by Nico Sienaert
This session we will give you a complete overview of the UDM vision that Microsoft has. This vision goes further than the traditional PC & Server Management as we know it today.
Discover what building blocks you can use from the Microsoft stack and how you combine them to give the Unified Experience to your users.
Do you want to attend a discussion on all these technology blocks like Workplace Join, Work Folders, MFA, RMS, Intune…?
•Do you want to learn on how you make this to work?
•Do you want to see them in action?
•Do you want to know about the competition?
•Do you want answers?
Sit down and enjoy the UDM ride. It’s all about the Experience
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Sysctr Track: Unified Device Management: It’s all about the experience
1. Microsoft Unified Device Management
It’s all about the experience
Nico Sienaert (@nsienaert)
Lead Infrastructure Consultant @ Getronics
V-Technology Solutions Professional @ Microsoft
6. Mobile Device Management
Mac OS X
Linux Unix
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Windows RT,
Windows Phone 8
iOS, Android
8. Things to come
PCManagementfeatures
MDM Features
June
2012
+
Service Pack1
Early 2013
iOS & Android
SW Publishing,
EAS Integration
Windows RT &
Window Phone 8
MDM
Unified
Management
Oct 2011
Software
deployment
April 2011
Cloud-based
management
Windows 8
support
Office 365
interoperability
Early 2013
Enterprise
Scale
• Single License: Windows
Intune + Configuration
Manager
• Per User
• Up to 5 devices/user
20. Workplace Join
IT can publish accessto corporate resourceswith the Web Application
Proxy based on device awarenessand the user’sidentity.; multi-factor
authenticationcan be used throughWindows Azure Active
Authentication(formerlyPhoneFactor)
Users can registerBYO devices for single
sign-on and access to corporate data
with Workplace Join. As part of this, a
certificateis installed on the device
Users can enroll devicesthat configure the device for
management with Windows Intune; the user can then
use the Company Portal for easy access to corporate
applications
As part of the registration process, a new
deviceobject is created in Active Directory,
establishing a link between the user and their
device
Data from Windows Intune is in sync with
Configuration Manager,which provides
unified managementacross both on-
premises and in the cloud
25. Dynamic Access Control
Classification Access control Auditing
Rights
Management
Services protection
• Files inherit classification
tags from parent folder
• File owners tag files
manually
• Files are tagged
automatically
• Files are tagged by
applications
• Central access policies are
based on classification
• Access conditions for user
claims, device claims, and
file tags are based on
expressions
• Assistance is available for
denial of access
• Central audit policies can
be applied across multiple
file servers
• Audits for user claims,
device claims, and file tags
are based on expressions
• Audits can be staged to
simulate policy changes in
a real environment
• Automatic Rights
Management Services
(RMS) protection is
available for Microsoft
Office documents
• Protection is in near-real–
time when a file is tagged
• RMS protection extends to
files not created in
Microsoft Office
31. Azure Remote App
3
1
RemoteApp Service
Pre-built template image
Automatically maintained
Published Apps
Session
Host …
Session
Host
Session
Host
Elastic Runtime
Persistent user data
(50GB per user)
Microsoft
Account
Azure Active
Directory
On-premises Network
Windows Server
Active Directory
DirSync
RDP
Identity
Options
Authentication
On-premises Network
Azure VPN
Domain
Joined
Subject to IT policy via
GP, System Center, or
other enterprise
management tools
Standalone ModelHybrid Model