1. Wally Mead
Deploying a System Center 2012
R2 Configuration Manager
Environment to Manage Mobile
Devices

2. Agenda
• Discussion of how to enable, configure,
and use Configuration Manager 2012 R2 to
manage mobile devices with our
integration with Windows Intune
• Demonstrations where appropriate

3. Today’s challenges
Users
Devices
Apps
Data
Users expect to be able to
work in any location and
have access to all their
work resources.
The explosion of devices is
eroding the standards-based
approach to corporate IT.
Deploying and managing
applications across
platforms is difficult.
Users need to be productive
while maintaining
compliance and reducing
risk.

4. Empowering People-centric IT
Enable users
Allow users to work on the
devices of their choice and
provide consistent access to
corporate resources.
Unify your environment
Users
Devices
Apps
Data
Deliver a unified application and
device management onpremises and in the cloud.
Protect your data
Management. Access. Protection.
Help protect corporate
information and manage risk.

5. Selecting the Management Platform
Unified Device Management – System
Center 2012 R2 Configuration Manager
with Windows Intune
Cloud-based Management Standalone Windows Intune
No existing Configuration Manager
deployment
Simplified policy control
Fewer than 7,000 devices and 4,000 users
Simple web-based administration console

6. System Center 2012 R2 Configuration Manager
Enable Users
Allow people to be more
productive from almost
anywhere on almost any
device.
Unify Infrastructure
Reduce costs by unifying IT
management infrastructure.
Simplify
Administration
Improve IT effectiveness
and efficiency.

7. Unified Device Management
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Mac OS X
Windows RT,
Windows Phone 8
iOS, Android

8. Platform Support
OS Platform
Windows 8.1 PC
Management Agent
ConfigMgr Agent
Or
Management Agent (OMA-DM)
End User Experience
Software Center/Application
Catalog
Windows Company Portal app
Windows PC
ConfigMgr Agent
(Windows 8 down to
Windows XP)
Software Center/Application Catalog
Windows RT
Management agent (OMA-DM)
Windows Company Portal app
Windows Phone 8
Management agent (OMA-DM)
Windows Phone 8 Company Portal app
iOS
Apple MDM Protocol
iOS Company Portal app
Android
Android MDM agent (OMA-DM)
Android Company Portal app
Mac
ConfigMgr Agent
N/A
Linux/Unix
ConfigMgr Agent
N/A

9. Registering and Enrolling Devices
Users can enroll devices which
configure the device for
management with Windows
Intune. The user can then use the
Company Portal for easy access
to corporate applications
Users can register
BYO devices for single
sign-on and access to
corporate data with
Workplace Join. As
part of this, a
certificate is installed
on the device
IT can publish access to corporate
resources with the Web Application
Proxy based on device awareness and the
users identity. Multi-factor
authentication can be used through
Windows Azure Active Authentication.
Data from Windows
Intune is sync with
Configuration Manager
which provides unified
management across both
on-premises and in the
cloud
As part of the registration
process, a new device
object is created in Active
Directory, establishing a link
between the user and their
device

10. Preparing the Infrastructure for
Integration
• Requires a Windows Intune tenant account
• Can get a 30-day trial account at
http://windowsintune.com
• Need a public domain and record in DNS
• Configure from the Windows Intune admin portal
• Verify users have UPN in Configuration
Manager
• Configure, then perform AD User Discovery

11. Preparing the Infrastructure for
Integration (2)
• Recommended to have an Active Directory
Federated Services implementation
• It not, should use DirSync with password sync or you will
need to maintain two separate passwords for users
• Configure from the Windows Intune admin portal
• Implement Active Directory Synchronization
• Syncs user accounts from on-premise AD into Windows
Azure AD
• Installed and configured from the Windows Intune admin
portal

12. Preparing the Infrastructure for
Integration (3)
• Create the Configuration Manager subscription
for Windows Intune
• Enable appropriate device platforms
• Enable the Windows Intune Connector site
system role

13. Unified Device Management Configuration
Device management integrated
directly into console
Simple Windows Intune
Subscription set-up
Centralized branding and
customization of Company
Portal experience
Windows Intune Connector
deployed as a Site System Role

14. Configuration Manager 2012 SP1 MDM
Features
•
•
•
•
•
•
•
Over the air device enrollment
Self service portal for end users
User-targeted available application deployment
User and device settings management
Device inventory
Remote device retirement
Remote device wipe

15. Configuration Manager 2012 R2 UDM
Updates
New Features
•
•
•
•
•
Required application deployment
Application uninstall
Company versus Personal device designation
New Company Apps portal
VPN, Wifi, and Certificate Profiles
• Application triggered VPN
• Network traffic triggered VPN

16. Unified Device Management Recap
Unregistered
Registered
MDM Enrolled
Fully Managed
Publish email to users (EAS)
Yes
Yes
Yes
Yes
Publish work folders to users
Yes
Yes
Yes
Yes
Block device
only
Yes
Yes
Yes
Yes
Yes
Yes
Unified Device Management
Yes
Yes
Unified Application Management
Yes
Yes
Selective data wipe
Yes
Yes
Compliance reporting
Yes
Yes
Conditional access based on user, device, location
Audit logging and monitoring
Group Policy and login scripts
Yes
OS deployment and imaging
Yes
Configuration management
Yes
Patch management
Yes
Anti malware management
Yes
Full application management
Yes
BitLocker management
Yes

17. Summary
2012 R2
Modern Device Management
EAS
Unified
Improved
User-centric Application Delivery
User-centric
Win 8 Apps
Web App deployment
New
Flexible hierarchies
Endpoint Protection
Enabled
2012 SP1
Reduced Infrastructure Requirements
Unify
2012
Integrated
Real-time actions
Compliance and Settings Management
Auto remediation
User profile and data
Software Update Management
Improved
Improved
New
Distribution Point for Windows Azure
Improved
Content Management
Modern Management Console
Simplify
Updated engine
New
Windows PowerShell
Role-based Administration
New
Operating System Deployment
Improved
Improved
Client Health
Improved
Improved
Asset Intelligence, Inventory and Software
Metering
Improved
Improved
Additional cmdlets
RBA in Reporting
Windows 8.1 support

18. For More Information
System Center 2012 Configuration
Manager
http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intune
http://www.microsoft.com/enus/windows/windowsintune/try-and-buy
Windows Server 2012
http://www.microsoft.com/en-us/servercloud/windows-server
More Resources:
http://www.microsoft.com/workstyle
http://www.microsoft.com/server-cloud/user-devicemanagement

19. Please evaluate the session
before you leave
