Microsoft Unified Device ManagementIt’s all about the experience

Nico Sienaert (@nsienaert)Lead Infrastructure Consultant @ GetronicsV-Technology Solutions Professional @ Microsoft

Session Objectives

Let’s start the UDM ride

It’s all about the experience

Today’s challenges

Devices Apps DataUsers

Identity & Access

Management

Mobile Device Management

Mobile Application

Management

Information Protection

Abrreviations all over the place

Mobile Device Management

Mac OS X

Linux \ Unix

Windows PCs

(x86/64, Intel SoC),

Windows to Go

Windows Embedded

Windows RT,

Windows Phone 8

iOS, Android

Windows Intune Features

Things to come

PC

Ma

na

ge

me

nt

fea

ture

s

MDM Features

June 2012

+Service Pack 1

Early 2013

� iOS & Android

� SW Publishing,

� EAS Integration

� Windows RT &

Window Phone 8

MDM

�Unified

Management

Oct 2011

� Software

deployment

April 2011� Cloud-based

management

� Windows 8

support

� Office 365

interoperability

Early 2013

� Enterprise

Scale

• Single License: Windows Intune + Configuration Manager

• Per User• Up to 5 devices/user

Windows Phone Enterprise FP

Demo: Intune

It’s all about the experience

It’s not only about Intune

Microsoft Remote Access

Trigger VPN• Add-VpnConnectionTriggerApplication [-Name] <string> –ApplicationID <String[]> -PassThru

• Full support in ConfigMgr (via AppModel & VPN Profiles)

• Split Tunneling needs to be enabledset-vpnconnection –Name “VPNName” –Splittunneling $true

• Disconnects after 5 minutes inactivity (default)

• Currently no support for:• Domain Joined Machines• Android• iPhone (Q4)

Demo: Trigger VPN

It’s all about the experience

RDP App for iOS, Android and OSX

Multi Factor AuthenticationAny two or more of the following factors for authentication:

21

Demo: Azure Multi Factor Authentication

It’s all about the experience

MFA in action

Workplace Join

IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the user’s identity.; multi-factor

authentication can be used through Windows Azure Active

Authentication (formerly PhoneFactor)

Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device

Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications

As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device

Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on-premises and in the cloud

Demo: Workplace Join

It’s all about the experience

Work Folders

Data management

Quotas

File screens

Reporting

Classification

RMS protection

Device management policy

Limit access to registered devices

File encryption / selective wipe

Require password / device lock

AuthenticationKerberos (Windows Auth)Digest (Windows Auth)ADFS (OAuth)

https://workfolders.contoso.com

Work Folders positioning

Demo: Work Folders

It’s all about the experience

Dynamic Access Control

Classification Access control Auditing

Rights Management Services protection

• Files inherit classification

tags from parent folder

• File owners tag files

manually

• Files are tagged

automatically

• Files are tagged by

applications

• Central access policies are

based on classification

• Access conditions for user

claims, device claims, and

file tags are based on

expressions

• Assistance is available for

denial of access

• Central audit policies can

be applied across multiple

file servers

• Audits for user claims,

device claims, and file tags

are based on expressions

• Audits can be staged to

simulate policy changes in

a real environment

• Automatic Rights

Management Services

(RMS) protection is

available for Microsoft

Office documents

• Protection is in near-real–

time when a file is tagged

• RMS protection extends to

files not created in

Microsoft Office

Demo: Dynamic Access Control

It’s all about the experience

Things to come

Or just arrived ☺

Enterprise Mobility Suite

Azure RMS Architecture

Azure RMS Experience in Office

https://portal.aadrm.com/home/download

Azure Remote App

31

RemoteApp Service

Pre-built template imageAutomatically maintained

Published Apps

Session Host …

Session Host

Session Host

Elastic Runtime

Persistent user data(50GB per user)

Microsoft Account

Azure Active Directory

On-premises Network

Windows Server Active Directory

DirSync

RDP

Identity Options

Authentication

On-premises Network

Azure VPN

Domain Joined

Subject to IT policy via GP, System Center, or other enterprise management tools

Standalone ModelHybrid Model

Azure Active Directory Sync

Abbreviations all over the place

Microsoft’s UDM Building Blocks

Recap

And take home the Lumia 1320

Present your feedback form when you exit the last session & go for the drink

Give Me Feedback

Follow Technet Belgium@technetbelux

Subscribe to the TechNet newsletteraka.ms/benews

Be the first to know

Belgiums’ biggest IT PRO Conference