Windows Intune: required Firewall & Proxy Configuration

 

windows_intune_logo

Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.

Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.

Required domains for documentation, online Help, and support

Domain Ports
*.livemeeting.com 80 and 443
*.microsoftonline.com 80 and 443
onlinehelp.microsoft.com 80
*.social.technet.microsoft.com 80
blogs.technet.com 80
go.microsoft.com 80
http://www.microsoft.com 80

 

Continue reading “Windows Intune: required Firewall & Proxy Configuration”

Introduce Mobile Device Management in Service Manager #sysctr

Ever wondered how to get your enterprise managed mobile devices in Service Manager 2012? With the connector framework you’re able to synchronize Configuration Manager data into Service Manager in order to keep your CMDB up to date.

image

How cool would it be to have your managed mobile devices in Service Manager automatically! You’re just a few clicks away…:-)

Continue reading “Introduce Mobile Device Management in Service Manager #sysctr”

Windows Apps: It’s al about the package…or!

In my recent blog posts about Windows Apps we outlined what kind of apps are available and how we distribute them to new platforms like Windows 8, Windows RT, Windows Phone 8 and even iOS!

Let’s talking about the vehicle and the presentation bringing them to the end-users as this might be the most important piece of the pie….user acceptance and adoption are the key!

Vehicle

The mechanism of deploying apps to end-users we called the vehicle, so what what kind of vehicle you want to drive? A sports car, gran turismo or a hybrid?! There actually two scenarios:

image

In a managed scenario you’ll deploy apps through Windows Intune or by Windows Intune integrated with Configuration Manager 2012 SP1 – where Configuration Manager is the commando center. In an unmanaged scenario you’ll deploy apps to your own SharePoint or website using AET tokens, provisioning apps by PowerShell or even by DISM.

Continue reading “Windows Apps: It’s al about the package…or!”

Windows 8 Apps: Mythology of Sideloading revealed! #sysctr

There is some mythology around sideloading apps, possibly because many IT pros have yet to experience it firsthand. In reality, the process is super simple: it is nothing more difficult than running a few commands in Windows PowerShell. There are a few requirements that you have to set up in advance though, and those too are rather easy.

You can add line-of-business (LOB) Windows® Store apps to a Windows® image by using Windows PowerShell® or the Deployment Image Servicing and Management (DISM) platform. Windows Store apps are a new type of application that runs on Windows 8 devices. These apps are based on the Windows Runtime API and differ from traditional desktop apps in their design and in the way users can interact with them on Windows 8 devices. To learn more about Windows Store apps, see What is a Windows Store App?.

Typically, Windows Store apps are available only through the Windows® Store. You can submit LOB Windows Store apps to the Windows Store and make them available outside of your enterprise. However, you can also develop Windows Store apps for use only within your enterprise and add them to Windows devices you manage through a process we call sideloading. Sideloaded apps do not have to be certified by or installed through the Windows Store.

Apps that aren’t signed by Windows Store can only be installed on sideloading-enabled devices. Continue reading “Windows 8 Apps: Mythology of Sideloading revealed! #sysctr”

TechDays 2013: ready for take off #techdaysnl #sysctr

The countdown has begun!
Tomorrow March 7th TechDays 2013 will take off! All innovations on the Microsoft platform for developers and IT pros. For two days more than 160 different sessions at the World Forum, The Hague. David Chappell, the keynotes of modern application development and the relevance of private and public cloud. Further sessions on Windows Store, HTML5, Windows 8, Windows Phone, Server 2012, Azure and System Center. View the complete agenda and see what all the top to tell, including Ben Riga, Bryon Surace, Rob Miles, Jeff Prosise, Iris Classon, John Grad Dock, Bart de Smet, Martin Goet and Ruben Spruijt. Would you like to get to work? Come to our instructor-led workshop and build your Windows 8 app in 1 hour. Do not miss it!

TechDays-2013

Inovativ

Again this edition of TechDays NL Inovativ is well represented with 4 speakers; Maarten Goet, Walter Eikenboom, Kurt van Hoecke and Ronny de Jong. Below an overview of the sessions given by their.

7 March 2013
09:15 – 10:30
clip_image001clip_image002clip_image003clip_image004Beyond System Center 2012 – Q&A met Field Experts

7 March 2013
14:50 – 16:05
clip_image001[1]clip_image003[1]Cloud? Het draait allemaal om de app!

7 March 2013
17:45 – 19:00
clip_image001[2]Planet Azure: starship System Center exploring new worlds

8 March 2013
07:45 – 09:00
clip_image001[3]http://www.microsoft.com/netherlands/techdays/SessionDetail.aspx?sessionId=3532

8 March 2013
07:45 – 09:00
clip_image002[1]The road to end user self service with Service Manager 2012 SP1

8 March 2013
13:15 – 14:30
clip_image002[2]Managing your hybrid cloud datacenter with SCOM 2012 and what’s new in SP1

Looking forward to meet you there in person!

Windows Phone 8 – Part 2: Settings Management #windowsintune #sysctr

Control & Governance

The use of mobile devices in most organizations is increasing over and over and has almost an irreversible development. Company email can be received easily on your private owned device were social media is easily accessible on company owned devices. Companies facing challenge(s) how to apply governance on private held devices taking into account users privacy and vice versa.

image

Windows Intune and Configuration Manager 2012 SP1 leverage you the capability to create and apply your governance by Settings Management. With settings management your able to deploy policies (Configuration Items) to mobile devices which are enrolled in your company.

