control and manage your cloud clients

Control And

Manage Your Cloud Clients

Olav TvedtChief ConsultantMVP – Windows Expert-IT Pro

Twitter: @olavtwitt – Blog: http://olavtvedt.blogspot.com

2

A revolution occurs only when you have overlooked reality long enough to be surprised by it

• Classic

• Unmanaged

• Some Managed

• MDM

Agenda

OLAV TVEDT

Classic

Active Directory

Authentication (Users and

Computers)

AD LMS

Private PKI Access Token

Direct Access / VPN

Group Policy(Users and

Computers)Intune

Sytem Center SCCM & Intune

Airwatch

Citrix

MobileIron

DomainJoin Object Only

Need DA/VPN For Mobile

No Agent? Agent?

No Device Controll

User Driven

Unmanaged Some Managed MDM

Azure Active Directory

(Azure Directory Device Registration)

ADFS (Workplace Join)

Man

age

me

nt

Co

ns

Au

the

nti

cati

on

Classic

DEVICE MANAGEMENT

Unmanaged

Active Directory

Authentication (Users and

Computers)

AD LMS

Private PKI Access Token

Direct Access / VPN

Group Policy(Users and

Computers)Intune

Sytem Center SCCM & Intune

Airwatch

Citrix

MobileIron

DomainJoin Object Only

Need DA/VPN For Mobile

No Agent? Agent?

Co

ns

No Device Controll

User Driven

DEVICE MANAGEMENT

Classic Unmanaged Some Managed MDM

Au

the

nti

cati

on Azure Active Directory

(Azure Directory Device Registration)

ADFS (Workplace Join)

Man

age

me

nt

Some Managed

Active Directory

Authentication (Users and

Computers)

AD LMS

Private PKI Access Token

Direct Access / VPN

Group Policy(Users and

Computers)Intune

Sytem Center SCCM & Intune

Airwatch

Citrix

MobileIron

DomainJoin Object Only

Need DA/VPN For Mobile

No Agent? Agent?

Co

ns

No Device Controll

User Driven

DEVICE MANAGEMENT

Classic Unmanaged Some Managed MDM

Au

the

nti

cati

on Azure Active Directory

(Azure Directory Device Registration)

ADFS (Workplace Join)

Man

age

me

nt

Authentication

AD FS

Azure Active Directory

Office 365

Intune Dirsync

Active DirectoryDomain Controller

Users

Workplace Join

&

Azure Active Directory Device Registration

https://msdn.microsoft.com/en-us/dn788908

Workplace Join

Or

Azure Active Directory Device Registration

=

Device Based Conditional Access

• Supported Devices – Windows 7 domain joined devices.– Windows 8.1 personal and domain joined devices.– iOS 6 and later.– Android 4.0 or later, Samsung GS3 or above phones, Samsung Note2

or above tablets.

• Scenarios– On-Premises Appliaction– Office 365 Appliactions With Intune

Device Based Conditional Access

https://msdn.microsoft.com/en-us/dn788908

SHOW & TELL:

Azure Active Directory Device Registration

https://msdn.microsoft.com/en-us/6a14cb1f-a058-4453-8ede-d9f4a66a7073.aspx

Server Side

• Prepare Active Directory Forest

• Enable Device Authentication In AD FS

• Configure Directory Sync (DirSync) To Allow Device Object Write-Back

Prepare For Device Registration

Entry Type Address

enterpriseregistration.bergenevry.onmicrosoft.com CNAME enterpriseregistration.windows.net

Enterpriseregistration.ebergenevry.com CNAME enterpriseregistration.windows.net

Client Experience

Azure Experience

AD FS

• AD FS authentication policies, MFA and Workplace Join• Time: 12/02/2015, 11:20 - 12:20 • Location: Room 2

• Quick start guide to deploying AD FS• Time: 13/02/2015, 09:00 - 10:00 • Location: Room 1

• Troubleshooting ADFS and the Web Application Proxy• Time: 13/02/2015, 15:00 - 16:00 • Location: Room 1 John Craddock

Azure RMS

• Cloud based rights management with Azure RMSTime: 13/02/2015, 10:20 - 11:20 Location: Room 1

Morgan Simonsen

Modern Device Management

Mobile

Active Directory

Authentication (Users and

Computers)

AD LMS

Private PKI Access Token

Direct Access / VPN

Group Policy(Users and

Computers)Intune

Sytem Center SCCM & Intune

Airwatch

Citrix

MobileIron

DomainJoin Object Only

Need DA/VPN For Mobile

No Agent? Agent?

Co

ns

No Device Controll

User Driven

DEVICE MANAGEMENT

Classic Unmanaged Some Managed MDM

Au

the

nti

cati

on Azure Active Directory

(Azure Directory Device Registration)

ADFS (Workplace Join)

Man

age

me

nt

Modern Device Management

DEMO:

DEMO:

Random Dude From The Audience

Demonstrate Airwatch User Interface On The Fly

OneGet

-

How To Get What You Want

When You Want It

OneGet Private Store/Provider

If Time DEMO:

OneGet

…..And

Active Directory

Authentication (Users and

Computers)

AD LMS

Private PKI Access Token

Direct Access / VPN

Group Policy(Users and

Computers)Intune

Sytem Center SCCM & Intune

Airwatch

Citrix

MobileIron

DomainJoin Object Only

Need DA/VPN For Mobile

No Agent? Agent?

Co

ns

No Device Controll

User Driven

DEVICE MANAGEMENT

Classic Unmanaged Some Managed MDM

Au

the

nti

cati

on Azure Active Directory

(Azure Directory Device Registration)

ADFS (Workplace Join)

Man

age

me

nt

Avoid Unmanaged

MDM Related

• Empower the Mobile Ecosystem Evolution

• Time: 12/02/2015, 14:40 - 15:40

• Location: Room 7

• Discover Microsoft’s Enterprise Mobility Suite and how to deploy it

• Time: 13/02/2015, 12:20 - 13:20

• Location: Room 3

Lars Vestergaard

Peter De Tender

MDM Related

• Compliance: The new orange in Enterprise Client Management

• Time: 12/02/2015, 16:00 - 17:00

• Location: Room 3

• Welcome to your new life as an Enterprise Client Hybrid Management expert

• Time: 13/02/2015, 10:20 - 11:20

• Location: Room 3 Kent Agerlund

MDM Related

• Microsoft Intune: Client and Device management Chuck Norris style

• Time: 13/02/2015, 09:00 - 10:00

• Location: Room 3Alex de Jong

ENJOY NIC!