What's your BYOD Strategy? Objectives and tips from Microsoft & Aptera
0 likes834 views
The document discusses the challenges and strategies of implementing a Bring Your Own Device (BYOD) policy, focusing on how Microsoft addresses user needs for productivity across various devices. It highlights the unified management of devices and applications, ensuring data protection and compliance while empowering users with self-service capabilities. Key topics include mobile device management features, user experience across platforms, and flexible licensing options for organizational deployment.
What's your BYOD Strategy? Objectives and tips from Microsoft & Aptera
- 1. BYOD – Strategy, Objectives and and Tools Aptera Jan 2014 .
- 18. How Microsoft addresses today’s challenges Users Devices Apps Data Users expect to be able to work in any location and have access to all their work resources. The explosion of devices is eroding the standards-based approach to corporate IT. Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk.
- 19. Empowering People-centric IT Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Protect your data Management. Access. Protection. Help protect corporate information and manage risk.
- 20. Selecting the Management Platform Unified Device Management – System Center 2012 R2 Configuration Manager with Windows Intune Cloud-based Management - Standalone Windows Intune No existing Configuration Manager deployment Simplified policy control Fewer than 7,000 devices and 4,000 users Simple web-based administration console
- 21. Windows Intune – Standalone service Windows PCs (x86/64, Intel SoC) Windows RT, Windows Phone 8 iOS, Android Manage up to 7,000 devices and 4,000 users
- 23. Mobile Device Management with Windows Intune Direct management (Windows RT, Windows Phone 8, iOS) EAS based management
- 24. Information Worker Self-service Experience Connect every user ‘s device to the service Enable them to discover applications Let users manage their own devices and data Provide a premium end user experience
- 25. End User Experience Consistent self service experience for end user across mobile platforms Windows RT Company Portal Windows Phone 8 Company Portal iOS Company Portal Native Windows application Native Windows Phone 8 app (.xap) Native iOS application Available in the Windows Store Side-loaded during enrollment Available in the Apple App store
- 26. End User Capabilities for each Platform Windows 8 & Windows 8.1 Windows RT & Windows 8.1 RT Windows Phone 8 iOS Android Enroll (local device) Yes Yes Yes Yes EAS Rename devices Yes Yes Yes Yes No Retire (un-enroll local device) Yes Yes Yes Yes No Remotely wipe other devices Yes Yes No No No Install enterprise LOB applications Yes Yes Yes Yes Yes Install publicly available applications Yes Yes Yes Yes yes Browse to web links Yes Yes Yes Yes Yes Contact IT Yes Yes Yes Yes Yes
- 27. Mobile Device Inventory Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync. No software inventory for mobile devices to respect the Information Worker’s privacy on their own device. IT Pros can track storage on mobile devices which help them anticipate/troubleshoot issues.
- 28. Settings Management Security policy on devices (iOS, Windows RT and WP8) Direct management and Exchange ActiveSync. Reporting available on each setting whether it is applicable, conformant or has an error. The same security policy template is used for both Direct Management and EAS to help Admins Android and Windows Phone 7 devices can be managed through EAS
- 29. Application Management on Mobile Devices Platforms Windows 8/Windows RT Windows Phone 8 iOS Android Sideload to install *.appx *.xap *.ipa *.apk Deep links to store apps – install from store
- 30. Software Distribution Summary Desktop Apps (.msi, .exe) Platform Modern App Types Side loading .appx .xap .ipa .apk Deep Links web apps Windows 8 Pro/Ent √ √ √ √ Windows RT ** √ √ √ √ √ √ √ √ √ √ iOS √ Android √ WP8 Windows 7 and below ** √ Windows 8 SSP on WinRT will show MSI/EXE apps that can remotely install to other PCs linked to the user, but not installable on the local Window RT device √
- 31. Protect your data Help protect corporate information and manage risk Lost or Stolen Retired Lost or Enrollment Stolen • Selective wipe removes corporate applications, data, and policies based as supported by each Users can access corporate data regardless of device or location with Work Folders for data sync and desktop virtualization for centralized applications. IT can provide a secure and familiar solution for users to access sensitive corporate data from anywhere with VDI and RemoteApp technologies. platform Personal Apps and Data Personal Apps and Data Company Apps and Data Company Apps • Full wipe if supported by each platform and Data • Can be executed by IT or by user via Company Portal Retired Remote App Centralized Data Remote App • Sensitive data or applications can be kept off Policies Policies device and accessed via Remote Desktop Services
