Quarto Evento 07-06-2022 MEM Zero-Touch

Transcript

1. None

2. Device lifecycle Enroll Provide specific enrollment methods for iOS/iPadOS, Android,

   Windows, and macOS Provide a self-service company portal for users to enroll BYOD devices Deliver custom terms and conditions at enrollment Zero-touch provisioning with automated enrollment options for corporate devices Support and retire Revoke access to corporate resources Perform selective wipe Audit lost and stolen devices Retire device Provide remote assistance Configure Deploy certificates, email, VPN, and Wi-Fi profiles Deploy device security policy settings Install mandatory apps Deploy device restriction policies Deploy device feature settings Protect Restrict access to corporate resources if policies are violated (e.g., jailbroken device) Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem Report on device and app compliance User IT

3. Supported device platforms iOS 13.0 and later iPadOS 13.0 and

   later macOS X 10.15 and later Android 8.0 and later (including Samsung KNOX Standard 2.4 and higher)* Android Enterprise (7.0+) Surface Hub Windows 10 and Windows 11 (Home, S, Pro, Education, and Enterprise versions) Windows 10 and Windows 11 Cloud PCs on Windows 365 Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise (x86, x64) Windows Holographic for Business Windows 10 Teams (Surface Hub) Sustaining mode: Windows 10 Mobile Windows 10 1709 (RS3) and later, Windows Phone 8.1, Windows 8.1 RT, PCs running Windows 8.1

4. Deploy with zero touch Direct device shipments to users’ homes

   without pre-configuration steps Remote deployment and configuration of devices through a zero-touch process, right out of the box Support for zero-touch provisioning with Windows Autopilot, Apple Device Enrollment, and Android Enrollment Endpoint Manager + Windows Autopilot, Apple Device Enrollment, and Android Enrollment

5. Windows 10/11 Modern Provisioning – Powered by Microsoft 365 Customize

   OOBE Remove admins Pre-MDM settings Autopilot Auto-enroll into Intune Configure policies, settings Install Configuration Manager agent for Co-management Intune/MEM Configuration Manager Install Microsoft 365 apps Configure updates Office, WUfB Business ready Step up from Windows Pro to Windows Enterprise with subscription- based activation Windows Activation Microsoft Endpoint Manager Azure AD AuthN Azure AD Join Azure Active Directory Self-driven deployment

6. Windows Autopilot scenarios User-driven mode with Azure AD join Join

   device to Azure AD Enroll into Intune/MDM; makes a connection between device and user who runs the OOBE Requirements: • Windows 10 1809 or later • Windows 11 • Internet connection User-driven mode with Hybrid Azure AD join Enroll to Intune/MDM Perform AAD registration, join to device to AD Requirements: • Windows 10 1809 and above • Windows 11 • Internet connection • Reachable AD infra • Setup of Domain Join configuration profile in Intune • Intune Connector for Active Directory Self-deploy mode Azure AD join (Public Preview) No need to provide credentials, automatically joins Azure AD, targeted to kiosks and shared devices Requirements: • Windows 10 1809 and above • Windows 11 • Windows Holographic, version 2004 or later • Internet connection • TPM 2.0 and device attestation Windows Autopilot for existing devices Windows 7 to Windows 10 or Windows 11 Configuration Manager task sequence, followed by Windows Autopilot user-driven mode Requirements: • Windows 10 1903 and above or Windows 11 OS image imported into Configuration Manager • Currently supported version of Configuration Manager • Windows ADK Pre-provisioning (Public Preview) White glove partners or IT staff can pre-provision a Windows 10 or Windows 11 PC to be fully configured and business- ready for an org or user​ Requirements: • Windows 10 1903 and above • Windows 11 • Physical devices that support TPM 2.0 and device attestation (VMs are not supported) • Ethernet connectivity (Wi-Fi is not supported)

7. Apple Automated Device Enrollment Deploy the configuration Register organization with

   Apple Establish trust link between Apple and Intune using a token issued by Apple. Intune syncs information from Apple then management profile is configured in Intune User IT Microsoft Intune

8. Apple Configurator User iOS devices will automatically enroll on first

   power on Microsoft Intune Export device enrollment profile from Intune IT Configure iOS devices with the Apple Configurator Import to Apple Configurator

9. Android enrollment methods Experience/ Feature Device admin App protection policies

   Work profile Corp-owned with work profile Fully managed Dedicated General description Legacy management using device admin rights​ Management at the app level Personal device management with a separate profile for work apps and data Corporate device management with a separate profile for work apps and data Corporate device and enrolled with user account Corporate device without an account, such as kiosk or shared devices Enrollment/ unenrollment UX In Company Portal or Out-of-Box/ factory reset (Samsung) KNOX Mobile Enrollment N/A In Company Portal Out-of-box/ factory reset QR code (7.0+), NFC, Token, Zero Touch(8.0+), KNOX (2.4+) Mobile Enrollment Out-of-box/ factory reset QR code (7.0+), NFC, Token, Zero Touch(8.0+), KNOX (2.4+) Mobile Enrollment Out-of-box/ factory reset QR code, NFC, Token, Zero Touch, KNOX Mobile Enrollment User affinity Yes Yes Yes Yes Yes No Min Android version Android 6.0+ N/A Android 6.0+ Android 8.0 Android 6.0+ Android 6.0+ Deprecated by Google Personal Corporate

10. DEMO

11. Android Enterprise Corp-owned with work profile

12. Android Enterprise Corp-owned with work profile Enrollment

13. Q&A