Saturday, March 18, 2017

Mobile device management strategies

For the wide range of devices in your organization, Microsoft offers two primary management tools:

■ System Center Configuration Manager offers full management capabilities over traditional domain-joined Windows PCs, including those running Windows To Go and Windows Embedded. It also works with Apple-branded devices running OS X. Using the most recent release, System Center Configuration Manager (SCCM) and Endpoint Protection (Version 1511), you can manage Windows 10 devices via MDM directly.

■ Microsoft Intune is a cloud-based service that can manage PCs running Windows 10, as well as mobile devices running Windows 10 Mobile, iOS, and Android. You don’t have the same control as with a fully managed, domain-joined PC, but you can effectively exercise light control over predictable scenarios. Microsoft Intune can also be integrated into SCCM.

The key to successfully integrating your workers’ personal PCs and tablets into an MDM strategy is a set of open standards that use the Open Mobile Alliance Device Management protocols—OMA-DM 1.2.1, to be specific. These protocols allow secure communication with cloud-based management services using HTTPS.

This management agent is available on most mobile devices, and it is included by default with all editions of Windows 10, with no additional software required. For PCs owned and managed by your organization, you can deploy the full Configuration Manager client. For personal devices that employees bring in as part of a BYOD strategy, joining the domain as a fully managed device is either impractical or impossible—personal devices running the Core edition of Windows 10 or Windows 10 Mobile lack domain-join capabilities. In that case, you can use Microsoft Intune to perform light management capabilities.

Management tools that support OMA-DM—including Microsoft Intune, MobileIron, and AirWatch—can perform various useful tasks:
■ Hardware and software inventory
■ Configuration of key settings
■ Installation and configuration of modern line-of-business (LOB) applications
■ Certificate provisioning and deployment
■ Data protection, including the ability to wipe a lost or stolen device

Two additional features also can be used as part of a BYOD strategy. Using Azure Active Directory (Azure AD), you can authenticate a personal device and allow the user to access corporate resources and applications.

Source of Information : Microsoft Introducing Windows 10 For IT Professionals

No comments: