Microsoft has a history of providing rich IT-infrastructure solutions to help manage every aspect of enterprise operations. Microsoft’s people-centric solution consists of products and technologies that can help IT departments handle the influx of consumer-oriented technology and the work style expectations of users, thereby helping increase productivity and satisfaction for the people within their organizations. Microsoft’s people-centric IT vision helps organizations enable and embrace the consumerization of IT by: 1. Enabling your end users by allowing users to work on the device(s) of their choice and providing consistent access to corporate resources from those devices. 2. Helping protect your data by protecting corporate information and managing risk. 3. Unifying your environment by delivering comprehensive application and device management from both your existing on-premises infrastructure, including System Center Configuration Manager, Windows Server, and Active Directory, as well as cloud-based services, including Windows Intune and Windows Azure. Let’s discuss each of these areas in more detail.

1. System Center 2012 R2
Configuration Manager with
Windows Intune
Amit Gatenyo
CEO, Dario
Microsoft Regional Director – Management & Windows Server
054-2492499
Amit.g@dario.co.il

2. The explosion of devices is
eroding the standards-based
approach to corporate IT.
Devices
Deploying and managing
applications across
platforms is difficult.
Apps
Today’s challenges
Data
Users need to be productive
while maintaining
compliance and reducing
risk.
Users expect to be able to
work in any location and
have access to all their
work resources.
Users

3. Devices AppsUsers
Empowering People-centric IT
Enable users
Allow users to work on the
devices of their choice and
provide consistent access to
corporate resources.
Protect your data
Help protect corporate
information and manage risk.Management. Access. Protection.
Data
Unify your environment
Deliver a unified application and
device management on-
premises and in the cloud.

4. Selecting the Management Platform
Unified Device Management – System Center
2012 R2 Configuration Manager with Windows
Intune
Cloud-based Management - Standalone
Windows Intune
No existing Configuration Manager deployment
Simplified policy control
Simple web-based administration console

5. System Center 2012 R2 Configuration Manager
Enable Users
Allow people to be more productive
from almost anywhere on almost any
device.
Simplify Administration
Improve IT effectiveness
and efficiency.
Unify Infrastructure
Reduce costs by unifying IT
management infrastructure.

6. Enable Users
Unified Device Management
User-centric Application
Delivery

7. Unified Device Management
Mac OS X
Windows PCs
(x86/64, Intel SoC),
Windows to Go
Windows Embedded
Windows RT,
Windows Phone 8.x
iOS, Android

8. Platform Support
OS Platform Management Agent End User Experience
Windows 8.1 PC ConfigMgr Agent
Or
Management Agent(OMA-DM)
Software Center/Application Catalog
Windows Company Portal app
Windows PC
(Win8,Win7,Vista,XP)
ConfigMgr Agent Software Center/Application Catalog
Windows RT Management agent (OMA-DM) Windows Company Portal app
Windows Phone 8
Windows Phone 8.1
Management agent (OMA-DM) Windows Phone 8 Company Portal app
iOS Apple MDM Protocol iOS Company Portal app
Android Android MDM agent (OMA-DM) Android Company Portal app
Mac ConfigMgr Agent Limited self service experience
Linux/Unix ConfigMgr Agent N/A

9. Registering and Enrolling Devices
IT can publish access to corporate resources with
the Web Application Proxy based on device
awareness and the users identity. Multi-factor
authentication can be used through Windows
Azure Active Authentication.
Users can register BYO
devices for single sign-on
and access to corporate
data with Workplace Join.
As part of this, a certificate
is installed on the device
Users can enroll devices which
configure the device for management
with Windows Intune. The user can
then use the Company Portal for easy
access to corporate applications
As part of the registration
process, a new device object is
created in Active Directory,
establishing a link between the
user and their device
Data from Windows Intune is
sync with Configuration
Manager which provides unified
management across both on-
premises and in the cloud

10. What’s New in Mobile Device Inventory?
* Inventory capability varies by device platform
Global condition to differentiate
app installs on corporate versus
personal
App Management
Personal devices – Inventory only apps
installed by ConfigMgr/Intune
Corporate devices – Complete inventory of
all applications on the device*
App inventory
By default, user-enrolled devices
are “Personal”
Admin can specify corporate-
owned devices
“Compromised” device detection
Personal vs Corporate
Owned Devices

