Microsoft's' Run in the MDM Race - System Center Mobile Device Manager - Part 2
Windows InTune as disucssed earlier combined with SCMDM 2012 gives a unified console to manage mobile devices. InTune allows to install applications through consistent Company Portal aps for each device, and provides with easier access to resources and the ability to deploy certificates, VPN and Wi-Fi profiles. I wont delve more into what InTune is as its a different topic and we will try to cover that some other time.
InTune Management Process:
The visual below clearly describes the flow for InTune management process. Requests landing from Mobile devices are received by the Exchange Client Access Server. An external connector to the InTune cloud server needs to be created which further directs the request to the InTune server.
A list of supported EAS Policies on various mobile OS can be found in this article with the versions of supported Exchange versions.
http://social.technet.microsoft.com/wiki/contents/articles/1150.exchange-activesync-client-comparison-table.aspx
Exchange 2010 contains Active Sync policies and settings that can be used to set policies on devices connecting the server using the Active Sync protocol. Below you can see screenshots of some the EAS settings available in Exchange 2010 SP3. Later, we will join this Exchange Server with the SCCM 2012 server to get a unified Management console.
The allowed and blocked application list rarely work and their functioning on Android and iOS devices is still a mystery.
The nest step is to integrate Exchange with SC Configuration Manager.
In this section we can set the synchronization interval between the Exchange CAS server and the Configuration Manager and also the frequency at which a check for the new devices is done.
One can also choose to ignore devices that might be inactive for a chosen period of time.
Also, allows an option to search all the mobile devices in the Exchange Organization as well as if required you can find mobile device for a certain OU(subset) and apply policies accordingly to that specific subset.
InTune Management Process:
The visual below clearly describes the flow for InTune management process. Requests landing from Mobile devices are received by the Exchange Client Access Server. An external connector to the InTune cloud server needs to be created which further directs the request to the InTune server.
A list of supported EAS Policies on various mobile OS can be found in this article with the versions of supported Exchange versions.
http://social.technet.microsoft.com/wiki/contents/articles/1150.exchange-activesync-client-comparison-table.aspx
Exchange 2010 contains Active Sync policies and settings that can be used to set policies on devices connecting the server using the Active Sync protocol. Below you can see screenshots of some the EAS settings available in Exchange 2010 SP3. Later, we will join this Exchange Server with the SCCM 2012 server to get a unified Management console.
The "Allow non-provisionable devices" option when checked allows older phones that may not support application of all policy settings are allowed to connect to Exchange 2010 by using Exchange ActiveSync.
Password Settings:
The Sync Settings contain a very useful option of limiting E-mail usage which acts a great factor when a company bears Data Plans.
The allowed and blocked application list rarely work and their functioning on Android and iOS devices is still a mystery.
The nest step is to integrate Exchange with SC Configuration Manager.
One can also choose to ignore devices that might be inactive for a chosen period of time.
Also, allows an option to search all the mobile devices in the Exchange Organization as well as if required you can find mobile device for a certain OU(subset) and apply policies accordingly to that specific subset.
The settings screen has option to change policies applied in Exchange from the SCCM console.
This completes the creation of Exchange server connector.
In the nest installment of this series we will see InTune in action and its functioning for device provisioning and management.
Comments
Post a Comment