Windows Server 2016 Essentials Integration with Microsoft Intune

Windows Server 2016 Essentials Integration with Microsoft Intune


(choppy electronic music) – Hi everyone, welcome to
another episode of OEM TV. I’m Eric Mills with Microsoft. I do Windows Server
marketing at Microsoft. And in this video, we’re gonna talk about Windows Server Essentials
connected up to Intune. So, Paul’s gonna take you
through the concepts that you need to be familiar
with, with Intune, connecting to your Windows Server Essentials server. As you know, Intune
solves a lotta problems. It solves management challenges,
mobile device management, application management. It gives you a way to connect
on-prem and remote devices and manage them all. So, in this video, Paul will
take you through what it looks like to set Intune up,
what problems it solves, including selective wipe,
that people wanna know about. So, if you’re interested in Intune and Windows Server Essentials
and connecting those up, it should be a really good video for ya. I hope you enjoy it and we’ll
see ya next time on OEM TV. – [Paul] Hi, everyone. This
video is a quick overview of Windows Server 2016 Essentials edition and Microsoft Intune integration. From a high level, Windows
Server 2016 Essentials is about safeguarding your
business, improving IT efficiency and productivity, and then
making you ready for the cloud. And the way it does that is,
in Safeguard your business, it has easy permission settings, Just in Time and Just
Enough Administration, Windows Defender for malware
protection, and the ability to do Trusted or Secure (audio cuts out) And then to improve IT
efficiency and productivity, there’s Enhanced Management Experience, with the Windows Essential dashboard. And then there’s built-in
services, like File Shares, Web Server, Active Directory,
Certificate Services, the ability to do Local Desktop Backup, and Remote Desktop Services,
and there’s also some PowerShell enhancements to
make management much easier. And then being ready for the cloud, there’s easy Microsoft Cloud Integration. There’s integration with
Azure Active Directory, Azure Backup and Storage,
Azure Virtual Networks, Azure Site Recovery, Office 365, Intune, and Remote Management. For this discussion, we’ll
be talking about integration with Microsoft Intune. So, even small organizations
have management challenges around devices. Part of the problem is you
have a mixture of devices, and those devices can be
on-premises, they can be remote and mobile, and they can be
comprised of PCs, laptops, tablets, phones, and other devices. And you need to enforce
app and data policies, so application and data policies. What applications can run
where. Who can run them. What is done with the
data on those devices. Who can have data on their devices. And then, you need to
support bring-your-own-device and various device life cycles. You have people that are
transient and seasonal employees that have different types
of devices and you may want to manage their device while
they are working for you, and then, do something like
wipe the applications and data, the company applications and data when they leave the company. Those are some of the
challenges that we look at. Now let’s look at Intune,
the ability to provide device management, application
management, and even data management across a
wide variety of devices, from the Essentials
environment through Intune back to devices on
premises and also remote and mobile devices. So, let’s take a closer look
at Intune and how Intune delivers mobility management. So, Intune helps organizations
provide their employees with access to corporate
applications, data, and resources from virtually anywhere
on almost any device while helping to keep
corporate information secure. So, what are the components here? So, you’ve got mobile device
management, so you can actually manage the devices, and
then you’ve got application management, where you’re managing
the applications that run on those devices, and then
there’s also the ability to do PC management, so
the PCs that are remote or on-premises, you can manage
those, as well, with Intune. The first thing that you have
to do is, with the device to get it into the Intune environment, (audio cuts out) so you enroll the device, and the policies that are set up in Intune
will then be downloaded onto those particular devices. So, you can deploy email,
VPN and Wifi profiles, deploy access certificates,
deploy and install the applications that
you want them to have, deploy managed application
configuration policies, so that you set up policies
around those applications, and then apply and enforce
device configuration settings, and then also collect hardware
and software inventory data so you know what devices are
out there and what’s on them. In terms of mobile device
management, you can apply and enforce device configuration
settings across multiple operating systems and devices,
and then you can manage the settings across Windows
10 PCs, phone, IoT devices via Intune and that
includes Windows Defender, the anti-malware, Firewall,
and Cortana analytics. And then you can also
collect hardware and software inventory data for reporting. One critical area that is
provided is the ability to lock down the device. So, a person has a device
connected to Intune, and you can actually deploy
policies using Intune to lock down the device, so
they can only run applications allowed by IT, and you
can allow multiple users or only one user to use the same device and customize the device experience based on the login or the identity. And then you can also
deploy Device Guard policies using Intune to allow only
trusted applications to run on Windows 10 devices. There’s also the ability
to create an inventory of the mobile devices that
are in your environment. Even small organizations, with Windows Server 2016
Essentials, you can have 25 users and up to 50 devices. So, even a small business would like to do mobile device inventory. So the hardware properties
for the mobile devices are collected by Intune and
then, the company application inventory is collected,
and the person application inventory is not collected. We’ll talk a little bit more
about how there’s a separation between the company applications and the personal applications in a moment. And then you can also create
reports on all of that inventory information. Mobile application management
is one the critical features of Intune. Both the ability
to manage the applications themselves, so you can
maximize mobile productivity and protect corporate resources
with Office mobile app, including multi-identity support, and then extend the capabilities
to your existing line of business apps, if you have them, using the Intune App Wrapping
tool, and then enable secure viewing of content using the
Managed Browser PDF Viewer, AV Player, or Image Viewer apps. A critical piece is that your
managing the applications that are running on that
device, so you’re not only managing the device, you’re
managing the applications and data. And, as an example, see that
these are managed applications because they’re business applications. You’ve got Outlook, Excel,
Word, PowerPoint, Skype, and OneDrive. And then you’ve also got
personal applications that aren’t under the management umbrella,
or they’re separated, and let’s give an example here. See that these are managed apps, and then personal applications. And there’s the ability
to create a separation between corporate data and personal data that are associated
with those applications. Now if we look at this very quickly, so you have an email attachment that’s got a Excel spreadsheet in it, and
then, the ability to copy it is there, but you cannot paste
it to a personal application. However, you can paste it
to a managed application, like Word, but you cannot
save it to personal storage, but you can save it to
the company OneDrive. So that maximizes productivity
while preventing leakage of company data by restricting
actions such as copy, cut, paste, and save as, between
Intune-managed apps, and unmanaged applications. And there’s also the ability
to do a selective wipe. This comes back to the
transient or seasonal employees, where they can go ahead
and use their phone with your applications, but
when they leave the organization you can perform a selective
wipe via the self-service portal or the admin console and remove
those managed apps and data. And then in terms of
management, you can manage these devices from virtually anywhere. So there’s a new, intuitive dashboard, and can configure and deploy
policies and change those policies after you’ve
deployed them, if you wanna have different policies. You can manage your software
deployment and you can respond to a wide variety of
alerts on how the applications are being used, how the
devices are being used, and there are also reports
that you can create and there’s this concept
of role-based management. So, you can not only set the
access policies, but you can determine who can manage that
particular set of devices or individual device. So, in summary, you can
integrate with Intune through Windows Server 2016 Essentials. You can manage PCs, laptops,
tablets, and phones, whether they’re on-premises or remote, and you can protect and
manage applications, data, and devices, and configure
and deploy policies across all of those devices,
and those applications and that data, and that
management can be role-based, and then you can create and view reports. So, thank you for watching.

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *