Quo vadis? System Center Configuration Manager Full managed desktop Mobile device management Light managed device policies, inventory, Hybrid management One pane of glass Integration of mobile device management into traditional client management Future platform challenges
The End User Experience Family
Device choice. Simplified management. Managed productivity with Office mobile apps Mobile Desktop device & virtualization application management Conditional access to corporate resources Simplified device enrollment and registration Access & information protection Hybrid identity Single console to manage all devices Desktop Virtualization
Continual ROI on existing investments and rapid support for an ever changing technology landscape Continue to enable customers to extend their existing investment in Configuration Manager Provide a pure cloud based device management service, Intune growing at 50% since beginning of calendar year Build for Service first, then integrate on-prem
Intune standalone (cloud only) Intune web console The How ConfigMgr integrated with Intune (hybrid) ConfigMgr console Cloud-based Management Microsoft Intune No existing Configuration Manager deployment Simplified policy control PC+MDM: 4K users, 6K PCs, and 7K devices MDM Only: 25k users and 50k mobile devices Simple web-based administration console Mobile devices and PCs Microsoft Intune System Center ConfigMgr Microsoft Intune System Center 2012 R2 Configuration Manager with Microsoft Intune Build on existing Configuration Manager deployment Full PC management (OS Deployment, Endpoint Protection, application delivery control, rich reporting) Deep policy control requirements Scale to 100,000 devices Extensible administration tools (RBA, PowerShell, SQL Reporting Services) Domain joined PCs Mobile devices
Single pane of glass Intune: Simple web-based Administration Console and a richer experience for Information Workers SCCM Administration Console and a richer experience for Information Workers
Rapid and agile support of technology changes New device capabilities are releasing faster Update Intune service and provide Extensions for Intune as soon as technology allows Goal: Minimize major on-prem upgrades to deploy support for new features
Extensions for Microsoft Intune Continuous delivery of EMM features for ConfigMgr Updates are automatically downloaded and optionally enabled through admin console. Admin is notified that an extension is available when console is launched Admin goes to Extensions for Intune in console, and enables the extension Extension is activated in Configuration Manager Admin restarts console, and console is updated with the extension Admin uses feature delivered by the extension Admin may wish to disable the extension
Features we have today October 2013 Depth of settings Native Company Portal for ios and Android App management Certificates, VPN/WiFi profiles January 2014 Standalone MDM Email Profiles/Wipe ios 7 Data Protection Settings Remote Lock/PIN Reset May 2014 Windows Phone 8.1 Support Samsung KNOX Standard Support Remote to My PC for ios and Android
Extending the management policies Find the OMA URI (Open Mobile Alliance Uniform Resource Identifier) to target Configuration Service Providers (CSPs) on a device Windows Phone 8.1: Windows Phone 8.1 MDM protocol documentation http://msdn.microsoft.com/en-us/library/dn499787.aspx?wt.mc_id=blog_intune_general_pcit Create the ConfigMgr Configuration Item
Managing devices with Windows 8.1 BASIC LIGHTWEIGHT CONTROL FULL CONTROL Windows Phone 8.1 Windows 8.1 EXCHANGE ACTIVESYNC MOBILE DEVICE MANAGEMENT PLATFORM ACTIVE DIRECTORY GROUP POLICY SYSTEM CENTER ALLOW E-MAIL ACCESS BYOD-STYLE MANAGEMENT FULLY-MANAGED CORPORATE DEVICE
Managing mobile devices with WINDOWS 10 BASIC LIGHTWEIGHT CONTROL FULL CONTROL Windows Mobile Windows EXCHANGE ACTIVESYNC ALLOW E-MAIL ACCESS MOBILE DEVICE MANAGEMENT PLATFORM BYOD-STYLE MANAGEMENT ACTIVE DIRECTORY GROUP POLICY SYSTEM CENTER FULLY-MANAGED CORPORATE DEVICE
Evolving Enterprise Requirements RECENT PAST 9-to-5 Monday-Friday employees at work PCs on a LAN, connected to domain Corporate supplied and managed devices One device ecosystem Extended operating system/servicing lifecycle On-premises applications and file sharing Access controls contained within organizational Deep corporate management controls and policies Malware as vandalism and criminal activity Network perimeter as a viable defense boundary Vertically-integrated devices for task workers MOBILE-FIRST, DEVICE-FIRST 24x7x365 blur of work & personal activity Laptops, tablets, phones anywhere (on any network) Corporate and BYOD, business & personal apps/data Heterogeneous ecosystems (Windows, ios, Android, Chrome) A faster upgrade cadence; shorter device lifecycle SaaS applications and file sharing services Access controls span organizations, apps, individuals Lighter cloud-based management with fewer controls Malware as espionage and weaponry Must operate under assumed breach of network Dynamically adapting devices for task workers
Management choices AVAILABLE CHOICES IDENTITY MANAGEMENT INFRASTRUCTURE OWNERSHIP Active Directory; Azure Active Directory Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM On-premises or in the cloud Corporate-owned, CYOD; BYOD Organizations may mix and match, depending on their specific scenario
Deployment How to get from current OS to the new OS? Standardized on Windows 7 how to bridge the gap? Faster development cycle can I complete deployment? New OS -> New tools? (Infrastructure upgrade required?)
