Benutzer- und Geräteverwaltung Überblick über die Lösung Juni 2013

Präsentation zum Thema: "Benutzer- und Geräteverwaltung Überblick über die Lösung Juni 2013"—  Präsentation transkript:

1 Benutzer- und Geräteverwaltung Überblick über die Lösung Juni 2013
Hi, and welcome to the User and Device Management solution overview. In this presentation, we will be covering the scenarios and solutions included in System Center 2012 R2 Configuration Manager, Windows Intune, and Windows Server 2012 R2 as they relate to User and Device Management. In a world of consumerized devices and mobility, there are significant new challenges customers are facing. The prevalence, speed, and availability of affordable high-speed cellular and Wi-Fi networks provide support for people who are increasingly mobile and expect to have access to both personal and corporate information from anywhere on any device. In order to meet these demands while retaining control and compliance, customers need to deploy and configure capabilities for providing access to corporate resources and enabling information protection. These solutions provide the means to manage a user’s identity across the data center and federated into the cloud, provide secure remote access, and define the resources and level of access to information users have based on who they are, what they are accessing, and from what device. When we look at the trends we are seeing at the moment, they can be summarized into a set of user and IT related needs: User Trends Users want to be able to work productively from any location, connected to any network and on a device of their choice. Users want access to corporate applications and data from any location across multiple devices. Users want to be able to use a single set of credentials with a consistent identity across devices, applications, and services. Users need seamless access to corporate applications and data from any location, regardless of whether the resources reside in private cloud data centers or on public cloud infrastructure. IT Trends IT needs to easily deploy an access and information protection infrastructure that provides users with consistent access to corporate resources. IT needs to provide efficient and secure access to applications and data for mobile workers, partners, and customers that reside outside of corporate control. IT needs to ensure that corporate information is being accessed and shared appropriately, with the ability to audit against internal and regulatory requirements. Microsoft’s User and Device Management solution unifies market-leading PC management with mobile device management for the enterprise which enables IT to provide users with access to the corporate resources they need on the devices they choose while using their existing infrastructure. Applications can be delivered to users’ devices in a way that is optimized for each device. IT can manage both corporate- and personally- owned devices with a unified infrastructure, making it easier for administrators to identify and help achieve compliance.

2 3/28/2017 Disclaimer Die nachfolgenden Folien enthalten vorläufige Informationen, die sich bis zur Veröffentlichung der finalen kommerziellen Version der hierin beschriebenen Software noch substanziell ändern können. Die in dieser Präsentation enthaltenen Angaben spiegeln die aktuelle Sicht durch das Unternehmen Microsoft zum Zeitpunkt der Veröffentlichung wider. Da Microsoft auf sich ändernde Marktanforderungen reagieren muss, stellt dies keine Verpflichtung seitens Microsoft dar, und Microsoft kann die Richtigkeit der dargelegten Informationen nach dem Zeitpunkt der Veröffentlichung dieser Präsentation nicht garantieren. Diese Präsentation dient lediglich Informationszwecken. MICROSOFT SCHLIESST FÜR DIE IM ROADMAP-ABSCHNITT DIESER PRÄSENTATION ENTHALTENEN INFORMATIONEN JEDE AUSDRÜCKLICHE, KONKLUDENTE ODER GESETZLICHE GEWÄHRLEISTUNG AUS. Microsoft kann Patente, Patentanmeldungen, Schutzmarken, Urheberrechte oder andere Rechte geistigen Eigentums haben, die in dieser Präsentation behandelten Gegenstände betreffen. Soweit nicht eine ausdrückliche schriftliche Lizenzgenehmigung seitens Microsoft vorliegt, gibt die Bereitstellung dieser Information Ihnen keinerlei Lizenz über diese Patente, Schutzmarken, Urheberrechte oder andere geistige Eigentumsrechte. © 2013 Microsoft Corporation. Alle Rechte vorbehalten. This presentation is to talk about the key investments we are planning to make for the next wave of Microsoft’s people-centric IT solution, including Windows Server, Windows Intune, and System Center Configuration Manager. What I am sharing with you today is a very preliminary view into our planned investment areas and some of the capabilities that are being considered or built for the next release of these products. Keep in mind that we’re still early in the process and the content I cover will change and evolve as we learn more from you. As a result, additional capabilities within these areas and even additional/new investment areas may emerge. Please remember: The information I am about to share is still very confidential and subject to NDA. Dates and capabilities are still subject to change. 2

3 Heutige Herausforderungen
System Center Marketing 3/28/2017 Heutige Herausforderungen Die explosionsartige Zunahme von Geräten unterläuft den standardbasierten Ansatz der Corporate-IT. Geräte Benutzer erwarten, von überall aus arbeiten zu können und Zugriff auf alle ihre Arbeitsressourcen zu haben. Benutzer Die plattformübergreifende Bereitstellung und Verwaltung von Anwendungen ist schwierig. Anwendungen Daten Benutzer müssen produktiv bleiben ‒ unter Beibehaltung der Compliance sowie der gleichzeitigen Verringerung von Risiken. The explosion in use and number of consumer devices and ubiquitous information access is changing the way that people perceive their technology, in addition to how that technology shapes their personal and work lives. The constant use of information technology throughout the day, along with the easy access of information, is blurring traditional boundaries between work and home life. These shifting boundaries are accompanied by a belief that personal technology— selected and customized to fit user’s personalities, activities, and schedules—should extend into the workplace. Accommodating the consumerization of IT presents a variety of Herausforderungen. Historically, most or all devices used in the workplace were owned, and therefore managed, by the organization. Policies and processes were focused on device management—and usually on a relatively small, tightly controlled, and managed set of corporate-approved hardware that was subject to predetermined corporate replacement cycles. The consumerization of IT dramatically alters this scenario. There is greatly increased device and operating system diversity and volume in the organization. This can fundamentally change the IT landscape and necessitate a shift in management objectives from tight control over hardware to effective, user-centric governance. The way resources and applications are accessed and consumed is also changing. With the shift to personal devices and mobility, there is a need to adapt how applications work. IT departments must also now consider authentication of the user, validation of the device, and updated service consumption models when planning their consumerization policies and implementation. The best organizational response is IT policies that match business realities and priorities, moving toward a people-centric model that replaces the older paradigm of device-centric policies and management. The Microsoft people-centric vision helps IT administrators increase their organizations’ productivity by enabling access to corporate resources, regardless of location or device used. This shift in focus requires policies, processes, and technologies that give people the freedom to select the devices they want to use, along with device-agnostic access to applications and data. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Benutzer-orientierte IT
System Center Marketing 3/28/2017 Benutzer-orientierte IT Benutzer Geräte Anwendungen Daten Unterstützt Benutzer Erlaubt es Benutzern, mit den Geräten ihrer Wahl zu arbeiten, und bietet konsistenten Zugriff auf Unternehmensressourcen. Vereinheitlicht Ihre Umgebung Bietet eine einheitliche Verwaltung für Anwendungen und Geräte, on-premises und in der Cloud. Microsoft has a history of providing rich IT-infrastructure solutions to help manage every aspect of enterprise operations. Microsoft’s people-centric solution consists of products and technologies that can help IT departments handle the influx of consumer-oriented technology and the work style expectations of users, thereby helping increase productivity and satisfaction for the people within their organizations. Microsoft’s people-centric IT vision helps organizations enable and embrace the consumerization of IT by: Empower users by allowing users to work on the device(s) of their choice and providing consistent access to corporate resources from those devices. Unifying your environment by delivering comprehensive application and device management from both your existing on-premises infrastructure, including System Center Configuration Manager, Windows Server, and Active Directory, as well as cloud-based services, including Windows Intune and Windows Azure. Helping protect your data by protecting corporate information and managing risk. Let’s discuss each of these areas in more detail. Schützt Ihre Daten Hilfe für den Schutz von Unternehmensinformationen sowie das Risikomanagement. Verwaltung. Zugriff. Schutz. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Benutzer- und Geräteverwaltung
3/28/2017 Benutzer- und Geräteverwaltung √ Unterstützt Benutzer Vereinheitlicht Ihre Umgebung Schützt Ihre Daten Geräteübergreifend konsistenter Zugriff auf Unternehmensressourcen Vereinfachte Registrierung und Anmeldung von Geräten Synchronisierte Unternehmensdaten On-premises und Cloud-basierte Verwaltung von Geräten aus einer einzelnen Konsole heraus Vereinfachte, benutzer-orientierte Anwendungsverwaltung über Geräte hinweg Umfangreiche, plattformübergreifende Verwaltung von Einstellungen ‒ inklusive Zertifikaten, VPNs und Drahtlosnetzwerkprofilen Schutz von Unternehmensinformationen durch das selektive Löschen (Wipe-Zurücksetzung) von Anwendungen und Daten auf verlorenen/ausgedienten Geräten Eine gemeinsame Identität für den Zugriff auf Ressourcen, die sich on-premises und in der Cloud befinden Today, users want access to corporate applications from anywhere, and on whatever device they choose to use, whether it is their laptop, smartphone, tablet, or home PC. IT departments are challenged to empower users with consistent, rich experiences across a wide spectrum of device types. Microsoft’s User and Device Management solution helps reduce costs and improve IT efficiency by unifying the management and security for cloud- and on-premise-based PCs and mobile devices in an integrated infrastructure. With the upcoming releases of Microsoft® Windows Server® R2, Microsoft® System Center 2012 R2 Configuration Manager, and Windows Intune™, Microsoft builds on a comprehensive, people-centric solution that empowers user productivity while supporting the management needs of IT. For enterprise users, Microsoft solutions empower users’ productivity and provide: Access to company resources consistently across devices. Users can use the device of their choice to access corporate resources regardless of location. Simplified registration and enrollment of devices. Users can manage their devices as well as install corporate apps through a consistent company portal. Synchronized corporate data. Users will have access to data stored on a centralized file server and enable that data to be synchronized onto their mobile device. For IT professionals, Microsoft solutions unify the environment and provide: Unified management of on-premises and cloud-based mobile devices. IT can extend its System Center Configuration Manager infrastructure with Windows Intune to support cloud management of mobile devices. This enables IT to publish corporate apps and services across device types, regardless of whether they’re corporate-connected or cloud-based. Simplified, user-centric application management across devices. IT gains efficiency with a single administration console, where policies can be applied across group and device types. Comprehensive settings management across platforms, including certificates, virtual private networks (VPNs), and wireless network profiles. Policies can be applied across various devices and operating systems to meet compliance requirements, and IT can provision certificates, VPNs, and Wi-Fi profiles on personal devices within a single administration console. These solutions also help protect corporate data by providing: The ability to protect corporate information by selectively wiping apps and data. IT can access managed mobile devices to remove corporate data and applications in the event that the device is lost, stolen, or retired from use. A common identity for accessing resources on-premises and in the cloud. IT can better protect corporate information and mitigate risk by being able to restrict access to corporate resources based on user, device, and location. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 System Center Marketing
3/28/2017 Unterstützt Benutzer Herausforderungen Lösungen Benutzer möchten das Gerät ihrer Wahl verwenden und sowohl auf ihre persönlichen als auch ihre arbeitsbezogenen Anwendungen, Daten und Ressourcen zugreifen. Benutzer möchten auf einfache Weise von überall aus auf ihre Unternehmensanwendungen zugreifen. IT-Abteilungen möchten Benutzer dabei unterstützen, auf diese Weise zu arbeiten, benötigen aber eine Zugriffssteuerung für sensitive Informationen und müssen die Compliance für gesetzliche Vorgaben aufrecht erhalten. Benutzer können ihre Geräte registrieren, sodass diese der IT bekannt gemacht werden, die dann über die Geräteauthentifizierung den Zugriff auf Unternehmensressourcen bereitstellt. Benutzer können ihre Geräte anmelden, um über ein Unternehmensportal konsistenten Zugriff auf Anwendungen und Daten sowie die Möglichkeit zur Verwaltung ihrer Geräte zu erhalten. Die IT kann den Zugriff auf Unternehmensressourcen veröffentlichen und anhand der Identität der Benutzer, der von ihnen verwendeten Geräte und ihrem Standort nur einen bedingten Zugriff gewähren. First up is “Empower users.” The challenges that customers are facing are: Users want to use the device of their choice and have access to both their personal and work-related applications, data, and resources. This blending of work and personal worlds is a challenge for IT because it makes it difficult to distinguish between these, and when a device is lost, sold, or the user leaves the company, how do they ensure no information is lost or made available to people not authorized for it? Users want an easy way to access their corporate applications from anywhere. After you have a device, when you want to get your work done and integrate it into your personal world, getting access to work- related applications can be challenging, with internal applications not available in public app stores, or not being available for the platform that the device runs on. These devices are also typically connected to public networks and not internal managed networks. IT departments want to empower users to work this way, but they also need to control access to sensitive information and remain in compliance with regulatory policies. Microsoft is answering these challenges with the following solutions: Users can register their devices, which makes them known to IT, who can then use device authentication as part of providing access to corporate resources. Device registration is a “give and get” scenario. The user “gives” by registering the device, and in turn “gets” access to resources. From an IT perspective, after the device is registered, it is now an object in Active Directory, and as such it can be used as a security principal as part of the authentication and access policies. Additionally, users can enroll their devices with the Windows Intune management service, which provides them with the company portal for consistent access to applications and data, and to be able to manage their devices. And finally, IT can publish access to corporate resources with conditional access based on the user’s identity, the device the user is using and the user’s location (internal versus external). This provides IT with additional levels of capability to control where information can be sync to and accessed from. So now we will take a deeper look at how we have approached delivering on these solutions. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Ermöglicht es der IT, Benutzer zu unterstützen
System Center Marketing 3/28/2017 Ermöglicht es der IT, Benutzer zu unterstützen Benutzer können Geräte anmelden, um Zugriff auf das Unternehmens- portal zu erhalten und darüber leicht auf Unternehmensanwendungen zuzugreifen. Die IT kann Desktop- Virtualisierungs- Ressourcen für den Zugriff auf zentralisierte Ressourcen veröffentlichen. Benutzer können mit ihren Geräten von überall aus arbeiten und dabei auf ihre Unternehmens- ressourcen zugreifen. RD-Gateway VDI Sitzungshost Dateien Branchen-anwendungen Web-Anwendungen Firewall Let’s begin by thinking about we can enable IT to empower users, how they can deliver on the users desire to work on their own device and have access to all their apps and data, and yet still retain control so that business and compliance requirements can be met. Lets start with the ultimate goal: users can work from anywhere on their devices with access to their corporate resources. This can be achieved through native applications for the device platform, web-based applications, and through data sync via Work Folders. Now, there may be some applications and data that you do not want to be available locally on devices; these users can access centralized applications and data through Desktop Virtualization, whether that be VDI, Session Host, or RemoteApp. You can empower users to register their devices for single sign-on and access to corporate data with Workplace Join. As previously covered, this is a give and get system, and it allows IT to be able to open up access to applications and data that otherwise would not be available, in return for knowing about the device. An easy way for users to get all their applications in one place is by enrolling their devices for access to the company portal. This enrollment joins the device to the Windows Intune management service and allows the installation of the company portal, which IT can populate with internal line-of-business (LoB) applications as well as links to applications that are available in the public app stores. From within the company portal, users can also manage their devices and perform actions such as wiping a lost or replaced device. IT can provide seamless corporate access with DirectAccess and automatic connections with automatic VPN connections. DirectAccess allows users to work remotely and always be connected to the corporate network without the need to initiate a VPN connection. New with Windows Server 2012 R2 and Windows 8.1 is the ability to configure applications to initiate the VPN connection when the application is launched. IT can publish access to resources with the web application proxy based on device awareness and the users identity. New in Windows Server 2012 R2, using the web application proxy, IT can publish access to internal web applications that can be connected to from user devices, either by native applications or a web browser. Additionally, the web application proxy can pre-authenticate the user and the device and enforce access policies such as requiring the device to be registered or invoking multi-factor authentication. Benutzer können Geräte für das Single Sign-On registrieren und auf Firmendaten dann über die Arbeitsbereich- Teilnahme (Workplace Join) zugreifen. Active Directory Die IT kann mit DirectAccess einen nahtlosen Zugriff auf das Unternehmensnetz bieten und Anwendungen bei Bedarf VPN- Verbindungen automatisch herstellen lassen. Die IT kann mit dem Webanwendungs-Proxy den Zugriff auf Ressourcen veröffentlichen, der anhand von Geräte-Bekanntheitsstatus und Benutzeridentität erfolgt. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 3/28/2017 Personen-orientierte Bereitstellung von Anwendungen Auf Anwendungen in der richtigen Weise zugreifen, auf dem richtigen Gerät Ziel ist es, Anwendungen basierend auf der Benutzerrolle für jedes Gerät auf die beste Art bereitzustellen Windows/Windows RT Windows Phone iOS Android OS X Untersuchung der Gerätefunktionen zur optimalen Bereitstellung von Anwendungen Lokale Installation Microsoft Application Virtualization Desktopvirtualisierung (VDI) Webanwendungen Native App / App Store Part of the a consistent user experience is the ability to enable the administrator to deliver applications to the user, regardless of the device being used. Being able to target applications to each user – across their devices – is fundamental. With Configuration Manager and Windows Intune – you can make sure that applications are delivered in the optimal format for each device to ensure worker productivity. Configuration Manager allows the administrator to define the application once and targets it to a user or group. It evaluates the user’s device type and network connection capabilities and then delivers the appropriate format – local installation, App-V, etc. So whether your employee is using a laptop, VDI session, or iPad – or all of those – we’ll deliver the app to that user with the best experience on each device. Because of the integration between Windows Intune and Configuration Manager, you can also extend application deliver to all major device types – while still centrally managing application delivery across devices from a single console. Applications can include locally-installed MSI packages or App-V applications on Windows devices, remote applications using Microsoft virtualization solutions, web links, or public applications stored in the Windows Store, App Store, or Google Play. App-V (MDOP) MSI RemoteApp RDS © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 System Center Marketing
3/28/2017 Vereinheitlicht Ihre Umgebung Herausforderungen Lösungen Bei MDM (Mobile Device Management) -Produkten handelt es sich typischerweise um Einzellösungen, die sich nicht in eine schon vorhandene Lösung zur PC-Verwaltung integrieren. Die Verwaltung mehrerer Identitäten sowie die kontinuierliche Synchronisierung von Informationen über mehrere Umgebungen hinweg bindet IT- Ressourcen. Die IT nutzt eine einzige Konsole, um einen Überblick über alle verwalteten Geräte zu erhalten und diese zentral zu verwalten ‒ unabhängig davon, ob es sich um on-premises oder Cloud-basierte, PCs oder mobile Geräte handelt. Benutzer und die IT können ihre gemeinsame Identität mittels Föderation für den Zugriff auf externe Ressourcen nutzen. Now lets take a look at unifying your environment. The challenges that customers are facing are: Providing users with a common identity when they are accessing resources that are located both on-premises in a corporate environment and on cloud-based platforms. Managing multiple identities and keeping the information in sync across environments is a drain on IT resources. Microsoft is answering these challenges with the following solutions: Users have a single sign-on experience when accessing all resources, regardless of location, meaning that users do not have to remember multiple sets of credentials. Users and IT can leverage their common identity for access to external resources through federation. So now we will take a deeper look at how Microsoft has approached delivering on these solutions. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 System Center Marketing
3/28/2017 Vereinheitlicht Ihre Umgebung Stellt eine umfangreiche Anwendungs- und Geräteverwaltung zur Verfügung Benutzer Eine einzelne Administrator-Konsole IT Now that we’ve talked about how you can provide your users access resources from virtually anywhere, on any device, we need to turn to the second section of our discussion – making sure that with all the empowerment you’re providing to your workers, that you can still maintain the corporate security and compliance – as well as the efficiency of your IT processes. Given the explosion of devices that you’ll see coming through the door, it is absolutely essential that you have an infrastructure in place to manage these devices without introducing complexity or astronomical budget increases. Unified infrastructure enables IT to manage devices “where they live” The Microsoft solution is focused on helping reducing client management infrastructure costs and complexity. With the integration between Configuration Manager and Windows Intune, we offer a single console that integrates both on-premises and in-the-cloud management. Client management and security are offered in a unified single solution – giving you a streamlined approach to managing devices and applications as well as identifying and remediating threats and non-compliance. If you’re a current Configuration Manager customer, adding the Windows Intune cloud-based management is quick and easy. With this unified solution, organizations are able to manage endpoint devices “where they live.” This also includes connectivity to Office 365 for EAS-based management policies. Comprehensive settings management across platforms, including certificates, VPNs, and wireless network profiles Policies can be applied across various devices and operating systems to meet compliance requirements, to the extent of the capabilities exposed on those platforms Extended native management for Windows RT, iOS and Android IT can provision certificates, VPNs, and Wi-Fi profiles on personal devices Full app inventory and application push install for corporate-owned devices, inventory of “managed” apps and publishing of apps for personal devices Remotely wipe and unregister corporate devices from management system (as supported by each operating system) IT can manage the device and application life cycle by removing MDM-specific content from devices no longer managed Selective wipe of managed applications’ data Applications that were installed through Windows Intune Sideloading keys MDM policies Wi-Fi/VPN profiles Umfangreiche, plattformübergreifende Verwaltung von Einstellungen ‒ inklusive Zertifikaten, VPNs und Drahtlosnetzwerkprofilen Eine vereinheitlichte Infrastruktur erlaubt es der IT, Geräte dort zu verwalten, wo sich diese gerade befinden Die IT kann den Geräte- und Anwendungs- lebenszyklus verwalten © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Benutzer mit einer gemeinsamen Identität versehen
3/28/2017 Benutzer mit einer gemeinsamen Identität versehen 3rd party services Apps in Azure Active Directory Die IT kann die Active Directory-Verbunddienste zur Verbindung mit Windows Azure für eine konsistente Cloud- basierte Identität nutzen. Über Konten in Windows Azure Active Directory erhalten Benutzer Zugriff auf Windows Azure, Office 365 sowie Anwendungen von Drittanbietern. Benutzer sind produktiver, wenn sie über ein Single Sign-On für alle ihre Ressourcen verfügen. Just as Windows Intune can act as the cloud-based extension to Configuration Manager, it is important to extend the organization’s directory services into the cloud in order to enable users to authenticate and access resources which are either cloud- or corporate-based. Microsoft provides solutions that enable customers to achieve this by leveraging their existing investments and connecting out to the cloud-based services. The goal here is to make users more productive by having a single sign-on to all their resources. IT can provide users with a common identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Windows Azure Active Directory. In order to provide this experience to users, IT is able to use Active Directory Federation Services to connect with Windows Azure for a consistent cloud-based identity. Users can leverage their common identity through accounts in Windows Azure Active Directory to Windows Azure, Office 365, and third-party applications. Developers can build applications that leverage the common identity model, integrating applications into Active Directory on-premises or Windows Azure for cloud-based applications. Dateien Branchen- anwendungen Webanwendungen Active Directory Die IT kann Benutzern eine gemeinsame Identität zur Verfügung stellen, die von on-premises bis hin zu Cloud-basierten Diensten reicht ‒ unter Verwendung von Windows Server Active Directory und Windows Azure Active Directory. Entwickler können Anwendungen erstellen, die das gemeinsame Identitätsmodell nutzen. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 System Center Marketing
3/28/2017 Schützt Ihre Daten √ Herausforderungen Lösungen Da Benutzer ihre eigenen Geräte mitbringen, um diese auf der Arbeit zu verwenden, wollen sie auch auf sensitive Informationen zugreifen und mit ihren lokalen Geräten Zugriff darauf haben. Ein große Menge von Unternehmensdaten kann nur lokal auf den Benutzergeräten gefunden werden. Die IT muss dazu imstande sein, Daten sowohl anhand ihres Standortes als auch ihrer Inhalte zu sichern, zu klassifizieren und zu schützen sowie die behördliche Compliance aufrecht zu erhalten. Benutzer können auf dem Gerät ihrer Wahl arbeiten und auf alle ihre Ressourcen zugreifen, unabhängig vom Standort oder Gerät. Die IT kann zentrale Zugriffs- und Überwachungs- richtlinien durchsetzen, und ist dazu in der Lage, sensitive Informationen auf Basis des Inhalts von Dokumenten zu schützen. Die IT kann Zugriffe auf Informationen zentral überwachen und Berichte erstellen. And lastly, lets take a look at protecting your data. The challenges that customers are facing are: As users bring their own devices in to use for work, they will also want to access sensitive information and have access to this information locally on the device. A significant amount of corporate data can only be found locally on user devices, which means it is not backed up or available for compliance classification, and it is unprotected in the event a device is lost, stolen, or sold. IT needs to be able to secure, classify, and protect data based on the content it contains, not just where it resides, including maintaining regulatory compliance. Microsoft is answering these challenges with the following solutions: Users can work on the device of their choice and be able to access all their resources, regardless of location or device. IT can enforce a set of central access and audit polices, and be able to protect sensitive information based on the content of the documents. IT can centrally audit and report on information access. So now we will take a deeper look at how Microsoft has approached delivering on these solutions. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 System Center Marketing
3/28/2017 Schützt Ihre Daten Hilft dabei, Unternehmensinformationen zu schützen und Risiken zu verwalten Verloren oder gestohlen Ausgedient Verloren oder gestohlen Anmeldung Selektives Löschen (Wipe-Zurücksetzung) entfernt Unternehmensanwendungen, Zertifikate/Profile und Richtlinien ‒ sofern das von der jeweiligen Plattform unterstützt wird Vollständiges Löschen, falls das von der jeweiligen Plattform unterstützt wird Kann von der IT oder dem Benutzer über das Unternehmensportal ausgeführt werden Sensitive Daten oder Anwendungen können vom Gerät ferngehalten werden ‒ der Zugriff darauf ist über die Remotedesktopdienste möglich Benutzer können auf Unternehmensdaten unabhängig vom Gerät und Standort zugreifen ‒ mit Arbeitsordnern zur Synchronisation von Daten sowie der Desktopvirtualisierung für zentralisierte Anwendungen. Persönliche Anwendungen und Daten Persönliche Anwendungen und Daten Unternehmens- anwendungen und Daten Unternehmens- anwendungen und Daten Unternehmens- anwendungen und Daten Ausgedient Persönliche Anwendungen und Daten Zentralisierte Daten RemoteApp RemoteApp RemoteApp Users can access corporate data regardless of device or location Remote working is not just about devices and applications; it’s also about data. Access to distributed data (such as data stored on the local device) or having an integrated way of gaining access back to centralized data is required to ensure the user is productive when working remotely. Windows Server provides the ability to sync data from a centralized file repository to user devices Windows Server provides the ability to connect via desktop virtualization from remote devices to centralized data sources IT can protect corporate information by selectively wiping apps and data Applications that were installed through Windows Intune Sideloading keys Remove MDM policies (not but reset) Wi-Fi/VPN profiles Richtlinien Richtlinien Richtlinien Die IT kann Benutzern über VDI- und RemoteApp- Technologien eine vertraute Lösung zum sicheren Zugriff auf sensitive Unternehmensdaten von überall aus bereitstellen. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Mehr Informationen System Center 2012 Configuration Manager
Windows Intune Windows Server 2012 RDS/VDI technologies/virtualization/vdi.aspx With the release of Windows 8, Windows Server 2012, Configuration Manager 2012 SP1, and the latest Windows Intune release, we have a comprehensive solution to help you manage your users and devices. We encourage you to evaluate and deploy all of these technologies. You can find more resources on microsoft.com. Weitere Ressourcen: