未加星标

Group policies, meet EMM: New and old Windows 10 management unite

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二03 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

Group policies, meet EMM: New and old Windows 10 management unite

One of windows 10's biggest internal changes is support for management and security APIs à la enterprise mobile management (EMM) . It uses APIs similar to those in iOS, Android, and MacOS . But Windows 10's EMM policies are limited compared to what traditional Windows management tools can do. Thus, a lot of what IT does to manage PCs today can't be done in Windows 10 via EMM, such as set up kiosk mode or enable local encryption. Instead, old-school tools like System Center Configuration Manager (SCCM) must be used instead.

EMM provider MobileIron has an answer: MobileIron Bridge, an add-on to its EMM tools that lets IT apply their familiar -- and often extensive -- group policy objects (GPOs) to Windows 10 PCs managed via EMM.Applying GPOs via EMM lets IT manage Windows 10 PCs using both legacy and modern techniques from one console (MobileIron's EMM), filling in the API gaps Windows 10 currently has.

Some vendors let IT install listener apps on PCs to locally apply some GPOs, a technique that could be used with traditional Windows 10 tools in parallel with an EMM tool. But MobileIron is the first to provide GPO support directly via EMM -- there's no local client app to install, and all the GPO settings go through the same channel as the other EMM policies.

MobileIron Bridge's support of GPOs is done by supporting PowerShell, VBScript, and registry scripts. IT can take existing scripts, as well as create new ones, and bundle them into policies that MobileIron Bridge then deploys like any EMM policy.

For example, Windows 10's EMM APIs can detect a PC where BitLocker encryption is disabled, rendering the PC noncompliant with corporate security policy. But those APIs can't be used to enable BitLocker. With MobileIron Bridge, PowerShell-driven GPOs can be used to enable BitLocker remotely, so IT can detect noncompliant PCs, then turn them compliant -- all remotely.


Group policies, meet EMM: New and old Windows 10 management unite

MobileIron Bridge lets IT run bundled scripts to implement group policy objects and other system management commands on Windows 10 PCs managed via EMM. Here, BitLocker encryption is enabled on a noncompliant PC.

As another example, MobileIron Bridge can be used to run scripts to set up kiosk mode on Windows 10 PCs, which essentially locks a specified user to specified apps and can seal off their data from that of other people using the same PC. A retailer might use kiosk mode for a shared Windows laptop or tablet, giving each employee a separate kiosk account and retiring the accounts as employees leave.

Another scenario that MobileIron Bridge supports is setting up multiple user accounts on a PC, such as one used by contractors, for job-sharers, across shifts involving different departments in a "hoteling" workplace, or even by employees working from home on a personal PC. Working in concert with Azure Active Directory, IT can use MobileIron Bridge to remotely set up the multiple accounts, determine which accounts can share data with each other, and which accounts run in kiosk mode, then retire accounts as users leave.

MobileIron Bridge also lets IT install .exe apps onto Windows 10 PCs; Microsoft's EMM APIs support installation only of .msi and .appx software, which means most legacy apps aren't supported for remote, policy-based installation. MobileIron comes with a graphical interface to install such .exe apps, but it also can install other binaries using a command-line interface, again using scripts as it does for GPO deployment.


Group policies, meet EMM: New and old Windows 10 management unite

MobileIron Bridge can install legacy .exe apps onto Windows 10 PCs via EMM policies; example apps are highlighted here.

Ojas Rege, MobileIron's chief strategy officer, notes that when iPhones entered the enterprise in the late 2000s, IT couldn't reuse any of the many policies they had painstakingly set up in BlackBerry Enterprise Service for their BlackBerrys. Thus, they had to start from scratch. MobileIron Bridge's GPO support gives an IT an easier path to transition Windows 10 PCs from traditional management approaches to the EMM one used on other devices, he says.

However, Rege suggests that IT shops not deploy all their existing GPOs as is on Windows 10 PCs; they should use the EMM transition to evaluate what policies they still really need -- BlackBerry shops soon realized they didn't need all 450 BES policies, for example -- and deploy those in a staged approach. "It should be done with a change-management process," he says.

MobileIron Bridge will support Windows 10 Professional and Enterprise Editions, though some supported Windows 10 capabilities such as kiosk mode require the Enterprise Edition. Licenses will cost $3 per PC. It's now in prerelease at some customers, and the company hopes to make it generally available by January 2017.

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: WindowsPowerShelliPhoneiOSMacOSAndroid
分页:12
转载请注明
本文标题:Group policies, meet EMM: New and old Windows 10 management unite
本站链接:http://www.codesec.net/view/481379.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(36)