The end of wipe and reload! Tools for compatibility; reduced validation/deployment cost Managed in-place upgrade Runtime configuration customize without imaging
Enabling Windows adoption The enterprise deployment perspective Don t break things Know the customer Ensure readiness Make it simple and flexible Apps, web pages, and drivers should just work Collect data, target what they have and what they need Previews and TAPs early and often enable feedback Provide options, eliminate complexity and cost
App & Device Compat Hardware requirements are unchanged Strong desktop app compatibility Windows Store apps are compatible Internet Explorer enterprise investments
Enterprise upgrade core investment areas Experience Focused on Windows 7 and up Enable in-place upgrade Seamless handoff to CM Device upgrade Readiness Driver availability check Integrated with WSUS Identify test targets Delegate testing Record test results Improved app inventory Includes web apps/sites Dependency tracking App usage metrics Telemetry from Microsoft Reduced test matrix Easily apply mitigations Maintain collection structure Leverage CM for inventory Integrated with WSUS
Deployment choices Wipe-and-Load In-Place Provisioning Traditional process Capture data and settings Deploy (custom) OS image Inject drivers Install apps Restore data and settings Still an option for all scenarios Let Windows do the work Preserve all data, settings, apps, drivers Install (standard) OS image Restore everything Recommended for existing devices (Windows 7/8/8.1) Configure new devices Transform into an Enterprise device Remove extra items, add organizational apps and config New capability for new devices
Traditional Deployment Enhancements to existing tools Minimal changes to existing deployment processes New Assessment and Deployment Kit includes support for Windows 10, while continuing to support down to Windows 7 Minor updates to System Center 2012 (through a hotfix or cumulative update) to add support Minor updates to Microsoft Deployment Toolkit 2013 to add support Will feel natural to IT Pros used to deploying Windows 7 and Windows 8.1 Drop in a Windows 10 image, use it to create your new master image Capture a Windows 10 image, use it for wipe-andload deployments
Moving in-place Coming from Windows 7 or Windows 8? Automated in-place upgrade System Center and MDT support for managing the workflow, or just use WSUS Coming from Windows 8.1? Automated servicing operation (an update) Driven from WSUS or other patching tools Simplified process, builds on prior experience Uses the standard Windows 10 image Automatically preserves existing apps, settings, and drivers Fast and reliable, with automatic roll-back if issues are encountered Strong customer demand Popular for Windows 8 to Windows 8.1 Piloting now with Windows 7 to Windows 8.1, to learn Working with ISVs for disk encryption
Provisioning, not reimaging TAKE OFF-THE-SHELF HARDWARE APPLY A PROVISIONING PACKAGE DEVICE IS READY FOR PRODUCTIVE USE
Provisioning, not reimaging TRANSFORM A DEVICE Enable the Enterprise SKU Install apps and enterprise configuration Enroll the device to be managed via MDM FLEXIBLE METHODS Automatically trigged from the cloud or connection to a corporate network Using media, USB tethering, or even e-mail for manual distribution Leverage NFC or QR codes