empowering people-centric it douglas griffin senior consultant, steeves and associates 28 may 2014
TRANSCRIPT
Empowering people-centric IT
Douglas Griffin
Senior Consultant,
Steeves and Associates
28 May 2014
My First “Mobile” Device - 1985Mobility has changed since 1985
• 29 pounds
• No battery – required power source
• Zilog Z80 microprocessor
• 64 kilobytes of RAM (why would anyone need more?)
• Two 5¼-inch double-density floppy-disk drives (plenty of storage)
• CP/M operating system
• And it cost around US $1,800.00
It started out manageable . . .
. . . But gradually mushroomed
It started out manageable . . .
AppsUsers
DataDevices
What we want
Reality
“the end user gets the experience they want and IT gets the control that they want.”
Satya Nadella
Mobility is the new normal
67%of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves
905Mtablets in use for work and home globally by 2017
FORRESTER RESEARCHBRING THE BUSINESS CASE FOR A BRING-YOUR-OWN-DEVICE (BYOD) PROGRAM, FORRESTER RESEARCH, INC., OCTOBER 23, 2012
FORRESTER RESEARCH2013 MOBILE WORKFORCE ADOPTION TRENDS, FORRESTER RESEARCH, INC., FEBRUARY 4, 2013
People-centric IT
Enable users
Access to company resources consistently across devicesSimplified registration and enrollment of devicesSynchronized corporate data
Unify your environment
On-premises and cloud-based management of devices within a single console.Simplified, user-centric application management across devicesComprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles
Protect your data
Protect corporate information by selectively wiping apps and data from retired/lost devicesA common identity for accessing resources on-premises and in the cloudIdentify which mobile devices have been compromised
√
Enable users
Unify your environment
Protect your data
People-centric IT
Enable usersTo work across multiple devices
With access to the apps and data they need
While enjoying a consistent experience
All through a single, verified identity
It all starts with a person…
You know who people are…
93% of Fortune 500 use Active Directory
Microsoft
12B+ Windows Azure Active Directory authentications per week
Microsoft
People are using multiple devices
Flexible access makes for happy usersThe focus is on productivity, not on abstract notions of ownership or IT standards. Indeed, 67
percent of the people who use a smartphone for work—and 70 percent of those who use a tablet for work—are choosing the device themselves and not necessarily thinking about whether the enterprise will support it.Forrester Research The state of workforce technology adoption: global benchmark 2012, Forrester Research, Inc., April 12, 2012
Cloud services Store apps
Company self-service portal
The logos above may be the property of their respective owners.
Line of business apps SaaS apps
Microsoft MDM Platform Support“Modern” Platforms
• Windows 8 RT• Windows Phone 8 (and 8.1)• iOS (5.x, 6.x, 7.x)• Android (2.3+ via EAS)• Android (4.0+ via native agent)• Windows 8.1 (x86/x64 and RT)
Features fully integrated into ConfigMgr
• Over the air device enrollment• Available user targeted applications• User and device settings management• Device inventory• Remote device retirement• Remove device wipe (full and selective)• Company branding• Web apps and remote apps• Required application deployment• VPN/Wi-Fi/certificate profiles• Additional settings
Platform Support in ConfigMgr R2OS Platform Management Agent End User Experience
Windows 8.1 PC ConfigMgr Agent Or
Management Agent(OMA-DM)
Software Center/Application Catalog /ConfigMgr Company Portal appWindows Intune Company Portal app
Windows PC (Win8,Win7,Vista,XP)
ConfigMgr Agent Software Center/Application Catalog
Windows RT Management agent (OMA-DM) Windows Company Portal app
Windows Phone 8.x Management agent (OMA-DM) Windows Phone 8 Company Portal app
iOS Apple MDM Protocol Native iOS Company Portal App
Android Android MDM agent (OMA-DM) Native Android Company Portal App
Mac ConfigMgr Agent Limited self service experience
Linux/Unix ConfigMgr Agent N/A
Demo•Windows Intune Connector• Active Directory Sync• ADFS• Portal access
Configuration Manager with Windows Intune integration
Enable users
Unify your environment
Protect your data
Enable users
Windows Intune
Microsoft System Center 2012 R2 Configuration Manager
Windows Server
Windows Azure
Enable users
Unify your environment
Protect your data
Protect your data
Protect your dataIT can enforce protection of corporate assets
Through secure access to apps and data
With enforcement of strong authentication for sensitive information
Security and ComplianceSettings Management
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
SoftwareUpdates
File
ActiveDirectory
Baseline Configuration Items
Auto RemediateOR
Create Alert (to Service Manager)!
Improved functionalityCopy settingsTrigger console alertsRicher reporting
Enhanced versioning and audit trackingAbility to specify versions to be used in baselinesAudit tracking includes who changed what
Pre-built industry standard baseline templates through IT Governance, Risk & Compliance(GRC) Solution Accelerator
Assignment to collections Baseline drift
Demo• Compliance Settings for mobile
devices• Remediation of non-compliant
devices when appropriateConfiguration Management using Configuration Manager and Windows Intune
Personal Apps and
Data
Lost or Stolen
Company Apps and Data
Remote App
Centralized Data
EnrollmentRetired
Company Apps and Data
Remote App
Policies
Policies
Lost or Stolen
Company Apps and Data
Remote App
Policies
Personal Apps and
Data
Retired
Personal Apps
and Data
IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies.
Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications.
Selective WipeSelective wipe removes corporate applications, data,
certificates/profiles, and policies as supported by
each platform
Full wipe if supported by each platform
Can be executed by IT or by user via Company Portal
Sensitive data or applications can be kept off device
and accessed via Remote Desktop Services
Demo•Wipe corporate data and leave
personal applications and data •Wipe lost or stolen device
completelySelective Wipe
Corporate policy
IT is empowered to protect company assets
IT ADMIN
Company self-service portal
The logos above may be the property of their respective owners.
Variables Who What data Where What device
Delivery options Native app Remote app SaaS app Virtual Desktop
(VDI)
Additional controls Dynamic Access
Control Rights
Management Services
Windows Azure Multi-Factor Authentication
Enable users
Unify your environment
Protect your data
Protect your data
Windows Intune
Microsoft System Center 2012 R2 Configuration Manager
Windows Server
Windows Azure
Enable users
Unify your environment
Protect your data
Unify your environment
Unify your environmentBuild on existing investments and resources
While providing a single view across all devices
To manage the experience at the user level
And simplify IT
Demo• Application Model• Deployment Types• RequirementsDeploying
Applications with Configuration Manager
PC management Mobile device management
People-centric IT offers a single administrator console for unified device management…
On-premises Cloud
IT ADMIN
IT ADMINIT ADMIN
Mobile device management (MDM) is still a separate market, but organizations are increasingly looking to use a single vendor and management platform to support their PCs, Macs, and mobile devices.
People-centric IT offers a single administrator console for unified device management…
On-premises Cloud
IT ADMIN
…and gives users a common identity and single sign-on experience.
Mobile device management (MDM) is still a separate market, but organizations are increasingly looking to use a single vendor and management platform to support their PCs, Macs, and mobile devices.
Enable users
Unify your environment
Protect your data
Unify your environment
Windows Intune
Microsoft System Center 2012 R2 Configuration Manager
Windows Server
Windows Azure
Next Steps
• Evaluate your environment• Identity your needs• Start your design
http://www.steeves.net