Mark Florida Wally Mead

Principal Program Manager Lead Senior Program Manager

Microsoft Corporation Microsoft Corporation
 Evolution of Microsoft Client Management
2012 2012

2011

2007

2003

1999 SMS 2.0

1994
SMS 1.0

Client Management Laptops, Servers, Comprehensive Management Consumerization

Groups Model
Infancy (NT Domain) Enterprise Scale Management from the Cloud of IT
 Challenges toConsiderations
Infrastructure Enabling Consumerization

Management ofI want to use the How can IT support

Devices User
diverse devicesdevice I prefer and manage all
Corporate Consumer
those devices?

I want to connect to
Secure, anywhere How can IT provide
access to appspeople and be
Application Experience access to appsand
Security andAccess
data
& data productive while maintaining
anywhere, anytime security?
Empower Users Unify Infrastructure Simplify
Administration

Empower people to be Reduce costs by unifying Improve IT effectiveness

more productive from IT management and efficiency.
almost anywhere on infrastructure.
almost any device.
 Empower Users Unify Infrastructure Simplify
Administration

Application Delivery

Mobile Device Management

Empower people to be Reduce costs by unifying Improve IT effectiveness

more productive from IT management and efficiency.
anywhere on any device. infrastructure.
 Empower

Deliver best user experience on each device Delivery Evaluation Criteria

Define application once
User
Device type
< > Network connection

User/Device Relationships

Primary Devices
MSI
App-V
Non-primary Devices
VDI
Presentation Server
Remote Desktop
Windows
Embedded
 Empower

General Information
Application Administrator Properties
Package
< > End User Metadata

Deployment Type
App-V Detection Method

Windows Script Install Command

Windows Installer Requirement Rules

CAB Dependencies

Supersedence
 Empower

Administrators publish software

titles to catalog, complete with meta
data to enable search
Deliver best user experience
IT on each device

Users can browse, select and install

directly from Catalog
Application model determines
format and policies for delivery
User
 Empower

Management for all Exchange

ActiveSync (EAS) connected devices

EAS-based policy delivery

Discovery and inventory
Settings policy
Remote Wipe

7
Empower
 Version 5.3 (Power)
AIX Version 6.1 (Power)
Version 7.1 (Power)
Supported OSs across both:
Configuration Manager
Operations Manager
Version 11iv2 (PA-RISC/IA64)
HP-UX Version 11iv3 (PA-RISC/IA64)
Newer versions of operating systems
will be supported within 180 days of
Version 4 (x86/x64)
release
Red Hat Enterprise Version 5 (x86/x64)
Linux Version 6 (x86/x64) Old versions will be supported as long
as vendor provides support
Version 9 (SPARC)
Solaris Version 10 (SPARC/x86) Broader Linux distro support being
Version 11 (SPARC/x86) evaluated for future releases

SUSE Linux Version 9 (x86)

Version 10 SP1 (x86/x64)
Enterprise Server Version 11 (x86/x64)
Unify Infrastructure Reduced Infrastructure Requirements

Unified Management of Virtual Clients

Endpoint Protection

Compliance & Settings Management

Software Update Management

Reduce costs by unifying
IT management Power Management
infrastructure.
Internet-based Client Management
Reduced Infrastructure Requirements Unify

Central Administration Site Primary Sites Secondary Sites

Central primary site administration Client management and settings Content routing
Reporting Delegated administration Distributions points

Central
Administration
Site

Primary Site Primary Site

Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site Secondary Site
Unified Management of Virtual Clients Unify

User-centric application delivery through

App-V or Citrix XenApp.

CONNECTION BROKER
Single admin experience for managing
physical and virtual desktops. Integrates with
RDS and XenDesktop.
Recognizes pooled and personal virtual desktops
Randomizes tasks APP-V CONFIGMGR
SEQUENCER DP/MP
HYPER-V
Security and Compliance Unify

Endpoint Protection

Unified Infrastructure

Simplified server
and client deployment
Streamlined updates
Consolidated reporting

Comprehensive Protection Stack

Behavior monitoring
Antimalware
Dynamic Translation
Windows and Firewall
Management
Security and Compliance Unify

Software Update

Microsoft Update
Auto Deployment
Identifies who needs updates
Faster deployment through search
and reports on compliance
Downloads updates Schedule content download and
deployment to avoid reboot during work
CAS hours

State-based Updates
Allows individual
Primary Site
or group deployment
SUP Role/WSUS
Updates added to groups auto deploy to
Primary Site Primary Site targeted collections
DP Role MP Role
Distributes updates Assigns policy to scan for Optimized for New Content Model
Reports update status or to deploy Reduce replication and storage
compliance update Expired updates and content deleted
Security and Compliance Unify

Settings Management

ConfigMgr MP Baseline ConfigMgr Agent

Auto Remediate
Assignment to OR
Baseline drift
collections
!
Create Alert
(to Service Manager)

Baseline Configuration Items

Active
Script WMI XML SQL
Directory
Software
File Registry MSI IIS
Updates

Improved functionality Pre-built industry standard baseline templates

Copy settings through IT GRC Solution Accelerator
Trigger console alerts
Richer reporting

Enhanced versioning and audit tracking

Ability to specify versions to be used in baselines
Audit tracking includes who changed what
 Unify

Week 1: Monitor
Enable client management agent
Begin monitoring usage and activity

Week 2: Plan
Continue monitoring on usage and activity
Begin to develop Power Plan
Non-Peak & Peak
VM awareness (new compared to 2007)
Copy power policies (new compared to 2007)
Mid-Month:
Power Plan has been confirmed

Week 3: Apply Power policy

Begin applying Power Plan
End user opt-out (new compared to 2007)

Week 4: Compliance & Analyze

Review before and after usage and activity
Determine savings in Kwh and Co2 saved
Internet-based Client Management Unify

Intranet Internet Reduced Complexity

Single Primary site can manage both Intranet
clients (over HTTP) and Internet clients (over
HTTPS)
PR1
MP Flexibility
Primary sites can be configured to either support
only HTTPS roles or both HTTP and HTTPS site
roles
MP DP DP

Reliability
Intelligent client behavior enables client to
Non PKI enabled site system communicate using the most secure option
available
Tighter security enforcement by only allowing
PKI enabled site system clients with Enterprise-issued certificates to
communicate with the ConfigMgr roles
Unify
 Central Administration Site

Must be a new
installation

Primary Site

Primary Site
Houston Primary Site
10,000 Clients Miami Primary Site
5,000 Clients
 Simplify Modern GUI
Administration
Role-based Administration

Operating System Deployment

Client Health

Asset Intelligence
Improve IT effectiveness
and efficiency. Remote Control
Modern GUI Simplify

Intuitive ribbon interface

In-console alerts
Global search capability
New collection membership rules
allow better filtering of members
Role Based Administration Simplify

Map the organizational roles of your administrators

Meg- WW Central System
to defined security roles
Administrator

Security organization role

Geography
Louis-Software Update Bob- US & France
Reduces error, defines span of control for the organization Manager for France Security Admin

Can see & update Can see & modify

Functionality ConfigMgr 2007 ConfigMgr 2012 France desktops security settings on
What types of objects can Cannot modify security France and U.S.
I see and what can I do to Class rights Security roles settings on France desktops
them? desktops Cannot update France
Cannot see All Systems or U.S. desktops
Which instances can I see Object instance
and interact with? permissions
Security scopes or U.S. desktops Cannot see All
Systems
Which resources can I Site specific resource
Collection limiting
interact with? permissions
 Operating System Deployment Simplify

Multiple Deployment Method Support

CAS PXE initiated deployment allows client

computers to request deployment over
Image Task Sequence the network
Multi-cast deployment to conserve
network bandwidth
Stand-alone media deployment for no
network connectivity or low bandwidth
Report Pre-staged media deployment allows
you to deploy an operating system to a
WDS PXE Server Primary Site Primary Site computer that
DP Role MP Role is not fully provisioned

USMT 4.0 UI integration makes it easier

transfer files and user settings from one
machine to another
Operating System Deployment
 Simplify

In-console view of client health

Threshold-based console alerts
Heartbeat DDRs
HW/SW inventory and status
Remediation (same as Setting Mgmt)
Asset Intelligence, Inventory, and Simplify

Software Metering
Consolidated/simplified reporting that allows you to
Understand software installation profiles
Plan for hardware upgrades
Identify over or under licensing issues
Track custom apps or groups of titles

Real-time Application Asset Intelligence Service Software Metering & License Reports
and Hardware Intelligence

ConfigMgr Inventory Asset Intelligence Catalog

Simplify
 Assist with Migration of Objects

Assist with Migration of Clients

Minimize WAN impact

Maximize Re-usability of x64 Server Hardware

Assist with Flattening of Hierarchy

Summary
Application Delivery 2007 R3 2012 2012 SP1
Application Delivery Device Centric User Centric Metro style
Empower

Mobile Device Management MDM licensing Integrated

End user platform support Windows and EAS Windows 8,Mac,Linux

Reduced Infrastructure Requirements New Flexible hierarchies

Unified Management of Virtual Clients Improved

Endpoint Protection Integrated Real-time actions

Unify

Compliance & Settings Management Auto Remediation User Profile and Data

Software Update Management Improved

Power Management

Internet-based Client Management Improved

Role-based Administration New

Simplify

Operating System Deployment Improved

Asset Intelligence, Client Health, and Inventory

http://northamerica.msteched.com www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn