Phil Schwan Technical

Similar documents
905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

At Course Completion After completing this course, students will be able to:

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

Mobility Windows 10 Bootcamp

Managing Windows 8.1 Devices with XenMobile

ForeScout Extended Module for VMware AirWatch MDM

Secure Access - Update

Configuring Windows 10 Devices (697)

Windows 10 Azure AD / EMS

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Mobile device management at Microsoft

Office 365: Modern Workplace

Mastering the Move to Modern Management using ConfigMgr

Windows 7 Deployment Key Milestones

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

The Device Has Left the Building

ForeScout Extended Module for MobileIron

NE Administering System Center Configuration Manager and Intune

Quo vadis? System Center Configuration Manager Full managed desktop. Mobile device management Light managed device policies, inventory,

Mobile Security using IBM Endpoint Manager Mobile Device Management

MD-101: Modern Desktop Administrator Part 2

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Microsoft IT deploys Work Folders as an enterprise client data management solution

Managing and Maintaining Windows 8

Intune Policies Guide

Use EMS to protect your mobile data and mobile app

Sophos Mobile Control SaaS startup guide. Product version: 6.1

BYOD: BRING YOUR OWN DEVICE.

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

Google Identity Services for work

BlackBerry UEM Configuration Guide

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

CounterACT Afaria MDM Plugin

2016 BITGLASS, INC. mobile. solution brief

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Windows 10. Tech Note. Open the Window to Endless Possibilities. Windows for the Enterprise. Universal App Experience

Secure IT consumeration (BYOD), users will like you How to make secure access for smart mobile devices

AirWatch Mobile Device Management

Secure & Unified Identity

Symantec Endpoint Protection Family Feature Comparison

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

ForeScout Extended Module for MaaS360

Sophos Mobile Control SaaS startup guide. Product version: 7

AirWatch for Android Devices for AirWatch InBox

COURSE OUTLINE: B Deploying and Managing Windows 10 Using Enterprise Services. Course Name. Course Duration Course Structure Course Overview

Configuration Guide. BlackBerry UEM. Version 12.9

MCSE- Windows Server 2012

AirWatch for ios Devices

Apple OS Deployment Guide for the Enterprise

PLANNING YOUR WINDOWS 10 DEPLOYMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Citrix SSO for ios. Page 1 18

MOC 20416B: Implementing Desktop Application Environments

VMware AirWatch: Directory and Certificate Authority

Adnan Cloud Solutions Architect. SAFFA living in Netherlands, work globally. Microsoft Trainer +25y (xrl MSLearning)

Windows 8/RT Features Matrix

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Systems Manager Cloud-Based Enterprise Mobility Management

Deploying and Managing Windows 10 Using Enterprise Services

Microsoft. MS-101 EXAM Microsoft 365 Mobility and Security. m/ Product: Demo File

Go mobile. Stay in control.

C: Deploying and Managing Windows 10 Using Enterprise Services. Duration: 5 days; Instructor-led

The Zentri Secure IoT Platform

PCI DSS Compliance. White Paper Parallels Remote Application Server

CAN MICROSOFT HELP MEET THE GDPR

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Cloud Print Migration Step-by-Step Deployment Guide

VIRTUSA BYOD PROGRAM

Security Challenges: Integrating Apple Computers into Windows Environments

Microsoft Deploying and Managing Windows 10 Using Enterprise Services

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

OVERVIEW... 3 WHAT'S NEW... 3 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5

Deploying and Managing Windows 10 Using Enterprise Services

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Deployment Genval November 2018

AirWatch for Android Devices for Skype for Business

Exam /Course C or B Configuring Windows Devices

Citrix SSO for Mac OS X. User Guide

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Six steps to control the uncontrollable

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Mobility Manager 9.5. Users Guide

COURSE B: DEPLOYING AND MANAGING WINDOWS 10 USING ENTERPRISE SERVICES

Course Outline. Deploying and Managing Windows 10 Using Enterprise Services Course B: 5 days Instructor Led

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Google Sync Integration Guide. VMware Workspace ONE UEM 1902

Virtru Microsoft Protection

Table of Contents HOL-1757-MBL-6

Centrify Identity Services for AWS

Transcription:

Phil Schwan Technical Architect pschwan@projectleadership.net @philschwan

Today s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.

People-centric IT Enable your end users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Management. Access. Protection. Protect your data Help protect corporate information and manage risk.

Enable users Challenges Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources. Users want an easy way to be able to access their corporate applications from anywhere. IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies. Solutions Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources. Users can enroll their devices, which provides them with the company portal for consistent access to applications and data, and to manage their devices. IT can publish access to corporate resources with conditional access based on the user s identity, the device they are using, and their location.

Helping IT to enable users Users can work from anywhere on their devices with access to their corporate resources. Users can enroll devices for access to the company portal for easy access to corporate applications. IT can publish desktop virtualization resources for access to centralized resources. Users can register devices for single sign-on and access to corporate data with Workplace Join. Firewall IT can provide seamless corporate access. IT can publish access to resources with the web application proxy based on device awareness and the users identity.

People-centric Application Delivery Accessing apps the right way, on the right device Target applications based on user role the best way for each device Windows/Windows RT Windows Phone ios Android MSI App-V (MDOP) Remote App RDS Native App/ App Store OS X Evaluate device capabilities for optimal application delivery Local installation Microsoft Application Virtualization Desktop Virtualization (VDI) Web applications

Unify your environment Challenges MDM products are typically delivered as point solutions, which do not integrate with the main PC management solution already in use. Managing multiple identities and keeping the information in sync across environments is a drain on IT resources. Solutions IT has a single pane of glass to view and manage all managed devices, whether on-premises or cloudbased, PCs or mobile devices. Users and IT can leverage their common identity for access to external resources through federation.

