System Center Configuration Manager State of the Nation - Microsoft ...

crookpatedhatΚινητά – Ασύρματες Τεχνολογίες

10 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

74 εμφανίσεις

Finding the right balance

Devices & Experiences
Users Want

Applications and
data across
devices, anywhere

Controlled access
to data with
seamless
authentication


International Telecommunications Union
,
“Tablet Demand and Disruption” Morgan Stanley
, IDC
Source for both:, IDC, “2011
Consumerization

of IT Study : Closing the ‘
Consumerization

Gap’”, July 2011,
VentureBeat

THIS IS
CONSUMERIZATION


BUT NOT
CONSUMERIZATION
OF IT

Devices & Platforms




Single admin

console

Delivery Evaluation Criteria


User


Device type


Network connection



User/Device Relationships

Primary Devices


MSI


App
-
V


Windows 8
Apps (SP1)


Windows 8 Apps in the
Windows
Store (SP1)

Non
-
primary Devices


VDI


Remote Desktop




Deliver best user experience on each device


Define application once




< >

Windows Store

Self
-
Service
Portal (SSP)

Redirects

Integrated

platform

Flexible

virtualization

Powerful
management

Virtual
applications work
as if locally installed


No
dedicated drive letter required

Virtual applications can
work
together


Designed to support highly integrated applications

Optimize disk space in VDI with Shared Content Store


Web
-
based console interface to centrally
manage
applications

Single Management
Infrastructure

Powerful
management

Centrally manage applications using Configuration Manager



Manage both
virtual and
traditional applications

Can leverage the Configuration
Manager 2012 application
model



Multiple
deployment
types

for an application

Flexibility
of using
App
-
V virtual applications


Management
features
provided by Configuration
Manager
integration

Application Model

New feature

Simple configuration

User data and profiles configuration items introduced
with CM12 SP1


Folder
redirection, offline files and roaming
profiles for Windows 8 clients

Compliance
settings
enabled in client properties


No need to add standard configuration items to a baseline

Single user
data and profiles configuration
item


Deployed only to user collections

Easy deployment

MP

DP

Windows Azure

Policy

Content

FIREWALL

PR1

MP



WAN

MANAGEMENT

ANTIMALWARE

PLATFORM

Microsoft Malware
Protection Center

Dynamic
Signature Svc

Available
only

in Windows 8

Endpoint
Protection
Management

Software
Updates +
SCUP

Operating System
Deployment

Settings
Management

Antimalware

Dynamic
Translation

Behavior
Monitoring

Software
Distribution

Vulnerability
Shielding

Windows
Defender
Offline

Internet
Explorer

BitLocker

AppLocker

Address Space
Layout
Randomization

Data
Execution
Prevention

User Access
Control

Secure Boot
through UEFI

Windows
Resource
Protection

Measured Boot

Early Launch
Antimalware
(ELAM)

MDM

Software Updates

ELAM &
Measured
Boot

Cloud clean
restore

Real time Endpoint Protection operations from console

Simplified
Administration

Single administrator
experience for simplified
endpoint protection and
management

Simplified, 3X delivery of definitions through software updates

Malware
-
driven operations from the console

Client
-
side merge of antimalware policies

Integrated optimizations for Windows Embedded clients

New and improved Endpoint Protection client

All Systems

French Systems

French
Desktops

French Servers

English Systems


Meg gives
Louis permissions to
“French Systems”

Louis


can
read

French Systems
and all
collections limited to
French Systems


cannot see
All Systems
and
English
Systems


can
modify

and
delete

French
Desktops


can
create

new collections limited to
French Systems
or
French Desktops

What is Microsoft BitLocker Administration and Monitoring?

MBAM 1.0
objectives:








MBAM 2.0 improved 1.0 functionality and adds additional focus on:







We can use MBAM v1.0 to get greater value from BitLocker. We can ensure that BitLocker is enabled and that we
are compliant with corporate encryption mandates without taxing our employees or IT staff.”

Bob Johnson Director of IT, BT U.S. and Canada

Improving
compliance and
security

Integrating with
existing systems
(
e.g.: SCCM
)

Reducing costs

(
e.g.:
Self Service
,
Simplified Deployment
)

Simplify
provisioning and
deployment

Provide reporting
(
e.g.: compliance & audit
)

Reduce costs

(
e.g.: Simplified
Recovery
)

Configuration
Manager
Integration

Compliance reporting integrated to CM environment

Hardware compatibility & targeting via CM
collections

Offload MBAM client reporting workload to CM client

Windows 8
Support

Windows 8
Enterprise support

Non
-
TPM / Windows To Go Support

Bitlocker Pre
-
Provisioning support

Self Service

Information Worker able to retrieve Recovery Key
via Portal

Recovery
Keys protected with Access Control

Auditing
of
all Recovery
Key
access

Customer
Feedback

More pre
-
req

flexibility (TDE, SPNs, SQL Server)

Improved encryption
flow &
Smarter compliance
calculation

Improved
scalability and performance

Infrastructure Experiences

Real World @ Microsoft IT

107


Countries
Redmond
Site 1

75k Clients

Redmond
Site 2

75k Clients

North & South
America

35k Clients

Europe,
MidEast, Africa

40k Clients

Australia &
Asia

7
5k Clients

Unified Device
Mgmt

Site

~98K devices *

MS Online
Directory
Services
(MSODS)

Active Directory
Federation
Server 2.0

MS Online
Directory Sync
(DirSync)


AD

User Discovery

corp domains

Intune
Subscription

Connector
Site role

Infrastructure


6
Primary Sites


13 Secondary Sites


250
Distribution Points

PCs & Devices


~300,000 clients


~125k mobile devices

Users


~98k FTEs


~82k Vendors

More info
available here:
http://
blogs.technet.com/b/configmgrteam/archive/2013/01/31/new
-
distribution
-
points
-
in
-
configuration
-
manager
-
sp1.aspx


PR1

MP

MP

DP

Windows Azure

Policy

Content

FIREWALL

Enabled for ~270,000
clients geo distributed
across five primary sites


Automatic Client Upgrades @ Microsoft IT
Administration

Available user targeted apps







DeepLink support







In console deployment
m
onitoring







Simplified
Administration
Experience

Advanced
Modern Device
Management

Unified Device Management Scope @ MSIT
N
ative Management Scope

Windows Phone 8


Current: 140


Planned: 24k

Windows RT


Current: 35


Planned: 19k

Apps Published


9 WP8 LOB


1 Deep Linked

Apps Published


12 WinRT Apps


2

Deep Linked

Device Enrollments and Modern Apps

Unified Device Management Solution @ MSIT

Windows PCs, Mac’s: ConfigMgr SP1


WP, Android
,
Smart Phones, etc: EAS


WP8, WinRT, iOS: Intune (native mgmt.)


ConfigMgr 2012 SP1 on
-
prem
i
nfra


Windows Intune Wave D cloud


Exchange connector (reporting)


Single pane of glass and simplified
administration


Managed via ConfigMgr console

Simplified Administration

Unified Device Management Architecture

Unified Management @ MSIT