Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and...
-
Upload
neal-lawson -
Category
Documents
-
view
237 -
download
0
Transcript of Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and...
![Page 1: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/1.jpg)
![Page 2: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/2.jpg)
LE Novak MCM, MCSEPremier Field EngineerMicrosoft
Managing and Securing Devices using Exchange, System Center, and Intune
ARC307
Michael IndenceSenior Premier Field EngineerMicrosoft
![Page 3: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/3.jpg)
ContactL.E. Novak
Blog
Geekswithablog.com
Podcast
Geeks, Bowties, and Tech
@LE_Novak
@GeekswithaBlog
Michael Indence
![Page 4: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/4.jpg)
Exchange
Exchange Connecter with Configuration Manager
Configuration Manager with Intune
Protect and Manage Devices and Infrastructure
![Page 5: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/5.jpg)
Exchange
![Page 6: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/6.jpg)
Set-ActiveSyncOrganizationSettings New-ActiveSyncDeviceAccessRule
Set-ActiveSyncDeviceAccessRule
New-ActiveSyncMailboxPolicy
Set-CasMailbox
Exchange - Protecting your Infrastructure
![Page 7: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/7.jpg)
Set-ActiveSyncOrganizationSettings Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients [email protected], [email protected]
Exchange - Protecting your Infrastructure
![Page 8: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/8.jpg)
New-ActiveSyncDeviceAccessRule
New-ActiveSyncDeviceAccessRule -QueryString iPhone -Characteristic DeviceModel -AccessLevel Block
New-ActiveSyncDeviceAccessRule -QueryString NokiaE521/2.00()MailforExchange -Characteristic UserAgent -AccessLevel Allow
Exchange - Protecting your Infrastructure
![Page 9: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/9.jpg)
Set-ActiveSyncDeviceAccessRule
Set-ActiveSyncDeviceAccessRule 'ContosoPhone(DeviceModel)' -AccessLevel:Quarantine
Get-ActiveSyncDeviceAccessRule | Where {$_.AccessLevel -eq 'Allow'} | Set-ActiveSyncDeviceAccessRule -AccessLevel:Quarantine
Exchange - Protecting your Infrastructure
![Page 10: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/10.jpg)
Mobile Device Mailbox Policies
When you install Exchange 2013, a default mobile device mailbox policy is created. All users are automatically assigned this default mobile device mailbox policy.
Exchange - Protecting your Infrastructure
![Page 11: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/11.jpg)
New-ActiveSyncMailboxPolicy
New-ActiveSyncMailboxPolicy -Name 'All Users' -AllowNonProvisionableDevices $false -DevicePasswordEnabled $true -AlphanumericDevicePasswordRequired $false -MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true -AttachmentsEnabled $true -AllowSimpleDevicePassword
Exchange - Protecting your Infrastructure
![Page 12: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/12.jpg)
Adding and Removing Users from a Mobile Mailbox Policy
Get-CASMailbox -Identity [email protected] -ActiveSyncMailboxPolicy "Sales"
Get-Mailbox | where { $_.CustomAttribute1 -match "Manager"} | Set-CASMailbox -activesyncmailboxpolicy(Get-ActiveSyncMailboxPolicy "Contoso").Identity
Exchange - Protecting your Infrastructure
![Page 13: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/13.jpg)
Current list of available settings per device OS
http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients
Exchange - Protecting your Infrastructure
![Page 14: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/14.jpg)
Demo Device Quarantine
L.E. Novak and Michael Indence
![Page 15: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/15.jpg)
Exchange Connector
![Page 16: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/16.jpg)
Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premises or online) by using the Microsoft Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager.
Exchange Connector – Managing and Securing Devices
![Page 17: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/17.jpg)
Settings you can control
GeneralPasswordEmail ManagementSecurityApplication
Exchange Connector – Managing and Securing Devices
![Page 18: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/18.jpg)
Option to control settings via Active Sync
Exchange Access rules controlAllow, Block, or Quarantine
Remotely Wipe via ConfigMgrSelf Wipe via Application catalog
On-premise automatically added to catalog on syncHosted requires manual user device affinity before visible in catalog.
Exchange Connector – Managing and Securing Devices
![Page 19: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/19.jpg)
When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices. Some management functions are therefore limited. For example, you cannot install software on these devices or use configuration items to configure these devices.
Exchange Connector – Managing and Securing Devices
![Page 20: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/20.jpg)
When you use the Exchange Server connector, the mobile devices are managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies.
Exchange Connector – Managing and Securing Devices
![Page 21: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/21.jpg)
An account is required to configure the Exchange Connector in Configuration Manager. The account can be the computer account of the site server or a Windows user account, and must have rights in Exchange to certain cmdlets.
Exchange Connector – Managing and Securing Devices
![Page 22: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/22.jpg)
An account is required to configure the Exchange Connector in Configuration Manager. The account can be the computer account of the site server or a Windows user account, and must have rights in Exchange to certain cmdlets.
Exchange Server management roles that contain the required cmdlets are the Recipient Management, View-Only Organization Management, Server Management, and above.
Exchange Connector – Managing and Securing Devices
![Page 23: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/23.jpg)
DEMOExchange Connector
Michael Indence
![Page 24: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/24.jpg)
Intune
![Page 25: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/25.jpg)
System Center Intune has various access points and knowing each one is important to not confuse users and get the most of the subscription.
Portal.Manage.Microsoft.com (Users)
Account.Manage.Microsoft.com (Subscription Administration)
Manage.Microsoft.com (Intune Administration)
System Center Intune - Managing and Securing Devices
![Page 26: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/26.jpg)
There are various pre-requisites that must be configured and working before Intune can manage mobile devices or be connected to System Center Configuration Manager.
Intune AccountVerified Public DomainDomain UPNDirsync/SSODNS Alias (CNAME)Certificate Keys
System Center Intune - Managing and Securing Devices
![Page 27: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/27.jpg)
Certificates are used with System Center Intune to secure software deployments to devices that are either company developed or push or to allow Notifications. Below is a list by OS type of cert required. Windows Phone 8 – Code Sign Cert (Symantec)
Support Tool for Windows Intune Trial (temp cert for testing)
Windows devices (Side loading Keys)
IOS – Apple Push Notification (APN)
Android (None)
System Center Intune - Managing and Securing Devices
![Page 28: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/28.jpg)
System Center Intune support many Mobile devices in Direct Managed mode or connected with System Center Configuration Manager 2012 R2.
Windows Phone 8 DevicesWindows 8 RTWindows 8.1 RTWindows 8.1iOS 5.0, 6.0, and 7.0Android Devices 2.3 and Later
System Center Intune - Managing and Securing Devices
![Page 29: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/29.jpg)
When integrating System Center Intune with System Center Configuration Manager there is a few configuration changes and system roles to be setup.
Subscription Connector Setup
Windows Intune Connector Role
LogsConnectorSetupCloudMgrCloudUsersSyncdmpDownloaderdmpuploader
System Center Intune - Managing and Securing Devices
![Page 30: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/30.jpg)
System Center Intune - Managing and Securing Devices
Source http://blogs.technet.com/b/windowsintune/archive/2013/01/18/technet-radio-edition-cloud-based-management-with-windows-intune.aspx`
![Page 31: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/31.jpg)
DEMOIntune Initial ConfigurationMichael Indence
![Page 32: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/32.jpg)
Company Applications
Deeplinking (Store Apps)
User Enrollment
Managing Devices – Managing and Securing Devices
![Page 33: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/33.jpg)
Method to deploy Vendor store apps via System Center Configuration Manager.
iTunes
Google Play
Windows Phone Store
Windows (Use reference computer)
Deeplinking – Managing and Securing Devices
![Page 34: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/34.jpg)
Windows Phone (Settings – Company Apps)
Windows RT (System Configuration – Company Apps)
Windows 8.1 and RT 8.1 (Workplace)
iOS (ITunes – Windows Intune Company Portal)If Service Pack 1 (m.manage.Microsoft.com)
Android (Google Play – Windows Intune Company Portal)
User Enrollment – Managing and Securing Devices
![Page 35: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/35.jpg)
DEMOUser Enrollment
Michael Indence and L.E. Novak
![Page 36: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/36.jpg)
The enterprise feature pack will include:
S/MIME to sign and encrypt email
Access to corporate resources behind the firewall with app aware, auto-triggered VPN
Enterprise Wi-Fi support with EAP-TLS
Enhanced MDM policies to lock down functionality on the phone for more enterprise control, in addition to richer application management such as allowing or denying installation of certain apps
Certificate management to enroll, update, and revoke certificates for user authentication
Windows Phone Enterprise Feature Pack – Managing and Securing Devices
![Page 37: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/37.jpg)
On February 28th 2014 Samsung announced a partnership with Microsoft to bring some of it’s enterprise services to Knox. Samsung mobile customers will now be able to take advantage of seamless authentication for access to enterprise resources, and Enterprise IT will be able to manage those devices with Windows Intune.
Samsung Knox and Intune– Managing and Securing Devices
![Page 38: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/38.jpg)
Exchange
Exchange Connecter with Configuration Manager
Configuration Manager with Intune
Protect and Manage Devices and Infrastructure
![Page 39: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/39.jpg)
QUESTIONS
![Page 40: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/40.jpg)
ContactL.E. Novak
Blog
Geekswithablog.com
Podcast
Geeks, Bowties, and Tech
@LE_Novak
@GeekswithaBlog
Michael Indence
![Page 41: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/41.jpg)
![Page 42: Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.](https://reader035.fdocuments.in/reader035/viewer/2022062308/56649dca5503460f94ac0cad/html5/thumbnails/42.jpg)
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.