Managing mobile devices with Windows Intune and SCCM 2012 R2

 Jun 09, 2015

A lot has changed in the management of your mobile devices in just a short period of time. When the latest main release of SCCM (System Center Configuration Manager) was released to the market in 2012, it still handled a limited number of mobile devices by piggybacking its policies on top of the Exchange connector. That was a great start, but with the SP1 and R2 Updates, Microsoft have excelled themselves in how you can manage all your mobile devices – smartphones or tablets, Windows 7 or 8 or above devices and phones, Android 4 and above devices and Apple IOS 6 and above devices included!

SCCM handles all these devices by using a Windows Intune Connector, which acts as a bridge between SCCM and Windows Intune. Now you don’t need SCCM to be able to use Intune, but if you use both Intune and SCCM together, you get some great synergy – the ability to fully manage your devices – to roll out software deployments and updates, to do hardware and software inventories, manage software licensing, be able to use and configure anti-virus and remote management capabilities, remote wipe options, set your firewall policies etc., from the SCCM environment, plus the ability to manage remote devices and computers, whether they are domain members or standalone devices, which is where Intune excels. And all from the one console too!

Now this synergy does require you to install a Windows Intune client software onto the device, and an appropriately recognised certificate, which binds the client to a specific Windows Intune Deployment. However, you do have a big choice on how you wish to deploy that client software (and potentially any application!)– whether you wish to “sideload” (installation onto the device(s) by using direct access to the source file(s)) or by what is called deep-linking to the Windows Store, the Apple Store or the Google Play store. Deep-Linking – to quote Wikipedia – “consists of using a hyperlink that links to a specific, generally searchable or indexed, piece of web content on a website (i.e. http://example.com/path/page), rather than the home page (i.e. http://example.com/)”. This is where you are specifying a link to the Intune client (or your own corporate Apps) and extending the basic URL to “deep-link” to a particular part of that client or app such as the configuration page – possibly even supplying specific configuration information as well. Most of the stores have an approval process to go through to upload apps to their store, and you will generally need a developer subscription as well, but whether it is a Windows 8, Windows Phone, Android or IOS device, they all have inbuilt access to their own specific store, and it is a simple task to install an app from there.

In the Windows Store, if you do search on “Company Portal” you will find the Microsoft Intune Company Portal App, and it has a similar naming convention in the Android and Apple stores. Most companies supply an “in-house” link option which includes the client download from the appropriate store, but can also include links to the company specific configuration information – or they at least have that info on a company web page etc. This process allows users to auto-enrol their own devices. Additionally, you can specify which users are allowed to enrol their devices, and which mobile device platforms are supported, and the corporate info required could be as simple as their username with a publicly accessible domain name URL (and a password, of course!).

One thing to note here though is that you cannot install the Windows Intune client software on a device that already has the System Center 2012 Configuration Manager SP1 agent or the System Center 2012 R2 Configuration Manager agent installed. Each device or computer can only have one “master.”

This methodology supports both company supplied devices and user supplied devices, for instance there are remote wipe settings for both, where if it is a personal or user supplied device, the remote wipe functionality can be set for a selective wipe, which will only wipe the corporate date.

Once the client is installed onto the computer or device, you can see that you now have full management of all your users’ smartphones, tablet devices as well as laptop computers etc., including Device Life-Cycle management settings, Compliance settings, LOB Application installation, removal and management capabilities including Deep-Linking for your corporate Apps, hardware and software inventorying etc. (I was going to include a table of features vs device, but it turned out all the columns included the word YES.) The mobile world has truly arrived into the corporate and enterprise environments!

So come along and see how easy the process of managing your user’s mobile devices is with SCCM and Windows Intune in the New Horizons' SCCM courses, and check out the latest feature updates to your mobile device management here – as well as a whole swag of example scenarios!

How do your Excel skills stack up?   

Test Now  

About the Author:

Gordon Cowser  

With over 22 years real world and training experience, Gordon is our most senior IT Infrastructure trainer. His expertise includes but is not limited to; Microsoft Server and Client OS, Messaging, Collaboration, Active Directory and Network Infrastructure. Gordon also specialises in SharePoint technologies training in both technical and end user aspects. With his extensive skill-set he brings a thorough mentoring capability to the classroom where he can advise on technical issues and challenges often beyond the scope of the course curriculum. A very approachable and experienced training professional, he has the ability to establish credibility fast with students at all levels.

Read full bio
top