Notes from our outstanding December 2016 meeting are below.
Kent Agerlund - COPENHAGEN. HE IS FROM COPENHAGEN
MDM is a bigger project than desktops usually with a larger audience. A phone is more impactful than a desktop in the eyes of the end user.
An MDM project needs to be divided into segments. (The MDM space is updated much faster than the CM space)
Step by Step -
- Focus on the basic.
- What platforms? (not an easy question)
- Compliance and Security are not the same thing.
- Conditional Access - There is a huge different with Exchange 201X and O365.
- Do not enable Conditional Access and leave. It's not that easy.
On your MP if you allow Inter and Intra connections. Be careful here, the internet facing one (in IBCM scenarios) can cause all your PXE requests to go to the internet facing DP.
This is all controlled by a registry key. When you change the MP to intranet only, this registry key doesn't update. (may be a bug)
- Certificate Management
- Application Management
- Data Leakage
Define the success criteria for each of these steps.
Comparing features between MDM providers is futile. They change too fast.
If you select Intune you get lots of stuff with it (free)
MFA, Azure AD, Azure Threat Analytics
Lessons learned -
Secure a sponsor
Define the data ecosystem (do this yearly or more)
Divide the project into smaller pieces.
BYOD -> BAD (Bring Any Device)? Nightmare. Any device into the enterprise? Very bad idea.
Android Fragmentation is a problem. Have standards when defining your mobile strategy.
Android for Work. This is a standard? Supported in Intune since October. Not supported in Hybrid.
Google maintains that standard. This is something you opt into.
Darkreading.com -> one of kent's favorite.
Data Eco System - WHO / How / Identity / Age -> approach the problem with these in mind. Try to avoid the WHY.
Intune vs. Hybrid -> Intune is better.
You need a lab environment god damn it. Stop messing around.
You cannot reset the intune authority even though the console almost allows you. You have to call MS Support to do this.
Android for work is a container that holds all the work specific stuff.
Look out for work - 3rd party integration into intune. Not free. First 3rd party integration.
LookOut - boston based company. AV for android. Enterprise features are not free.