Manage Mobile Devices in Configuration Manager

Similar Messages

• Manage mobile devices by SCCM2012 R2+Intune, Intune Admin Portal

  If mobile devices are configured and managed by SCCM, should these mobile devices also appear in the in the Intune Admin console ?

  This might be helpful
  http://gallery.technet.microsoft.com/Mobile-Device-Management-a23ffe2a
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Selective Remote Wipe mobile device by using SCCM2012 R2

  Hi all.  I've got SCCM2012 R2 installed and would like to test out the new Selective Remote Wipe feature (wipe company content only).  I've created the Exchange Connector, running the connection to our Exchange server through a service account,
  and this service account has been granted with the Exchange Organiziation Management and View-Only permission.  In SCCM2012 R2 admin console, I can see the list of mobile device that connected to our Exchange server through ActiveSync.  However,
  when I try to do a Retire / Wipe action on the mobile device, I only able to select the option "Wipe the mobile device and retire it from Configuration Manager" (a FULL wipe of the device, which is not what I wanted).  The option above, "Wipe
  company content and retire the mobile device from Configuration Manager" is dimmed out, not configurable.  Am I missing something here?  Thank you.  

  Selective Wipe is only available when you integrate ConfigMgr with Windows Intune. The Exchange Connector is not enough.
  http://www.gerryhampsoncm.blogspot.ie/2014/02/mdm-in-sccm-2012-r2-device-ownership.html
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• How to register a Mobile device Id in the netweaver Administer login?

  Hello all,
               How to register a Mobile device Id in the netweaver Administer login?
  I logged in as J2ee_admin and I see SAP Mobile Infrastructure under the Administration adn underneath I see Mobile device releated configurations But there I don't see any options for creating a entry for registering a mobile device.
  How can we register a mobile device/laptop there???
  Thanks for your help in advance.
  Thanks,
  Greetson

  Hi Greetson,
  well, if you open the NWA and select
  "Mobile Infrastructure->Device Maintenance", search for all devices.
  Select the deviceId you are interested in, then in the bottom part of the screen you will find some informations of the device. Open the second tab ("Mobile Components"). You should see "MobileEngine JSP" there as entry. Correct so far?
  Then there is a button "Add/Remove"
  If you select that button a new window opens. In there you can select the component you want to install on the device. Please enter the username as well - this is mandatory for the assignment. Well, then press add and the entry occures in the list at the bottom of the screen.
  Next Sync - app comes down to the device.
  Oh - before this can happen, you have to deploy the SDA file on the J2EE - but this is a logical step I guess.
  Hope this helps to solve the issue
  Regards,
  Oliver

• Questions on mobile device management

  Hi All,
  I'm not sure where to post this question since I couldn't find a forum specific to Afaria, so thought someone here might be able to help.
  1. Afaria mobile device management solution claims that data and content is backed up and can be deleted if a device is stolen or lost. Can this deletion be done if the mobile is switched off of the SIM card has been removed? What is the mechanism of the data deletion process when the device is either ON/OFF?
  2. How does Afaria handle online and offline user authentication? If a mobile app is opened, can Afaria be configured to force the user to enter credentials for authentication? Or should there be a separate login page as a part of the mobile app? (The user's credentials are needed to find his role from LDAP and the rest of the app to work properly, which is y the question).
  Thanks & Regards,
  Vaishnavi

  This forum is fine for Afaria discussions and questions, no worries. 
  1.  If mobile device is switched off or not network connected then Afaria is not able to do anything with that device.  The content though would be secured, encrypted etc. so that there should be no risk as long as the device is switched off.  The "kill device" command that can be sent from Afaria will work if device is turned on and connected to a network.
  2.  Afaria can force quite a lot of things and one of them is regarding the device itself, forcing a password/pin type of unlocking.  The mobile app normally has it's own mechanism for authentication, user name and password.  That is a SUP function and has little to do with Afaria, I don't believe Afaria can force that part of authentication. 
  You can get a good overview of the technical part of Afaria here:  [Afaria Technical White paper|http://www.sybase.com/files/White_Papers/Afaria-Technical-WP.pdf]

• Manage Mobile Device missing in Exchange Management Console

  Exchange 2007 SP1.
  So up until now, my organization did not support ActiveSync and we had it disabled for all users.
  This summer this will change, and we will start allowing ActiveSync devices to connect.
  As a pilot group I enabled 3 users.  They all connected with their devices days ago (two on Monday, the other on Tuesday).  When looking them up in the Exchange Management console, the Manage Mobile Devices option is not visible.
  If they go into OWA, their devices and all management options are listed there.
  I realize that I could go into ADSIedit and set msExchMobileMailboxFlags to 1 and then it would show up.  That isn't really my concern though. 
  My concern is that when a user leaves the company, we would like to be able to go into EMC and issue a wipe of their device, not have to give ourselves permission to their mailbox, log in to their mailbox via OWA, and issue the wipe there.
  Anybody know why this happens (why a user with a mobile device doesn't get the Manage Mobile Device option in EMC)?
  Thank you

  Hi
  Here's a link for how to wipe a device remote
  http://technet.microsoft.com/en-us/library/aa998614%28EXCHG.80%29.aspx
  Hope it will be helpful for you!
  Jonas Andersson MCTS: Microsoft Exchange Server 2010, Configuration | MCITP: EMA | MCSE/MCSA Blog: http://www.testlabs.se/blog
  Thanks for the link, but I know how to perform a remote wipe.
  My question would be why does the "Manage Mobile Devices" button not appear when highlight some users that do have Mobile Devices?  Yes I could go into the OWA of their mailbox to wipe their device.  Yes, I could use the Shell to wipe
  their devices.  But neither of these would be as convenient as just going into Manage Mobile Devices via Exchange Management Console and performing a wipe there.  Especially for my user admins.
  Right now I am basically looking at creating some script that goes in and makes sure that "msExchMobileMailboxFlags" is set to 1 for every user that has ActiveSync enabled.  My main issue is that I feel I shouldn't have to do this. :P

• ISE integration with Mobile Device Management ( MDM ) help required

  Dear Techies,
       Am here bring to your notice an different issue and no much resources to support even in PEC or Cisco Document.
       We are conduction a Proof Of Concept (PoC) on  Secure Bring Your Own Device ( BYOD ) using Cisco ISE and gonna test all the scenarios like Wired, Wireless and VPN user access.
  Setup Brief :
  =========
        Our Setup has  ISE VM acting as Admin, Monitor and Profiling Device, we have NAC 3315 physical Appliance as Inline posture Device, Wireless LAN controller, Access point and the Identity source as Microsof Active Directory
       Having Plans to Integrate Mobile Device Management ( MDM ) and Citrix VDI setup also.
  Activity Brief:
  =========
       As of now we have tested the Wired Scenario Authentication and authorization for guest users and gonna carry out the profiling and posture.
  Clarifications Required
  ================
  Wired Scenario - Require some configuration / steps on how to carryout posture for the guest wired users i.e. LAPTOP.
  Wireless Scenario
  MDM can be integrated to ISE ? 
  How the MDM can be integrated to Cisco ISE configuration or Guide to show the same?
  What is the demarcation between MDM and ISE ( i.e. What is the role of ISE and MDM on Mobile Devices ) ?
  If MDM is available so then when the control of ISE ends, does MDM do management or ISE will do management of the devices ?
  Is MDM will do client provisioning or ISE should do ?
  Is MDM send or update patches of Mobile Devices ?
  As of now these are the scenarios, kindly revert if any good documents to show this or share your expertise on the Integration Part.
  Thanks for Reading...
  Arun

  I would like to avail your valuable inputs to understand on the  Client provisioning part for the Mobile Devices/ Laptop. I understand  from your reply that MDM integration is not available in the current  release ISE 1.1 - That is correct.
  Kindly let me know your views or any documents on the following scenarios with the current release in mind
  1. User  with Mobile devices connecting to Wireless  ( both Employee  and Guest ) , How the Flow differs for the Employee and Guest.  How the  client provisioning is done ( i.e. Like Posturing  or Compliance Check  ).
  The posturing and compliance check is done based on the user authentication information (i.e. AD memberOf vs Guest user) combined with the users endpoint (windows, mac osx, or a mobile device), ISE then has a few decisions to make based on the authorization policies. For example, if a Domain User coming from a Windows 7 machine joins the network, then can either use the nac agent, or the web agent. Then you can scan for registry settings, file settings, program requirements, hotfix compliance...and the list goes on. If the user fails a check then you can either assign an acl for the user so they only have guest access, or you can place them into a remediation vlan the options are entirely up to the requirements and however the solution is implemented.
  2. User  with Laptop  connecting to Wireless  ( both Employee  and Guest ). How the client provisioning is done ( i.e. Like Posturing   or Compliance Check ).
  Guests are usually redirected to the guest portal which they authenticate and their user group falls within the Guest container that is on the ISE internal database, that is usually coupled with an authorization profile that grants them internet access. For the client provisioning, that is usually done based on the operating system, via profiling (dhcp, and user agent string., netmap...etc) and can be fine tuned for all laptops or to a specific set of users based on their group membership.
  3. What are advantages of having ISE also in  place for Mobile devices, since most of the Mobile related tasks ( like  Authentication, Authorization, Profiling and  Posture ) are carried out  by MDM. I am checking for the significant advantage of having ISE for  Client network having only Mobile devices. Kindly clarify.
  Currently the advantage of Cisco ISE is that it supports profiling within wireless and really fits well within a network that has mostly Cisco products since they are all part of of the Borderless security initiative being driven on the backend. The product teams for wireless, wired, security (vpn..etc) and ISE are pretty close in building their solutions so that you can get connected with any device any where (sorry for the sales pitch). The latests wireless code is improving and is going to have support similar to the ios sensor for wired devices where dhcp, cdp, and other attributes can be sent in the radius packet for better profiling decisions. With integration for an MDM platform coming soon, and also support for TACACS rumored (have to verify with your account rep) you have options that really stand out from a unit that only supports MDM. Cisco ISE also comes with a wireless product ID so that makes the budget work when it comes to deploying ISE if you arent looking for enforcement on your wired devices.
  4. Do you recommend 802.1X Authentication to use for the Employee and Contractor? The Guest user  authentication as Open ?
  For internal users and vendors the best option by far is dot1x, almost all operating systems are capable of performing dot1x and the 1.1.1 MR has a piece now that can provision the supplicant for the users, by using scep to enroll certificates or configure peap settings.
  There is a feature within the guest portal that allows you to statically assign guests into endpoint group, that feature is called device registration web authentication. It seems like an open network but uses mac filtering to assign these devices to an endpoint without requiring users to enter any credentials. They are presented with an AUP page, once they accept their mac address is mapped to the endpoint group
  5. How can we ensure the Encryption of traffic from the Guest user to the NAD ( Network Access devices ) ?
  This may be a wireless question but I am sure the encryption is done using AES and using dot1x as the key management here is a brief background for this - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807f42e9.shtml#L2
  You can also use the anyconnect client which can provide macsec which is layer 2 encryption for wired - http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-622477_ns1049_Networking_Solutions_Q_and_A.html
  6. We are also looking for VDI  ( Citrix, VMware ) solution for the  client  ( both Employee and Guest ) , how ISE can play a role in  securing the VDI environment.
  For most thin clients you can perform dot1x authentication on the device itself, however that is something the manufacturer will have to support. This is a little gray for me.
  7. Is that any integration required  with Citrix or VMware. How the  VDI can be offered based on the User  role ( i.e. Employee, Contractor or Guest ), since Guest database is  available only with ISE, how the checks are made from the VDI  environment.
  IN ISE there is an identity sequence which can authenticate users in AD first, if the user is not found then it can look in the internal database.
  Our solution demands  MDM in the integrated  solution, As on today ISE cant be integrated with MDM. so what kind of  solution we can propose to have MDM and Cisco ISE .Do the clients now  enter the network should have already installed the MDM agent (or) any  other way of pushing the same to the Client.
  Today there is no integration between the devices, the last release time I heard was December for this feature. However it would be best to confirm with your Cisco Account rep on this issue.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• HT5188 Will "removing apps from devices" also work with other mobile device management systems like i.e. Mobile Iron?

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

  As we are a very big company and working with a high end mobile device management system (Mobile Iron), we cannot use the configurator for iOS devices delivered with Mac OS.
  So my question is, whether it is or will be possible to reuse redemption codes also for devices being managed by other MDM systems than Apple configurator.

• Deployment of mobile device management.

  Hi All,
  I am using SCCM 2012 R2 environment in my organization, and i want deploy mobile device management for mange the apple,android and WIN RT devices. Please help me out for this complete step by step process.
  Currently my SCCM in configured with http.
  Thanks
  Shankarkumar

  All Exchange connector features and supported configurations are listed in the following links :
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigMobileExchCon
  http://technet.microsoft.com/en-us/library/gg682022.aspx
  Benoit Lecours | Blog: System Center Dudes

• Howto enable Mobile Device Manager via IPCU?

  In the iPhone Configuration Utility you can enable a Mobile Device Management connection, but how?
  Can anyone explain how to configure this? We already have al mdm-server running on OSX Lion.
  Thanks!

  Hi Mitulatbati,
  Find the attached content.. It is used to remove any hardware from your compuer.... I hope you'll enjoy lot..
  Regards : 
  Malhar
  Greeting from India,
  Malhar
  Attachments:
  Add_Remove_by_Mlahar.zip ‏136 KB

• The newest version of iTunes is awful when it comes to Cloud syncing-file management. I'm constantly frustrated with what iTunes 'chooses to eliminate from my mobile device and settings aren't fine-grained enough to allow for real user control.

  I'm endlessly frustrated with iTunes Cloud syncing, something that was supposed to make lenjoying my music easier. I routinely find that, though itunes and podcasts have been split, iTunes arbitrairily removes music files or in progress podcast in favor of 'new' podcasts. The settings are just not fine-grained enough to allow true user control and so we are instead subjected to 'Apple knows best' protocols. I understand and appreciate the level of exacting control Apple excercises over their ecosystem, however, more and more often I see them tightening control over things that should be user control while dropping the ball on aesthetic desisions made in producing their own software (see the hideous pull down tab for iTunes to access Podcast, TV shows, Music, etc.
  I would like to see features like those in Mail and the Podcasting apps implemented in iTunes afor the management of content on mobile devices, for instance it would be great to swipe to delete files that you know longer want on your device, at both the album and song level. Another issues is the new pushiness of iRadio and iTunes Store, the app now seems to default to the iRadio page (versus the last page Albums, songs, etc. that the user was navigating, or in the instance of the iTunes Store push, if I doon't have all the tracks of an album i own on my mobile device 'complete my album' takes you to iTunes store rather than showing the 'cloud' download icon next to missing tracks. These are the tactics I expect from Google, not Apple (pushing commerce over quality user experience).
  Fix these things Apple, please.

• IPod touch 5th gen will not connect to iTunes, also apple mobile device usb driver does not appear in device manager. PLEASE HELP.

  I recently purchased my iPod touch with no issues. After updating to iOS 8.1.1 I found that my iPod would no longer appear in the latest version of iTunes and when I searched for Apple Mobile Device usb driver in the device manager, it was nowhere to be found. I've already uninstalled and re-installed ALL components of iTunes and read every single help article. I've tried everything. What went wrong?

  See
  iOS: Device not recognized in iTunes for Windows
  - I would start with
  Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP
  or                     
  Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8
  However, after your remove the Apple software components also remove the iCloud Control Panel via Windows Programs and Features app in the Window Control Panel. Then reinstall all the Apple software components
  - Then do the other actions of:
  iOS: Device not recognized in iTunes for Windows
  paying special attention to item #5
  - New cable and different USB port
  - Run this and see if the results help with determine the cause
  iTunes for Windows: Device Sync Tests
  Also see:
  iPod not recognised by windows iTunes
  Troubleshooting issues with iTunes for Windows updates
  - Try on another computer to help determine if computer or iPod problem

• ITunes won't recognize my iPod. I have the Apple Mobile Device USB driver installed in my programs but it doesn't show up in my Device Manager or Services. Can someone help?

  So I connected my iPod to iTunes and an error message came up saying it needed an updated version of iTunes 64 bit and I was missing the Apple Mobile Device USB driver so I downloaded it because another discussion said that was the solution. I did but it wont show up in my device manager or services. Can someone help me figure out whats wrong?

  See
  iOS: Device not recognized in iTunes for Windows
  - I would start with
  Removing and Reinstalling iTunes, QuickTime, and other software components for Windows XP
  or              
  Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8
  However, after your remove the Apple software components also remove the iCloud Control Panel via Windows Programs and Features app in the Window Control Panel. Then reinstall all the Apple software components
  - Then do the other actions of:
  iOS: Device not recognized in iTunes for Windows
  paying special attention to item #5
  - New cable and different USB port
  - Run this and see if the results help with determine the cause
  iTunes for Windows: Device Sync Tests
  Also see:
  iPod not recognised by windows iTunes
  Troubleshooting issues with iTunes for Windows updates
  - Try on another computer to help determine if computer or iPod problem

• Windows 8.1 mobile device management using integrated environment of SCCM 2012 R2 and Windows intune

  Can we avoid the dependency on the Symantec certificate  for enabling windows phone enrollment under Administration->Cloud services -> Windows InTune subscriptions - Windows Phones. My environment will have only windows 8.1 phones.
  Regards
  Leela

  See http://status.manage.microsoft.com/StatusPage/ServiceDashboard. 
  Engineers are investigating a service issue impacting access to portal via mobile devices.
  (Started on 12/30/2014 8:00:00 AM UTC)
  1/8/2015 11:42:49 PM (UTC)
  Current Status: Engineers are continuing to troubleshoot potential issues related to Active Directory Federation Services (ADFS). Engineers have gathered additional traces and logging data for deeper analysis. User Experience: Affected users with Windows Phone,
  iOS, or Android devices are unable to access their company portal and receive repeated prompts to enter credentials. If incorrect credentials are entered, users will receive an error stating that they have entered a bad password. Customer Impact: Engineers
  have received reports that some customers are experiencing this issue. A subset of users are affected by this event. Other users remain unaffected. Incident Start Time: Tuesday, December 30, 2014, at 8:00 AM UTC Next Update by: Tuesday, January 13, 2015, at
  12:00 AM UTC
  Torsten Meringer | http://www.mssccmfaq.de

• Itunes Mobile device manager wont load/gone

  I bought a new ipad3 and i am having an error message come up when syncing my music  from my iTunes account on a HP Netbook (Windows XP) to my iPad3.
  I get an error message that the iTunes Mobile Device Manager is not connected. Using the new 10.6 OS upgrade....recently updated what has happened.
  I repaired iTunes in my Programs, tried to sync...no go. I then deleted iTunes completely and reinstalled.....same result....no Device Manager.
  Maybe I haven't deleted some or all programs first and then try to reinstall? ...maybe I missed something.
  All programs labeled Apple and iTunes were deleted...am I missing something?
  Thanks for any help and guidence.

  Refer to this article to restart AMDS,
  How to restart the Apple Mobile Device Service (AMDS) on Windows
  http://support.apple.com/kb/TS1567