Escolar Documentos
Profissional Documentos
Cultura Documentos
with Intune
Information in this document, including URLs and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo,
person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any
purpose, without the express written permission of Microsoft Corporation.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer
or product. Links are provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked
site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only
as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written
license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Microsoft, Active Directory, ActiveSync, Azure, Forefront, Internet Explorer, Silverlight, Windows, Microsoft Intune, Windows PowerShell, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Getting started
For these demonstrations, use the following virtual machines (VMs):
CM
BYOD
For more information about these VMs and their use, see the Enterprise Client IT Camp Demonstrations Delivery and Setup Guide.
In the Microsoft Intune administration portal, we will go to the 3. In the Microsoft Intune administration portal, click the Admin
Microsoft Intune administration console. Here, we will navigate to Console link.
the Administration workspace, then click Mobile Device Tip The Admin Console link is at the top of the Microsoft Intune
Management to administer the mobile device management
administration portal between the Company Portal and Admin
authority for our Microsoft Intune subscription.
links.
The Microsoft Intune administration console opens, you might be
asked to sign in again.
4. In the Microsoft Intune administration console, in the navigation
pane, click the Administration workspace.
5. In the Administration workspace, click Mobile Device
Management.
The Mobile Device Management page opens.
Now, back on the Mobile Device Management page, we can see that
Microsoft Intune is now the mobile device management authority.
We can also see the types of devices that Microsoft Intune can
manage, including Windows devices (such as Windows 8.1 and
Windows RT 8.1), Windows Phone 8, and iOS devices. We can also
manage Android devices, but that management does not require any
configuration, so Android devices are not shown in this list.
We can also configure a connection to Microsoft Exchange Server,
which enables us to do enrollment and management of devices that
are connected to Exchange Server through Microsoft Exchange
ActiveSync.
For this demonstration, we just configure the management of 8. On the Mobile Device Management page, click the Windows
Windows devices. Lets click the Windows Management link to start Management link.
this process. The Set Up Mobile Device Management for Windows page is
displayed.
On this wizard page, we select type of software installation to 10. On the Software setup page, perform the following steps, and
perform. If we look in the Select how this software is made available then click Next:
to device list, we can see that we can specify a software installer (like a. In Select how this software is made available to device,
an .msi or .appx file) or an external link. We select Software installer select External link.
for these types of files. Select External link for apps that are directly b. Return to the Add Software wizard.
installed from a store (such as Windows Store, iTunes, or Google c. In Specify the URL, paste the windows store address you
Play). For the purposes of this demonstration, we are deploying a copied to the address bar.
deeplinked app, so we will select External link.
Now, we need the deeplink URL. We open the file where we stored
the deeplink URL earlier in the demonstration. We copy the deeplink
URL, and then paste it into Specify the URL.
On this wizard page, we provide information about the software we 11. On the Software description page, perform the following steps,
are adding. For this demonstration, we enter information about our and then click Next:
Skype Wi-Fi Windows Store app. In Publisher, we enter Microsoft. In a. In Publisher, type Microsoft.
Name, we enter a name and point out that this is the deeplinked b. In Name, type Skype Wi-Fi Windows Store App (Deeplink).
version (as opposed to an .msi installation). We provide additional c. In Description, type Skype Windows Store app to be
information in Description. And finally, we select the appropriate installed from deeplink.
category for our software. In this case, Collaboration & Social is the d. In Category, select Collaboration & Social.
most appropriate. e. Click Next.
We can see that the software has successfully been added to 13. On the Upload page, review the completion status of the wizard,
Microsoft Intune. We close the wizard and see that our Skype Wi-Fi and then click Close.
Windows Store app is shown in the list of managed software. Now 14. In the details pane, the new software (Skype Wi-Fi) is shown in
that our app is added to Microsoft Intune, we need to deploy the app the list of managed software.
to our devices.
Deploy an app
On this wizard page, we select the user groups to which we want to 5. In the Manage Deployment Wizard, on the Select Groups page,
deploy the software. click Ungrouped Users, click Add, and then click Next.
Users only need their email account to enroll their device, so we 8. In the Workplace panel, in Enter your user ID to get workplace
enter our Lori Penor email address, and then click Turn on. This access or turn on device management, type
allows System Center 2012 R2 Configuration Manager and Microsoft lori@xxx.onmicrosoft.com (where xxx is the domain for the
Intune to manage our device. Microsoft Intune subscription), and then click Turn on.
Windows 8.1 locates the Microsoft Intune servers. The Microsoft
Intune sign in page is displayed.
We need to enter the password for our Microsoft Intune account and 9. On the Microsoft Intune sign in page, in Password, type the
sign in to Microsoft Intune. password for lori@xxx.onmicrosoft.com (where xxx is the
domain for the Microsoft Intune subscription), and then click Sign
in. You noted this in Notepad on the CM machine previously.
10. You will be asked to update the password, provide your own
password at this point and click Submit.
After we are signed in to Microsoft Intune, Windows 8.1 displays a 11. On the Allow apps and services from IT admin page, review the
notification about having apps and services being provided by the information, select I agree, and then click Turn on.
organization's IT admin. This notification makes the user aware that Windows 8.1 connects to the workplace.
some features of their device will be now managed by the IT
department. This is especially critical in BYOD scenarios, where the 12. Close PC settings.
user owns the device. Let's agree to allow our organization to
manage our device. When we have connected to the workplace, we
can close PC settings.
Now, let's run the Company Portal app. Again, we search for the app, 26. On the Start screen, type Company Portal.
and then select it from the list of search results. The list of search results is displayed.
27. In the list of search results, select Company Portal.
28. The Company Portal app starts, and the Microsoft Intune sign-in
page appears.
Notice that the BYOD device is listed under devices users can see all 30. Click BYOD, notice the available options
their enrolled devices in the company portal, regardless of platform. 31. Click back to the Company Portal app.
In the Windows Store app, we can see the Skype Wi-Fi app page. 3. In the Windows Store, on the Skype Wi-Fi app page, notice that
There is the Install button that we would expect for a Windows Store the Skype Wi-Fi app can be installed on this device
app. We click Install. The download and installation process behaves 4. Click Install.
just as it would for any app deployed from the Windows Store.
5. Close the Company Portal app.
We can also perform several remote tasks on devices through the 3. In the details pane, click BYOD.
Microsoft Intune software that was installed when the device was 4. In the details pane, click the Remote Tasks list.
enrolled.
Tip The Remote tasks button is immediately above the list of
The Run a Full Malware Scan and Run a Quick Malware Scan tasks
devices.
deal with performing a full or quick malware scan on the device. We
could select these options to force malware scan on a device. As 5. Select Remote Lock.
expected, a full scan takes longer and consumes more resources than
6. Switch to the BYOD VM you will see that the machine will lock
a quick scan.
even if you are actively using it!
The Restart Computer task remotely restarts the selected device.
The Update Malware Definitions task forces the device to download
the latest malware definitions for Microsoft Forefront Endpoint
Protection.
The Refresh Policies task forces the device to download the latest
Microsoft Intune policies (which we configured in the Policy
workspace).
The Remote Lock task remotely locks the device. This is useful if a
user misplaces the device and you want to give them time to find it
while maintaining security.