Desktop and Device Management Andy Taylor – Andy.Taylor@ Susan Smith –...

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Desktop and Device Management Andy Taylor – Andy.Taylor@ Susan Smith –...

Desktop and Device ManagementAndy Taylor Andy.Taylor@microsoft.comSusan Smith

1AgendaIntroductionSystem Center 2012 Configuration ManagerWindows IntuneClose2System Center 2012 Configuration Manager

3SYSTEM CENTER 2012 CONFIGURATION MANAGEREmpower UsersEmpower people to be more productive from almost anywhere on almost any device.

Simplify AdministrationImprove IT effectiveness and efficiency.

Unify InfrastructureReduce costs by unifying IT management infrastructure.

4NEED FOR NEW APPLICATION MODELYour end-users are changing and apps are what they use to do workUltra mobilityLots of devicesNew generation with new expectations

Your apps are changingAppVSaaSDatacenter hosted (VDI, remote/seamless apps)Mobile apps/catalogs

Management Server

Traditional Model User Centric Model5Application ModelManage applications; not scriptsApplication Management:Detection method re-evaluated for presence:Required application reinstall if missingProhibited application uninstall if detectedRequirement rules evaluated at install time to ensure the app only installs in places it can, and shouldDependencies relationships with other apps that are all evaluated prior to installing anythingSupersedence relationships with other apps that should be uninstalled prior to installing anythingUpdate an app Automatic revision managementTechReady125/8/2012 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.6

Secure over-the-air enrollment Monitor and remediate out-of-compliance devices Deploy and remove applications Inventory Remote wipe(WinCE 5.0, 6.0; Windows Mobile 6.0, 6.1, 6.5.x)7


EAS-based policy delivery Discovery and inventory Settings policy Remote WipeLight ManagementDepth Management


8WHAT IS USER DEVICE AFFINITY (UDA)?Key feature to help move to User Centric Application DeploymentProvides the ability to define a relationship between a user and a device, then leverage this in app deploymentEnsure the application is not installed everywhere the user logs onChange the deployment type based on UDAPredeploy to systems when the user is not logged in for workgroup and after-hours deployments

Configuration Manager 2012 supports:Single primary user to primary deviceMultiple primary devices per userMultiple primary users per device


Windows Embedded


ITAdministrators publish software titles to catalog, complete with meta data to enable searchDeliver best user experience on each device

Users can browse, select and install directly from CatalogApplication model determines format and policies for delivery


11SIMULATE APPLICATIONGoal build trust in moving to state based dynamic applicationsDid I do detection method right? Did I get rules/relationships right? What will my deployment type mix be?What it does - runs application as required in rules only modeNo content download, no execution of deployment typeResults what would the system have done?Processes detection method, requirement rules, dependencies and supersedenceDoes NOT simulate the install!GuidanceRun for an app, then delete these rules are processed ongoing and will impact scale/perfIts a REAL piece of policy so may collide with other inflight policiesPreflight deploy a superseding application may have impact on user experience and compliance reporting



14FunctionalityConfigMgr 2007ConfigMgr 2012What types of objects can I see and what can I do to them?Class rightsSecurity rolesWhich instances can I see and interact with?Object instance permissionsSecurity scopesWhich resources can I interact with?Site specific resource permissionsCollection limitingRole-Based AdministrationCentral management for securityRole-Based Administration lets you map the organizational roles of your administrators to defined security roles:

Removes clutter from the consoleSupports Show me whats relevant to me based on my Security Role and Scope15CLIENT STATUS Goal -> Enable Administrators to monitor the activity and status of ConfigMgr client computers in their hierarchy.

