In Part 1 of this mini series we integrated Windows Intune with System Center 2012 R2 Configuration Manager. In Part 2 we added Support for iOS devices (Iphone, iPad). In Part 3 we learned the difference between App Package for iOS (*.ipa file) and applications from the Apple App Store. We learned how to deploy them to iOS devices and configured the deployment type so that the applications were made available to the user based on the iPhone or Ipad operating system version, in addition we also checked device Ownership information and deployed the application based on those requirements.
In Part 4 we learned how to use and configure compliance settings in order to enable or disable certain configurable features on iOS devices. We enforced a Password requirement and enforced a minimum password length as this is a common requirement for organizations. In Part 5 we enabled support for Windows 8.1 devices (both Windows RT 8.1 and Windows 8.1 Enterprise) so that they could be managed via System Center 2012 R2 Configuration Manager integrated with Windows Intune. In Part 6 we deployed Windows 8.1 apps (appx) to Windows 8.1 devices. In Part 7 we looked at how to make Windows 8.1 store apps available in the Company Portal and how to make them featured apps with their own categories.
In Part 8 we added support for Android and learned how to deploy mobile device settings to Android devices. We enforced a Password requirement and saw how to enable File encryption on Android devices and we used resource explorer to browse the phone properties and to see if the device was a Jailbroken or rooted device. In Part 9 we learned how to deploy native APK (Android application package file) apps and how to deploy apps from Google Play. We learned that Available deployments to Users work but Available deployments to devices fail and we saw how to make our deployed app a featured app within the Company Portal and with it’s own category.
In Part 10 we added support for Windows Phone 8 and enrolled our phone and then verified the Deployment Status of the Self Service Portal. In this part we will look at how Windows Intune adds new capabilities to Configuration Manager via console extenstions.
Every 6 months or so the Windows Intune team add new abilities to the standalone cloud based product (Windows Intune) and some of these new features find their way into the hybrid product (Configuration Manager 2012 on-premise with Windows Intune Integrated) via console extensions which were introduced in February 2014. The Configuration Manager administrator is made aware of these extensions when starting the Configuration Manager console, a message such as the one below is shown:
New Extensions for Windows Intune are available. Extensions can be enabled on Configuration Manager as soon as they become available. View available extensions by going to the Administration workspace, select Cloud Services and click Extensions for Windows Intune node.
Step 1. Review the Extensions
In the System Center 2012 R2 Configuration Manager console, select the Administration workspace, click on Cloud Services and select Extensions for Windows Intune as shown in the screenshot below, the number of extensions will vary depending on when they are released, so in the screenshot below (June 2014) there are 3 listed.
The extensions listed in the console as of June 2014 are as follows (it would make sense that there will be more released in the future):
- Email Profile Extensions
- iOS 7 Security Settings
- Windows Phone 8.1 Extensions
The three extensions above are further summarized below from Technet:
- Email profiles in System Center 2012 R2 Configuration Manager is an optional extension for Windows Intune that allows you to provision devices with email profiles and restrictions by using Exchange ActiveSync. This enables your users to access corporate email on their devices with minimal setup required on their part.
- With System Center 2012 R2 Configuration Manager, the optional iOS 7 Security Settings extension introduces new security settings to manage iOS devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.
- With System Center 2012 R2 Configuration Manager, the optional Windows Phone 8.1 extension introduces new security settings to manage Windows Phone 8.1 devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.
Each extension has some information about it and you can see this information populated in the summary screen by selecting an individual extension
and clicking on the More Information link in the right side of the summary screen
will open a web browser page on TechNet with detailed information about the extension.
Step 2. Enable one or more extensions
After reviewing the information about the extension and the features it provides above, you may decide that you want to enable that extension in the console. Simply right click on an extension and choose Enable to enable the extension.
Tip: Currently there is a limitation that once you have selected an extension and enable it, and if you later revert the environment (such as a virtual machine snapshot), you will not get the extensions back again. If you have this issue then you’ll need to call Microsoft CSS to get them back again.
Note: Although you can multi-select extensions you can only enable or disable one at a time.
The end user license agreement screen will appear, place a check mark in the box provided and then click on yes as shown in the screenshot below.
Note: Once you enable an extension, that feature is automatically replicated and enabled on all site servers in the Configuration Manager hierarchy of servers.
Once enabled (or disabled if you elected to disable a previously enabled extension) you’ll see the following popup
and assuming you have an internet connection, the extension is downloaded and then installed, clicking on close will restart the console
After restarting the console, you can review that the extension is indeed enabled by checking it’s status, it should say Enabled. If it says Enabling Extensions… simply wait a few minutes and refresh the console view to see it change to Enabled.
Step 3. Review the changes in the console.
Once you’ve enabled some extensions you can review the changes in the console, in the screenshot below you can see what the Configuration Manager console looks like before and after the new functionality is added side by side underneath the Company resource Access node. Note the inclusion of Email Profiles this is via the Email Profiles Extension we selected in Step 1 (and enabled in Step 2).
And you now have the following new iOS security settings available
as shown below in Compliance Settings (for Mobile) under Security Settings where 4 settings are now visible for iOS 7
and 2 settings under Data Protection
Finally we have several new settings for Windows Phone 8.1 comprising Device, Cloud, Security, Email Management and wireless Communication, all these settings can be set via Compliance Settings (mobile).
below are the Device settings specific to Windows Phone 8.1
the ability to use a custom email account under Email Management
specifying a cloud account
and Near Field Communication (NFC) settings under security
and some excellent wireless settings
And that’s it ! in a later post I’ll go into more details about some of the extensions.
- Introduction to Email Profiles in Configuration Manager – http://technet.micro…y/dn554226.aspx
- iOS Security Settings in Configuration Manager – http://technet.micro…spx#BKMK_iOSset
- Windows Phone 8.1 settings in Configuration Manager – http://technet.micro…aspx#bkmk_wp8_1
- CM12 in a Lab – Part 1, integrating Windows Intune
- CM12 in a Lab – Part 2, adding Support for iOS devices
- CM12 in a Lab – Part 3, deploying apps to iOS devices
- CM12 in a Lab – Part 4, configuring compliance on iOS devices
- CM12 in a Lab – Part 5, enabling support for Windows 8.1 devices
- CM12 in a Lab – Part 6, deploying Windows 8.1 apps (appx)
- CM12 in a Lab – Part 7, deploying Windows Store apps
- CM12 in a Lab – Part 8, adding Android devices
- CM12 in a Lab – Part 9, deploying Apps to Android devices
- CM12 in a Lab – Part 10, adding Windows Phone 8 devices
Adding new features to your Mobile Management solution is made easy by enabling Windows Intune Extensions within the Configuration Manager 2012 R2 console.
You can download a Microsoft Word copy of this guide here. How can I manage modern devices using System Center 2012 R2 Configuration Manager Part 11.zip