11. Extensions for Windows Intune
Admin is
notified that
an extension
is available
when
console is
launched
Admin goes
to
Extensions
for Intune in
console, and
enables the
extension
Extension is
activated in
ConfigMgr
• (Extension
enables on all
site system,
then console
updates are
avail)
Admin
restarts
console, and
console is
updated with
the extension
Admin uses
feature
delivered by
the extension
Admin may
wish to
disable the
extension

12. Mobile Device Settings in ConfigMgr 2012 R2
Category Windows 8.1 PC & RT Windows Phone 8.1 iOS Android
VPN   
Wi-Fi    
Certificates    
Email Profiles  
Password (*) (*)   (*)
Device restrictions  (*) (*)   (*)
Store access  
Browsers  (*) (*)  (*)
Content Rating 
Cloud Sync (*) 
Encryption (*)   (*)  (*)
Security (*) (*) (*) (*)
Roaming (*) (*)
Windows Server Work Folders 
* Device platform supports a subset of the settings

13. Resource Access Configuration
Support platforms
Windows 8.1
Windows 8.1 RT
Windows Phone 8.1
iOS
Android
Benefits
End users get access to
company resources with no
manual steps for them
Features*
Management and distribution of certificates
Corporate email profile provisioning
Configure networking profiles VPN profiles
Support for Windows 8.1 Automatic VPN
Wi-Fi protocol and authentication settings
Configure remote connection to work PCs

14. VPN Profile Management
Support for major SSL
VPN vendors
DNS name-based initiation
support for Windows 8.1,
Windows Phone 8.1 and iOS
Application ID based initiation
support for Windows 8.1
Automatic VPN
connection
Support for VPN
standards like PPTP, L2TP,
IKEv2
SSL VPNs from Cisco, Juniper,
Check Point, Microsoft, Dell
SonicWALL, F5
Subset of vendors have Windows
Windows RT VPN plug-in

15. Wi-Fi and Certificate Profiles
Wi-Fi settings Manage and distribute certificates
Deploy trusted root certificates
Support for Simple Certificate Enrollment Protocol (SCEP)
Manage Wi-Fi protocol and authentication settings
Provision Wi-Fi networks that device can auto connect
Specify certificate to be used for Wi-Fi connection

16. Email profile management
Manage Exchange ActiveSync accounts
New in January 2014 release!
Configure account settings and security restrictions
Enable certificate authentication
Support for iOS and Windows Phone 8
Enables selective wipe of managed email profile (if
platform supports it)
Delivered as Configuration Manager Extension for
Windows Intune

17. Work Folders
Sync files and data across devices Configuration Manager and Windows
Intune support
New settings to help provision the Work Folder
discovery settings
Company Portals have links to work folders
New feature in Windows 8.1 client and Windows
Server 2012 R2

18. Full and Selective Wipe
Windows 8.1 (x86/RT
OMA-DM managed)
Windows 8 RT Windows Phone
8.1
iOS Android
Full Wipe   
Selective Wipe
Email  (Mail App)  (Mail App)  
Company apps
and data
Apps uninstalled.
Sideloading keys removed.
Data removed.
Sideloading keys
removed but apps
remain installed.
Uninstalled and data
removed.
Uninstalled and data
removed.
Apps and data remain
installed.
VPN and Wi-Fi
profiles
Removed. Not applicable. Removed. Removed.
VPN: Not applicable.
Wi-Fi: Not removed.
Certificates Removed and revoked. Not applicable. Removed. Removed and revoked. Revoked.
Settings Requirements removed. Requirements removed. Requirements removed. Requirements removed. Requirements removed.
Management
Client
Not applicable. Management
agent is built-in.
Not applicable.
Management agent is
built-in.
Not applicable.
Management agent is
built-in.
Management profile is
removed.
Device Administrator
privilege is revoked.

19. Unified Device Management Recap
Unregistered Registered MDM Enrolled Fully Managed
Publish email to users (EAS) Yes Yes Yes Yes
Publish work folders to users Yes Yes Yes Yes
Conditional access based on user, device, location Block device only Yes Yes Yes
Audit logging and monitoring Yes Yes Yes
Unified Device Management Yes Yes
Unified Application Management Yes Yes
Selective data wipe Yes Yes
Compliance reporting Yes Yes
Group Policy and login scripts Yes
OS deployment and imaging Yes
Configuration management Yes
Patch management Yes
Anti malware management Yes
Full application management Yes
BitLocker management Yes

20. User-centric Application Delivery
Windows 8 Apps
Benefits
Software distribution updated
End user installation same
as today
End users have one location
for all enterprise apps
Windows RTWindows 8
Windows Store
Firewall
Corporate
Applications

21. User-centric Application Delivery
Administration
Delivery Evaluation Criteria
• User
• Device type
• Network connection
User/Device Relationships
Primary Devices
• MSI
• App-V
• Windows 8 Apps
• Windows 8 Apps in the Windows Store
Non-primary Devices
• VDI
• Remote Desktop

22. User-centric Application Delivery
End User Self-Service
IT
Administrators publish software
titles to catalog, complete with
meta data to enable search
• Deliver best user experience
on each device
Users can browse, select and install
directly from Catalog
• Application model determines
format and policies for delivery
User

23. Unify Infrastructure
Reduced Infrastructure
Requirements
Endpoint Protection
Compliance and Settings
Management
Distribution Point for
Windows Azure
Software Update
Management
Content
ManagementUnify Infrastructure
Reduce costs by unifying
IT management
infrastructure.

24. Reduced Infrastructure Requirements
Central Administration Site
• Scale
• Support multiple primary
sites
• Future proofing your
hierarchy (SP1)
Primary Sites
• Client assignment (up to 100k)
• Reduce impact of a primary site
failing
• Political reasons
• Delegated administration
• Different client agent settings
• Language packs
• DMZ/Internet Facing
• Untrusted forests (new in R2)
Secondary Sites
• Content fan-out
• Manage upward
flow of WAN
traffic
• Content routing
• Throttling (now in
Distribution
Points)
ReasonsWhyObsoleteReasons
Distribution Points
• Distribute Content
• Branch Distribution
Points

25. “We spend almost [U.S.] $800 per server on annual maintenance activities. Configuration Manager scales to our
organization size and now we are able to reduce the number of servers from 110 to 35, thus saving on the
maintenance costs.” – Systems management administrator at a US based manufacturing company
Cross-platform Integration
Manage non-Windows desktops including Mac OS X
Manage non-Windows servers including Linux and
UNIX
Access business apps on non-Windows machines via
Citrix XenApp integration
* Cross-platform integration enhancements are
available with Configuration Manager Service Pack 1
(beta released in September 2012)
Consolidation and Cross-platform Integration
Consolidation
Co-locating site system roles onto
single server.
Eliminating servers required for
client security.
Simplifying system architecture by
reducing number of sites.
600 hours or U.S. $30,000 saved each year due to reduced administration
overhead
Business Value of Microsoft® System Center 2012 Configuration Manager

26. Unified Device Management Configuration
Device management integrated
directly into console
Simple Windows Intune Subscription
set-up
Centralized branding and
customization of Company Portal
experience
Windows Intune Connector deployed
as a Site System Role

27. Security and Compliance
Endpoint Protection
Unified Infrastructure
Simplified server
and client deployment.
Streamlined updates.
Consolidated reporting.
Comprehensive
Protection Stack
Behavior monitoring.
Antimalware.
Dynamic Translation.
Windows Firewall Management.

28. Security and Compliance
Settings Management
ConfigMgr MP Baseline ConfigMgr Agent
WMI XML
Registry IISMSI
Script SQL
Software
Updates
File
Active
Directory
Baseline Configuration Items
Auto Remediate
OR
Create Alert
(to Service Manager)!
Improved functionality
Copy settings
Trigger console alerts
Richer reporting
Enhanced versioning and audit tracking
Ability to specify versions to be used in baselines
Audit tracking includes who changed what
Pre-built industry standard baseline templates
through IT Governance, Risk & Compliance(GRC) Solution
Accelerator
Assignment to
collections Baseline drift

29. CAS
Primary Site
MP Role
Primary Site
DP Role
Assigns policy to scan for
update status or to deploy
update
Distributes updates
Reports
compliance
Microsoft Update
Primary Site
SUP Role/WSUS
Identifies who needs updates
and reports on complianceDownloads updates
Auto Deployment
Faster deployment through search.
Schedule content download and deployment to avoid
reboot during work hours.
State-based Updates
Allows individual or group deployment.
Updates added to groups auto deploy to targeted
collections .
Optimized for New Content Model
Reduce replication and storage.
Expired updates and content deleted.
Security and Compliance
Software Update

