Manage and secure iOS and Mac devices in your organization ...

Manage and secure iOS and Mac devices in your organization ...

BRK3101 Manage and secure iOS and Mac devices in your organization with Microsoft Intune Ele Ocholi Program Manager Microsoft Intune Enterprise mobility vision Devices User Apps

Data User IT IT Enable your users Unify your environment Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure.

Protect your data Devices in the Enterprise IT managed Information worker Shared Corporate managed devices only All devices/PCs are enrolled in the company MDM and managed the same

Employee managed Foreign managed Companion Primary Contractor Public kiosk Companion devices allowed Employee managed

devices allowed as companions to corporate managed devices Corporate apps and data focused Devices are not enrolled in MDM at all; rather, the apps and data are managed Devices in the Enterprise Device Management level Full device management

Some App & Data management High device trust Corporat e ? Little to No device management App & Data management focus Low device trust BYO

Agenda Intune + Apple Recent + Upcoming App Management Intune + Apple Recent + Upcoming App

Management Corporat e BYO Full management Pre-enroll / out-of-box enrollment (DEP) Supervised Apps deployed via VPP User-less based enrollment Device enrollment manager User-based enrollment + Company Portal Examples: kiosk, retail, work device

Out-of-box enrollment Apply policy + configuration + lock MDM profile to device + enable Supervised mode Install Comp. Portal (user) Lightweight management User-based enrollment via Company Portal Install App Store apps using Apple ID

Conditional Access/Compliance More App based management Example: BYOD,Install Contractors Users brings Comp. Apply policy device Portal + + Enroll configuration + jailbreak detection

+ AAD device registration + SSO and selective wipe with managed apps Demo DEP in Intune Demo DEP in Intune Apple Cloud Services Microsoft Intune DEP, VPP LOB apps App Store

apps Inventory Remote commands Policies Config Profiles check-in Apple MDM Agent Device Enrollment Microsoft

Intune Company Portal Retire Apple Cloud Services Microsoft Intune DEP, VPP LOB apps App Store apps Inventory

Enrollment Remote Commands Policies Config Profiles check-in Retire Apple MDM Agent Device Microsoft

Intune Company Portal Apple Device Enrollment Program (DEP) Benefits with Intune and DEP Wirelessly preconfigure and enroll devices Streamline Setup Assistant Lock management profile to device Requirement Devices must be purchased from Apple or an authorized DEP reseller Supervised Mode - iOS Why?

Allows additional MDM restrictions Fewer prompts to end users Examples Supervised only: Kiosk (Single App Mode), disable AirDrop Silent app install How? Wirelessly via DEP Prepare new or factory reset iOS device via Apple Configurator Apple Configurator and custom policies Why? Use to set up and configure multiple devices at a time via USB, before giving them to

users. Configure device settings and restrictions, and install apps and other content. Restore devices from a backup. Create and export custom policies that can be imported into Intune. Examples Provide a lock Screen message for devices Set up certain VPN profiles Web content filtering Demo Apple Configurator Jailbreak detection

Symptoms Future Proof Testing Look for symptoms Changes in OS behavior Binaries, config files Presence of certain apps/libraries Detection logic not

tied to any specific jailbreak kit or version Regularly verify against latest jailbreak kits iOS Volume Purchase Program (VPP) For Business App Deployment Makes it easy to discover, purchase, and distribute iOS and Mac apps in volume Custom iOS apps can also be deployed through VPP channels volume.itunes.apple.com IT ADMINISTRATOR Enroll

Sync Deploy Complianc e Demo VPP macOS Management Secure Configure

Audit Web-based enrollment Passcode policies Disk encryption Push Wi-Fi/VPN profiles Push custom policies Push certificates Hardware inventory Software inventory Device reports

Intune + Apple Recent + Upcoming App Management macOS Secure Web-based enrollment Passcode policies Disk encryption Conditional Access

Device Restrictions Functionality Added restrictions settings (general and supervised) Requirements iOS version varies Some settings require supervision Added restrictions in configuration profile General Supervised Airplay passwords Shared photo stream

Managed apps cloud sync Activity continuation Siri filter TouchID unlock iBook store adult content iCloud Photo sharing iCloud Photo Library Trust enterprise apps Media Content Controls on device for 9 regions Apple Watch wrist detection Airdrop from managed apps Account modification Airdrop Cellular data modification

Siri querying user generated content iBook store Find my friends settings modification Erase all content and settings option Enable restrictions option Spotlight internet search results Game Center Host pairing User interactive Configuration profile installation Chat Added Restrictions in configuration profile Supervised Keyboard shortcuts

Device name modification Passcode modification Podcasts Wallpaper modification Siri Profanity filter Word definition lookup Predictive keyboards Auto-correction Keyboard spell-check Enterprise app trust settings modification Install apps using AC2 or iTunes only Automatic app downloads Apple watch pairing Apple News Music Service

iTunes Radio Notification settings modification Hide/Show apps Hide and Show Apps Functionality Hide list: Hide specific apps (all apps, except Settings app) Show list: Shows only apps specified and hides all others (except Settings app) Requirement s

iOS 9.3 or later Supervised Demo Hide and Show Apps iOS 10 VPN: PPTP has been removed from iOS 10 Added Restrictions e.g. Modify Bluetooth (Supervised) Coming Up Azure based console Device based VPP Multi-token support iOS education features Lost mode

More restrictions Demo Azure based console Intune + Apple Recent + Upcoming App Management Mobile application management Multi-identity policy Managed

Managed apps apps Corporate data Personal data Personal apps Deploy policies for app-layer protection per user, per app Maximize mobile productivity and protect corporate resources with Office mobile apps, App Store and LOB Apps including multi-identity support

Manage only corporate data and leave personal alone on multi-identity supported apps Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps Demo App Policy Manage mobile productivity without device enrollment MAM policies Personal apps

MDM optional (Intune or 3rd-party) Corporate apps MDM policies App restriction policies Enforce corporate data access requirements Prevent data leakage on the

device Enforce encryption of app data at rest App-level selective wipe Enabling Protection for Apps Paths to MAM Microsoft Applications Microsoft Office

and Productivity Apps Natively manageable with Intune MAM Same App Store Apps for Personal and Corporate Intune Companion Apps Support protected web browsing and content viewing

App Wrapping Tool Enables protection for LOB apps No code changes required, targeted for IT Pros App SDK Enables full DLP for any app, including Store Apps

Requires app participation, targeted for Developers Xamarin and Cordova Support Expanding App ecosystem https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/pa rtners.aspx Devices in the Enterprise Device Management level Full device management App level management high device trust

Corporat e ? Little to No device management App & Data management focus Low device trust BYO Check out other sessions

BRK3149 - Learn what's new with OSD in System Center Configuration Manager and Microsoft Deployment Toolkit (Tuesday 9 A.M.) BRK2138 Intune and Configuration Manager overview (Tuesday 10:45 A.M.) BRK3225 - Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune (Tuesday 2:15 P.M.) BRK2273 - Secure Android devices and apps with Intune (Wednesday 10:45 A.M.)

BRK3101 - Manage and secure iOS and Mac devices in your organization with Intune (Wednesday 2:15 P.M.) BRK2120 - Manage modern enterprise applications with Microsoft Intune & HockeyApp (Wednesday 4 P.M.) BRK3012 - Enhance Windows 10 security and management with ConfigMgr, Intune, and new cloud services (Wednesday 4 P.M.) BRK3093 - Accelerate your Microsoft Enterprise mobility and security deployment with FastTrack (Thursday 9 A.M.) BRK3102 - Conduct a successful pilot deployment of Microsoft Intune (Thursday 10:45 A.M.) BRK2292 - Learn how Intune helped Avanades global workforce get more productive (Thursday, 12:45 P.M.) BRK2137 - Align your Windows 10 management strategy to end-user and IT needs Thank You! Any Questions?

Free IT Pro resources To advance your career in cloud technology Plan your career path Cloud role mapping Microsoft IT Pro Career Center Get started with Azure Self-paced

curriculum byEssentials cloud role Microsoft IT Pro Cloud Demos and how-to videos Pluralsight 3 month subscription (10 courses) Connect with peers and experts www.microsoft.com/itprocareercenter

Expert advice on skills needed www.microsoft.com/itprocloudessentials $300 Azure credits and extended trials Microsoft Mechanics www.microsoft.com/mechanics Phone support incident Weekly short videos and insights from Microsofts leaders and engineers Microsoft Tech Community Connect with community of peers and Microsoft experts https://techcommunity.microsoft.com Please evaluate this

session Your feedback is important to us! From your PC or tablet, visit MyIgnite at http://myignite.microsoft.com On your phone, download and use the Ignite Mobile App by scanning the QR code above or by visiting https://aka.ms/ignite.mobileapp 2016 Microsoft Corporation. All rights reserved.

Recently Viewed Presentations

  • Data Representation and Architecture Modelling

    Data Representation and Architecture Modelling

    Data Representation and Architecture Modelling . Revision. Binary system. Conversion. Convert decimal to binary. Convert binary to decimal and hexadecimal. Integer representation. Unsigned notation. Signed notation Excess notation. ... Data Representation and Architecture Modelling
  • Lecture 19 Synaptic transmission, vesicle fusion and cycling

    Lecture 19 Synaptic transmission, vesicle fusion and cycling

    K+ Cl- K+ Cl- I V EK < 0 driving force K+ Cl- K+ Cl- I V EK = 0 E (mV) E - actual membrane potential ENa = +60 mV EK = -90 mV Erest = -70 mV -...
  • Digital Systems: Hardware Organization and Design

    Digital Systems: Hardware Organization and Design

    G.729 G.723.1 Veton Këpuska Digital Systems: Hardware Organization and Design Architecture of a Respresentative 32 Bit Processor Speech Processing Speech Coding Speech Coding Definition: Speech Coding is a process that leads to the representation of analog waveforms with sequences of...
  • Immigration, Trade and Transportation: BNA at Mid-Century

    Immigration, Trade and Transportation: BNA at Mid-Century

    Clear Grits Canada West George Brown Conservative Party Canada West (John A Macdonald, Alan McNab) Bleus Canada East Geroge-Etienne Cartier Moderate Expansion of industry and commerce Liberals Canada West Francis Hinks Reformers Parti Rouge Canada East Antoine-Aime Dorion Galt See...
  • SoLID Magnet, Engineering and Cost

    SoLID Magnet, Engineering and Cost

    Experiment Requirements. SoLID requires a magnet to produce a uniform, symmetric field primarily in the direction of the beam; ideal choice of solenoid. The magnetic field is utilized for tracking and background shielding. The . spectrometer requires: large acceptance in...
  • Technical Report ISCC Meeting 16th February 2009

    Technical Report ISCC Meeting 16th February 2009

    Implement auto-restart of HIS in PLC, maintenance of 7 gap, interlocks… Vacuum. General vacuum maintenance and consolidation, interlocks, gauges… Controls and Applications. Element scanning vs faraday cup, debugging, modify equiparray input, finish applications for REXEBIS… Beam Diagnostics. Consolidation of diagnostics...
  • Christopher Nolan: on Cgi

    Christopher Nolan: on Cgi

    One is to fool the audience into seeing something seamless, and that's how I try to use it. The other is to impress the audience with the amount of money spent on the spectacle of the visual effect, and that,...
  • Basic Statistics for the Behavioral Sciences

    Basic Statistics for the Behavioral Sciences

    Animatism Animatism is a belief that the world is animated by impersonal supernatural powers. Unlike animism, the form of power is ambiguous it does not take a particular shape, emotion, etc. Often found in similar cultures where animism is found.