Mastering the Move to Modern Management using ConfigMgr

Similar documents
Modern BIOS Management from the Cloud

AirLift Configuration. VMware Workspace ONE UEM 1902 VMware Workspace ONE AirLift 1.1

Phil Schwan Technical

Today s focus Microsoft 365 powered devices

Adnan Cloud Solutions Architect. SAFFA living in Netherlands, work globally. Microsoft Trainer +25y (xrl MSLearning)

A tale of Modern Management Part 1

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

MD-101: Modern Desktop Administrator Part 2

Deployment Genval November 2018

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

INTEGRATING WITH DELL CLIENT COMMAND SUITE: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

PLANNING YOUR WINDOWS 10 DEPLOYMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Sccm 2012 Automatically Approve Clients In Trusted Domains

At Course Completion After completing this course, students will be able to:

NE Administering System Center Configuration Manager and Intune

Mobility Windows 10 Bootcamp

Dell Provisioning for VMware Workspace ONE. VMware Workspace ONE UEM 1902

Quo vadis? System Center Configuration Manager Full managed desktop. Mobile device management Light managed device policies, inventory,

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

DEPLOYING WIN32 APPLICATIONS: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

MOC 20416B: Implementing Desktop Application Environments

Implementing Microsoft Azure Infrastructure Solutions

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Windows 10. scalable IT services & solutions. October 25, Bruce Ward, VP of Business Strategy. Dan Sharp, Senior Consultant

São Paulo. August,

Administering System Center Configuration Manager and Intune

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Office 365: Modern Workplace

Windows 7 Deployment Key Milestones

What s new in System Center Configuration Manager Current Branch? Ievgen Liashov

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

ForeScout Extended Module for VMware AirWatch MDM

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch Android Platform Guide

Managing Microsoft 365 Identity and Access

Step by Step for Anyone

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

20533B: Implementing Microsoft Azure Infrastructure Solutions

: 20696C: Administering System Center Configuration Manager and Intune

VMware AirWatch Product Provisioning and Staging for QNX Guide Using Product Provisioning for managing QNX devices.

Administering System Center Configuration Manager

SharePoint 2016 Administrator's Survival Camp

ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER

Administering System Center Configuration Manager and Intune

Exam : Implementing Microsoft Azure Infrastructure Solutions

Administering System Center Configuration Manager

VMware Workspace ONE UEM Product Provisioning for Windows Rugged Documentation. VMware Workspace ONE UEM 1811

Microsoft. MS-101 EXAM Microsoft 365 Mobility and Security. m/ Product: Demo File

Kent Agerlund Enterprise Mobility MVP & Microsoft Regional Director

Integrating AirWatch and VMware Identity Manager

Course A: Administering System Center Configuration Manager

Architecting Microsoft Azure Solutions (proposed exam 535)

VMware Workspace ONE UEM Integration with Apple School Manager

Microsoft Administering System Center Configuration Manager and Intune

Citrix Workspace Cloud

BRING MAC TO THE ENTERPRISE WITH A MODERN APPROACH TO MANAGEMENT

This confirms that Ricky T has completed the following courses:

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

M20696 Administering System Center Configuration Manager and Intune

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Windows 8/RT Features Matrix

Tony Paikeday Sr. Solutions Marketing Manager. Chris Westphal Sr. Product Marketing Manager. C Cisco Systems, Inc.

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

VMware AirWatch Product Provisioning and Staging for Android Guide Using Product Provisioning for managing Android devices.

VMware AirWatch: Directory and Certificate Authority

[ Sean TrimarcSecurity.com ]

Table of Contents. VMware AirWatch: Technology Partner Integration

IBM Endpoint Manager Version 9.0. Software Distribution User's Guide

Duration Level Technology Delivery Method Training Credits. System Center Configuration Manager

Workspace ONE UEM Recommended Architecture. VMware Workspace ONE UEM 1811

Frequently Asked Questions

A: Administering System Center Configuration Manager

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

VMware AirWatch Content Gateway Guide for Linux For Linux

Microsoft Administering System Center Configuration Manager

Mobile Security using IBM Endpoint Manager Mobile Device Management

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

MD-100: Modern Desktop Administrator Part 1

Modern Management of Windows - Intune & Autopilot

Administering System Center Configuration Manager and Intune

Agenda. Flexcast Management Architecture XenDesktop 7: Install, Manage, Support Migration/upgrade Best Practices Demo Upgrade tips (if time permits)

Sccm management console download windows 7. Sccm management console download windows 7.zip

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Maximize your investment in Microsoft Office 365 with Citrix Workspace

SHAREPOINT 2016 ADMINISTRATOR BOOTCAMP 5 DAYS

Transcription:

Mastering the Move to Modern Management using ConfigMgr Josué Negrón Sr. Solutions Architect VMware Brooks Peppin EUS Systems Engineer VMware

Agenda Challenges with PCLM Solutions What are your Options? Co-Management with ConfigMgr using Intune Scripting Options to Move Workloads Co-Management with Workspace ONE On-boarding Collection Mapping App Migration Tracking and Dashboard

Evolution of Microsoft Client Management 2011 2012 2012 2017 2016 2014 Enterprise Mobility Suite Co- Management SCCM as a Service 2007 2003 1999 SMS 2.0 1994 SMS 1.0 Client Management Infancy (NT Domain) Groups Model Laptops, Servers, Enterprise Scale Comprehensive Management Management from the Cloud Consumerization of IT Transitioning to Modern Management Windows 3 Windows 95 1992 1995 Windows XP 2001 Windows Vista 2006 Windows 7 2009 Windows 8 2012 Windows 10 2015

With Windows 10, Microsoft Enables Modern Management of PCs Integrated MDM Framework Simplified Device Onboarding Cloud-based Management Microsoft s own IT is moving away from traditional PC management to modern management for Windows 10.* * Source: Microsoft IT Showcase; Aug 21, 2017; https://www.microsoft.com/itshowcase/article/video/708/windows-10-deployment-tips-and-tricks-from-microsoft-it 4

Journey to Modern Management Not a flip of a switch to get to Windows 10 / Modern Management Will take time, potentially years May have servers and legacy Windows OS under SCCM management Need to change 25 years of management practices Domain Centric to Device/User Centric Many plug-ins for SCCM Asset management, Auditing Similar to move from Exchange, Active Directory Hybrid Mode Exchange with O365 / AD Federation with Azure Customers may not be able to move all devices to modern management Will happen with device replacement (3-5 years)

Legacy PC Management Unified Endpoint Management Deploy Patch Configure Apps Secure Self-service Use Cases Retire High IT touch build and constantly maintain images specific to OEMs, OS version, use cases, roles Poor patch compliance patch management of domain joined PCs on company network On-network and domain joined PCs only, leveraging group policy objects (GPOs) Resource intensive packaging and deployment (heavy distribution infrastructure); supports Win32 apps only Perimeter defense and no visibility across off-network endpoints; manual remediation for compromised PCs Lacks self-service capabilities or requires third party addons (e.g. store front, recovery keys, etc.) Limited to corporate owned desktop management use cases with locked down machines Manual process: wipe and replace image for new user Simpler out-of-the-box and IT runtime provisioning without the need for imaging; upgrade to new version from cloud Updates PCs on or off the domain from the cloud in minutes; not months Configures PCs over-the-air and across any network; supports modern MDM + GPOs Scalable and reliable app distribution with cloud CDN + P2P; supports any app - Win32, store/uwp, SaaS Smarter conditional access polices and real-time visibility, compliance, and auto remediation across all endpoints Self-service features for app access, domain password reset, BitLocker recovery, remote wipe and lock and others Easily scales to modern use cases (e.g. BYOD) and other Windows, mobile, rugged and IoT endpoints (UEM) Wipe and reset remotely; ready for the new user

Bridging to Modern Management Adopt & Connect Transition to Modern ConfigMgr Content Delivery to Cloud Content Delivery Win32 to Modern Apps Kerberos to Modern Auth GPO to MDM Policy Imaging to Signature Image WSUS to WUfB Adopt Windows 10 Modernizing with a co-management bridge AD/AAD connect Adopt Office 365/ProPlus End of Support for Windows 7 Today

Why Co-Manage with SCCM SCCM is a religion People have built their careers on SCCM As they move to Modern Management, SCCM becomes irrelevant Unless a customer is already 100% at Windows 10 WinXP, Win7, Win8 and Server OS s Most companies have had SCCM in place for over 20 years Not easy to just rip off the Band-Aid We may need SCCM to get to Windows 10 Upgrade Win7 to Win 10 Typical hardware refresh cycle is 3-5 years

Co-Management with Intune You must have the following prerequisites in place before you can enable co-management with Intune or EMS: Requires Windows 10 version 1709 or later Requires Configuration Manager version 1710 or later Must be Intune Standalone Cannot be Hybrid MDM (Intune joined to SCCM) EMS or Intune license for all users Devices must be Hybrid Azure AD-joined (SCCM Managed) Azure AD Joined (Intune Managed) Azure AD automatic enrollment enabled

Supported Workloads Device Compliance Policies Resource Access Policies Configure VPN, Wi-Fi, email, and certificate settings on devices. Windows Update Policies Endpoint Protection (starting in Configuration Manager version 1802) Device Configuration (starting in Configuration Manager version 1806) Office 365 Click-to-Run apps (starting in Configuration Manager version 1806) Mobile apps (starting in Configuration Manager version 1806 as a pre-release feature) Ability to Execute Remote Commands

Co-Management Dashboard

Major Limitations Today Many Prerequisites: SCCM 1710+, Windows 10 1709+, AD+AAD Joined, CMG for Intune-Only Managed Devices, etc. No clear path to fully migrate apps to a modern approach Does not migrate workloads over from SCCM to Intune, Co- Management only chooses who the primary source of management should be Only supports some use-cases, thus might not work for all of your devices in your organization No clear path for customers who want to rip-and-replace quickly; but great for a longer term migration plan

Open-Source SCCM Migration Tools Available on GitHub & VMware {code}: SCCM to AirWatch App Migration Migrate existing Win32 applications from SCCM to AirWatch SCCM to AirWatch Tag Creation Automatically create tags in AirWatch for SCCM collections and tag devices to maintain a link between SCCM and AirWatch SCCM to AirWatch Auto Registration Automatically pre-register SCCM devices into AirWatch using serial number and primary user. Allows silent AirWatch enrollment via staging account. Device Collection Migration Auto Onboarding SCCM App Migration AirLift to get to Modern Management

SCCM Terms Workspace ONE Translations Intune Translations WMI/MOF Closest would be CSPs/APIs CSPs/APIs Apps & Packages Software Distribution (Win32 Apps) Client Apps (Windows MSI Line-of-Business) Distribution Points (DPs) + BranchCache MDT/OSD CDN + P2P Next Evolution is OOBE/AutoPilot/Dell Factory Provisioning Cloud DPs OOBE + AutoPilot Software Center/App Catalog Workspace ONE Catalog Company Portal MBAM for Encryption BitLocker Lifecycle Management BitLocker Configuration via CSP Collections Smart Groups / Tags Assignments/Groups Software Updates/ADRs/WSUS Windows Update Profile (WUfB or WSUS) Software Updates (WUfB) Task Sequences No Mapping similar to Product Provisioning No Mapping PowerShell Scripts Site Code (3 Characters) & Assigned Site Group ID & Enrollment Group Enrollment Point Device Services (Mobile and Mac Devices Only) -- Tenant Management Point Device Services (Windows Devices) Cloud Management Gateway Primary Site/Secondary Site Parent/Child Organization Group --

Did you know. VMware has supported co-existence ( co-management ) with SCCM since late 2015! So where are we today with speeding your transition to Windows 10 modern management, let s take a look!

Workspace ONE AirLift ConfigMgr Windows 10 Clients 6 Workspace ONE UEM Server-side Connector Web-based Admin Experience Passive Orientation to Simplify Co-Management Fully Productized and Supported Available with ALL Workspace ONE Editions

Communication Protocols Configuration Manager TRADITIONAL AirLift Workspace ONE MODERN Windows Remote Management (WinRM) & Configuration Manager Cmdlets AirLift Web UI AirLift Service Workspace ONE UEM RESTful APIs

AirLift Prerequisites Workspace ONE UEM 9.5+ Admin with API Access & REST API Key Device Services, Console, API URLs SCCM 2012 R2+ SCCM Account with at Least Read-Only Permissions Additional access needed to create Enrollment App from AirLift (Optional) SCCM Account must be Remote Management Group (Win RM) SCCM Site Code SCCM Device Collections with Active Windows 10 Devices AirLift VM (Recommend Small Dedicated VM with Good SCCM Connectivity) AirLift Installer will Download & Install SQL Express and MongoDB Installer will Securely Configure for Use Only by AirLift AirLift will Create Two Services that Run under Network Service

Live Demo: Getting Started with AirLift

Mapping Device Collections

SCCM Device Collection Mapping Empower the admin to accelerate their adoption and visibility of our Co-Management capabilities Leverage existing ConfigMgr Device Collections Complex Query Based Rules Based on Device Type (e.g. Dell XPS) One to Many Mapping between Collections and Workspace ONE Map ConfigMgr Collections to Workspace ONE Smart Groups Backend Task keeps Workspace ONE Synced with ConfigMgr Multiple Purposes for Collection Mapping Windows 10 Devices Systems that can be Upgraded to Windows 10 Dell Laptops, etc. One to One, Many to One or Specific Mapping

Live Demo: Taking Flight with AirLift; Onboarding Devices

Enrollment

Live Demo: Migrating Apps

Application Migration Transition SCCM Applications to Workspace ONE UEM Enumerate SCCM Applications Supports MSI s Supports Scripted Installs (MSI, EXE, ZIP) Supports Multiple Deployment Types Validations to Increase Predictability Rules Introspect SCCM App Metadata BEFORE Export Validate Info (e.g. Install Translated from System to Device ) Validation Error (e.g. Uninstall Command Line Missing) Application Export is NOT App Rationalization Offering Automated Packaging Does Not Work Against SCCM Packages

Troubleshooting AirLift Install Directory: %ProgramFiles%\VMware\VMware AirLift Workspace ONE Enrollment Application Contains the AirWatch Agent, SCCM Integration Client, and icons. AppSettings.JSON Change logging level and contains the connection strings to SQL Express and MongoDB %ProgramData%\VMware\VMware AirLift MongoData Log Contains logs for Mongo DB Logs Contains AirLift logs, more detailed than the Activity Log Note before installing AirLift you should ensure your user account has the minimum required access to SCCM. You should also have admin rights to install all of the dependencies.

Dashboard

FAQ's 1. Does this install require access to the SCCM DB? No 2. How does this communicate with SCCM? WinRM and SCCM Cmdlets 3. What SCCM information does it query? Device Collections, Devices, Users, SCCM Apps 4. What SCCM RBAC access is needed? Read-only Analyst 5. What SCCM RBAC access is optional? Privilege to create SCCM App and Deploy 6. How long will AirLift take to do the initial synchronization? 1-20 mins depending on the size and number of both Workspace ONE and SCCM entities. Subsequent synchronization is incremental. 7. Does AirLift support Direct and Rule-based Device Collections? Yes 8. Does AirLift support anything other than SCCM Device Collections? No

Learn Workspace ONE modern management for Windows 10 Test Drive Workspace ONE on your Windows 10 devices Get Started on Your POC or Deployment Demos https://youtu.be/3ooap0qqom Y https://vmwarelearningzone.vm ware.com/oltpublish/site/cms.d o?view=openlearning Hands-on-Labs http://labs.hol.vmware.com/hol /catalogs/catalog/878 Beginners: HOL-1857-01-UEM - Getting Started Advanced: HOL-1857-02-UEM - Unified Endpoint Management for Windows 10 Sign up to VMware TestDrive: https://portal.vmtestdrive.com/ TestDrive Getting Started Guide: https://kb.vmtestdrive.com/hc/en- us/articles/360001372254-getting- Started-with-TestDrive Workspace ONE for Windows 10 Walkthrough Guide: https://kb.vmtestdrive.com/hc/en- us/articles/360001152734-experience- Workspace-ONE-on-Windows-10 POC: Workspace ONE Windows 10 Reviewers Guide: https://techzone.vmware.com/resour ce/reviewers-guide-windows-10- unified-endpoint-managementairwatch Deployment: Professional Services Use Case Add-on for Windows 10: https://www.vmware.com/content/da m/digitalmarketing/vmware/en/pdf/d atasheet/vmware-workspace-oneairwatch-service-add-on-use-casedatasheet.pdf

You ve got questions, we got answers hopefully

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback