Security Admin
• Can see & update “France” desktops
• Cannot modify security settings on “France” desktops
• Cannot see “All Systems” or “U.S.” desktops
• Can see & modify security settings on “France” and “U.S.” desktops
• Cannot update “France” or “U.S.” desktops
• Cannot see “All Systems”
Map the organizational roles of your administrators
to defined security roles
• Security organization role
• Geography
Reduces error, defines span of control for the organization
• PXE initiated deployment allows client
computers to request deployment over the
network
• Multi-cast deployment to conserve
network bandwidth
• Stand-alone media deployment for no network
connectivity or low bandwidth
• Pre-staged media deployment allows you to
deploy an operating system to a computer that
is not fully provisioned
USMT 4.0 UI integration makes it easier transfer
files and user settings from one machine to another
CAS
Primary Site
MP Role
Primary Site
DP Role
Image Task Sequence
Report
WDS PXE Server
Understand software installation profiles
Plan for hardware upgrades
Identify over or under licensing issues
Track custom apps or groups of titles
Software Metering & License Reports
Asset Intelligence Service
Asset Intelligence Catalog
Real-time Application
and Hardware Intelligence
ConfigMgr Inventory
New Platforms• Windows RT
• Windows Phone 8
• iOS (5.x, 6.x)
• Android (2.1 and later)*
Two Configurations for MDM:
• ConfigMgr 2012 SP1 +
Windows Intune Subscription
• Windows Intune standalone
Features fully integrated in to ConfigMgr• Over the air device enrollment*
• Available user targeted applications
• User and device settings management*
• Device inventory*
• Remote device retirement*
• Remote device wipe*
*Android features supported through the Exchange Connector only
Management Feature Windows
RT
Windows
Phone 8
iOS Android
Over-the-air Enrollment Y Y Y
Inventory Y Y Y Y
Settings Management Y Y Y Y
Software Distribution Y Y Y Y
Remote Wipe Y Y Y
Retire Y Y Y Y
• Settings can be be applied to devices managed in Windows Intune and devices
managed through the Exchange Server Connector
• Single security policy template is used to managed settings on all managed
mobile devices. System figures out applicability to each platform
• In ConfigMgr Exchange managed device settings are configured separately
• Reporting available on each setting (applicable, conformant or error)
• If a device is receiving policy from more than 1 entity, the policy that applies the
most secure value for a setting is applied.
Setting name EAS (Activesync) WinRT/ WinPh8 iOS
Require a password to unlock mobile devices √ √ √
Required password type √ √ √
Minimum password length √ √ √
Allow simple passwords √ √ √
Number of repeated sign-in failures before device is wiped √ √ √
Minutes of inactivity before device screen is locked √ √ √
Password expiration (days) √ √ √
Remember password history √ √ √
Allow convenience logon (WindowsRT only) X √ X
Allow camera √ X √
Allow web browser √ X √
Allow backup to iCloud (iOS only) X X √
Allow documents sync to iCloud (iOS only) X X √
Allow photostream sync to icloud (iOS only) X X √
Maximum size of e-mail attachments √ X X
E-mail synchronization for last (days) √ X X
Allow mobile devices that don’t fully support these settings to synchronize with Exchange √ X X
Require encryption on mobile device √ X X
Require encryption on storage cards √ X X
Password
Restrictions
Encryption
All devices and PCs can be retired
• Retiring a device removes the record of the device from the DB
• Retiring a device disables App distribution and settings management
on the device but does not impact personal data
• Users can perform Retire from the device
Wipe effects depend on the platform and management type (EAS or native)
• iOS and WP8: Complete wipe and reset to factory defaults
• Android: EAS mailbox removal only
• Windows RT and Windows 8: Only EAS mailbox removal if managed
through EAS
• Windows 7 and below: No wipe
Windows RT Windows Phone 8 iOS Android (EAS
managed)
Device record
removed from Intune
DB and UI
Yes Yes Yes Yes
Device record
removed from
Exchange (no email)
No (see note) No No Yes
Removal of Side-
loaded keys
Yes Yes (Application
Enrollment Token is
removed)
-- --
Installed LOB apps Side loaded apps
won’t run
Side loaded apps are
uninstalled
Installed apps will still
run
Installed apps will still
run
Installing new LOB
apps
Apps cannot be
installed
No since SSP is
uninstalled
Apps cannot be
installed
Apps can still be
installed
Note: When a device is managed natively and through EAS, retiring a device also removes the device record from Exchange Server .
Scenarios
Available user targeted
applications (side loaded)
Available user targeted store
based application
In console deployment
monitoring for side loaded
application
App monitoring
reports
Workflow for side loaded and Store based applications
Microsoft Surface
Apple iOS
Microsoft Windows Phone
Google Android
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
IW Service
Intune DP
MDM Gateway
CacheOrg-Id Auth
Cloud ServiceBYOD
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
New Application
Install App
Cloud ServiceBYOD
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Deploy Application
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Sync PolicyApp
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install Appv
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Windows Notification
Service
Apple Notification
Service
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
IW Service
Intune DP
MDM Gateway
CacheOrg-Id Auth
Cloud ServiceBYOD
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
New Application
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Deploy Application
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
PoliciesSync Policy
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Install App
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
App
Policies
Install AppInstall App
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
IW Service
Intune DP
MDM
Gateway
CacheOrg-Id Auth
Cloud ServiceBYOD
Install App
Consumer Stores
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
New Application
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
Deploy Application
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies Sync Policy
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
Login Token
Login Token
Login Token
Login Token
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
Login Token
Login Token
Login Token
Login Token
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
App
Policies
App
Policies
App
Policies
App
Policies
Retrieve App List
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
App
Policies
App
Policies
App
Policies
App
Policies
Windows Phone
Store
Google Play
Windows Store
App Store
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD
Install App
Consumer Stores
App
Policies
App
Policies
App
Policies
App
Policies
App
Policies
Windows Phone
Store
Google Play
Windows Store
App Store
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site Role
Install App
Cloud ServiceBYOD Consumer Stores
App
Policies
App
Policies
App
Policies
App
Policies
App
Policies
Windows Phone
Store
Google Play
Windows Store
App Store
Download App
Download App
Windows Phone
Store
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Install App
App
Policies
Google Play
Windows Store
App Store
Consumer Stores
Windows Phone
Store
On Premise Site Roles
Install App
Windows Intune Service
Central
Administration Site
Windows Intune
Connector Site RoleInstall App
Cloud ServiceBYOD
Install App
Install App
App
Policies
Google Play
Windows Store
App Store
Consumer Stores