Laat ons weten wat u vindt van deze sessie! Vul de evaluatie

in via www.techdaysapp.nl en maak kans op een van de 20

prijzen*. Prijswinnaars worden bekend gemaakt via Twitter (#TechDaysNL). Gebruik hiervoor de code op uw badge.

Let us know how you feel about this session! Give your

feedback via www.techdaysapp.nl and possibly win one of

the 20 prizes*. Winners will be announced via Twitter

(#TechDaysNL). Use your personal code on your badge.

* Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are examples

Application deployment

across several devices

with ConfigMgr 2012 R2 Kenneth van Surksum & Peter Daalmans

Agenda

• Introduction

•Microsoft’s Cross Plaform Architecture

•Enrollment

•Deployment Types for Mobile Applications

•Settings Management

Introduction

Who we are Kenneth van Surksum Consultant at itgration Microsoft MVP for 3 yrs, vExpert for 2 yrs

Authoring: • Contributor System Center 2012 Configuration Manager Unleashed • Contributor System Center 2012 R2 Configuration Manager Unleashed • Contributor System Center 2012 R2 Service Manager Unleashed • Co-Author Mastering Windows 7 Deployment

Communities: • Co-founder WMUG NL (http://wmug.nl) • Founder and Blogger www.vansurksum.com • Chief Editor at virtualization.info en cloudcomputing.info

Speaker: • Microsoft Techdays • Microsoft Management Summit

Follow me: @kennethvs / www.vansurksum.com

Who we are Peter Daalmans Senior Technical Consultant at IT-Concern 3 year Microsoft MVP: Enterprise Client Management (ConfigMgr and Windows Intune)

Author: • Mastering System Center 2012 Configuration Manager • Mastering System Center 2012 R2 Configuration Manager

Communities: • Co-founder WMUG NL (http://wmug.nl) • Founder and Blogger ConfigMgrBlog.com

Speaker: • Spoke on several events like TechDays Netherlands, ExpertsLive,

User Group meetings, TechEd New Zealand and TechEd Australia.

Follow me: @pdaalmans / ConfigMgrBlog.com / peter.daalmans@it-concern.nl

Cross platform

support

Microsoft’s cross-platform management

Microsoft’s cross-platform Architecture

Mac OS X

Windows PCs (x86/64, Intel SoC),

Windows to Go Windows Embedded

Windows RT, Windows Phone 8

iOS, Android

Microsoft Exchange Server 2010 SP3 Microsoft Exchange Server 2013

or Office 365

Windows Intune & ConfigMgr 2012 R2

• Infrastructural requirements: • Windows Intune subscription

• Windows Azure Active Directory Sync tool (DirSync)

• Windows Intune Connector site role

Single Sign On

• Two options: • Via Windows Azure Active Directory Sync tool (DirSync)

• Passwords need to be synced to Azure Active Directory • Authentication is done on Azure Active Directory

• DirSync and Active Directory Federation Services • No passwords are saved in the cloud • Authentication happens on your Active Directory

• Not supported but you can configure DirSync what to synchronize.

How does ADFS work?

AFDS Proxy ADFS / DC

Windows Azure Active Directory Sync tool without password sync

1. User goes to Windows Intune portal.manage.microsoft.com

2. User is redirected to ADFS Proxy

3. User provides AD credentials

4. Credentials are verified

5. User receives security token

6. User presents security token and gets access (or not)

DMZ

Active Directory 1. User goes to Windows Intune portal.manage.microsoft.com

2. User is redirected to ADFS Proxy

3. User provides AD credentials

4. Credentials are verified

5. User receives security token

Setting up Windows Intune

1. Go to http://www.windowsintune.com and sign up for a trial

2. Setup Domain Name in Windows Intune

3. Setup UPN in your Active Directory (if different from domain name in Windows Intune)

4. Setup DirSync

5. Setup ADFS / ADFS Proxy

6. Activate Users in Windows Intune Portal (https://account.manage.microsoft.com/)

7. Install and configure Windows Intune Connector in Configuration Manager 2012 R2 (set MDM Authority)

Demo Windows Intune and ConfigMgr together

How does ConfigMgr keep up

with Windows Intune and the market?

• Updates of Windows Intune are done quarterly

• Via the Extensions for Windows Intune Microsoft is able to add Windows Intune features to Configuration Manager 2012 R2

• Recently added: • Email Profiles Extension (Configure and wipe Exchange

ActiveSync accounts on managed iOS and Windows Phone 8 devices.)

• iOS 7 Security Settings (Adds functionality for iOS 7 security settings such as “Open In” and lock screen settings.)

Demo Extensions for Windows Intune

Mobile Device Enrollment

•Enrollment is done by the users themselves

•Enrollment can be done from the Company Portal for • Android • iPhone / iPad

•Enrollement via build in OMA-DM agent • Windows RT • Windows Phone

Demo Enrollment Android & iPad

End User Experience

Native Windows app package (.appx)

Available in the Windows Store

Windows Phone 8 Company Portal

iOS/Android Company Portal

Native Windows Phone 8 app (.xap)

Needs to be sideloaded

Web based portal Hosted in Windows Intune

Windows RT Company Portal

Deployment Types for Mobile

Applications

Platforms Windows App Windows Phone Apple iOS

Android

Application install (sideloading)

*.appx *.xap *.ipa *.apk

Deep links from store

Windows Store Windows Phone Store

Apple App Store Google Play

Deeplinking Applications

•Deeplinking • Providing direct links to the application in the Application Store

• Windows Store • Windows Phone Store

• Apple Store

• Google Play

Demo Deeplinking Mobile Applications

Sideloading

•Sideloading • In house/company custom developed applications

• Requires development tools/license • Microsoft: Visual Studio

• Apple: Xcode

• Google: Android Developer Tools plugin for Eclipse

Testing Sideloaded Applications

• Testing Applications • Google: Just enable installation on a per device basis

• Apple: UUID of device must be registred to developer (100 max/year) - http://developer.apple.com/programs/ios/enterprise

• Microsoft: Domain Joined Machines via GPO and a Certificate

• Microsoft Phone: Emulator for Windows Phone 8/Windows Intune

Trial Management for Windows Phone 8

Installing Sideloaded Applications

• Microsoft: Domain Joined (GPO/Certificate) or non domain joined

or specific editions (Pro) then sideloading key (per 100)

• Microsoft Windows (Phone): Code signing using Verisign Certificate (http://www.symantec.com/verisign/code-signing/windows-phone)

• Google: Just install

• Apple: Encrypted file must be authorized (uses Apple Fairplay DRM) and Installation must be done via Web Company Portal (http://m.manage.microsoft.com)

Demo Sideloading Mobile Applications

Web Applications

•Deploy a link to a website, just like an application

Settings Management

•Settings Management

•Retire/Wipe devices

Demo Settings Management

Laat ons weten wat u vindt van deze sessie! Vul de evaluatie

in via www.techdaysapp.nl en maak kans op een van de 20

prijzen*. Prijswinnaars worden bekend gemaakt via Twitter (#TechDaysNL). Gebruik hiervoor de code op uw badge.

Let us know how you feel about this session! Give your

feedback via www.techdaysapp.nl and possibly win one of

the 20 prizes*. Winners will be announced via Twitter

(#TechDaysNL). Use your personal code on your badge.

* Over de uitslag kan niet worden gecorrespondeerd, prijzen zijn voorbeelden – All results are final, prices are examples