- 32. Recap: MDM Features per Platform Management Feature Windows RT Windows Phone 8 iOS Y Y Y Y Y Y Y Settings Management Y Y Y Y Software Distribution Y Y Y Y Y Y Y Over-the-air Enrollment Inventory Remote Wipe Android
- 34. Appendix
- 35. Windows Intune integrated with System Center 2012 R2 Configuration Manager Windows PCs (x86/64, Intel SoC), Windows to Go Windows Embedded Mac OS X Windows RT, Windows Phone 8 iOS, Android
- 36. Manage and Secure PCs and Devices Anywhere Simple web-based Administration Console and a richer experience for Information Workers Help protect PCs from malware Manage updates Distribute software Proactive monitoring and alerts Provide remote assistance Inventory hardware and software Monitor & track licenses Increase insight with reporting Set security policies Richer Mobile Device Management
- 37. Non-intrusive Management Management tasks can work with the Windows 8 maintenance window Management tasks do not interrupt if the end user immersed in a modern application
- 38. Mobile device wipe and retire Category Full Wipe Windows 8.1 (MDM managed) Not applicable Windows 8 RT Not applicable Windows Phone iOS Android (EAS) Retire (Selective wipe) (Email through EAS) (Email through EAS) Company apps and associated data installed by using Configuration Manager and Windows Intune Uninstalled and sideloading keys are removed. In addition any apps using Windows Selective Wipe will have the encryption key revoked and data will no longer be accessible Sideloading keys removed but remain installed Settings Requirements removed Management Client Not applicable. Management agent is built-in Email (Email through EAS) Uninstalled and data removed Uninstalled and data removed Apps and data remain installed Requirements removed Requirements removed Requirements removed Requirements removed Not applicable. Management agent is built-in Not applicable. Management agent is built-in Management profile is removed Not applicable. Management agent is built-in
- 39. Mobile Device Settings Setting name EAS WinRT/ WinPh8 iOS (Activesync) Require a password to unlock mobile devices √ √ Required password type √ √ √ Minimum password length √ √ √ Allow simple passwords √ √ √ Number of repeated sign-in failures before device is wiped √ √ √ Minutes of inactivity before device screen is locked √ √ √ Password expiration (days) √ √ √ Remember password history Password √ √ √ √ √ Allow convenience logon (WindowsRT only) Allow camera √ Allow web browser Device restrictions √ √ √ Allow backup to iCloud (iOS only) √ Allow documents sync to iCloud (iOS only) √ Allow photostream sync to icloud (iOS only) √ Maximum size of e-mail attachments Encryption E-mail synchronization for last (days) √ Allow mobile devices that don’t fully support these settings to synchronize with Exchange Email √ √ Require encryption on mobile device √ Require encryption on storage cards √
- 40. Mobile Device Inventory Property Win RT WP8 iOS Android (EAS) Device name Y Y Y Y Unique device ID Y Y Y Serial number Y Email address Y Y OS type Y Y OS version Y Y OS language Y Y Y Y Y Y Y Total storage space (GB) Y Y Free Storage space (GB) Y Y System enclosure Chassis Y System enclosure IMEI Y Manufacturer Y Y Model Y Y Y Y Phone number (masked except last 4 digits) Y Y Subscriber carrier Y Cellular technology(none, GSM, CDMA) Y WiFI MAC Y Enrolled date (local time) Y Y Y Last contact (local time) Y Y Y Y Y Last Exchange status Y Last Policy update status Y Access State Y Access state reason Y Management state Y ActiveSync ID Y
- 41. Flexible Licensing that Fits Your Needs Don’t Have Configuration Manager Windows Intune (includes Configuration Manager license) ($6 per user per month) Windows Intune & Windows Enterprise (includes Configuration Manager license) ($11 per user per month) Already have Configuration Manager Windows Intune (Add-On) ($4 per user per month) • Single License: Windows Intune and Configuration Manager • Per User Licensing • Up to 5 devices/user
- 42. For More Information System Center 2012 Configuration Manager http://technet.microsoft.com/enus/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33 Windows Intune http://www.microsoft.com/en-us/windows/windowsintune/try-andbuy Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windowsserver More Resources: http://www.microsoft.com/workstyle http://www.microsoft.com/server-cloud/user-device-management