Announcing the availability of System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2

May 14, 2015 at 4:11 pm in CM12, CM12 R2, CM12 R2 SP1, CM12 SP1, CM12 SP2, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1 by Kenny Buntinx [MVP]

 

Following the announcements made at the Microsoft Ignite conference last week, I am happy to let you know that System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2 are now generally available and can be downloaded on the Microsoft Evaluation Center. These service packs deliver full compatibility with existing features for Windows 10 deployment, upgrade, and management.

Also included in these service packs are new hybrid features for customers using System Center Configuration Manager integrated with Microsoft Intune to manage devices. Some of the hybrid features that you can expect to see are conditional access policy, mobile application management, and support for Apple Device Enrollment Program (DEP). You can view the full list of hybrid features included in these service packs here.

As a side note : To be absolutely sure that there will be no bear on the road during deployment for SP2 , please install CU5 http://blogs.technet.com/b/configmgrteam/archive/2015/05/06/now-available-cumulative-update-5-for-system-center-2012-r2-configuration-manager.aspx first before upgrading to SP2 as there is one issue fixed in CU5 that could affect R2 SP1 installation:

– if you have over 10,000 deployments for legacy software distribution packages the R2 SP1 upgrade could stall. Installing CU5 beforehand will prevent this. This does not make CU5 an official pre-req though, as the given scenario should be rare but it doesn’t hurt to install CU5 first on the site servers , before upgrading to CM12 R2 SP1 or CM12 SP2 , without upgrading you’re clients.

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Ignite keynote summary from an ECM perspective

May 4, 2015 at 7:27 pm in ConfigMgr, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr V.next, EMS, Enterprise Mobility Suite, hybrid, Ignite, intune, Intune Standalone, SCCM 2012, sccm 2012 R2, SCCM v.Next, System Center, System Center 2016 by Kenny Buntinx [MVP]

 

For me this was the best keynote ever for all Microsoft’s events I’ve been at, virtually or physically. Wrapped up after three hours, I want to give you guys a heads up for what is happening in my area of expertise, Enterprise Client Management.

The conference is being held in Chicago and has over 20K people in the house. If you want you can watch a replay of this morning’s keynote on demand at http://news.microsoft.com/ignite2015/

Most Important Ignite Keynote Announcements from an enterprise Client Management perspective

Windows Update for Business – This is an advanced version of what you already know today and it’s called WSUS. Together with Windows 10 it will allow you to control which machines get Windows Updates or even feature updates. Integration with your existing tools like System Center and the Enterprise Mobility Suite – so that these tools can continue to be that ‘single pane of glass’ for all of your systems management.

Office 2016 Public Preview – Available for Office 365 subscribers and those who want to run the full standalone install.  This version will really kick down the #EMS offering on IOS , Android or Windows. Office will be the key in the whole mobility story.

Windows Server 2016 – A second technical preview is now available for download and testing and will allow you to unlock some additional Hybrid functionallity , such as updates for Hyper-V ,ADFS , Workfolders , etc .

System Center 2016 – Has new provisioning, monitoring and automation abilities for your data center. A new preview will be available soon online

· New technical preview for ConfigMgr 2016 for Windows10 available for a trial at http://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview

New features in today’s Technical Preview includes:

          • Support for Windows 10 upgrade with OS deployment task sequence
          • Support for installing Configuration Manager on Azure Virtual Machines
          • Ability to manage Windows 10 mobile devices via MDM with on-premises Configuration Manager infrastructure

· New service packs for Configuration Manager 2012 and 2012 R2 (They will be released somewhere next week)

These will deliver full compatibility with existing features for Windows 10 deployment and management as well as several other features, including:

          • App-V publishing performance
          • Scalability improvements
          • Content distribution improvements
          • Native support for SQL Server 2014
          • Hybrid Parity (Intune) and new features

Microsoft Advanced Threat Analytics – Brings on premise Azure AD level security monitoring and threat detection.  This software/service is the result of Microsoft’s acquisition last November of Aorato and it’s a great add-on for EMS and AD premium. The preview is available now from here.

 

During Brad Anderson’s piece of the keynote, his team showed 11 different technologies on stage and here are links to all of those services and programs:

I hope that you are as thrilled and exited as myself and that we can show you all these cool things in our own lab and we hope that we can see you at one of our SCUG.be events.

Hope it helps,

Kenny Buntinx

MVP Enterprise Client Management MVP

CM12 R2 TS after upgrade: Failed to resume task sequence (0x800700EA) error

April 28, 2015 at 2:15 pm in 2012R2, bootimages, capture, CM12, CM12 R2, CM12 SP1, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, Cumulative Update, Deployment, OSD, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, Task Sequence by Kenny Buntinx [MVP]

 

I upgraded one of my customers site from SP1 to R2 on a Monday morning and have hit a number of hurdles. I have discovered that my customers OSD Task sequences were not functioning correctly. Everything seems to go fine, until it reaches the Setup Windows and ConfigMgr, and then once that step is complete, it reboots and I’m left on the ctrl+alt+del screen, with the computer joined to domain but no additional steps performed.

The TS does end with an error “Failed to resume task sequence (0x800700EA) error” , as if the new client gets installed and it just ends the TS!

**** Remember **** –> Support for Windows PE 3.1 boot images above of Windows ADK 8.1 is there as feature when upgraded to R2 !! **** Remember ****

I looked at my boot images and it looked good, but frankly the x64 boot image didn’t upgrade well and stayed to version 6.2.x instead of 6.3.x. I had a script to manually update it , but it didn’t like it so it failed again.

Created a new bootimage (x64) from scratch , updated my TaskSequence  to use the new bootimage and *BAM* , it worked again

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management  

Work Folders app for Iphone finally released

April 10, 2015 at 1:15 pm in EMS, intune, iOS, Iphone, IT-Dev Connections, IT/Dev Connections, ITDevconnections, Work Folders, Workplace Join by Kenny Buntinx [MVP]

 

We are happy to announce that an iPhone app for Work Folders has been released into the Apple AppStore® and is available as a free download.

( There also is a Work Folders app for iPad released a few months ago.)

Overview

Work Folders is a Windows Server feature that allows individual employees to access their files securely from inside and outside the corporate environment. This app connects to it and enables file access on an Apple iPhone and iPad. Work Folders enables this while allowing the organization’s IT department to fully secure that data.

This app for iOS features an intuitive UI, selective sync, end-to-end encryption, search and in-app file viewing.
It also integrates well with Windows Intune to fully complete the most important mobile device management scenarios around corporate data on mobile devices.

You will learn more about it on our session “Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices’ at

ITnDevConnections_logo_TylerOptimized_236x59

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Enterprise Mobility Suite: Steps to add your O365 infrastructure when already using your hybrid Configmgr 2012 R2 and Windows Intune infrastructure at your company.

April 9, 2015 at 1:03 pm in 0365, azure, configmgr 2012 R2, ECM, EMS, Enterprise Mobility Suite, intune, Intune Standalone, o365, office 365, SCCM 2012, sccm 2012 R2, WAAD, Windows Azure Active Directory by Kenny Buntinx [MVP]

 

Enterprise Mobility Suite (EMS) is Microsoft’s new bundle that includes Azure Active Directory Premium, Windows Intune and Azure Rights Management.The Enterprise Mobility Suite is Microsoft’s answer for Mobile Device Management requirements.

For people that have already Configuration Manager 2012 R2 , you can connect your Windows Intune subscription to get a single pane of glass for management. In the so called hybrid mode you can manage all your assets, from one single console.

Most customers starting with EMS will likely already have an Office 365 infrastructure in place . From that direction it is easy to add your EMS components to the existing o365 WAAD (Windows Azure Active Directory) 

The most common way that WAAD directories where created before any O365 components existed was through the Windows Intune Sign Up process.

When setting up an Windows Intune subscription for the first time, you have to pick a tenant name (In our case demolabsbe.onmicrosoft.com). When you create the tenant name, a Windows Azure Active Directory (WAAD) account is created behind-the-scenes to store your users and groups, using the domain “demolabsbe.onmicrosoft.com” (you can add your domain names to this WAAD account later, but you will always have the original .onmicrosoft.com domain associated with it).

Windows Intune creates the WAAD accounts, but doesn’t let you manage it out of the box . You only can attach custom domains, configure users, groups & global administrators from the Windows Intune account management portal.

Attention: The WAAD account is not the same as a Windows Azure Subscription. A Windows Azure Subscription does not get automatically created or associated to your Windows Intune or Office 365 subscription or visa versa !

Scenario :

The customer has already the Windows Intune subscribtion in place and wants to add a fresh Office 365 tenant to it using the same (.onmicrosoft.com) name .

How ?:

SNAGHTML3dacbdf

1. Select “Free Trial”

image

2. Sign up for new account

image

3. <IMPORTANT> Login again with your administrator@demolabs.onmicrosoft.com account that you used for registering your previous Windows Intune account !!. <IMPORTANT>

image

4. Don’t forget to hit the try button :-)

image

 

5. When you click “Domains” (1) , you will see that your validated domain ( in our case Demolabs.be) is attached and validated (2) . Now the last step is to go thru the wizard “Complete Setup” (3) to complete it .

6. You’re done . Now you can start to assign O365 licenses to your users and play with “Conditional access” as explained in this nice blog post from our colleague MVP Peter Daalmans

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Speaker at IT/Dev Connections – September 14-17

April 9, 2015 at 8:55 am in Devconnections, meetthebelgians, speaking, vegas by Kenny Buntinx [MVP]

 

clip_image001

 

I am proud to announce that the magic duo on mobility “Tim De Keukelaere”  and myself, will be delivering two sessions entitled :

-  “Armoring your mobile workforce for the 21st century”.

– “Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices”

Together with “Peter Daalmans” , I will deliver a session about managing Citrix with CM12 :

– “How to Extend the App Model to Support Your User-Centric XenDesktop in the Data Center”

During this event we are joined by other top quality speakers who will be delivering multiple sessions on a wide range of topics , but also be prepared to #meetthebelgians

More information and registration details can be found here.

Something to look forward to as it also is in the warm and sunny Vegas . Make sure to join us if you are around!

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Deploying IE11 the right way with Enterprise mode & Site Discovery thru Configmgr 2012

January 22, 2015 at 10:37 am in CM12, CM12 R2, CM12 SP1, ConfigMgr, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, enterprise mode, IE11, internet explorer, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1 by Kenny Buntinx [MVP]

Deploy Internet Explorer 11 today as from January 2016 only the latest version of IE will be supported on the currently supported OS’s such as Windows 7 – 8.1 – 10. You should really deploy IE11 today and start working with compatibility testing for your web applications.

 

For deploying IE11 you will need a lot of prerequisites fulfilled and you will need to do a lot of work to get it deployed successfully. More or less you will need to do it in four steps:

1. Deploy about 9 prerequisites! You must deploy KB2834140, KB2670838, KB2639308, KB2533623, KB2731771, KB2729094, KB2786081, KB2888049, KB2882822 to be able to install IE11 without any issues. Make sure you download the latest updates!

2. Reboot

3. Deploy IE11 itself. If you need the Google search provider, the only way is to repackage IE11 with IEAK.To customize Internet Explorer 11, first things first: download the Internet Explorer Administration Kit 11 here.

4. Force a reboot here

5. Make sure if you want to use IE11 Enterprise mode, you will need to deploy KB 2929437 after the installation of IE11.

6. Reboot

7. Deploy all security updates thru CM12/WSUS

8. Reboot

Luckily for us we have ConfigMgr 2012 and the fantastic Application model to handle that.

IE11 Enterprise Mode?

Enterprise Mode in IE11 is a compatibility mode that runs web apps in IE8 mode to make them work on IE11. Enterprise Mode is turned on by IT Pro using Group Policy settings for specific domains or pages. It’s much like the compatibility view settings, but provides Internet Explorer 8 compatibility. WebPages that work in Internet Explorer 8 work seamlessly in Enterprise Mode.

More on IE11 Enterprise Mode and Enterprise Mode Site List Manager.

Using the Internet Explorer Site Discovery Tool?

What do you say ??

Not so long ago Microsoft released a little tool that will inventory all the web sites a user visits to provide means to get a grip on web app compatibility. The inventory can be used for all or only some specific clients. The data is collected via WMI and inventoried with System Center Configuration Manager. There are pre-made reports included that can be imported and used in ConfigMgr.

You will find more information here on Enterprise Site Discovery Toolkit for Internet Explorer 11.

 

Collect data using Internet Explorer Site Discovery

Internet Explorer Site Discovery overview

You can use Internet Explorer to collect data on computers running Internet Explorer 11 on either Windows 8.1 or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your Internet Explorer deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.

By default, Internet Explorer doesn’t collect data; you have to turn this feature on if you want to use it. You must make sure that using this feature complies with all applicable local laws and regulatory requirements.

What data is collected?

Data is collected on the configuration characteristics of Internet Explorer and the sites it browses, as shown here.

Data point

Description

URL

URL of the browsed site, including any parameters included in the URL.

Domain

Top-level domain of the browsed site.

ActiveX GUID

The GUID of the ActiveX controls loaded by the site.

Document mode

Document mode used by Internet Explorer for a site, based on page characteristics.

Document mode reason

The reason why a document mode was set by Internet Explorer.

Browser state reason

Additional information about why the browser is in its current state. Also called, browser mode.

Hang count

Number of visits to the URL when the browser hung.

Crash count

Number of visits to the URL when the browser crashed.

Most recent navigation failure (and count)

Description of the most recent navigation failure (like, a 404 bad request or 500 internal server error) and the number of times it happened.

Number of visits

The number of times a site has been visited.

Zone

Zone used by Internet Explorer to browse sites, based on browser settings.

Where is the data stored and how do I collect it?

The data is stored locally, in an industry-standard WMI class, Managed Object Format (.MOF) file. This file remains on the client computer until it’s collected. To collect the file from your client computers, we recommend using Microsoft System Center 2012 R2 Configuration Manager. However, if you don’t use System Center, you can collect the file using any agent that can read the contents of a WMI class on your computer.

Requirements

Before you start, you need to make sure you have the following:

Setup and configuration package, including:

    • Configuration-related PowerShell scripts
    • IETelemetry.mof file
    • Sample System Center 2012 report templates

Both the PowerShell script and .mof file need to be copied to the same location on the client computer, before you run the scripts.

Setting up your client computers for data collection

On your test computer, run the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file, update security privileges for the new WMI classes, and to set the registry key.

To set up your computers:

  1. Create a Package/Program in Configmgr 2012 that runs the IETElemetrySetUp.ps1
  2. Restart your computer to start collecting your WMI data.

Using System Center 2012 R2 Configuration Manager to collect your data

After you’ve collected all of the data, you’ll need to get the local files off of your computers. To do this, use the hardware inventory process in System Center Configuration Manager, in one of the following ways.

Collect your hardware inventory using the MOF Editor while connecting to a computer

You can collect your hardware inventory using the MOF Editor, while you’re connected to your client computers.

To collect your inventory

1. From the System Center Configuration Manager, click Administration, click Client Settings, double-click Default Client Settings, click Hardware Inventory, and then click Set Classes.

clip_image002

2. Click Add, click Connect, and connect to a computer that has completed the setup process and has already existing classes.

3. Change the WMI Namespace to root\cimv2\IETelemetry, and click Connect

clip_image004

4. Select the check boxes next to the following classes, and then click OK:

· IESystemInfo

· IEURLInfo

· IECountInfo

5. Click OK to close the default windows.

Your environment is now ready to collect your hardware inventory and review the sample reports.

Collect your hardware inventory using the MOF Editor with a MOF import file

You can collect your hardware inventory using the MOF Editor and a MOF import file.

To collect your inventory:

1. From the System Center Configuration Manager, click Administration, click Client Settings, double-click Default Client Settings, click Hardware Inventory, and then click Set Classes.

2. Click Import, choose the MOF file from the downloaded package we provided, and click Open.

3. Pick the inventory items to install, and then click Import.

4. Click OK to close the default windows.

Your environment is now ready to collect your hardware inventory and review the sample reports.

Collect your hardware inventory using the SMS_DEF.MOF file

You can collect your hardware inventory using the using the Systems Management Server (SMS_DEF.MOF) file.

To collect your inventory:

1. Using a text editor like Notepad, open the SMS_DEF.MOF file, located in your <Config_Manager_install_location>\inboxes\clifiles.src\hinv directory.

2. Add this text to the end of the file:

[SMS_Report (TRUE), SMS_Group_Name ("IESystemInfo"), SMS_Class_ID ("MICROSOFT|IESystemInfo|1.0"), Namespace ("root\\\\cimv2\\\\IETelemetry") ] Class IESystemInfo: SMS_Class_Template { [SMS_Report (TRUE), Key ] String SystemKey; [SMS_Report (TRUE) ] String IEVer; }; [SMS_Report (TRUE), SMS_Group_Name ("IEURLInfo"), SMS_Class_ID ("MICROSOFT|IEURLInfo|1.0"), Namespace ("root\\\\cimv2\\\\IETelemetry") ] Class IEURLInfo: SMS_Class_Template { [SMS_Report (TRUE), Key ] String URL; [SMS_Report (TRUE) ] String Domain; [SMS_Report (TRUE) ] UInt32 DocMode; [SMS_Report (TRUE) ] UInt32 DocModeReason; [SMS_Report (TRUE) ] UInt32 Zone; [SMS_Report (TRUE) ] UInt32 BrowserStateReason; [SMS_Report (TRUE) ] String ActiveXGUID[]; [SMS_Report (TRUE) ] UInt32 CrashCount; [SMS_Report (TRUE) ] UInt32 HangCount; [SMS_Report (TRUE) ] UInt32 NavigationFailureCount; [SMS_Report (TRUE) ] UInt32 NumberOfVisits; [SMS_Report (TRUE) ] UInt32 MostRecentNavigationFailure; }; [SMS_Report (TRUE), SMS_Group_Name ("IECountInfo"), SMS_Class_ID ("MICROSOFT|IECountInfo|1.0"), Namespace ("root\\\\cimv2\\\\IETelemetry") ] Class IECountInfo: SMS_Class_Template { [SMS_Report (TRUE), Key ] String CountKey; [SMS_Report (TRUE) ] UInt32 CrashCount; [SMS_Report (TRUE) ] UInt32 HangCount; [SMS_Report (TRUE) ] UInt32 NavigationFailureCount; };

3. Save the file and close it to the same location.

Your environment is now ready to collect your hardware inventory and review the sample reports.

Viewing the sample reports

The sample reports, SCCM Report Sample – ActiveX.rdll and SCCM Report Sample – Site Discovery.rdl, work with System Center 2012, so you can review your collected data.

SCCM Report Sample – ActiveX.rdl

Gives you a list of all of the ActiveX-related sites visited by the client computer.

clip_image006

SCCM Report Sample – Site Discovery.rdl

Gives you a list of all of the sites visited by the client computer.

clip_image008

Turning off data collection on your client computers

After you’ve collected all of your data, you’ll need to turn this functionality off.

To stop collecting data:

On your test computer, start PowerShell in elevated mode and run IETElemetrySetUp.ps1 using this command: powershell .\IETElemetrySetUp.ps1 -IEFeatureOff. clip_image009

Turning off data collection only disables the Internet Explorer Site Discovery feature – all data already written to WMI stays on the client computer.

Deleting already stored data from client computers

You can completely remove the data stored on your client computers.

To delete existing data:

On the client computer, start PowerShell in elevated mode (using admin privileges) and run these commands:

    1. Remove-WmiObject -Namespace root/cimv2/IETelemetry IEURLInfo
    2. Remove-WmiObject -Namespace root/cimv2/IETelemetry IESystemInfo
    3. Remove-WmiObject -Namespace root/cimv2/IETelemetry IECountInfo
    4. Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Swiss 09/02/2015: CMCE R2 Community Event Speaker

January 21, 2015 at 9:52 pm in CMCE, speak, speaking, Swiss by Kenny Buntinx [MVP]

 

I am proud to announce that I received an invitation to talk in Zurich at the 9th of February 2015 in Zurich at a community event called CMCE

image

The magic duo on mobility “Tim De keukelaere”  and myself, will be delivering two sessions entitled “Armoring your mobile workforce for the 21st century”. Focus for both sessions will be on Unified Device Management with Configuration Manager and Microsoft Intune. The first session will be a general overview and during the second session we will deep-dive further into the technical details and demonstrate some more advanced scenarios around managing and deploying Certificates , WIFI and VPN profiles and not so out of the box technical solutions.

During this one day event we are joined by other top quality speakers who will be delivering multiple sessions on a wide range of topics.

More information and registration details can be found here.

Something to look forward to. Make sure to join us if you are around!

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

Windows 7 Configmgr 2012 Balloon tips : Setting it more then 5 sec to display.

January 20, 2015 at 7:06 am in CM12, CM12 R2, CM12 SP1, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, Portal, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, Software Center by Kenny Buntinx [MVP]

 

The balloon tip when System Center configuration manager 2012 SP1 / R2 wants to install  your software is only shown for a few seconds. Often users complain that they can’t read the balloon tip that fast. So we have to increase the display time of the balloon.

image

Right click and choose New, Registry Item

Key Path: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
Value name: Balloontip
Value type: REG_DWORD
Value Data (dec): 00000020

Click OK and you’re all set!

This changes the display time to 20 seconds.

You can handle this with creating a Configuration Item and deploying it thru a Configuration Baseline . Below you will find the steps :

1. Create a configuration Item called “ RegSetting BalloonTip “

image 

image

2. In the settings , create the regkey to check as specified above in the first section of this blog post .

image

3. Create the compliance Rule and enter the value you want . In this case it will be 20 seconds.

image

4. Save your configuration Item. Create a Configuration baseline that contains you Configuration Item and deploy it to your workstations. Make sure to select “Remediate non complaint rules when supported” in your deployment.

image

Hope it Helps ,

Kenny Buntinx

MVP enterprise Client Management

The Enterprise Mobility Suite and the 10 reasons why you’re company needs it

January 14, 2015 at 10:58 am in azure, CM12, CM12 R2, ConfigMgr, EMS, hybrid, intune, Intune Standalone, RMS, sccm, sccm 2012 R2, System Center by Kenny Buntinx [MVP]

 

Together, Windows Server 2012 R2, System Center 2012 R2 Configuration Manager, Microsoft Azure AD Premium , Microsoft Azure RMS and Microsoft Intune , also called the Enterprise Mobility Suite (EMS) help organizations address the consumerization of IT. With Microsoft’s people-centric IT solution, organizations can empower their users, unify their environment, and protect their data, ultimately helping to embrace consumerization and a people- centric IT model, while maintaining corporate compliance.

What can the Microsoft Enterprise Mobility Suite (EMS) bring for you :

· Enabling your end users to work on the device or devices they love and providing them with consistent and secure access to corporate resources from those devices. Part of the way we do that is by providing a hybrid identity solution, enabled by Azure Active Directory Premium.

· Delivering comprehensive application and mobile device management from both your existing on-premises infrastructure, including Microsoft System Center Configuration Manager, Windows Server, and Active Directory, as well as cloud-based services, including Windows Intune and Windows Azure. This helps to unify your environment. EMS provides mobile device management, enabled by Windows Intune

· Helping protect your data by protecting corporate information and managing risk. EMS provides data protection, enabled by Azure Rights Management service

Here are the 10 reasons why to consider EMS:

10. The ability to protect corporate information by selectively wiping apps and data. With System Center Configuration Manager 2012 and/or Microsoft Intune, IT can selectively and remotely wipe any device, including applications and sensitive company data, management policies and networking profiles.

9. Identification of compromised mobile devices. Jailbreak and root detection enables IT to determine which devices accessing corporate resources are at-risk, so that IT can choose to take appropriate action on those devices, including removing them from the management system and selectively wiping the devices.

8. Comprehensive settings management across platforms, including certificates, virtual private networks (VPNs), and wireless network and email profiles. With System Center Configuration Manager 2012 and/or Microsoft Intune, IT can provision certificates, VPN’s, and wi-fi profiles on personal devices within a single administration console.

7. Access on-premises and in-the-cloud resources with common identity. IT can better protect corporate information, manage and control resource access, and mitigate risk by being able to manage a single identity for each user across both on-premises and cloud-based applications. IT can better protect corporate information and mitigate risk by being able to restrict access to corporate resources based on user, device, and location.

6. Simplified, user-centric application management across devices. IT gains efficiency with a single management console, where policies and applications can be applied across groups (user and device types).

5. Enhance end-user productivity with self-service and Single-Sign-On (SSO) experiences. Help users be more productive by providing each with a single identity to use no matter what they access, whether they are working in the office, working remotely, or connecting to a cloud-based Software-as-a-Service (SaaS) application. Access company resources consistently across devices. Users can work from the device of their choice to access corporate resources regardless of location.

4. Protect information anywhere with Microsoft Azure RMS. Protecting information at rest and in transit requires authentication and preventing alteration, both key requirements for protecting sensitive corporate information.

The Microsoft Azure Rights Management Solution (RMS) that can help enterprises transition from a device-centric to a people-centric, consumerized IT environment without compromising compliance on document protection.

3. Single Pane of Glass Mobile device management of on-premises and cloud-based mobile devices. IT can manage mobile devices completely through the cloud with Microsoft Intune or extend its System Center Configuration Manager infrastructure with Microsoft Intune to manage their devices (PCs, Macs, or servers) and publish corporate apps and services, regardless of whether they’re corporate-connected or cloud-based.

2. Simplified registration and enrollment for BYOD. Users can register their devices for access to corporate resources and enroll in the Microsoft Intune management service to manage their devices and install corporate apps through a consistent company portal.

And… Number 1 if you ask me for the Microsoft Enterprise Mobility Suite…

1. Enable users to work on the device of their choice and from where they want. Give your users access to applications, data and resources from any device from virtually everywhere, while ensuring documents are secured and your mobile devices are compliant.

Hope it Helps ,

Kenny Buntinx