Windows 10 Azure AD Intune desktop management and

Windows 10 + Azure AD + Intune = desktop management and provisioning in the Cloud Daniel Bowbyes & Malcolm Jeffrey M 368

Office 365 One. Drive Azure Dynamics

MDM All staff in Dave's Azure AD can log in to the device Set local administrators Staff can be blocked from logging on to the device MDM enrolment of device can be enforced

Intune Apply Policy Settings to the device Push software down to the device Report on the Health of the device against compliance Policies If needed wipe the device

Office 365 One. Drive Azure Intune Dynamics

Azure Device Registration Service Microsoft Azure Active Directory Intune

Azure Device Registration Service Microsoft Azure Active Directory Azure AD username and Password (+ MFA if enabled) Intune

Azure Device Registration Service Microsoft Azure Active Directory Azure AD returns ADRS SSO Token, Local admin accounts and MDM URL’s Intune

Azure Device Registration Service Microsoft Azure Active Directory Win 10 then performs a device registration against ADRS using token provided by Azure AD Intune

Azure Device Registration Service ADRS writes a device object to Azure AD Microsoft Azure Active Directory Intune

Azure Device Registration Service Microsoft Azure Active Directory ADRS issues a device registration certificate to the client Intune

Azure Device Registration Service MDM URL’s passed to MDM Enrolment Agent Microsoft Azure Active Directory Intune

Azure Device Registration Service MDM Agent connects to Azure AD for SSO token to access MDM application Microsoft Azure Active Directory Intune

Azure Device Registration Service Microsoft Azure Active Directory Azure AD returns MDM SSO Token Intune

Azure Device Registration Service Microsoft Azure Active Directory Intune MDM Agent uses SSO Token to start MDM enrolment

Azure Device Registration Service Microsoft Azure Active Directory Intune MDM enrols device and pushes down policy to Windows 10

Dave authenticates to Azure AD as part of logon process Microsoft Azure Active Directory

Microsoft Azure Active Directory Primary Refresh Token (PRT) Returned by Azure AD and cached by Windows 10

Office 365 Microsoft Azure Active Directory

Office 365 Microsoft Azure Active Directory Here is my PRT can I please have an SSO token for Office 365

Office 365 Microsoft Azure Active Directory Your PRT checks out so here is the SSO token you have asked for

Office 365 Here is my Office 365 SSO token give me access please Microsoft Azure Active Directory

I’M Azure AD

Microsoft Azure Active Directory Intune One. Drive Office 365 Dynamics Azure AD Connect SCCM Intune Hybrid Connection Windows Server Active Directory System Centre Configuration Manager

Microsoft Azure Active Directory Intune One. Drive Office 365 Dynamics Primary Username Refresh Password Token PRT TGT Username Kerberos Ticket Password Windows Server Active Directory System Centre Configuration Manager

Microsoft Azure Active Directory Intune One. Drive Office 365 Dynamics SSO Token PRT TGT Kerberos Ticket Windows Server Active Directory System Centre Configuration Manager

Intune

1 Managing Windows 10 with Group Policy and Intune [M 393] 5 Devices! [M 120] Fri 1: 55 pm – Sky. City Theatre Fri 10: 40 am – NZ 1 2 In-place Upgrade to Windows 10 Using New SCCM Tech Preview [M 394] Fri 11: 55 am – NZ 1 3 Windows 10 Ask Me Anything [M 265] Fri 1: 55 pm - Marlborough Find us later at… § Malcyj-mct. blogspot. co. nz | @Malcy_J § Blog. Bowbyes. co. nz | @DBowbyes § Closing drinks Fri 3: 00 -4: 30 pm

Free Online Learning http: //aka. ms/mva Subscribe to our fortnightly newsletter http: //aka. ms/technetnz http: //aka. ms/msdnnz Sessions on Demand http: //aka. ms/ch 9 nz

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.