SCCM (Configuration Manager Features)

PART -3

Enterprise Mobility + Security 

Configuration Manager Features

Before you can begin planning to deploy Configuration Manager, you need a basic understanding of the features it provides. Configuration Manager has its own administrator console.

Application Management

The Application Management feature of Configuration Manager allows you to create, manage, and deploy applications in your environment. This feature also provides monitoring capabilities that allow you to monitor application deployments and take appropriate action in the event of any issues.

Collections

Collections are simply a way of grouping resources together that share a common criterion such as “Which resources are running Windows 8 with more than 2GB of RAM, with more than 1GB of free disk space, and with a certain BIOS version?”. Typically collections are based on queries, allowing them to be update dynamically based on a configurable schedule or by directly assigning resources. Collections can consist of computes, users, user groups, or any discovered resources in the Configuration Manager site database.

Company Resource Access

Using the Company Resource Access feature, you can create and deploy profiles to control access to your company’s resources. Profiles that you can create and deploy include: Certificates, Email, VPN, Wi-Fi.

Compliance Settings

The Compliance Settings feature is designed to address configuration drift within the enterprise. Enterprise administrators (for workstations and servers) as well as security teams need a tool that enables them to set configurations baselines (based on the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, or other compliancy regulations), that contain configuration items detailing how a specific item should be configured (for example, the local guest account should be disabled, Windows Integrated Security for SQL Server should be enable, and so on). These configuration baselines are then deployed to the appropriate resources and the results reported backup to provide details of any configuration drift, thus allowing the appropriate action to be taken.

Endpoint Protection

The Endpoint Protection feature allows you to manage antimalware policies and Windows Firewall Security for your Configuration Manager client computers. Endpoint Protection requires a separate license because it install its own client that is separate from the Configuration Manager client.

Inventory

Configuration Manager offers you the ability to inventory the hardware and software of devices in your enterprise. Hardware inventory can gather information from your systems such as processor information, the computer manufacturer, and the amount of installed memory. Software inventory can gather lists of file types and their version installed on your computers, with EXE files as the default. Combine this with extensive information in the Asset Intelligence (AI) knowledge base, and you can use Configuration Manage to get a good handle on what hardware and software is being used in your environment.

Mobile Device Management

Configuration Manager Current Branch includes two types of mobile device management:

-                              Mobile Device Management with Windows Intune

-                              On-Premise Mobile Device Management

Mobile Device Management with Windows Intune

Mobile Device Management (MDM) with Windows Intune allows you to use Configuration Manager to manage Windows Phone, iOS, Android (including Samsung KNOX), and even Windows devices using the Microsoft Intune service over the Internet.

Using MDM provides the following management capabilities on devices:

• -     Retire and wipe
• -     Deployment of line of business application to devices
• -     Collect hardware inventory
• -     Collect software inventory by sung built-in reports
• -  Deploy applications to devices that connect to Windows Store, Windows Phone Store, App Store, or Google Play
• - Configure compliance settings such as passwords, security, roaming, encryption, and wireless communication

On-Premise Mobile Device Management

As its name suggests, this type of mobile device management allows you to enroll and manage Windows 10 Enterprise PCs and Windows 10 mobile using the Configuration Manager infrastructure without the need for a Windows Intune subscription.

Manage of these devices is performed by the management functionality built in to supported devices and does not require the Configuration Manager client to be installed.

Operating System Deployment

Operating System Deployment (OSD), as its name suggests, is the ability to deploy an operating system to a machine. As in previous versions, OSD allows you to create and distribute operating system images that include any required updates and applications to computers both managed and unmanaged by Configuration Manager using PXE boot or bootable media such USB flash drives, DVD, or CD set.

Power management

Saving energy and preserving the environment are important goals for IT professionals and organizations. The Power Management feature allows you to create different power plans that configure Windows power management settings on your organization’s needs. These plans can then be applied to collections of computers where they will be enforced. Configuration Manager includes various reports relating to power management that allow you to ensure the power setting have been deploy correctly and are in place on the relevant computers.

Queries

Queries allow you to retrieve information from the Configuration Manager site database about the resources in your environment that meet certain criteria, such as all machines running a certain version of Windows, or all users running a certain piece of software. Queries can be used to answer questions quickly or make mini-reports that might not be used often enough to be imported into the reporting interface.

Remote Connection Profile

The Remote Connection Profile feature allows you to create profiles that contain Remote Desktop Connection settings that you can deploy to users in your Configuration Manager hierarchy.

Users can then use the company portal to use Remote Desktop using the Remote Desktop Connection settings deployed to them via the remote connection profile to remotely connect from their Windows, iOS, or Android corporate device to their work computer when they are not connected over the Internet or connected to your domain.

Note: You only need  a Microsoft Intune subscription if you want users to be able to connect to their work PC using the company portal. If you don’t have Intune, users can still use a VPN connection to connect to their work PC using Remote Desktop using the settings configured in the remote connection profile.

Remote Control

The Remote Control feature allows computer support staff to remotely troubleshoot problems with user’s computers just like they are sitting in front of the computer. This feature is still integrated with Remote Assistance and Remote Desktop, and it works pretty much the same as it did in previous versions of Configuration Manager.

Reporting

The Reporting feature allows you to create and run reports to show data from the Configuration Manager site database for all of the various feature, whether it be client installation, inventory, software deployment/updates, or even status or alert messages.

Software Metering

Software metering allows you to collect information on software usage to assist in managing software purchases and licensing. Using software metering, you can do the following:

• -   Report on the software that is being used in your environment and on which users are running the software.
• -      Report on the number of concurrent users of software application.
• -      Report on software license requirements.
• -      Find software that is installed but isn’t being used
  

Software Updates

Using this feature, you can manage the daunting task of deploying updates to Microsoft applications and operating systems. Not only does this apply to Microsoft security patches and updates, but having this flexible and extensible environment has allowed partners (such as HP, Dell, IBM, Citrix, and others) to create custom catalogs to update server and desktop BIOS firmware, and drives as well as to create internal catalogs.

Deploying updates require a Windows Server Update Services (WUSU) server. Configuration Manager leverages WSUS with its functionality and provides a higher level of granularity than is available with WSUS alone.

User Data and Profiles Configuration Items

The user data and profile configuration items in Configuration Manager Current Branch allow you to manage roaming profiles, offline files, and folder redirection on computers running Windows.

Wake on LAN

The Wake on LAN feature, added to software distribution, was available in SMS 2003 only by purchasing third-party software. It allows you to leverage technology built into computer hardware to wake up computes that have been turned off so they can run assigned deployments.

Asset Intelligence

Asset Intelligence, which was include within Configuration Manager 2007, now comes with its node within the admin console. This is not the only new aspect of Asset Intelligence; AI also became part of the Software + Services initiative within Microsoft. The services component of AI is not a fee-based feature but is just another extension of the holistic approach; it includes the following functionality:

• -   New catalog and license management UI in the Configuration Manager admin console.
• -      The ability to customize the local catalog
• -     On-demand or scheduled catalog update synchronization
• -    The ability to tap software assets unknown to the catalog and pass them up to the online service for async identification.
• -   The ability to import licensing data from Microsoft and compare it to installed inventory.

Application Virtualization Management

The newest release of App-V Configuration Manager leverages its existing infrastructure and extends its reach to deliver virtual applications:

-      Application Virtualization Management (AVM) allows you to use Configuration Manager to manage and deploy virtual applications, when possible, to make managing virtual applications for the Configuration Manager administrator the same experience as managing standard or physical software.

Client Health and Monitoring

Configuration Manager displays client health evaluations results and client activities directly in the console, providing alerting and remediation capabilities if health statistics fall below established thresholds.

   Thanks For Learning 

   Enterprise Mobility Part-3