Unify your environment Deliver comprehensive application and device management Single Admin Console User Unified infrastructure enables IT to manage devices where they live Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles IT can manage the device and application lifecycle

Providing users with a common identity IT can use Active Directory Federation Services to connect with Windows Azure for a consistent cloud-based identity. Users are more productive by having a single sign-on to all their resources. Users get access through accounts in Windows Azure Active Directory to Windows Azure, Office 365, and third-party applications. IT can provide users with a common identity across on-premises or cloudbased services, leveraging Windows Server Active Directory and Windows Azure Active Directory. Developers can build applications that leverage the common identity model.

Registering and Enrolling Devices Users can enroll devices that configure the device for management with Windows Intune; the user can then use the Company Portal for easy access to corporate applications Data from Windows Intune is in sync with Configuration Manager, which provides unified management across both on-premises and in the cloud Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificate is installed on the device IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the user s identity.; multi-factor authentication can be used through Windows Azure Active Authentication (formerly PhoneFactor) As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device

Protect your data Challenges As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device. A significant amount of corporate data can only be found locally on user devices. IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance. Solutions Users can work on the device of their choice and be able to access all their resources, while IT can identify at-risk devices through jailbreak and root detection IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents. IT can centrally audit and report on information access.

Help protect corporate information and manage risk Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. Personal Apps and Data Company Apps and Data Remote App Enrollment Lost Retired or Stolen Identify at-risk devices through jailbreak and root detection Selective wipe removes corporate applications, data, certificates/profiles, and policies based as supported by each platform Company Apps and Data Centralized Data Full wipe as supported by each platform Remote App Can be executed by IT or by user via Company Portal Policies Sensitive data or applications can be Policies kept off device and accessed via Remote Desktop Services Lost or Stolen Retired Personal Apps and Data

Full and Selective Wipe Category Windows 8.1 (x86/rt OMA-DM managed) Windows 8 RT Windows Phone ios Android Full Wipe Email (Email through EAS) (Email through EAS) Selective Wipe Corporate Apps (from ConfigMgr / Intune) VPN and Wifi Profiles (Uninstalled + sideloading key removed) Sideloading key removed Certificates Revoked on server N/A Revoked on server Revoked on server Revoked on server Settings Policy enforcement is removed Policy enforcement is removed Policy enforcement is removed Policy enforcement is removed Policy enforcement is removed Management Agent Corporate App Data N/A. Built into OS N/A. Built into OS N/A. Built into OS Management profile removed Data remains encrypted if app is EFS aware App container removed during uninstall App container removed during uninstall Device administrator privilege is revoked

Unified Device Management Console

Platform Support OS Platform Management Agent End User Experience Windows 8.1 PC ConfigMgr Agent Or Management Agent(OMA-DM) Software Center/Application Catalog Windows Company Portal app Windows PC ConfigMgr Agent Software Center/Application Catalog (Win8,Win7,Vista,XP) Windows RT Management agent (OMA-DM) Windows Company Portal app Windows Phone 8 Management agent (OMA-DM) Windows Phone 8 Company Portal app ios Apple MDM Protocol Native ios Company Portal App Android Android MDM agent (OMA-DM) Native Android Company Portal App Mac ConfigMgr Agent Limited self service experience Linux/Unix ConfigMgr Agent N/A

What s New in Mobile Device Inventory? Personal vs. Corporate Owned Devices By default, user-enrolled devices are Personal Admin can specify corporateowned devices App inventory Personal devices Inventory of applications installed by ConfigMgr/Intune only Corporate devices Complete inventory of all applications on the device* App Management New global condition to differentiate app installs on corporate versus personal * ios Apple MDM allows only inventory of MDM provisioned apps

Mobile Device Settings in ConfigMgr 2012 R2 Category Windows 8.1 PC & RT Windows Phone 8 ios VPN Android Wi-Fi Certificates Password (*) (*) (*) Device restrictions (*) Email (*) Store access Browsers (*) (*) Content Rating Cloud Synch Encryption (*) (*) (*) Security (*) (*) (*) * Subset of settings Note: Table applicable to direct MDM and not EAS

Resource Access Configuration New Features* Configure networking profiles VPN profiles Support for Windows 8.1 Automatic VPN Wi-Fi protocol and authentication settings Management and distribution of certificates Benefits End users get access to company resources with no manual steps for them Platforms Windows 8.1 Windows 8.1 RT ios Android

VPN Profile Management Support for major SSL VPN vendors Support for VPN standards Automatic VPN connection SSL VPNs from Cisco, Juniper, Check Point, Microsoft, Dell SonicWALL, F5 Subset of vendors have Windows Windows RT VPN plug-in PPTP,L2TP, IKEv2 DNS name-based initiation support for Windows 8.1 and ios Application ID based initiation support for Windows 8.1

Wi-Fi and Certificate Profiles Wi-Fi settings Manage Wi-Fi protocol and authentication settings Provision Wi-Fi networks that device can auto connect Specify certificate to be used for Wi-Fi connection Manage and distribute certificates Deploy trusted root certificates Support for Security Center Endpoint Protection(SCEP) protocol

Work Folders Sync files and data across devices New feature in Windows 8.1 client and Windows Server 2012 R2 Configuration Manager and Windows Intune support New settings to help provision the Work Folder discovery settings Company Portals have links to Work Folders

Distribution Point for Windows Azure Windows Azure Distribution Point PR1 Policy Content MP Firewall MP Microsoft Update Rich feature set Integrated monitoring In-console content monitoring Ability to monitor storage and traffic out usage Content is fully encrypted DP Corporate Network

Phil Schwan Technical Architect pschwan@projectleadership.net @philschwan

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback