UEMB360: Ivanti MDM: Similarities and Differences Managing iOS, macOS, Android and Windows 10
GoIvanti
448 views
35 slides
Jun 28, 2017
Slide 1 of 35
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
About This Presentation
Ivanti MDM: Similarities and Differences Managing iOS, macOS, Android and Windows 10 via MDM
Plinio Pimentel
Jason Forsgren
Slide Content
UEMB360 -Ivanti MDM: Similarities and
Differences Managing iOS, macOS,
Android and Windows 10 via MDM
Plinio Pimentel and Jason Forsgren
Differences Managing iOS, macOS,
Android and Windows 10 via MDM
Plinio Pimentel and Jason Forsgren
Agenda
Enrollment1
Profiles2
Applications3
Dual Managed 4
Demo5
Enrollment1
Profiles2
Applications3
Dual Managed 4
Demo5
§Enrollment
Enrollment
Workflow1
DNS Configuration2
General Configuration3
Workflow1
DNS Configuration2
General Configuration3
Workflow
Mobile Devices
CSA
Firewall
Windows Devices
(enrollment)
Console
Core
APNS /FCM (GCM) / WINS
DNS
Mobile Devices
CSA
Firewall
Windows Devices
(enrollment)
Console
Core
APNS /FCM (GCM) / WINS
DNS
DNS configuration
§DNS entry to redirect to CSA
§Allows enrollment without having to type the CSA domain name
§Only available for iOS, MAC and Android enrollment
§Windows DNS mappings
§Allows enrollment in environments where there are redirections
§E.g. Office365, Federated Authentication
§Trick the Windows Enroller to go where we want
§DNS entry to redirect to CSA
§Allows enrollment without having to type the CSA domain name
§Only available for iOS, MAC and Android enrollment
§Windows DNS mappings
§Allows enrollment in environments where there are redirections
§E.g. Office365, Federated Authentication
§Trick the Windows Enroller to go where we want
DNS text string
§Apple (iOS / Mac)
§iOS-enroll=https://[CSA URL]/rtc/[CORE NAME]/MDM/api/v1/IosEnroll
§Android
§Android-enroll=https://[CSA URL]/rtc/[CORE NAME]/MDM/api/v1/AndroidEnroll
§Windows
§Add a (CNAME) to use e-mail to resolve to a different Domain
§Apple (iOS / Mac)
§iOS-enroll=https://[CSA URL]/rtc/[CORE NAME]/MDM/api/v1/IosEnroll
§Android
§Android-enroll=https://[CSA URL]/rtc/[CORE NAME]/MDM/api/v1/AndroidEnroll
§Windows
§Add a (CNAME) to use e-mail to resolve to a different Domain
Configuration
§DNS Text
§APNS, FCM(GCM), WINS
§Certificate from apnsportal.landesk.com (License credentials)
§FCM requires Google credentials
§WINS requires a Microsoft developer account (small fee)
§CSA selection
§DNS Text
§APNS, FCM(GCM), WINS
§Certificate from apnsportal.landesk.com (License credentials)
§FCM requires Google credentials
§WINS requires a Microsoft developer account (small fee)
§CSA selection
Domain mappings
§Used with Windows enrollment only
§Required since we use the native Windows Enroller
§Used with Windows enrollment only
§Required since we use the native Windows Enroller
*Note: If DNS is not available, the server address is presented and you only need to type:
https://[CSA URL]/Core Name]
https://[CSA URL]/Core Name]
§Profiles
Profiles
Entities1
Inventory2
Entities1
Inventory2
Profile entities
§Agent behaviors
§Compliance
§Connectivity
§Exchange/Office365
§Security
ScheduledTask
AgentBehaviors
Profilesand
Certificates
§Agent behaviors
§Compliance
§Connectivity
§Exchange/Office365
§Security
ScheduledTask
AgentBehaviors
Profilesand
Certificates
Entities cont.
ScheduledTask
AgentBehaviors
Profilesand
Certificates
Last scheduled task wins
You can have default behaviors
Agent behaviors can have more
than one profile, and profiles can
be enable or disabled.
ScheduledTask
AgentBehaviors
Profilesand
Certificates
Last scheduled task wins
You can have default behaviors
Agent behaviors can have more
than one profile, and profiles can
be enable or disabled.
Inventory
§Currently, reporting agent behaviors and scheduled tasks
§With the current implementation there are differences on how profiles
are applied.
§E.g. Apple most restrictive wins, and Wi-Fi will not be yanked if connected
§Compliance behaviors have no “Default” because they have restrictions
inside of them, like only apply if the device matches some criteria
§Currently, reporting agent behaviors and scheduled tasks
§With the current implementation there are differences on how profiles
are applied.
§E.g. Apple most restrictive wins, and Wi-Fi will not be yanked if connected
§Compliance behaviors have no “Default” because they have restrictions
inside of them, like only apply if the device matches some criteria
§Applications
Applications
macOS / iOS1
Android2
macOS / iOS1
Android2
iOS and macOS
§Apple Volume Purchase Program
§Purchase bulk apps from app store
§Add bulk token to Core Server
§Free apps, Links and Documents
§Manifest or Custom Apps
§Apple Volume Purchase Program
§Purchase bulk apps from app store
§Add bulk token to Core Server
§Free apps, Links and Documents
§Manifest or Custom Apps
Android
§Distribution of free apps
§Distribution of links an documents
§Distribution of Manifests or Custom Apps
§Behavior dependent on the Agent
§Android for Enterprise Agent
§Profile owner mode (BYOD)
§Device owner mode (Corporate owns the device)
§Android Agent
§Regular management (Mingle data)
§Distribution of free apps
§Distribution of links an documents
§Distribution of Manifests or Custom Apps
§Behavior dependent on the Agent
§Android for Enterprise Agent
§Profile owner mode (BYOD)
§Device owner mode (Corporate owns the device)
§Android Agent
§Regular management (Mingle data)
§Dual Managed
Dual Managed
Why/Scenarios1
What to watch for2
Why/Scenarios1
What to watch for2
Why and when should I use it?
§macOS want to distribute VPP apps
§Windows wants to configure Wi-Fi / Email settings but still needs
full management
§The device was migrated from MDM to Full Management
§macOS want to distribute VPP apps
§Windows wants to configure Wi-Fi / Email settings but still needs
full management
§The device was migrated from MDM to Full Management
What to watch for?
§macOS
§They will always share Device ID (Hardware based)
§SYNC Scan will temporarily override the agent scan
§macOS
§They will always share Device ID (Hardware based)
§SYNC Scan will temporarily override the agent scan
What to watch for?
§Windows
§If the Device was had an agent and then enrolled in MDM
§It will use current duplicate detection logic but it may take a couple
scans
§MDM Sync scan will override temporarily the full scan
§Both can co-exists
§Windows
§If the Device was had an agent and then enrolled in MDM
§It will use current duplicate detection logic but it may take a couple
scans
§MDM Sync scan will override temporarily the full scan
§Both can co-exists
§Sneak Preview
Some of what is coming to MDM
§Group enrollment
§iOS Profile Configurations
§macOSProfile Configurations
§Applied Profiles(agent behaviors) shown in Inventory
§“Moving more into a “State Management”
§Master Configuration and Applications
§Windows 10 Enhancements
§MDM Software Distribution
§Software inventory
§Group enrollment
§iOS Profile Configurations
§macOSProfile Configurations
§Applied Profiles(agent behaviors) shown in Inventory
§“Moving more into a “State Management”
§Master Configuration and Applications
§Windows 10 Enhancements
§MDM Software Distribution
§Software inventory
§Demo
Thank you
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 448
- Slides 35
- Age 3080 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views