30. Distribution Point for Windows Azure
Rich feature set
PR1
MP
MP
DP
Windows Azure
Distribution Point
Microsoft Update
Policy
Content
Firewall
Corporate NetworkIntegrated monitoring
In-console content monitoring
Ability to monitor storage and traffic out
usage
Content is fully encrypted

31. Content Management in R2
monitoring
The sources for a pull DP can be randomized to achieve load balancing and flexibility.
Pull DP in-console monitoring on par with standard DP.
Enable pull distribution point to send state messages via MP.
Pull DP
improvements
Reduced the amount of interaction between remote DPs and the Distribution Manager.
Optimized content distribution by adding distribution point priority and keeping send requests in SQL.
New report: Distribution Point Usage – shows how much a particular DP gets used.
Infrastructure
improvements

32. Modern Management
Console
Role-based
Administration
Operating System
Deployment
Asset
Intelligence
Client
Health
Simplify Administration
Improve IT effectiveness
and efficiency.
Simplify Administration

33. Intuitive ribbon interface
In-console alerts
Global search capability
New collection membership
rules allow better filtering
of members
Windows PowerShell
enablement
Modern Management Console

34. Unified Device Management Console
Mobile device management integrated
directly in to console experience
Common tools for policy and
application management
Unified reporting across device
platforms
User collections enable user-centric
setting and application deployment
across device types

35. Role-based Administration
Functionality ConfigMgr 2007 ConfigMgr 2012
What types of objects can
I see and what can I do to
them?
Class rights Security roles
Which instances can I see
and interact with?
Object instance
permissions
Security scopes
Which resources can I
interact with?
Site specific resource
permissions
Collection limiting
Meg - WW Central System
Administrator
Louis - Software Update
Manager for France
Bob - US and France
Security Admin
• Can see & update “France”
desktops
• Cannot modify security settings
on “France” desktops
• Cannot see “All Systems”
or “U.S.” desktops
• Can see and modify
security settings on
“France” and “U.S.”
desktops
• Cannot update “France”
or “U.S.” desktops
• Cannot see “All Systems”
Map the organizational roles of your administrators
to defined security roles
• Security organization role
• Geography
Reduces error, defines span of control for the organization
RBA enhancements in R2 include SQL Reporting

36. Operating System Deployment
Multiple Deployment
Method Support
PXE initiated deployment allows client computers to
request deployment over the network
Multi-cast deployment to conserve
network bandwidth
Stand-alone media deployment for no network
connectivity or low bandwidth
Pre-staged media deployment allows you to deploy
an operating system to a computer that
is not fully provisioned
User State Migration Tool (USMT) 4.0 UI integration
makes it easier transfer files and user settings from one
machine to another
CAS
Primary Site
MP Role
Primary Site
DP Role
Image Task Sequence
Report
WDS PXE Server

37. Core Operating System Deployment Scenarios
Scenario Key Functionality
New computer
• Fresh install of a new operating system on client or server system
• New or repurposed hardware
PXE boot
• Integrate with Windows Deployment Services (WDS) PXE server
• Self-provisioning via F12
Wipe-and-load
• Install new version of operating system
• Reinstall applications and user state under new operating system
Side-by-side • Similar to wipe-and-load, except between two different devices
Offline with
removable media
• With low bandwidth or no connectivity
• Large software packages are on the media
Prestaged Media
• Optimized for network bandwidth
• Speeds up end to end deployment

38. Client Activity and Health
In-console view of client health
Threshold-based console alerts
Heartbeat DDRs
HW/SW inventory and status
Remediation

39. Asset Intelligence, Inventory, and Software Metering
Consolidated/simplified reporting that allows you to
Understand software installation profiles
Plan for hardware upgrades
Identify over or under licensing issues
Track custom apps or groups of titles
Software Metering
and License Reports
Asset Intelligence
Service
Asset Intelligence Catalog
Real-Time Application
and Hardware Intelligence
ConfigMgr Inventory

40. SummaryEnabledUnifySimplify
Role-based Administration
Content Management
Software Update Management
Reduced Infrastructure Requirements
User-centric Application Delivery
Modern Device Management
Compliance and Settings Management
Endpoint Protection
Operating System Deployment
Asset Intelligence, Inventory and Software
Metering
2012
EAS
User-centric
Updated engine
Improved
RBA in Reporting
Windows 8.1 support
2012 R2
Improved
Web App deployment
New
Integrated
Auto remediation
Improved
New
Improved
Improved
2012 SP1
Unified
Win 8 Apps
Flexible hierarchies
Real-time actions
User profile and data
Improved
Improved
Improved
Modern Management Console Additional cmdletsNew Windows PowerShell
Client Health Improved Improved
Distribution Point for Windows Azure New

41. System Center 2012 R2
Configuration Manager with
Windows Intune
Amit Gatenyo
CEO, Dario
Microsoft Regional Director – Management & Windows Server
054-2492499
Amit.g@dario.co.il

42. Windows Embedded Support
• Windows Thin PC
Repurposed PC
Supported Write Filters
• File Based Write Filters (FBFW)
(preferred for scalability)
• Enhanced Write Filters (EWF) RAM
Ability to force persistence of changes for
• Applications
• Packages and programs
• Software updates
• Task sequences
• Endpoint Protection client installation
Eventual persistence of changes for
• Client agent settings
• Settings management remediation
• Power management
Without write filters enabled, embedded devices can be
managed like any other Windows client. When write filters
are enabled, they require special handling, now provided
seamlessly.
• Windows XP Embedded
• Windows Embedded Standard 2009
• Windows Embedded Standard 7
• Windows Embedded Standard 8
Thin Clients
Same as Thin Clients, plus
• POS Ready 2009
• POS Ready 8
POS/Kiosk
• Windows Embedded Standard 2009
• Windows Embedded Standard 7
• Windows Embedded Standard 8
Digital
Signage

43. Linux and UNIX Servers
• Version 4 (x86/x64)
• Version 5 (x86/x64)
• Version 6 (x86/x64)
Red Hat
Enterprise
Linux
• Version 9 (SPARC)
• Version 10 (SPARC/x86)
• Version 11 (SPARC/x86)
Solaris
• Version 9 (x86)
• Version 10 SP1 (x86/x64)
• Version 11 SP1 (x86/x64)
SUSE Linux
Enterprise
Server
Supported Operating System’s across both:
• Configuration Manager
• Operations Manager
Earlier versions supported as long as vendor provides support
Broader Linux distro support being evaluated
for future releases
Hardware and Software Inventory
Software Deployment
• Using the Package and Program model
• Deploy/patch software, deploy OS patches and run
maintenance scripts that target a collection
Consolidated reports
• CentOS 5, 6
• Debian 5, 6, 7
• Ubuntu 10.4 LTS, 12.4 LTS
• Oracle Linux 5, 6
• HP-UX 11iv2, 11iv3
• AIX 5.3, 6.1, 7.1
Recently
Added

44. Mac OS X
Configuration Manager native client
Key management capabilities
Improved enrollment in R2

45. Scenarios Hybrid Standalone
Default browser Yes Yes
Disable Copy and paste functionality Yes Yes
Disable Telemetry/Diagnostic data Submission (SQM/Watson) -
Granular
Yes Yes
Screen Capture Yes Yes
File encryption on mobile device Yes Yes
Allow simple password Yes Yes
Alphanumeric Password required Yes Yes
Idle time before mobile device is locked (minutes) Yes Yes
Minimum complex characters Yes Yes
Minimum password length (characters) Yes Yes
Number of failed logon attempts before device is wiped Yes Yes
Number of passwords remembered Yes Yes
Password complexity Yes Yes
Password expiration in days Yes Yes

46. Scenarios Hybrid Standalone
Bluetooth Yes Yes
Camera Yes Yes
Disable Internet Explorer Yes Yes
Disable USB sync No No
Disable WiFi Yes Yes
Near field communication (NFC) Yes Yes
Prevent user initiated un-enrollment/ disable PC settings No No
Removable storage (Any external storage device) Yes Yes
Disable Application Store Yes Yes
Disable Internet Sharing over WiFi (Tethering) Yes Yes
Disable Wi-Fi Offloading Yes Yes
Wi-Fi Hotspot reporting Yes Yes
Disable Custom Email Account (all or nothing) Yes Yes
Allow Microsoft Account Yes Yes – Roadmap
Turn on/off location awareness (cellular or GPS) Yes Yes