In the second in the series of seminars Charlie Hales and Nigel Robson will demonstrate how your business could use technologies it may have already invested in, such as System Center Configuration manager (SCCM) and Exchange to enable its Mobile Device Management (MDM) & BYOD strategies.
You may find that simple infrastructure changes result in big benefits such as improved user experience and support functionality; and hardware cost reductions.
Charlie and Nigel will then focus on the functionality Intune can offer when combined with your existing SCCM infrastructure, including management of all devices (PCs and mobile) through one interface.
2. Agenda
@ Overview from last Seminar
@ Use what you already have
@ Windows device possibilities
@ Exchange
@ SCCM overview
@ Intune
3. Overview from last Seminar
@ What is Mobile Device Management
@ Strategy
@ What is a Mobile Device?
@ Mobile Device Management vs Mobile Application Management
@ What is BYOD
@ What can MDM/BYOD do for business?
@ Where is your Data?
@ Acceptable usage policy
@ Defining the right solution
4. Data Classifications
Information
Category
Description Example Information Assets
Public Information which is or can be made public. Advertisements
Public web content
Proprietary Information which is restricted to internal access and protected from
external access. Unauthorised access could cause a drop in customer
confidence, could influence operational effectiveness, cause financial loss
or provide gain for competitors.
Internal presentations
Performance data
Source code
Proprietary knowledge
Confidential Information received from Customers, or sensitive information about
Customers and Staff.
Customer Data
Customer intellectual property
Customer documents
Customer backups
Internal reports
Restricted Highly sensitive information
Limited access to specific individuals
Passwords
HR & Payroll
Backups
Card Data
DPA Information
5. Data Classifications
Category Public Proprietary Confidential Restricted
Description: Prevent easy access without prolonged or
determined access to the device
Prevent access even with prolonged and
determined access to device
As per confidential and access is
restricted to specific individuals
Physical Media or Device
Printed Media ok In possession of staff or customer In possession of staff or customer, within
property
Held in the safe or secure ICT Server
room
Mobile Phone ok PIN Coded PIN Coded & Remote Wipe not normally acceptable
Laptop / Tablet ok User authentication Authentication & Encryption not normally acceptable
Portable Storage ok Encryption Encryption Held in a safe
PC ok User authentication Physically Secured within property or
Encrypted
Physically secured within property
Cloud Storage ok Encrypted Encrypted not normally acceptable
7. Defining the right solution
@ What do you want to manage on the device?
@ Types of devices
@ PIN
@ Remote Wipe/Selective Wipe
@ Apps
@ Device/App Encryption
8. Defining the right solution
@ What do you want to manage on the device?
@ Integration with enterprise
applications
@ Multi user profiles
@ Separation of personal and work
data
@ Internet access
@ Advanced features
@ Data usage
@ GPS tracking
9. Example of device functionality
Content removed when
retiring a device
Windows 8.1 Windows Phone 8 iOS Android
Company apps and
associated data installed by
using Configuration Manager
and Windows Intune
Uninstalled and sideloading
keys are removed.
In addition any apps using
Windows Selective Wipe will
have the encryption key
revoked and data will no
longer be accessible.
Uninstalled and data
removed.
Uninstalled and data
removed.
Apps and data remain
installed.
VPN and Wi-Fi profiles Removed. Not applicable. Removed.
VPN: Not applicable.
Wi-Fi: Not removed.
Certificates Removed and revoked. Not applicable. Removed and revoked. Revoked.
Settings Requirements removed. Requirements removed. Requirements removed. Requirements removed.
Management Client
Not applicable. Management
agent is built-in.
Not applicable. Management
agent is built-in.
Management profile is
removed.
Device Administrator
privilege is revoked.
Example for SCCM and Intune
10. Use what you already have
@ Dependant on devices and existing technologies
@ Workplace folders
@ Exchange ActiveSync
@ Networking tools
@ SCCM (with Intune)
11. Workplace folders
@ Free and managed version
similar to Dropbox
@ Built into Windows 8.1
@ Windows 7 released this week
@ Soon will also work with iOS
and possibly Android
12. Exchange Active Sync by Server
@ Very limited in Exchange 2003 (now unsupported)
@ Added HTML emails, Auto discover and a few others in Exchange
2007 but still limited
@ 2010 SP1 onwards (including Office 365) saw improvements, added
Block/allow/quarantine list for example
@ Still some limitations in Exchange 2013 and Office 365, for example:
@ Free/Busy lookup
@ Encryption
@ Limited phone policies, e.g. application management
14. What is SCCM
@ Device Management
@ Desktops, laptops, thin clients, mobile devices
@ Operating System Deployment
@ Anti-virus
@ Software Update Management
@ Power Management
@ Client Health & Monitoring
@ Asset Intelligence and Inventory
15. What is SCCM
@ Application management
@ Application Delivery
@ Application Intelligence and Inventory
@ Application Updates
@ Deploy to user or device
@ Self-Service for application provisioning
19. Differences between Intune and
Intune with SCCM
@ Intune is a standalone product for managing devices from the cloud
@ Intune standalone is a subscription service
@ Limited domain integration to your infrastructure unless SCCM, ADFS
or DirSync is used
@ Limits in domain related tasks and business specific tasks
20. Intune Limitations
@ Limited integration with Apple VPP
@ Device encryption capabilities limited
@ Intune is still maturing and therefore missing some of the more
advanced features of a fully fledged MDM solution.
21. Intune Costs
@ Complicated as always with Microsoft
@ Available through multiple options
@ Online
@ Through EA
@ Add on to existing SCCM/SCEP licencing, or can be purchased together new
27. Summary
@ Define requirements first
@ System fundamentals
@ What devices will be used
@ Use what you already have if possible?
@ Windows devices
@ Exchange
@ SCCM overview
@ Intune
28. Upcoming Events….
@ Mobile Device Management & BYOD Technologies - The
Major Players on 23rd May. Charlie Hales and Ian Craggs
@ How to Build a Benefits-led Business Case on 9th May.
Joanne Adair and Alistair McLeod