Showing posts with label Internet-based Client Mode. Show all posts
Showing posts with label Internet-based Client Mode. Show all posts

Tuesday, May 24, 2016

Difference between Intune Standalone and ConfigMgr hybrid mode (part 4)

Recently I did some blogposts about the difference using Intune Standalone or ConfigMgr hybrid mode.
You can find them here: part 1 / part 2 / part 3

For ConfigMgr hybrid mode I mentioned the following:
As for ConfigMgr hybrid mode, this must be done in Configuration items and baselines, where not sure when they arrive. Monitoring - deployments is not the right place also, given a 'Unknown' status most of times. Did a lot of compliance checks and reboots on mobile devices, but nothing seems to happen..

Trick is, you need to do some additional configuration. When policies in Intune are working immediately, they are in ConfigMgr not.
When creating configuration items in ConfigMgr, "Remediate noncompliant settings" is turned on by default.
When creating and deploying configuration baselines, this is not the case. "Remediate noncompliant rules when supported" is not turned on by default. Trick is, you need to enable this for making them active.

In the baseline deployment properties "Remediate noncompliant rules when supported" must be selected. I did change the schedule for 7 days to 5 minutes too. After that configuration was starting on mobile devices right away.

Why this isn't configured by default is the question? Without this setting you can wait forever for policies to come through..
Posted by Henk Hoogendoorn at 7:38 PM 0 comments
Labels: , , , , , , , , , ,

Wednesday, May 11, 2016

Difference between Intune Standalone and ConfigMgr hybrid mode (part 3)

In an earlier blogpost i wrote about pros and cons between Intune standalone and ConfigMgr hybrid mode, and the difference in speed between both solutions. This because Intune standalone (SAAS) is very fast (few seconds, sometimes few minutes) on enrollment of applications and/or policies. With ConfigMgr hybrid mode this is way slower, and can take up to multiple hours (or more) for making it happen. This time I want to share something on difference for Windows and Windows Phone devices.

With Windows 10, Microsoft is saying that there is One universal app platform, One security model, One management system, One deployment approach, and One familiar experience. Unfortunately that's not true when using a Windows 10 Mobile, managed by Intune standalone or ConfigMgr hybrid mode.

When deploying applications from one of both solutions, you will see that sometimes it's needed to choose Windows, the other time Windows Phone. Some apps are available for Windows, but not for Windows Phone (or the other way around). Very confusing if you ask me! So you must choose between a Windows app package or Windows Phone app package. That's hard to explain to customers..

When choosing a Windows app package (like I did), applications will not be offered on Windows 10 Mobile. In my perception this is not a Windows Phone anymore, with a different Windows Phone store. So yes, you must still use Windows Phone app package to make them available on Windows 10 Mobile. Very confusing if you ask me. Where does this fit in the One unified app store across devices, One great experience model? But wait there's more..

Within the post: Windows 10: A Store That’s Ready for Business, Microsoft is mentioning the following: 'with Windows 10 we will deliver one Windows Store for all Windows devices'. But therefore the new web-based Store portal must be used. So open Windows Store for Business and start adding apps to your inventory. When signing in with your Azure account (or add it next to your Live ID) a new tab in the default Store will be present.

After that a new tab is present in Windows Store, with the company name used, with apps added in Windows Store for Business. Because it can take up to 24 hours for the app to get present in the Private store, you must be patience on this :-)

More on that in a next blogpost. Thanks for reading.
Read more on part 1 and part 2
Posted by Henk Hoogendoorn at 12:38 PM 0 comments
Labels: , , , , , , , , , ,

Thursday, April 28, 2016

Difference between Intune Standalone and ConfigMgr hybrid mode (part 2)

In an earlier blogpost i wrote about pros and cons between Intune standalone and ConfigMgr hybrid mode. Is this post I will mention the difference in speed between both solutions. This because Intune standalone (SAAS) is very fast (few seconds, sometimes few minutes) on enrollment of applications and/or policies. With ConfigMgr hybrid mode this is way slower, and can take up to multiple hours (or more) for making it happen. This is very annoying indeed!
 
I'm using the SAAS solution myself; using it for demo purpose on my Windows 10 Mobile (Lumia 950). When doing enrollment on that and start a deploying applications and/or policies, they will be visible in a few seconds. Just have a look at some examples on that:
 
When deploying applications, or changing icons (or something like that), they are visible almost immediately.
 
When using Allow manual unenrollment (No), Intune cannot be removed from a Windows Phone or Windows 10 Mobile. Way better, because this isn't possible on iOS or Android devices, or special configuration is needed (iOS).
 
When using Allow application store for Windows 10 Mobile (No), the store isn't available anymore. Just an example how easy an application can be blocked, but again for Windows Phone only.
 
This for both the tile on start screen as for the start menu present on Windows Phones. They will be greyed out on start screen and start menu. Just want to see more off that.

When using Allow Camera (No), the following message is given, presenting a black screen when choosing OK. A message that the camera is blocked would be better I guess then presenting a black screen, but maybe it will be in future.

As for ConfigMgr hybrid mode, this must be done in Configuration items and baselines, where not sure when they arrive. Monitoring - deployments is not the right place also, given a 'Unknown' status most of times. Did a lot of compliance checks and reboots on mobile devices, but nothing seem to happen..

As mentioned in an earlier blogpost: Still I truly believe in ConfigMgr hybrid mode, having best of both worlds. But Microsoft still needs some development for a way better experience on that!

More on that in a next blogpost. Thanks for reading.
Read more on part 1 and part 3
Posted by Henk Hoogendoorn at 2:03 PM 0 comments
Labels: , , , , , , , , , ,

Wednesday, April 20, 2016

Difference between Intune Standalone and ConfigMgr hybrid mode

When using Microsoft Intune, you can choose between Intune Standalone and ConfigMgr hybrid mode. Both have their own pros and cons. Microsoft is still recommending hybrid mode, because then you have best of both worlds. Point is, I'm not convinced anymore. Both ConfigMgr and Intune are great products, where Intune still need some development on new features. Customers are not always convinced about the solution, asking more enterprise features.
 
Having a look at my experience so far, I detect the following:
 
Intune standalone (pros):
-Easy to setup, Software As A Service (SAAS) solution;
-Can be managed everywhere with internet access;
-Very fast on enrollment of applications and/or policies (!);
-Can be used for both patch management & antivirus on endpoints with internet access;
-New features are released immediately.
Intune standalone (cons):
-With ConfigMgr in-place, two consoles for management;
-On some parts, less features then hybrid mode;
-You need to sign-in at every application change.
 
ConfigMgr hybrid mode (pros):
-Recommended configuration by Microsoft;
-Best of both worlds in a single management console;
-More features then Intune standalone;
-Deployment types and deployments are easier to handle.
ConfigMgr hybrid mode (cons):
-Less easy to setup; on-premises ConfigMgr infrastructure needed;
-Cannot be managed from everywhere, on-premises ConfigMgr console needed;
-Way slower on enrollment of applications and/or policies (!);
-Cannot be used for both patch management & antivirus on endpoints with internet access, because you need direct access or internet-based client management (IBCM) for that;
-New features will released slower in hybrid mode.

So yes, Microsoft is working on the feature part, and new features are available in ConfigMgr hybrid mode sooner. This because of the Service Connection point in ConfigMgr Current Branch.
But what's most annoying, You cannot have both patch management & antivirus on endpoints with internet access, because a ConfigMgr agent will be present on the device. Not an Intune agent, pointing to a SAAS solution. Therefore additional solutions like direct access or internet-based client management (IBCM) are needed.

And overall; when deploying applications and/or policies from Intune standalone, they are applied in few seconds. Within ConfigMgr hybrid mode it can take multiple hours (or more) when something happens. Still I truly believe in ConfigMgr hybrid mode, having best of both worlds. But Microsoft still needs some development for a way better experience on that! Hope they will soon :-)

More on that in a next blogpost. Thanks for reading.
Read more on part 2 and part 3
Posted by Henk Hoogendoorn at 6:09 PM 3 comments
Labels: , , , , , , , , , ,
Subscribe to: Comments (Atom)