Friday, September 11, 2015

Using ConfigMgr 2012 R2 SP1 and Microsoft Intune in a Hybrid configuration

Within my daily job I'm doing Configuration Manager (ConfigMgr) and Endpoint Protection (SCEP) consultancy and training a lot. ConfigMgr is a great product for managing on-premises devices, like servers, desktops and notebooks. With Microsoft Intune, Mobile Device and Application Management on tablets and smartphones can be done. This is a standalone Software as a service (SAAS) solution which exists for multiple years now. When integrating both solutions, you have a Hybrid configuration in-place.

Benefit of using a Hybrid configuration is integration! You can manage both Windows, Mac and Mobile devices within a single management console. Just make sure to set the management authority (which can be set on Office 365, Intune or Configuration Manager) on the right one. When it's set on Configuration Manager no management has to be done in the SAAS console anymore. Just use collections, applications and policies which are in ConfigMgr by default, to manage mobile devices as well. On the different clients, a Intune Company Portal needs to be installed for management.

Last years Microsoft has done a good job to improve speed on client communication and policies. That way you can enroll a mobile device in a few minutes, publish policies and applications, and set an unenrollment (when needed) all within approx. 15/20 minutes. When forcing a Reset passcode (new passcode must be entered) or Remote lock (device is locked and passcode needs to be set again), it will be active in approx. 1/2 minutes. During unenrollment all configuration and apps are removed also. Reasons enough to stay enrolled.

With Windows 10 Mobile coming, the richest set on policies can be configured. When creating policies (configuration items), you will see the difference on Android, iOS and Windows (Phone) platforms. Hope that will be better and easier in the future. It's possible also to deploy applications (from the different app stores) and weblinks to mobile devices. You can choose to open them in a web browser or install them. During installation a shortcut is created in Apps, so no need to open the Intune Company Portal again.

Hope to have some real experience on Windows 10 (Mobile) soon. It looks like the choice is really easy now! Just use Windows 10, Azure Active Directory (AAD), Enterprise Mobility Suite (EMS/Intune) and ConfigMgr from now on. That way Microsoft can convince you on the new generation available, which is Mobile first, Cloud first. Windows as a service, ConfigMgr as a service (2016) and Software as a service! I'm very excited about this, hope you are too?!

The following can be found on the "In the cloud" blog:
While there have been many improvements to the MDM capabilities, not every management capability exists – yet. To solve for this, we have effectively built a “bridge” between the ConfigMgr agent and the MDM agent which enables the agents to co-exist and expose all the existing manageability that you know today – as well as the new functionality that is being exposed via MDM to be manageable from the ConfigMgr console. No one else (traditional PC management or EMM vendor) has done any work like this. This is another HUGE reason that ConfigMgr + EMS is your best solution for deploying and managing Windows 10.

Just great if you ask me :-)

