Unified client management session from Microsoft partner boot camp
-
date post
19-Oct-2014 -
Category
Technology
-
view
671 -
download
0
description
Transcript of Unified client management session from Microsoft partner boot camp
![Page 1: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/1.jpg)
UNIFIED MANAGEMENT OF
Olav Tvedt
Chief Consultant
MVP -
Twitter: @olavtwitt – Blog: http://olavtvedt.blogspot.com
CLIENTS
![Page 2: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/2.jpg)
![Page 3: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/3.jpg)
AGENDA:
Data Access
Remote System Access
Client Control
![Page 4: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/4.jpg)
Data Access
![Page 5: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/5.jpg)
Data Access
• SkyDrive
• SkyDrive Pro
• Folder Redirection
• Work Folders
5
![Page 6: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/6.jpg)
Consumer /
personal data
Individual work
data
Team / group
work data
Personal
devicesAccess protocol Data location
SkyDrive X X HTTPS Public cloud
SkyDrive Pro X X X HTTPSSharePoint / Office
365
Work Folders X X HTTPS File server
Folder
Redirection /
Client-Side
Caching
X
SMB (only from on-
prem or using
VPN/DA)
File server
http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
![Page 7: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/7.jpg)
7
![Page 8: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/8.jpg)
Work Folders
8
![Page 9: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/9.jpg)
Work Folders Requirements
• A server running Windows Server 2012 R2 for hosting sync shares and user files
• A volume formatted with the NTFS file system for storing user files
• Work Folders has the following software requirements for client PCs:
• Client side (More client OS support to come):- Windows 8.1- Windows RT 8.1- Enough free space on a local, NTFS-formatted drive to store all files in Work Folders. Work Folders uses the %USERPROFILE%\Work Folders location by default, although users can change the location during setup (microSD cards and USB drives are supported locations). The maximum size for individual files is 10 GB by default and there is no per-user storage limit, though administrators can use File Server Resource Manager to implement quotas.
9
![Page 10: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/10.jpg)
Work Folders Offline Files SkyDrive Pro SkyDrive
Intended for providing
user access to work filesYes Yes Yes No
Summary
Syncs files stored on a file
server with PCs and
devices
Syncs files stored on a file
server with PCs that have
access to the corporate
network (can be replaced
by Work Files)
Syncs files stored in Office
365 or in SharePoint with
PCs and Windows
Phones inside or outside a
corporate network and
provides document
collaboration functionality
Syncs personal files
stored in SkyDrive with
PCs and popular devices
Cloud service None None Office 365 Microsoft SkyDrive
Internal network servers
File servers running
Windows Server 2012 R2
Preview
File serversSharePoint server
(optional)None
Supported clients
PCs inside or outside of a
corporate network,
popular devices*
PCs in a corporate
network (or connected via
DirectAcces, VPNs, or
other remote access
technologies)
PCs, Windows PhonePCs, Macs, Windows
Phone, iOS, Android
11
.
*Work Folders apps not yet announced.
![Page 11: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/11.jpg)
Work Folders Requirements
• To enable users to sync across the Internet, there are additional requirements:- A server certificate from a certification authority (CA) that is trusted by your users – ideally a public CA- The ability to make a server accessible from the Internet by creating publishing rules in your organization’s reverse proxy or network gateway- A publicly registered domain name and the ability to create additional public DNS records for the domain
• (Optional) An Active Directory Domain Services forest with the Windows Server 2012 R2 schema extensions to support automatically referring client PCs and devices to the correct sync server when using multiple sync servers
• (Optional) Active Directory Federation Services (AD FS) infrastructure, when using AD FS authentication
12
![Page 12: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/12.jpg)
13
Windows Server 2012 R2 - Web Application Proxy
http://technet.microsoft.com/en-us/library/dn280944.aspx
![Page 13: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/13.jpg)
1
5
![Page 14: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/14.jpg)
More Info: Work folder
• Introducing Work Folders On Windows Server 2012 R2:http://blogs.technet.com/b/filecab/archive/2013/07/10/introducing-work-folders-on-windows-server-2012-r2.aspx
• Technet:http://technet.microsoft.com/en-us/library/dn265974.aspx
• Work Folder Best Practices Analyser:http://technet.microsoft.com/en-us/library/dn292741.aspx
• Work Folders Test Lab Deployment:http://blogs.technet.com/b/filecab/archive/2013/07/10/work-folders-test-lab-deployment.aspx
• Work Folders Certificate Management:http://blogs.technet.com/b/filecab/archive/2013/08/09/work-folders-certificate-management.aspx
16
![Page 15: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/15.jpg)
Remote System Access
![Page 16: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/16.jpg)
WORKPLACE JOIN
18
![Page 17: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/17.jpg)
IT can publish access to resources with the Web Application Proxybased on device awareness and the users identity
IT can provide seamless corporate access with DirectAccess and automatic VPN connections.
Users can work from anywhere on their device with access to their corporate resources.
Users can register devices for single sign-on and access to corporate data with Workplace Join
Users can enroll devices for access to the Company Portal for easy access to corporate applications
IT can publish Desktop Virtualization (VDI) for access to centralized resources
![Page 18: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/18.jpg)
IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.
Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificateis installed on the device
Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications
As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device
Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud
![Page 19: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/19.jpg)
Not Joined Workplace Joined Domain Joined
User provided devices are “unknown” and IT has no control. Partial access may be provided to corporate information.
Registered devices are “known” and device authentication allows IT to provide conditional access to corporate information
Domain joined computers are under the full control of IT and can be provided with complete access to corporate information
Browser session single
sign-on
Seamless 2-Factor Auth
for web apps
Enterprise apps single
sign-on
Desktop Single Sign-On
![Page 20: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/20.jpg)
DIRECTACCESS
23
![Page 21: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/21.jpg)
24
![Page 22: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/22.jpg)
25
![Page 23: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/23.jpg)
DirectAccess Limitations
Supported Clients
• Windows 8 Enterprise
• Windows 7 Enterprise
• Windows 7 Ultimate
• Domain-Joined
Non-Supported Clients
• Windows 8 Professional
• Windows Vista
• Windows XP
• Non Domain-Joined
![Page 24: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/24.jpg)
DirectAccess Limitations
• Protocols with Embedded IPv4 Addresses
• Applications with Hard Coded IPv4 Addresses
• IP Protocol Communication
Client Compatibility Issues
![Page 25: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/25.jpg)
DIRECTACCESS
28
![Page 26: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/26.jpg)
29
![Page 27: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/27.jpg)
30
![Page 28: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/28.jpg)
31
![Page 29: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/29.jpg)
32
![Page 30: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/30.jpg)
33
![Page 31: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/31.jpg)
34
![Page 32: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/32.jpg)
35
![Page 33: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/33.jpg)
DIRECTACCESS
36
![Page 34: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/34.jpg)
Client Control
![Page 35: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/35.jpg)
Controlling With Group Policy
![Page 36: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/36.jpg)
Controlling The Group Policy
•
•
•
•
•
•
![Page 37: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/37.jpg)
• Intune • System Center Config Manager w/Intune
43
Client Control
![Page 38: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/38.jpg)
Windows Intune Alone
44
![Page 39: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/39.jpg)
SCCM With Windows Intune
45
![Page 40: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/40.jpg)
User Actions
Company portal actions available
to users From Windows 8.1 Preview From Windows Phone 8 From iOS From Android
Enroll device. Yes Yes Yes No
Retire local device. Yes Yes No No
Wipe mobile devices remotely. Yes No No No
Install line-of-business apps. Yes Yes Yes Yes
Install apps from the store that the
device connects to for Windows
Store, Windows Phone Store,
App Store, or Google Play.
Yes Yes Yes Yes
![Page 41: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/41.jpg)
Administrator Management Options
Management tasks Windows RT Windows Phone 8 iOS Android
Device life cycle management
such as the ability to retire, wipe,
remote wipe, remove, and block
devices.
Yes Yes Yes No
Compliance settings that include
settings for password settings,
email management, security,
roaming, encryption, and
wireless communication.
Yes Yes Yes No
Line-of-business app
management.Yes Yes Yes Yes
App installation from the store
that the device connects to
(Windows Store, Windows Phone
Store, App Store, Google Play).
Yes Yes Yes Yes
Hardware inventory. Yes Yes Yes No
![Page 42: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/42.jpg)
Why Use Intune
• Get Controll
• Office365 Exchange Integration (built-in connector)
• On Premies Active Directory Integration
• SCCM Integration
48
![Page 43: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/43.jpg)
Why Use Configuration Manager?
• One Interface
o Servers
o Computers
o Tablet
o Phones
• Line-Of-Business Apps Sideloading
• Extended Features
o Multipe Client settings
o Wipe Company Content (Sideloaded App And Stuff Controlled By SCCM)
49
![Page 44: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/44.jpg)
50
SCCM Mobile Management
![Page 45: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/45.jpg)
51
SCCM Or Intune Mobile Management
![Page 46: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/46.jpg)
Hardware Inventory Not Available With The Exchange Server Connector
52
Hardware Inventory Class Windows Phone 8 Windows RT iOS
Serial Number Not applicable Not applicable Device_ComputerSystem.SerialNumber
Build Version Not applicable Win32_OperatingSystem.BuildNumber Not applicable
Service Pack Major Version Not applicableWin32_OperatingSystem.ServicePackMajorVersi
onNot applicable
Operating System Language Device_OSInformation.Language Not applicable Not applicable
Total Storage Space Not applicable Win32_PhysicalMemory.Capacity Device_Memory.DeviceCapacity
Free Storage Space Not applicable Win32_OperatingSystem.FreePhysicalMemory Device_Memory.AvailableDeviceCapacity
Mobile Equipment Identifier (MEID) Not applicable Not applicable Device_ComputerSystem.MEID
Manufacturer Device_ComputerSystem.DeviceManufacturer Win32_ComputerSystem.Manufacturer Not applicable
Cellular Technology Not applicable Not applicable Device_ComputerSystem.CellularTechnology
Wi-Fi MAC Not applicable Win32_NetworkAdapter.MACAddress Device_WLAN.WiFiMAC
![Page 47: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/47.jpg)
5
3
![Page 48: Unified client management session from Microsoft partner boot camp](https://reader034.fdocuments.in/reader034/viewer/2022051816/5444703fafaf9fa8098b48ed/html5/thumbnails/48.jpg)