Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance...
-
Upload
marcia-haynes -
Category
Documents
-
view
225 -
download
0
Transcript of Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance...
![Page 1: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/1.jpg)
![Page 2: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/2.jpg)
Mobile Device Management with Configuration Manager 2012 SP1 and Windows IntuneCraig Morris, Brett FleggSenior PM Lead, Principal DeveloperMicrosoft
UD-B309
![Page 3: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/3.jpg)
Microsoft NDA Confidential
Three session today on Mobile Device Mgt8.30am: Infrastructure Setup• UD-B309 – Deploying and Configuring Mobile Device
Management Infrastructure10”15am: Settings and Enrollment• UD-B330 – System Center 2012 Configuration Manager SP1
and Windows Intune: Unified Modern Device Management12:00pm: Application Management• UD-B301 – Application Delivery with System Center 2012
Configuration Manager SP1 and Windows Intune
![Page 4: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/4.jpg)
Microsoft NDA Confidential
Agenda1. Intro2. Getting Started3. Signing into Windows Intune Service4. Active Directory, Dirsync and ADFS5. Creating Configuration Manager objects
• Windows Intune Subscription• Onboarding of Mobile Device Platforms• Windows Intune Connector
6. Setting up a Lab or POC environment
![Page 5: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/5.jpg)
Enabling users to be productive, responsiblyFinding the right balanceDevices & Experiences Users Want
Applications and data across devices, anywhere
Empower User Productivity
Unified Management Infrastructure
Common IdentityAccess and Information Protection
Controlled access to data with seamless authentication
![Page 6: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/6.jpg)
Unified Device Management
• Single management interface• Integrated security and
compliance• Improve IT efficiency• Reduced infrastructure complexity
Unified Management Infrastructure
+
Empower User Productivity
• Device choice• Application self-service• Personalized application
Experience• Non-intrusive management
![Page 7: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/7.jpg)
Simplifying Management Across Platforms
Devices & Platforms
IT
Single adminconsole
Windows PCs(x86/64, Intel SoC),
Windows to GoWindows Embedded
AndroidMac OS X
Windows RT Windows Phone 8
iOSAndroid
![Page 8: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/8.jpg)
Microsoft NDA Confidential
Integration points of ConfigMgr and Windows Intune
• Intune provides cloud based infrastructure to provide settings management and software distribution to mobile devices
• All Administrative tasks are performed via ConfigMgr admin console.
![Page 9: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/9.jpg)
Platform Support
New Platforms• Windows RT• Windows Phone 8• iOS (5.x, 6.x)• Android (2.1 and later)*
Features fully integrated in to ConfigMgr• Over the air device enrollment*• Available user targeted applications• User and device settings
management*• Device inventory*• Remote device retirement*• Remote device wipe*
*Android features supported through the Exchange Connector only
![Page 10: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/10.jpg)
Getting Started
![Page 11: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/11.jpg)
Microsoft NDA Confidential
Overview of Process1. Create Windows Intune Subscription
a) Purchase from Windowsintune.comb) Purchase Volume License agreement
2. Add Public DNS details for enrollment redirection3. Verify Users have Public Domain UPNs and perform AD User
Discovery4. Deploy and Configure AD Federated Services (ADFS 2.0)
a) Not required but strongly recommended!
5. Deploy and Configure AD Directory Synchronization6. Reset User Password, if not using ADFS7. Configuring Configuration Manager for Mobile Device
Managementa) Creating a Windows Intune Subscription in the Configuration Manager Admin Consoleb) Creating the Windows Intune Connector Site System role
8. Verification of Configuration Manager successfully connecting to Windows Intune Service
![Page 12: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/12.jpg)
Microsoft NDA Confidential
Create Windows Intune Subscription• The first order of business is to create a Windows
Intune Subscription.• This can be performed as a Volume License
agreement, through those normal channels.• If your company does not have a volume license
agreement for Configuration Manager you may create a Windows Intune Subscription directly from www.WindowsIntune.com .
• Once this is complete login with the admin account created to the Windows Intune Account Portal account.manage.microsoft.com
![Page 13: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/13.jpg)
Sign In with username & password provided
![Page 14: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/14.jpg)
Select “My profile”
![Page 15: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/15.jpg)
Edit Profile and Save
![Page 16: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/16.jpg)
Microsoft NDA Confidential
Create Verifiable Public DomainIn order to ensure users are synchronized correctly you must create a verified public domain within Windows Intune Account Portal. • This is a public domain for the company, something like company1.com• This domain must be able to be verified as a registered domain by an external source
For Device enrollment ensure you have a public DNS CNAME record directing EnterpriseEnrollment to manage.microsoft.com
![Page 17: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/17.jpg)
Microsoft NDA Confidential
Verify User Details and Perform AD User DiscoveryEnsure users that will be
managed have this Public Domain as their primary Universal Principal Name (UPN) in Active Directory.
To add UPNs for each user, either edit via ADSI or script, similar to that shown in here: http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/06/how-can-i-assign-a-new-upn-to-all-my-users.aspx
Once confirmed perform AD User Discovery in Configuration Manager 2012 SP1
![Page 18: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/18.jpg)
Microsoft NDA Confidential
Deploy and Configure AD Federated Services• When you set up single sign-on
(also known as identity federation), your users can sign in with their corporate credentials to access the services in Windows Intune.
• As part of setting up single sign-on, you must also set up directory synchronization.
• Follow the Steps outlined in the Windows Intune Account Portal, under Users.
1. Prepare for Single Sign-on: http://technet.microsoft.com/en-us/library/jj151786
2. Secondly you need to deploy ADFS 2.0: http://technet.microsoft.com/en-us/library/jj151794 .
Not required but strongly recommended!
![Page 19: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/19.jpg)
Microsoft NDA Confidential
Deploy and Configure AD Directory Synchronization• Next, configure the on-premise
AD Directory Synchronization with Microsoft Online.
• To deploy and configure Dirsync follow the steps outlined in the Windows Intune Account Portal (account.manage.microsoft.com).
• Select Users, and then select the option to Setup Active Directory® synchronization . This will allow Intune to retrieve the user details from Microsoft Online.
• There’s a great Technet series on Dirsync that outlines the entire set of steps needed. http://technet.microsoft.com/en-us/library/hh967629.aspx
![Page 20: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/20.jpg)
Microsoft NDA Confidential
Reset User Microsoft Online Password; not using ADFS
Once configured AD Dirsync will happen immediately and then every 3 hours.User should then be visible in the Windows Intune Account Portal (in the Users node) – shown in previous slide
If not using ADFS, need to set a Microsoft Online password for each user:In order for the users to be able to login into the Windows Intune service (and Microsoft Online), they need a Microsoft Online/Azure AD password setYou may perform these activities for an individual user or in bulk via the Windows Intune Account Portal. Or leverage powershell to programmatically activate them. Details in the link below
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx
![Page 21: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/21.jpg)
Connecting to Windows Intune Account PortalBrett Flegg
![Page 22: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/22.jpg)
Creating Configuration Manager Objects
![Page 23: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/23.jpg)
Microsoft NDA Confidential
Functions of ConfigMgr Windows Intune Objects
Windows Intune Subscription, used by admin to:1. Retrieve certificate needed by connector to connect to Windows Intune Service (background
process)2. Define User Collection that enables members to enroll mobile devices3. Define and configure mobile platforms organization wants to support
Windows Intune ConnectorConnects to Windows Intune Cloud Server
• Sends policy for Settings Mgt and Software Distribution• Receives state/status messages back from clients
Windows Intune Service (not visible to admin)Contains DMP like functionality
• MP with local DB for storage of Policies• Gateway/Proxy to communicate to Mobile Devices
![Page 24: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/24.jpg)
Platforms and Certificates/KeysPlatform Certificates or keys How you obtain
Windows Phone 8
Code signing certificate: All sideloaded apps must be code-signed.
Buy a code signing certificate from Symantec
http://www.symantec.com/verisign/code-signing/windows-phone
Windows RT
Sideloading Keys: Windows RT devices have to be provisioned with sideloading keys to enable installation of sideloaded apps.
All sideloaded apps must be code-signed.
Buy sideloading keys from Microsoft, link below has more details
http://technet.microsoft.com/en-us/library/hh852635.aspx
iOSApple Push Notification service certificate
To enable app management for iOS, you must follow these steps.1. Download a Certificate Signing Request from Windows Intune. This certificate signing request lets you
apply to Apple’s certification authority for an Apple Push Notification service certificate.2. Request an Apple Push Notification service certificate from the Apple website.To Download a Certificate Signing Request from Windows Intune• In the Configuration Manager console, click Administration.• In the Hierarchy Configuration, right-click Windows Intune Subscriptions and select Create APNs
certificate request.• Select a location and then click Download.• In the Windows Intune sign in page, enter your organizational account and password. • After you sign in, the certificate signing request is downloaded to the location that you specified.To request an Apple Push Notification service certificate• Connect to the Apple Push Certificates Portal.
• Sign in and continue in the wizard.Android None
![Page 25: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/25.jpg)
Creating Windows Intune Subscription & Connector in Configuration ManagerBrett Flegg
![Page 26: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/26.jpg)
Platforms and Device EnrollmentSet up device enrollment for mobile devices •Set up Direct Management for Windows RT Mobile Devices Learn how to set up automatic detection for a Windows Intune enrollment server and obtain and add product activation sideloading keys to enable users to install line-of-business applications on their Windows RT devices.
•Set up Direct Management for Windows Phone 8 Mobile Devices Learn how to set up automatic detection for a Windows Intune enrollment server, and how to download and sign the Company Portal app so that you can make it available to users. The Company Portal app enables you to distribute applications and web links to users with Windows Phone 8 devices. Users can access and install the Company Portal app when they enroll their Windows Phone 8 devices.
•Set up Direct Management for iOS Mobile Devices Learn how to download a certificate signing request from Windows Intune so that you can apply to Apple’s certification authority for an Apple Push Notification Service (APNs) certificate. Configuration Manager with Windows Intune uses the APNs to maintain persistent communications with iOS devices.
![Page 27: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/27.jpg)
Setting up a LabThings to consider when deploying a lab environment• Sign up for Windows Intune trial account (30 days)• AD Dirsync is still needed• Default domain is Onmicrosoft.com, modify on-prem
UPN• Using servername instead of CNAME• Weblinks on RT and iOS to illustrate the experience
![Page 28: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/28.jpg)
Troubleshooting the Windows Intune Subscription and ConnectorBrett Flegg
![Page 29: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/29.jpg)
Microsoft NDA Confidential
In Review: Session Objectives And TakeawaysSession Objective(s): Outline System Center Configuration Manager SP1 and Windows Intune support for Mobile Device management
Key Takeaways1. A better understanding of the configuration requirements to manage
mobile devices2. Knowledge of setup procedures requirement to deploy the solution
![Page 30: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/30.jpg)
Microsoft NDA Confidential
Additional Resources
TechNet Documentation• How to Manage Mobile Devices by Using the Windows Intune
Connector in Configuration Manager: http://technet.microsoft.com/en-us/library/jj884158.aspx
• Using Windows Intune for Direct Management of Mobile Devices: http://technet.microsoft.com/en-us/library/jj733632.aspx
![Page 31: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/31.jpg)
Microsoft NDA Confidential
Related ContentBreakout Sessions
UD-B309Deploying and Configuring Mobile Device Management Infrastructure
UD-B310Deploying and Managing Windows 8 with Configuration Manager 2012 SP1
UD-B317Manageability of Mac & Linux Using System Center 2012 Configuration Manager SP1
UD-B318Managing Embedded Devices with Configuration Manager 2012
UD-B325System Center 2012 Configuration Manager SP1 Overview
UD-B330System Center 2012 Configuration Manager SP1 and Windows Intune: Unified Modern Device Management
UD-B331System Center 2012 Endpoint Protection Integration With Configuration Manager 2012 SP1
UD-B332What’s New with Microsoft Deployment Toolkit 2012 Update 1
UD-B333What's New: Configuration Manager 2012 SP1 Infrastructure Improvements and Hierarchy Design
UD-B335Windows Intune Overview
UD-B403Infrastructure Changes for System Center 2012 Configuration Manager SP1: Advanced Topics and Troubleshooting
![Page 32: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/32.jpg)
Microsoft NDA Confidential
Related ContentInstructor-led and Hands-on Labs
UD-IL301 Basic Software DistributionUD-IL302 Deploying a Configuration Manager HierarchyUD-IL303 Deploying Configuration ManagerUD-IL304 Deploying Windows 8 to Bare Metal ClientsUD-IL306 Implementing Endpoint ProtectionUD-IL307 Implementing Role-Based AdministrationUD-IL308 Implementing Settings ManagementUD-IL309 Introduction to Configuration ManagerUD-IL310 Managing ApplicationsUD-IL311 Managing ClientsUD-IL312 Managing ContentUD-IL313 Managing Microsoft Software UpdatesUD-IL314 Migrating from Configuration Manager 2007 to Configuration Manager 2012UD-IL315 New for SP1: Deploying Windows 8 Applications in Configuration Manager 2012 SP1UD-IL316 New for SP1: Expanding a Configuration Manager 2012 SP1 HierarchyUD-IL317 New for SP1: Implementing App-V 5.0 in Configuration Manager 2012 SP1UD-IL318 New for SP1: Implementing Database Replication Controls in Configuration Manager 2012 SP1UD-IL319 New for SP1: Implementing Linux Clients in Configuration Manager 2012 SP1UD-IL320 New for SP1: Upgrading from Configuration Manager 2012 to Configuration Manager 2012 SP1UD-IL401 Advanced Software Distribution
![Page 33: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/33.jpg)
People Centric ITCome to Booth 1 in the Expo Hall for your chance
to win a Surface RT bundle worth $699
Answer four questions correctly and you’ll be entered in our prize draw.
Draw will take place at 4pm on April 10 2013
NO PURCHASE NECESSARY. See Event Booth #1 for Official Rules
![Page 34: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/34.jpg)
Q and A
![Page 35: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/35.jpg)
Evaluation
Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com.Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.
We want to hear from you!
![Page 36: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/36.jpg)
Resources
http://channel9.msdn.com/Events
Access MMS Online to view session recordings after the event.
![Page 37: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/37.jpg)
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 38: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/38.jpg)
Additional Slides for future reference
![Page 39: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/39.jpg)
Screenshots for Windows Intune Subscription
![Page 40: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/40.jpg)
![Page 41: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/41.jpg)
![Page 42: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/42.jpg)
![Page 43: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/43.jpg)
Sign In
![Page 44: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/44.jpg)
![Page 45: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/45.jpg)
![Page 46: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/46.jpg)
![Page 47: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/47.jpg)
![Page 48: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/48.jpg)
![Page 49: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/49.jpg)
![Page 50: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/50.jpg)
![Page 51: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/51.jpg)
![Page 52: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/52.jpg)
![Page 53: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/53.jpg)
![Page 54: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/54.jpg)
![Page 55: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/55.jpg)
![Page 56: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/56.jpg)
![Page 57: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/57.jpg)
![Page 58: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/58.jpg)
![Page 59: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/59.jpg)
![Page 60: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/60.jpg)
![Page 61: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/61.jpg)
![Page 62: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/62.jpg)
![Page 63: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/63.jpg)
![Page 64: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/64.jpg)
![Page 65: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/65.jpg)
Screenshots for Windows Intune Connector
![Page 66: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/66.jpg)
![Page 67: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/67.jpg)
![Page 68: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/68.jpg)
![Page 69: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/69.jpg)
![Page 70: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/70.jpg)
![Page 71: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/71.jpg)
![Page 72: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/72.jpg)
![Page 73: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/73.jpg)
Active Directory Dirsync and ADFS
![Page 74: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/74.jpg)
All Identities and group memberships flow down to Intune via Sync Daemon
AD Integration1. User identities and SGs are created / modified in AD2. DirSync delta syncs on-prem userid (no pwd) to MSODS every 3 hours3. Federation between on-premise AD and Org ID allowing users to use
their on prem username and pwd to login4. All Identities and group memberships flow down to Intune via Sync
Daemon
To learn more about ADFS, design and deployment visit Windows Server ADFS homepage and Preparing for single sign on. For more details on AD Directory Synchronization visit Directory Synchronization roadmap.For details on attributes Dirsync’d see this KB
Identity Services
On Premise Infrastructure
ADMS Online Directory Sync (DirSync)
Provisioningplatform
Windows Intune
SharePoint Online
Exchange Online
Active Directory Federation Server 2.0
Trust
IdP
DirectoryStore
Admin Portal/PowerShell
Authentication platform IdP
Microsoft Online Services
![Page 75: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/75.jpg)
The following illustration and corresponding steps provide a description of the client application request process in AD FS using TLS/SSL.
1.The remote employee uses the Web browser to open the application on the AD FS-enabled Web server.2. The AD FS-enabled Web server refuses the request because there is no AD FS authentication cookie. The AD FS-enabled Web server redirects the client browser to sign-in on the resource federation server.3. The client browser requests the logon Web page from the resource federation server.4. The Web page on the resource federation server prompts the user for account partner discovery.5.The resource federation server redirects the client browser to the logon Web page on the account federation server proxy.6.The Web browser requests the logon Web page from the account federation server proxy.
![Page 76: Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.](https://reader036.fdocuments.in/reader036/viewer/2022081512/56649ef45503460f94c07a9b/html5/thumbnails/76.jpg)
Microsoft NDA Confidential
DirSync Installation Details
• Microsoft .NET Framework 3.5 (reboot) and Microsoft Windows PowerShell™ v1.0 (no reboot)
• Not a domain controller• Domain-joined machine
DirSync can synchronize from source forests running the following versions of Windows Server:• Microsoft Windows Server 2008 R2• Microsoft Windows Server 2008• Microsoft Windows Server 2003 • Microsoft Windows Server 2000
• Microsoft SQL Server® 2008 R2 Express • Microsoft Identity Lifecycle Manager 2007 (version created
specifically for Microsoft Online)• No customer purchase beyond providing a server
• Microsoft Windows Server 2008 • Microsoft Windows Server 2008 R2• Microsoft Windows Server 2003 SP2
Supported Operating Systems Prerequisites
Source Forest Synchronization Single file download
To learn more about ADFS, design and deployment visit Windows Server ADFS homepage and Preparing for single sign on. For more details on AD Directory Synchronization visit Directory Synchronization roadmap.For details on attributes Dirsync’d see this KB