Compliance Settings

In order to apply settings management you’ll create a Configuration Item (CI). A CI contains configuration and associated validation criteria to be assessed for compliance on devices. With Configuration Manager 2012 SP1 you can specify different different platforms to target configuration items:

  • Windows
  • Mobile Devices
  • Mac OS X

Next step is to configure your settings required grouped by categories.

image

Settings may vary from password lock, restricted email size, agenda synchronization, configure WiFi profiles, publish certificates or require encryption of mobile storage.

Big advantage of settings management includes the ease which it can be published to all supported MDM platforms.

image

Final step is to create a Configuration Baseline and link the Configuration Item(s) which will be evaluated for compliance after which will be deployed to mobile devices (target to mobile device collection(s).

image

Reporting

Configuration Manager 2012 SP1 provides  (17) build-in reports which provides clearly reports regarding compliance, non-compliance status and remediation of your mobile devices.

image

Windows Phone 8 – Part 1: How to deploy by Configuration Manager 2012 SP1 & #Windows Intune #sysctr

Application Deployment

In order to deploy Apps to Windows 8, Windows RT or Windows Phone 8 devices through Windows Intune or Configuration Manager 2012 SP1, there are some general steps that you must follow. In this blog a walkthrough to the required steps; acquire a company account, enroll devices, and distribute apps to their enrolled devices.

image

Windows Phone Dev Center subscription

First step is to acquire a Windows Phone Dev center subscription, this account is mandatory in order to publish apps in the Windows Store. The subscription includes useful tools and code samples. Make sure you’re register as company and no as individual! The Symantec ID provided on your Windows Phone Dev account is required to acquire a code signing certificate in the next step. An annual subscription will cost $99.

Code signing Certificate

In order to publish apps in both public Windows Store or corporate Company Portal they must be signed by your company code signing certificate. This code signing certificate can be acquired at Symantec through the following url: https://products.websecurity.symantec.com/orders/enrollment/microsoftCert.do The registration and validation process can take a few days. To speed up this process you can contact the Symantec Contact Support online by chat. When your request is approved it will take another few days when your Windows Phone Dev account status has changed to Active. A code signing certificate will cost $299 (1 year valid). Microsoft has confirmed there were working on a trail certificate so purchase will no longer necessary for trail purpose in near future.

UPDATE: Microsoft provides a long awaited tool which enables you to try out Windows Phone 8 software distribution scenarios during a Windows Intune Trail subscription without the need of acquire a Windows Phone Dev account and purchasing a code signing certificate! This tool facilitates Microsoft System Center 2012 Configuration Manager admins to try out Windows Phone 8 software distribution scenarios during the Trial period.

The support tool for Windows Intune Trial Management of Window Phone 8 can be download here

Signing Company Portal app

Next step is to download the Company Portal app which can be downloaded here for Windows Phone 8. In order to deploy the Company Portal app to your Windows Phone 8 device you must sign it with your company code signing certificate.

In order to trust your code signing certificate the Windows Phone Private Enterprise Root and Intermediate certificate, must be installed to your organization in order to trust your code signing certificate. This process can be found here.

The process of how to sign the Company Portal app is described in this great post from Richard Harrison.

A few imported notes of signing the Company Portal app:

  • Make sure you’re using Visual Studio 2012 (any edition). There are known issues using a lower version of Visual Studio 2012 signing the Company Portal app.
  • Export the code signing certificate (PFX) with the entire certificate chain, if not the Company Portal ends-up in smaller size (323 KB).

After successfully signed your Company Portal app you can upload it to Windows Intune directly (Management Authority: Windows Intune) or in Configuration Manager 2012 SP1 (Management Authority: Configuration Manager)

image

App deployment

Finally you’re able to deploy apps to your Windows Phone 8 devices. For iOS devices you’ll use the mobile web based Company App portal which can be reached at you iOS device by https://m.manage.microsoft.com Final steps to deploy apps to your mobile devices are:

  • Company develops or license app(s)
  • Company deploys apps
  • Company manages the apps

How to deploy your apps to the various devices can be read in a previous post here.

Volume Licensing reference guide for Windows 8 and Windows RT

A must read for who want understand the license model of Windows 8. Which version of Windows 8 addresses my organization needs? Do I need additional licenses for my Windows To Go devices? What about Virtual Desktop Access (VDA). How to deal with licensing in BYOD scenarios using Windows Companion Subscription Licenses (CSL). And what is the impact upgrading from Windows 7?

image

This document provides an overview of the products available through Volume Licensing, information about the products that are eligible for upgrades and the key choices you have for utilizing Windows in your organization.

 image

The Windows 8 / Windows RT Volume Licensing reference guide can be downloaded here.

Application deployment for Mobile Devices by CfgMgr 2012 SP1 #sysctr

With System Center 2012 Configuration Manager SP1 a broad range of deployment types are introduced which allows you to deploy app(lication)s to various (mobile) platforms.

image

Preparing a demo for the SCUG.NL session begin March I walked through the process of deploying apps to mobile devices by using System Center 2012 Configuration Manager SP1 and Windows Intune. In this blog post I’ll show you how to deploy Skype for Windows 8 RT, Windows Phone and iOS deployment types with System Center 2012 Configuration Manager SP1. Continue reading “Application deployment for Mobile Devices by CfgMgr 2012 SP1 #sysctr”