Following two methods have been used to evaluate the overall status of client computers they are managing

Client Activity: Monitored from the Server:

Configure thresholds to determine if a client is active

Client Check: Monitored from the Client:

A client evaluation engine is installed with the ConfirMgr client, which periodically evaluates its health and state of dependencies. This engine can also remediate some problems with the client.16SOFTWARE UPDATESAuto Deployment RulesUse filter to identify class of updates to automatically deploy: category, products, language, date revised, article id, bulletin id, etc.Schedule content downloadState-based Update GroupsDeploy updates individually or in groupsUpdates added to an update group automatically deploy to collections targeted with the group

17Unified InfrastructureReduce the cost of maintaining secure endpoints with unified management and security infrastructure SYSTEM CENTER 2012 ENDPOINT PROTECTION

Easy to setup and operate the management infrastructureEasy client install and migrationAutomated deployment of updates using ConfigMgr infrastructureSimplified deployment of antimalware policies

18SETTINGS AND COMPLIANCE MANAGEMENTConfigMgr MP BaselineConfigMgr AgentWMIXMLRegistryIISMSIScriptSQLSoftwareUpdatesFileActiveDirectoryBaseline Configuration ItemsAuto RemediateORCreate Alert !

Deploy baselines to collectionsBaseline driftImproved functionalityCopy settingsTrigger console alertsRicher reporting

Enhanced versioning and audit trackingAbility to specify versions to be used in baselinesAudit tracking includes who changed whatPre-built industry standard baseline templates through IT GRC Solution Accelerator19REPORTING EXPERIENCESReport Viewer(in-console)Report Manager(Web)

20REMOTE CONTROLWhat's New in Remote ControlAbility to send Ctrl-Alt-Del keystroke to host deviceAble to traverse the all Windows Secure Desktop modesWinlogon, SAS, UAC, Locked screen, Granular client settings per collectionLock keyboard and MouseAbility to create Firewall exception ruleCcmeval monitors and remediates Remote Control Service


Unified Management; On-Premise and from the CloudActive Directory

22Windows Intune



Help protect PCs from malwareManage updates Proactive monitoring and alertsProvide remote assistanceInventory hardware and software Monitor & track licenses Increase insight with reporting Set security policiesDistribute and consume software MANAGE, SECURE PCS AND DEVICES ANYWHERESimple Web-Based Administration Console and a friendly IW experience

24MOBILE CAPABLITIESUnified experience across all devices Automatic discovery of mobile devices that access ExchangeSingle console to manage computers and mobile devicesUser centric views for device inventory

Protect corporate data on mobile deviceDeploy Active Sync policies to user groups (password, encryption)Define mobile device access rules by device family/modelRemove mobile devices that access Exchange (with option to wipe)

IW empowerment through mobile LOB appsHosts & target in-house mobile apps to user groups (e.g. corp app store) Provide mobile self-service to download mobile apps or contact IT




IDENTITY CLOUD INFRASTRUCTURE(MSODS)Sync AD user data into the cloudSync managed users to Windows IntuneActiveSyncPolicy/ConfigSync mobile devices for managed users Apply EAS policies or remediation tasks ON-PREMISE INFRASTRUCTUREMICROSOFT CLOUD26POLICY TRACKINGTrack compliance against policiesUnified Policy status across PCs and mobile devicesConsistent look and feel for device settings report

Policy status for User groups and individual usersDisplay # of users who have devices with policy issuesDrill down into users and their devices with issues

Noncompliance action for mobile deviceReports if email access has been allowed or denied to non-compliant devices

27APP MANAGEMENTPublishThe IT administrator uploads in-house apps to Windows IntuneThe IT administrator deploys each app, specifying which targeted user groups have access to each appConsume Information workers sign in to the Windows Intune company portal using their corporate credentialsIn the mobile portal, information workers can do the following:View a detailed list of available apps Download an appContact IT (in case of a problem)TrackThe IT administrator tracks app adoption, using the aggregated and detailed statistics provided by Windows Intune

28DEMOWINDOWS INTUNE29Device Management Key PointsUser Centric ManagementApplications that user needs them on the multiple devices they useUser empowermentPublic and Private cloud ManagementWindows IntuneSystem Center 2012 Configuration Man