未加星标

Managing Windows 10 IoT Core devices via MDM

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

This week a new challenge for a new blog post, managing windows 10 IoT Core devices. The nice thing about Windows 10, even Windows 10 IoT Core, is the availability of MDM. The availability of MDM is what will help me with managing Windows 10 IoT Core devices. In this post I’ll go through the steps to create an enrollment profile to enroll Windows 10 IoT Core devices in Microsoft Intune hybrid. I’ll end this post with an overview of the end result in Configuration Manager

Configuration

Let’s start by looking at the configuration in Configuration Manager. To create an enrollment profile, for Windows 10 IoT Core devices, it’s required to provide a certificate profile and it’s optionally to provide a Wi-Fi profile.

Create certificate profile

The required component of the enrollment profile is, as mentioned before, a certificate profile. The certificate profile is used to automatically provision a trusted root certificate to the enrolled device. As part of preparing for the certificate profile, export a root certificate.

1 Open the Configuration Manager administration console and navigate to Assets and Compliance > Compliance Settings > Company Resources > Certificate Profiles ; 2 On the Home tab, in the Create group, click Create Certificate Profile to open the Create Certificate Profile Wizard ; 3
Managing Windows 10 IoT Core devices via MDM
On the General page, provide the following information and click Next ; Name : Provide a unique name for the certificate profile (max. 256 characters); Description : (Optional) Provide a description about the certificate profile; Select Trusted CA certificate . 4
Managing Windows 10 IoT Core devices via MDM
On the Trusted CA Certificate page, provide the following information and click Next ; Browse to and select the Certificate file ; Select Computer certificate store Root ; Certificate thumbprint will automatically populate. 5
Managing Windows 10 IoT Core devices via MDM
On the Supported Platforms page, select Windows 10 and click Next ;

Note : Windows 10 IoT Core doesn’t have it’s own platform option, which means that the generic Windows 10 should be used to make it applicable to all Windows 10 devices.

6 On the Summary page, click Next ; 7 On the Completion page, click Close . (Optional) Create Wi-Fi profile

The optional component of the enrollment profile is, as mentioned before, a Wi-Fi profile. In some scenarios this might be a required component, but it’s not required for the creation of an enrollment profile. Including a Wi-Fi profile in the enrollment profile can be useful when the Windows 10 IoT Core device needs the Wi-Fi profile for connecting with the Internet.

Create enrollment profile

After creating the required and optional components for the enrollment profile, it’s time to create the enrollment profile. The enrollment profile specifies settings that are required for the Windows 10 IoT Core device enrollment, including a certificate profile that will dynamically provision a trusted root certificate to the device and a Wi-Fi profile that will provision network settings if required.

1 Open the Configuration Manager administration console and navigate to Assets and Compliance > All Corporate-owned Devices > Windows > Enrollment Profile ; 2 On the Home tab, in the Create group, click Create Enrollment Profile to open the Create Enrollment Profile wizard; 3
Managing Windows 10 IoT Core devices via MDM
On the General page, provide the following information and click Next ; Name : Provide a unique name for the enrollment profile (max. 256 characters); Description : (Optional) Provide a description about the enrollment profile; Select as management authority Cloud . 4
Managing Windows 10 IoT Core devices via MDM
On the Select Trusted Root Certificate page, select the earlier created certificate profile and click Next 5 On the Wi-Fi profiles page, optionally select the earlier created Wi-Fi profile and click Next ; 6 On the Summary page, click Next ; 7 On the Completion page, click Close . Enrollment

After creating the enrollment profile and its required components, it’s time to look at delivering the enrollment profile to the Windows 10 IoT Core device. A Windows 10 IoT Core device doesn’t have the full-blown Windows 10 capabilities to perform a MDM enrollment. However, that doesn’t mean that they’re not capable. That’s were the enrollment package comes into the picture.

Export enrollment package

The first step in bringing the enrollment profile to the Windows 10 IoT Core device, is exporting the enrollment profile as an enrollment package.

1 Open the Configuration Manager administration console and navigate to Assets and Compliance > All Corporate-owned Devices > Windows > Enrollment Profile ; 2 Select the earlier created enrollment profile and on the Home tab, in the Enrollment Profile group, click Export to open the Export Enrollment Package dialog box; 3

On the Export Enrollment Package dialog box, provide the following information and click Export ;


Managing Windows 10 IoT Core devices via MDM
Validity Period (days) : Select the number of days that this package is valid; Package File : Provide a unique name for the enrollment package; Do not select the checkbox with Encrypt Package . 4 On the Export Enrollment Package dialog box, click OK ; Deploy enrollment package

The second step in bringing the enrollment profile to the Windows 10 IoT Core device, is copying the exported enrollment package to the Windows 10 IoT Core device. An alternative could be adding the enrollment package as a provisioning package to a Windows 10 IoT Core image.

1 Open File Explorer and remotely connect to the Windows 10 IoT Core device; 2 Copy the earlier created enrollment package to C:\Windows\Provisioning\Package ; 3 Restart the Windows 10 IoT Core device. End result

Now let’s end this post by looking at some of the information that will flow through the MDM channel into Configuration Manager. After restarting the Windows 10 IoT Core device it can take a couple of minutes before the device appears in Configuration Manager. The Windows 10 IoT Core device will show as a mobile device with the operating system IoTUAP (as shown below).


Managing Windows 10 IoT Core devices via MDM

After the first inventory of the Windows 10 IoT Core device, the information of the deivce will populate in the Resource Explorer . In my case, I used a Raspberry Pi 3 (as shown below on the left) and I installed a custom app (as shown below on the right).


Managing Windows 10 IoT Core devices via MDM
Managing Windows 10 IoT Core devices via MDM

The nice thing is that, as Windows 10 MDM is used in combination with Configuration Manager, I can extend the inventory (see the PTCLOUD entry above) and I can configure settings. For this I can use the available configuration service providers (CSP).

More information

For more about managing Windows 10 IoT Core devices and enrollment profiles (documentation for on-premises MDM), please refer to:

Managing Windows 10 IoT Core Devices: https://developer.microsoft.com/en-us/windows/iot/docs/management How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager: https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm Create certificate profiles: https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-certificate-profiles Create Wi-Fi profiles: https://docs.microsoft.com/en-us/sccm/protect/deploy-use/create-wifi-profiles Configuration service provider reference: https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference
Managing Windows 10 IoT Core devices via MDM

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

主题: WindowsRaspberry PiUATCL
分页:12
转载请注明
本文标题:Managing Windows 10 IoT Core devices via MDM
本站链接:http://www.codesec.net/view/530965.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(19)