Last week, at the Microsoft Management Summit 2011, Brad Anderson, Corporate Vice President for the Management & Security Division unveiled some news in his speech that would be of interest to any university, TAFE or school. It was all about the extension of the System Center family to manage more non-Microsoft devices - including Android devices, and iOS devices like iPads and iPhones. Sadly, because it was part of the announcement for the new System Center 2012 Beta, there's not a huge amount of detail that's been posted up on the various Microsoft websites, so I've put together my bullet-point version of what's been announced, and then given you all of the source material below:
- You can already provide email support for other devices through Exchange ActiveSync (Windows Phone and phones running Symbian, iOS and Android)
- With System Center Configuration Manager 2012, in addition to in-depth management of Windows devices - servers, desktops, laptops and phones, we're making changes to enhance the management of other devices.
- We're adding support for:
- iOS-based iPhones and iPads
- Android devices - smartphones and tablets
- Symbian smartphones
- Your IT management team get the benefit of a single set of tools, and a single interface, to manage a much wider part of your campus infrastructure.
- To help you manage your information security and data loss risk, features added include:
- set password and pin-lock policies on any devices which connect to your corporate data, even if it's just email
- setting rigid security rules - for example, to wipe a staff member's device if multiple bad-PIN attempts are made
- the ability to do a full remote data wipe and reset on registered lost devices - whether they are owned by you, or owned by the user. If you've not already got it, you're going to need a policy that your users agree to when they start using their personal device to connect to your corporate systems.
- Improved reporting means that you will be able to see what devices are connected, by whom, and what for - so that you can keep a track of changes in your user base (eg what proportion of your students are connecting to your corporate systems with which phone type - really useful for building your mobile web services plan)
So next time your Principal, or a Head of Department or one of the Deans insists that they need to get access to your corporate systems from their personal phone, or they start syncing files with sensitive data to their iPad at home, you will at least know that you can manage the risk of data loss - and do it from the comfort of your existing System Center management console.
You can view the full text of Brad's presentation, including the demonstrations on the PressPass site, and here's an extract where Jeffrey Sutherland is demonstrating the new Configuration Manager 2012:
But today, with Configuration Manager 2012, I now have the tools at my fingertips to manage mobile devices just as I managed my traditional Windows desktop.
As you can see, there are a number of reports that come built in with Configuration Manager 2012, specific to management of mobile devices. I'm going to show you one report that I find particularly useful, which is the count of mobile devices by platform. And this helps me understand what type of devices are connecting in.
As you can see, we have just under 14,000 mobile devices that have connected. And even though we've standardized on Windows Phone as our preferred device, our users are able to bring in whichever devices they want. And so you can see that we have a fairly broad distribution across IOS, Android and Nokia Symbian.
However, understanding what devices I have connecting is just the first problem that I have. Now let me show you how easily I can configure the security policies that I want to apply on mobile phones. So, I'm just going to view the properties of my connector. And as you can see, we have several settings groups from which I can build up the correct policies to apply. I've already set a password policy, but I'm going to make one small tweak to it, and that is if the phone is lost or stolen, and somebody is trying to break into the PIN, I want it to actually automatically wipe if the user has failed to enter the correct PIN after a number of attempts. I'm going to set that to ten.
And now just like that, this policy is now being pushed out to every device that's connected to our environment