You are browsing the archive for azure.

Enterprise Mobility Suite: Steps to add your O365 infrastructure when already using your hybrid Configmgr 2012 R2 and Windows Intune infrastructure at your company.

1:03 pm in 0365, azure, configmgr 2012 R2, ECM, EMS, Enterprise Mobility Suite, intune, Intune Standalone, o365, office 365, SCCM 2012, sccm 2012 R2, WAAD, Windows Azure Active Directory by Kenny Buntinx [MVP]

 

Enterprise Mobility Suite (EMS) is Microsoft’s new bundle that includes Azure Active Directory Premium, Windows Intune and Azure Rights Management.The Enterprise Mobility Suite is Microsoft’s answer for Mobile Device Management requirements.

For people that have already Configuration Manager 2012 R2 , you can connect your Windows Intune subscription to get a single pane of glass for management. In the so called hybrid mode you can manage all your assets, from one single console.

Most customers starting with EMS will likely already have an Office 365 infrastructure in place . From that direction it is easy to add your EMS components to the existing o365 WAAD (Windows Azure Active Directory) 

The most common way that WAAD directories where created before any O365 components existed was through the Windows Intune Sign Up process.

When setting up an Windows Intune subscription for the first time, you have to pick a tenant name (In our case demolabsbe.onmicrosoft.com). When you create the tenant name, a Windows Azure Active Directory (WAAD) account is created behind-the-scenes to store your users and groups, using the domain “demolabsbe.onmicrosoft.com” (you can add your domain names to this WAAD account later, but you will always have the original .onmicrosoft.com domain associated with it).

Windows Intune creates the WAAD accounts, but doesn’t let you manage it out of the box . You only can attach custom domains, configure users, groups & global administrators from the Windows Intune account management portal.

Attention: The WAAD account is not the same as a Windows Azure Subscription. A Windows Azure Subscription does not get automatically created or associated to your Windows Intune or Office 365 subscription or visa versa !

Scenario :

The customer has already the Windows Intune subscribtion in place and wants to add a fresh Office 365 tenant to it using the same (.onmicrosoft.com) name .

How ?:

SNAGHTML3dacbdf

1. Select “Free Trial”

image

2. Sign up for new account

image

3. <IMPORTANT> Login again with your administrator@demolabs.onmicrosoft.com account that you used for registering your previous Windows Intune account !!. <IMPORTANT>

image

4. Don’t forget to hit the try button :-)

image

 

5. When you click “Domains” (1) , you will see that your validated domain ( in our case Demolabs.be) is attached and validated (2) . Now the last step is to go thru the wizard “Complete Setup” (3) to complete it .

6. You’re done . Now you can start to assign O365 licenses to your users and play with “Conditional access” as explained in this nice blog post from our colleague MVP Peter Daalmans

Hope it Helps ,

Kenny Buntinx

MVP Enterprise Client Management

The Enterprise Mobility Suite and the 10 reasons why you’re company needs it

10:58 am in azure, CM12, CM12 R2, ConfigMgr, EMS, hybrid, intune, Intune Standalone, RMS, sccm, sccm 2012 R2, System Center by Kenny Buntinx [MVP]

 

Together, Windows Server 2012 R2, System Center 2012 R2 Configuration Manager, Microsoft Azure AD Premium , Microsoft Azure RMS and Microsoft Intune , also called the Enterprise Mobility Suite (EMS) help organizations address the consumerization of IT. With Microsoft’s people-centric IT solution, organizations can empower their users, unify their environment, and protect their data, ultimately helping to embrace consumerization and a people- centric IT model, while maintaining corporate compliance.

What can the Microsoft Enterprise Mobility Suite (EMS) bring for you :

· Enabling your end users to work on the device or devices they love and providing them with consistent and secure access to corporate resources from those devices. Part of the way we do that is by providing a hybrid identity solution, enabled by Azure Active Directory Premium.

· Delivering comprehensive application and mobile device management from both your existing on-premises infrastructure, including Microsoft System Center Configuration Manager, Windows Server, and Active Directory, as well as cloud-based services, including Windows Intune and Windows Azure. This helps to unify your environment. EMS provides mobile device management, enabled by Windows Intune

· Helping protect your data by protecting corporate information and managing risk. EMS provides data protection, enabled by Azure Rights Management service

Here are the 10 reasons why to consider EMS:

10. The ability to protect corporate information by selectively wiping apps and data. With System Center Configuration Manager 2012 and/or Microsoft Intune, IT can selectively and remotely wipe any device, including applications and sensitive company data, management policies and networking profiles.

9. Identification of compromised mobile devices. Jailbreak and root detection enables IT to determine which devices accessing corporate resources are at-risk, so that IT can choose to take appropriate action on those devices, including removing them from the management system and selectively wiping the devices.

8. Comprehensive settings management across platforms, including certificates, virtual private networks (VPNs), and wireless network and email profiles. With System Center Configuration Manager 2012 and/or Microsoft Intune, IT can provision certificates, VPN’s, and wi-fi profiles on personal devices within a single administration console.

7. Access on-premises and in-the-cloud resources with common identity. IT can better protect corporate information, manage and control resource access, and mitigate risk by being able to manage a single identity for each user across both on-premises and cloud-based applications. IT can better protect corporate information and mitigate risk by being able to restrict access to corporate resources based on user, device, and location.

6. Simplified, user-centric application management across devices. IT gains efficiency with a single management console, where policies and applications can be applied across groups (user and device types).

5. Enhance end-user productivity with self-service and Single-Sign-On (SSO) experiences. Help users be more productive by providing each with a single identity to use no matter what they access, whether they are working in the office, working remotely, or connecting to a cloud-based Software-as-a-Service (SaaS) application. Access company resources consistently across devices. Users can work from the device of their choice to access corporate resources regardless of location.

4. Protect information anywhere with Microsoft Azure RMS. Protecting information at rest and in transit requires authentication and preventing alteration, both key requirements for protecting sensitive corporate information.

The Microsoft Azure Rights Management Solution (RMS) that can help enterprises transition from a device-centric to a people-centric, consumerized IT environment without compromising compliance on document protection.

3. Single Pane of Glass Mobile device management of on-premises and cloud-based mobile devices. IT can manage mobile devices completely through the cloud with Microsoft Intune or extend its System Center Configuration Manager infrastructure with Microsoft Intune to manage their devices (PCs, Macs, or servers) and publish corporate apps and services, regardless of whether they’re corporate-connected or cloud-based.

2. Simplified registration and enrollment for BYOD. Users can register their devices for access to corporate resources and enroll in the Microsoft Intune management service to manage their devices and install corporate apps through a consistent company portal.

And… Number 1 if you ask me for the Microsoft Enterprise Mobility Suite…

1. Enable users to work on the device of their choice and from where they want. Give your users access to applications, data and resources from any device from virtually everywhere, while ensuring documents are secured and your mobile devices are compliant.

Hope it Helps ,

Kenny Buntinx

Enterprise Mobility Suite: Steps to get to Azure AD Premium when already using your hybrid Configmgr 2012 R2 and Windows Intune infrastructure.

9:32 am in azure, CM12, CM12 R2, ConfigMgr, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 SP1, EMS, Enterprise Mobility Suite, intune, Intune Standalone, Mobility, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 SP1, WAAD, Windws Intune by Kenny Buntinx [MVP]

 

Enterprise Mobility Suite (EMS) is Microsoft’s new bundle that includes Azure Active Directory Premium, Windows Intune and Azure Rights Management.The Enterprise Mobility Suite is Microsoft’s answer for Mobile Device Management requirements.

For people that have already Configuration Manager 2012 R2 , you can connect your Windows Intune subscription to get a single pane of glass for management. In the so called hybrid mode you can manage all your assets, from one single console.

While you can create a new WAAD (Windows Azure Active Directory) account directly from the Windows Azure Management Portal, but the most common way that WAAD directories where created before EMS existed was through the Windows Intune Sign Up process.

When setting up an Windows Intune subscription for the first time, you have to pick a tenant name (In our case demolabsbe.onmicrosoft.com). When you create the tenant name, a Windows Azure Active Directory (WAAD) account is created behind-the-scenes to store your users and groups, using the domain “demolabsbe.onmicrosoft.com” (you can add your domain names to this WAAD account later, but you will always have the original .onmicrosoft.com domain associated with it).

Windows Intune creates the WAAD accounts, but doesn’t let you manage it out of the box . You only can attach custom domains, configure users, groups & global administrators from the Windows Intune account management portal.

Attention: The WAAD account is not the same as a Windows Azure Subscription. A Windows Azure Subscription does not get automatically created or associated to your Windows Intune or Office 365 subscription or visa versa !

When you log in with your Windows Intune tenant account into the Windows Azure Management Portal (https://manage.windowsazure.com) you will see a message that there are no associated Azure Subscriptions.

Windows Azure however lets you manage all the advanced settings of WAAD accounts, including names, premium features, Apps, SSO access, multi-factor authentication, etc. The Enterprise Mobility Suite (EMS) feature , Windows Azure AD Premium can only be managed properly when you link your Windows Intune WAAD to your organizational Windows Azure Subscription.

 
Step 1: How to add your  Existing Windows Azure Active Directories to your Windows Azure Subscription ?

 

The process to add a WAAD account to your Windows Azure subscription used to be pretty painful , but now you can easily do this by adding an “Existing WAAD account”. The process is as follows:

1. Login to Windows Azure Management Portal with your Microsoft Account.

2. Click on the Active Directory category on the left, and then click the New button.

clip_image002

3. Choose New > App Services > Active Directory > Directory > Custom Create.

4. On the Add Directory dialog, click the Directory dropdown, and choose Use Existing Directory.

clip_image004

5. The dialog will switch, and inform you that you will be signed out, and need to sign in with a Global Administrator for the existing WAAD account. Check the box and click Sign Out.

clip_image006

6. Login with a Global Administrator for the WAAD account.

7. Once you login, you’ll be asked to confirm the link. Linking will make the Microsoft Account a Global Administrator in the WAAD account. Proceed through this, and you will be asked to Sign Out.

image

image

8. After Signing Out, and signing back in with your Microsoft Account, you’ll now see the WAAD account in the list of Active Directory accounts in the Windows Azure Management Portal!

image

 

Step 2 : Activate Azure AD Premium  and assign licenses to your users

 

Now that your previous created Windows Azure Active Directories from Windows Intune are visible within our Azure subscription , we can add the Azure AD Premium features to it .

In the picture below , you will see a newly created WAAD called EMSExperts from the Azure portal . By default the Azure AD Premium  can be found under the licenses tab. Now you can assign licenses to users.

image

In the other picture below , you will see the previously created WAAD from Windows intune ( added to the azure subscription later ) called MSCloudExperts. By default only the Windows Intune licenses can be found but the Azure AD Premium cannot be found under the licenses tab.

image

To add the “Azure AD Premium” licenses , you must go to the bottom of the page and hit the “Activate Trial” or “Purchase”  .

image

Now you will see that there are 2 license plans added to your WAAD . One for Windows Intune and one for Azure AD Premium. Now you can assign licenses to your users accordingly

image

 

 

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP