System Center 2012 R2 Configuration Manager, the market-leading client management product, can integrate with Windows Intune to be a powerful solution which manages PCs and mobile devices both on-premises and in the cloud, all in one infrastructure and administrative console – what we call Unified Device Management. Historically Microsoft shipped a major release of Configuration Manager every 1 – 2 years. However with rapid releases of the Windows Intune service to address the emerging trends in the Mobile Device Management (MDM) market, it is essential to provide a very simple way for our customers to be able to adopt these new MDM features without going through expensive deployment upgrades to their on premises Configuration Manager infrastructure. We are excited to demonstrate a feature of System Center 2012 R2 Configuration Manager called “Extensions for Windows Intune”. This capability enables new features in Windows Intune to be available within your Configuration Manager console alongside the existing features without any on premises upgrade.
One of the first features to be available as an extension for Windows Intune is the ability to provision Exchange ActiveSync email profiles to mobile devices. This feature allows enterprises to deploy email profiles and restrictions so that workers can access corporate email on their personal devices without any required setup.
In this blog post, I’ll provide:
Once Microsoft ships a new extension feature through the Windows Intune service, it is immediately made available to administrators within the Configuration Manager console that is connected to Windows Intune service. They will be provided with a message that notifies them about the availability of the new extension. They can then navigate to the ‘Administration workspace’ > Cloud services and select the new ‘Extensions for Windows Intune’ node. The list of available and installed Windows Intune extensions is provided there.
The administrator can view details about each extension. Before installing an extension, they are prompted to review and accept a license agreement. A key deployment aspect to note is that, once the administrator enables an extension, that feature is automatically replicated and enabled on all site servers in their Configuration Manager hierarchy of servers.
The process of enabling an extension triggers a connection to the Windows Intune service to download and install the extension. In just a few minutes, the extensions are installed and the administrator will be provided with a confirmation dialog that will prompt for a restart of the Configuration Manager console.
After the Configuration Manager console restarts, the new features are available. In this example, the ‘Email Profiles’ feature is available in the ‘Company Resource Access’ node in the ‘Assets and Compliance’ workspace.
As you can see, with just 3 simple easy steps we have made it super easy for a System Center 2012 R2 Configuration Manager administrator who has a Windows Intune subscription to dynamically add new capabilities without any of the upgrade steps typically associated with getting access to new Configuration Manager features.
Despite millions of applications now being available on different mobile stores, email is still the number 1 killer app being used on mobile devices. A key incentive for enterprises to adopt Bring Your Own Device (BYOD) strategies is to enable workers to become more productive with their personally owned devices. This involves enabling them to access corporate email in order to stay in constant communication with colleagues. But setting up email can require special knowledge or can otherwise be a time sink for workers and a support liability for IT groups.
The new ‘Email Profiles’ feature enables enterprises to provision ‘Exchange ActiveSync’ email profiles to iOS and Windows Phone 8 devices. By creating and targeting an email profile to users, the email profile can be automatically setup by Windows Intune shortly after the users enroll their mobile devices with the Intune service. This eliminates the need for any manual configuration on the email client mobile device. It also allows the enforcement of email-related restrictions. Let us now take a look at how to provision an email profile using the simple ‘Email Profiles’ wizard. In the first step, provide a profile name and description.
The key features in Exchange ActiveSync email profile configuration are:
In addition to configuring the basic email profile details, administrators can also configure some of the email client settings. The key capabilities specific to Windows Phone 8 devices are:
The following settings are applicable only to iOS devices:
The following settings are applicable to both Windows Phone and iOS7.
And that is it. With a few simple clicks, an administrator can create an email profile and deploy it to thousands of users who automatically get their corporate email setup on their mobile devices.
When a user’s mobile device is lost or stolen, the administrator or the end user can initiate a ‘selective wipe’ of corporate data including their corporate email. This is currently supported by the iOS native email client app, but not the Windows Phone 8 EAS mail app. Administrators should ensure that the EAS email profile on iOS devices was provisioned through the Windows Intune MDM channel and not manually created by the end user in order for the selective wipe capability to be effective. The corporate email profile is also removed when the user unenrolls from the Windows Intune management service or deletes the MDM profile.
The ‘Extensions for Windows Intune’ feature provides frequent, dynamic feature updates to System Center 2012 R2 Configuration Manager without any on-premises infrastructure update. New extensions like email profile provisioning make it very easy for end users to connect to corporate email from their mobile devices while at the same time, it ensures that administrators can protect corporate data by having the ability to selectively wipe email from lost or stolen mobile devices.
This posting is provided "AS IS" with no warranties and confers no rights.
Grate way of keeping sccm / Intune in sync and relevant, I look forward to giving it a spin and feature extensions that will be offered.
No "Extensions for Windows Intune" currently show up in my SCCM 2012 R2 console. How do I get them?
Thanks Steven. Tariq, New Intune service features like email extensions will be rolled out to customers with Intune subscriptions starting next week.
No extensions yet, eagerly waiting to see it in my SCCM 2012 R2 console.
Please update this walk-through, as modern ConfigMgr no longer needs this extension.