Unfortunately my Windows IT Pro sessions about the Microsoft’s Mobile Device Management solutions were cancelled due the lack of booked “seats” in the virtual classroom. Sad that it won’t go through, I put a lot of effort in it. But the good thing about that it is cancelled is that I am able to share everything with you on my blog. 🙂
So what I am planning to do is to write a series of blogs and record a series of short webcasts to show you how to build a complete Mobile Device Management solution with Exchange 2013, Configuration Manager 2012 R2 and Windows Intune. All together managed from Configuration Manager 2012 R2.
In this blog I will give an overview of the Exchange ActiveSync Connector and refer a lot to earlier blogs about this feature within Configuration Manager 2012 R2.
Basically you have three options when looking at the Microsoft solutions if you want to manage the mobile devices that are connecting to your environment.
- MDM via Microsoft Exchange ActiveSync (cloud, on premise or hybrid)
- MDM via Windows Intune (cloud) (with or without Exchange Connector)
- MDM via System Center 2012 R2 Configuration Manager, Windows Intune and Exchange ActiveSync (hybrid)
When looking at the first of the three solutions, Microsoft Exchange ActiveSync, you need to keep in mind that you need to be aware that if you don’t have anything enabled your employees are technically able to synchronize up to 10 ActiveSync enabled devices without you knowing it. That can be a lot of devices that can be lost and come in in the wrong hands. For instance when a privately owned device is lost, the user won’t bother to call your IT staff to wipe the device remotely. So if you are working in a company with no MDM solution and no device settings are set you need to wake up your Exchange Administrator or take control over the settings via Configuration Manager 🙂
It’s a bit out of scope of this blog but let’s have a look at the basic Exchange 2013 ActiveSync options that allows you to control your devices with for instance password policies and control who is able to access your Exchange environment by blocking or placing into quarantine the devices by default. Configuration Manager 2012 R2 is able to take over the control of the Exchange ActiveSync policies and behavior by configuring the Exchange ActiveSync connector like described earlier on this blog here, here, here and here.
After you have configured the Exchange ActiveSync Connector you are able to manage the mobile devices that are connected with Microsoft Exchange 2013 by setting policies based on the Exchange Active Sync settings or create access rules based on Device Family or Device Model.
In the connector you need to configure if the settings are managed through Exchange Server (by default) or via Configuration Manager. If you choose the last one you are able to create one set of settings for all devices connected through that Exchange connector. Downside of this is that you are able to define different mobile device policies per group of users, you are more flexible that way. For instance you are able to create a mobile device policy especially for your management, to secure their devices with more complex passwords 😉
The MDM solution of Exchange ActiveSync is very basic but can be very handy and easy to implement if you do not have any solution in place right now. Connecting it to Configuration Manager allows you to control your devices via the Configuration Manager console. I you ask me I would stick to the mobile device policies within Exchange itself (if available) and use the connector to see who is synchronizing their email and use the connector to initiate a remote wipe if necessary.
In the next couple of blogs and webcasts I would like to build up to the complete mobile device management solution based on System Center 2012 R2 Configuration Manager, Windows Intune and Exchange ActiveSync. So please stay tuned.
Next subjects in this series are:
- MDM via Exchange ActiveSync – overview / intro
- MDM via Windows Intune – overview
- MDM via Windows Intune – setting up the environment
- MDM via Windows Intune – setting up policies
- MDM via Windows Intune – deploying applications
- MDM via Windows Intune – remote tasks
- MDM via Windows Intune – troubleshooting
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – overview
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – setting up the environment
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – setting up policies
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – deploying applications
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – remote tasks
- MDM via ConfigMgr 2012 R2, Windows Intune & Exchange ActiveSync – troubleshooting
- The complete MDM solution with Exchange 2013, ConfigMgr 2012 R2 and Windows Intune
Earlier blogs in the Mobile Device Management space were:
- Managing mobile devices in Configuration Manager 2012 via Exchange Online (1)
- Managing mobile devices in Configuration Manager 2012 via Exchange Online (2)
- Meet the Extensions for Windows Intune in ConfigMgr 2012 R2
- Which Mobile Device Management Settings are available in ConfigMgr 2012 SP1?
- How to manage which device with Configuration Manager 2012 SP1?
- Exchange Connector in Configuration Manager 2012 revealed
- Mobile device support in Configuration Manager 2012
- CEP meeting #9 summary “SCCM 2012 Mobile Device Management”
- Managing Android via ConfigMrg and Windows Intune
- Passcode Reset and Remote Lock via Windows Intune
- Quick tip when integrating Windows Intune & DirSync with ConfigMgr 2012 SP1
Great blog posts, Peter. I really appreciate it.
Great article but this can done on Windows Server 2008 R2 instead of Win 2012.
yes, Exchange 2013 is also supported on Windows 2008 R2 ( http://msexchangeguru.com/2012/10/22/exchange-2013-prerequisites/ )