Jump to content




Sign in to follow this  
anyweb

Unified Device Management with Configuration Manager 2012 R2 - Part 11. Using Intune Extensions



Recommended Posts

In Part 1 of this mini series we integrated Windows Intune with System Center 2012 R2 Configuration Manager. In Part 2 we added Support for iOS devices (Iphone, iPad). In Part 3 we learned the difference between App Package for iOS (*.ipa file) and applications from the Apple App Store. We learned how to deploy them to iOS devices and configured the deployment type so that the applications were made available to the user based on the iPhone or Ipad operating system version, in addition we also checked device Ownership information and deployed the application based on those requirements.

 

In Part 4 we learned how to use and configure compliance settings in order to enable or disable certain configurable features on iOS devices. We enforced a Password requirement and enforced a minimum password length as this is a common requirement for organizations. In Part 5 we enabled support for Windows 8.1 devices (both Windows RT 8.1 and Windows 8.1 Enterprise) so that they could be managed via System Center 2012 R2 Configuration Manager integrated with Windows Intune. In Part 6 we deployed Windows 8.1 apps (appx) to Windows 8.1 devices. In Part 7 we looked at how to make Windows 8.1 store apps available in the Company Portal and how to make them featured apps with their own categories.

 

In Part 8 we added support for Android and learned how to deploy mobile device settings to Android devices. We enforced a Password requirement and saw how to enable File encryption on Android devices and we used resource explorer to browse the phone properties and to see if the device was a Jailbroken or rooted device. In Part 9 we learned how to deploy native APK (Android application package file) apps and how to deploy apps from Google Play. We learned that Available deployments to Users work but Available deployments to devices fail and we saw how to make our deployed app a featured app within the Company Portal and with it's own category.

 

In Part 10 we added support for Windows Phone 8 and enrolled our phone and then verified the Deployment Status of the Self Service Portal. In this part we will look at how Windows Intune adds new capabilities to Configuration Manager via console extenstions.

 

Every 6 months or so the Windows Intune team add new abilities to the standalone cloud based product (Windows Intune) and some of these new features find their way into the hybrid product (Configuration Manager 2012 on-premise with Windows Intune Integrated) via console extensions which were introduced in February 2014. The Configuration Manager administrator is made aware of these extensions when starting the Configuration Manager console, a message such as the one below is shown:

 

New Extensions for Windows Intune are available. Extensions can be enabled on Configuration Manager as soon as they become available. View available extensions by going to the Administration workspace, select Cloud Services and click Extensions for Windows Intune node.

 

 

New Extensions are available.png

 

Step 1. Review the Extensions

 

In the System Center 2012 R2 Configuration Manager console, select the Administration workspace, click on Cloud Services and select Extensions for Windows Intune as shown in the screenshot below, the number of extensions will vary depending on when they are released, so in the screenshot below (June 2014) there are 3 listed.

 

Extensions for Windows Intune.png

 

The extensions listed in the console as of June 2014 are as follows (it would make sense that there will be more released in the future):

  • Email Profile Extensions
  • iOS 7 Security Settings
  • Windows Phone 8.1 Extensions

The three extensions above are further summarized below from Technet:

  • Email profiles in System Center 2012 R2 Configuration Manager is an optional extension for Windows Intune that allows you to provision devices with email profiles and restrictions by using Exchange ActiveSync. This enables your users to access corporate email on their devices with minimal setup required on their part.
  • With System Center 2012 R2 Configuration Manager, the optional iOS 7 Security Settings extension introduces new security settings to manage iOS devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.
  • With System Center 2012 R2 Configuration Manager, the optional Windows Phone 8.1 extension introduces new security settings to manage Windows Phone 8.1 devices using Windows Intune and is available from within the Configuration Manager console. For information on how to install the extension, see Planning to Use Extensions in Configuration Manager.

Each extension has some information about it and you can see this information populated in the summary screen by selecting an individual extension

 

summary of extension.png

 

and clicking on the More Information link in the right side of the summary screen

 

more information.png

 

will open a web browser page on TechNet with detailed information about the extension.

 

more information on Technet.png

 

Step 2. Enable one or more extensions

Note: Installing the extensions requires that you logon using an account that has Local Administrative permissions on the computer running the Configuration Manager console.

 

After reviewing the information about the extension and the features it provides above, you may decide that you want to enable that extension in the console. Simply right click on an extension and choose Enable to enable the extension.

 

Tip: Currently there is a limitation that once you have selected an extension and enable it, and if you later revert the environment (such as a virtual machine snapshot), you will not get the extensions back again. If you have this issue then you'll need to call Microsoft CSS to get them back again.

 

Enable extension.png

 

Note: Although you can multi-select extensions you can only enable or disable one at a time.

 

The end user license agreement screen will appear, place a check mark in the box provided and then click on yes as shown in the screenshot below.

 

eula.png

 

Note: Once you enable an extension, that feature is automatically replicated and enabled on all site servers in the Configuration Manager hierarchy of servers.

 

Once enabled (or disabled if you elected to disable a previously enabled extension) you'll see the following popup

 

enabled or disabled.png

 

and assuming you have an internet connection, the extension is downloaded and then installed, clicking on close will restart the console

 

update complete.png

 

After restarting the console, you can review that the extension is indeed enabled by checking it's status, it should say Enabled. If it says Enabling Extensions... simply wait a few minutes and refresh the console view to see it change to Enabled.

 

status is enabled.png

 

Step 3. Review the changes in the console.

 

Once you've enabled some extensions you can review the changes in the console, in the screenshot below you can see what the Configuration Manager console looks like before and after the new functionality is added side by side underneath the Company resource Access node. Note the inclusion of Email Profiles this is via the Email Profiles Extension we selected in Step 1 (and enabled in Step 2).

 

before and after.png

 

And you now have the following new iOS security settings available

 

iOS security settings.png

 

as shown below in Compliance Settings (for Mobile) under Security Settings where 4 settings are now visible for iOS 7

 

security settings.png

 

and 2 settings under Data Protection

 

data protection.png

 

Finally we have several new settings for Windows Phone 8.1 comprising Device, Cloud, Security, Email Management and wireless Communication, all these settings can be set via Compliance Settings (mobile).

 

windows phone 8.1 settings.png

 

below are the Device settings specific to Windows Phone 8.1

 

windows phone 81 devices.png

 

the ability to use a custom email account under Email Management

 

custom email account.png

 

specifying a cloud account

 

microsoft account.png

 

and Near Field Communication (NFC) settings under security

 

NFC.png

 

and some excellent wireless settings

 

wireless communication.png

 

And that's it ! in a later post I'll go into more details about some of the extensions.

 

Recommended Reading

Troubleshooting

Please refer to the log files found in D:\Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog

  • AdminUI.ExtensionInstaller.log
  • FeatureExtensionInstaller.log
  • SmsAdminUI.log

Summary

Adding new features to your Mobile Management solution is made easy by enabling Windows Intune Extensions within the Configuration Manager 2012 R2 console.

 

Downloads

You can download a Microsoft Word copy of this guide here. How can I manage modern devices using System Center 2012 R2 Configuration Manager Part 11.zip

Share this post


Link to post
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


×