How can I manage modern devices using System Center 2012 R2 Configuration Manager ? – Part 11

In Part 1 of this mini series we integrated Windows Intune with System Center 2012 R2 Configuration Manager. In Part 2 we added Support for iOS devices (Iphone, iPad). In Part 3 we learned the difference between App Package for iOS (*.ipa file) and applications from the Apple App Store. We learned how to deploy them to iOS devices and configured the deployment type so that the applications were made available to the user based on the iPhone or Ipad operating system version, in addition we also checked device Ownership information and deployed the application based on those requirements.

In Part 4 we learned how to use and configure compliance settings in order to enable or disable certain configurable features on iOS devices. We enforced a Password requirement and enforced a minimum password length as this is a common requirement for organizations. In Part 5 we enabled support for Windows 8.1 devices (both Windows RT 8.1 and Windows 8.1 Enterprise) so that they could be managed via System Center 2012 R2 Configuration Manager integrated with Windows Intune. In Part 6 we deployed Windows 8.1 apps (appx) to Windows 8.1 devices. In Part 7 we  looked at how to make Windows 8.1 store apps available in the Company Portal and how to make them featured apps with their own categories.

In Part 8 we added support for Android and learned how to deploy mobile device settings to Android devices. We enforced a Password requirement and saw how to enable File encryption on Android devices and we used resource explorer to browse the phone properties and to see if the device was a Jailbroken or rooted device. In Part 9 we learned how to deploy native APK (Android application package file) apps and how to deploy apps from Google Play. We learned that Available deployments to Users work but Available deployments to devices fail and we saw how to make our deployed app a featured app within the Company Portal and with it’s own category.

In Part 10 we added support for Windows Phone 8 and enrolled our phone and then verified the Deployment Status of the Self Service Portal. In this part we will look at how Windows Intune adds new capabilities to Configuration Manager via console extenstions.

Every 6 months or so the Windows Intune team add new abilities to the standalone cloud based product (Windows Intune) and some of these new features find their way into the hybrid product (Configuration Manager 2012 on-premise with Windows Intune Integrated) via console extensions which were introduced in February 2014. The Configuration Manager administrator is made aware of these extensions when starting the Configuration Manager console, a message such as the one below is shown:


New Extensions for Windows Intune are available. Extensions can be enabled on Configuration Manager as soon as they become available. View available extensions by going to the Administration workspace, select Cloud Services and click Extensions for Windows Intune node. 

New Extensions are available.png


Step 1. Review the Extensions


In the System Center 2012 R2 Configuration Manager console, select the Administration workspace, click on Cloud Services and select Extensions for Windows Intune as shown in the screenshot below, the number of extensions will vary depending on when they are released, so in the screenshot below (June 2014) there are 3 listed.


Extensions for Windows Intune.png


The extensions listed in the console as of June 2014 are as follows (it would make sense that there will be more released in the future):

  • Email Profile Extensions
  • iOS 7 Security Settings
  • Windows Phone 8.1 Extensions

The three extensions above are further summarized below from Technet:

  • Email profiles in System Center 2012 R2 Configuration Manager is an optional extension for Windows Intune that allows you to provision devices with email profiles and restrictions by using Exchange ActiveSync. This enables your users to access corporate email on their devices with minimal setup required on their part.
  • With System Center 2012 R2 Configuration Manager, the optional iOS 7 Security Settings extension introduces new security settings to manage iOS devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.
  • With System Center 2012 R2 Configuration Manager, the optional Windows Phone 8.1 extension introduces new security settings to manage Windows Phone 8.1 devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.

Each extension has some information about it and you can see this information populated in the summary screen by selecting an individual extension


summary of extension.png


and clicking on the More Information link in the right side of the summary screen


more information.png


will open a web browser page on TechNet with detailed information about the extension.


more information on Technet.png


Step 2. Enable one or more extensions

After reviewing the information about the extension and the features it provides above, you may decide that you want to enable that extension in the console. Simply right click on an extension and choose Enable to enable the extension.


Tip: Currently there is a limitation that once you have selected an extension and enable it, and if you later revert the environment (such as a virtual machine snapshot), you will not get the extensions back again. If you have this issue then you’ll need to call Microsoft CSS to get them back again.


Enable extension.png


Note: Although you can multi-select extensions you can only enable or disable one at a time.


The end user license agreement screen will appear, place a check mark in the box provided and then click on yes as shown in the screenshot below.




Note: Once you enable an extension, that feature is automatically replicated and enabled on all site servers in the Configuration Manager hierarchy of servers.


Once enabled (or disabled if you elected to disable a previously enabled extension) you’ll see the following popup


enabled or disabled.png


and assuming you have an internet connection, the extension is downloaded and then installed, clicking on close will restart the console


update complete.png


After restarting the console, you can review that the extension is indeed enabled by checking it’s status, it should say Enabled. If it says Enabling Extensions… simply wait a few minutes and refresh the console view to see it change to Enabled.


status is enabled.png


Step 3. Review the changes in the console.


Once you’ve enabled some extensions you can review the changes in the console, in the screenshot below you can see what the Configuration Manager console looks like before and after the new functionality is added side by side underneath the Company resource Access node. Note the inclusion of Email Profiles this is via the Email Profiles Extension we selected in Step 1 (and enabled in Step 2).


before and after.png


And you now have the following new iOS security settings available


iOS security settings.png


as shown below in Compliance Settings (for Mobile) under Security Settings where 4 settings are now visible for iOS 7


security settings.png


and 2 settings under Data Protection


data protection.png


Finally we have several new settings for Windows Phone 8.1 comprising Device, Cloud, Security, Email Management and wireless Communication, all these settings can be set via Compliance Settings (mobile).


windows phone 8.1 settings.png


below are the Device settings specific to Windows Phone 8.1


windows phone 81 devices.png


the ability to use a custom email account under Email Management


custom email account.png


specifying a cloud account


microsoft account.png


and Near Field Communication (NFC) settings under security




and some excellent wireless settings


wireless communication.png


And that’s it ! in a later post I’ll go into more details about some of the extensions.


Recommended Reading


Adding new features to your Mobile Management solution is made easy by enabling Windows Intune Extensions within the Configuration Manager 2012 R2  console.



You can download a Microsoft Word copy of this guide here. Attached File  How can I manage modern devices using System Center 2012 R2 Configuration Manager Part

This entry was posted in Android, ConfigMgr 2012, Windows Phone 8. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.