Export (0) Print
Expand All

Determine How to Manage Mobile Devices in Configuration Manager

Updated: October 27, 2014

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

Use the following information to help you decide how to manage mobile devices in System Center 2012 Configuration Manager. You can use Configuration Manager to enroll mobile devices and install the Configuration Manager client, you can use the mobile device legacy client (for example, for Windows CE mobile operating systems), and you can use the Exchange Server connector. In addition, in Configuration Manager SP1, you can enroll devices that run Windows Phone 8, Windows RT, and iOS by using the Windows Intune connector.

The following table lists these four mobile device management methods and provides information about the management functions that each method supports.

 

Management functionality Enrollment by Microsoft Intune Enrollment by Configuration Manager Mobile device legacy client Exchange Server connector

Public key infrastructure (PKI) security between the mobile device and Configuration Manager by using mutual authentication and SSL to encrypt data transfers

Yes

Yes

More information: Requires Active Directory Certificate Services and an enterprise certification authority (CA). The mobile device certificates are installed automatically by Configuration Manager during the enrollment process.

Yes

More information: Any PKI that meets the certificate requirements. The mobile device certificates must be installed independently from Configuration Manager.

No

Client installation

No

More information: Instead of a client the user installs or connects to a company portal.

Yes

More information: Installed by the user from the browser on the mobile device.

Yes

More information: Installed by an administrative user by deploying a package and program.

No

Support over the Internet

Yes

Yes

Yes

Yes

Discovery

No

No

No

Yes

Hardware inventory

Yes

Yes

More information: You can collect default information and create your own customized hardware inventory.

Yes

Yes

More information: Limited by what Exchange Server collects.

Software inventory

Yes

No

Yes

More information: List of installed software only; you cannot inventory all files and you cannot collect files.

No

Settings

Yes

Yes

More information: Deploy configuration baselines that contain mobile device configuration items. You can configure default settings and create your own customized settings.

No

Yes

More information: Limited by the settings in the default Exchange ActiveSync mailbox policies.

Software deployment

Yes

More information: You can deploy available apps that users can download from the company portal.

Yes

More information: You can deploy required applications (install and uninstall), but not packages or software updates. Available applications, which users request from the Application Catalog, are not supported for mobile devices. Mobile devices also do not support simulated deployments.

Yes

More information: You can deploy packages, but not applications or software updates.

No

Monitor with the fallback status point

No

No

Yes

No

Connections to management points

No

Yes

More information: A single management point in the client’s assigned (primary) site.

Yes

More information: A single management point in primary sites and secondary sites.

No

Connections to distribution points

Yes

More information: manage.microsoft.com is the only distribution point that is used.

Yes

More information: Distribution points in the assigned (primary) site.

Yes

More information: Distribution points in primary sites and secondary sites.

No

Block from Configuration Manager

Yes

Yes

Yes

No

Quarantine and block from Exchange Server (and Configuration Manager)

No

No

No

Yes

Remote wipe

Yes

Yes

More information: By Configuration Manager and by a user from the Configuration Manager Application Catalog.

No

Yes

More information: By Configuration Manager and by a user if supported by Exchange.

For more information about the mobile operating systems that System Center 2012 Configuration Manager supports, see Supported Configurations for Configuration Manager.

Use Configuration Manager to enroll mobile devices when the mobile operating system is supported by System Center 2012 Configuration Manager mobile device enrollment and when both of the following conditions apply:

  • You have a Microsoft enterprise CA to issue and manage the required certificates.

  • You want the additional management features or settings that are not supported by the Exchange Server connector, such as software installation and full hardware inventory.

    ImportantImportant
    If the mobile device synchronizes with Exchange Server, set the Exchange flag AllowExternalDeviceManagement to ensure that the mobile device continues to receive email from Exchange after it is enrolled by Configuration Manager. If you install the Configuration Manager Exchange Server connector, you can set this flag by configuring the option External mobile device management in the Exchange Server connector properties. If you do not install the connector, you must set this flag by using the Exchange management tools. For example, use the PowerShell cmdlet Set-ActiveSyncMailPolicy with the parameter AllowExternalDeviceManagement.

Use the mobile device legacy client when the mobile operating system is not supported by System Center 2012 Configuration Manager mobile device enrollment and when both of the following conditions apply:

  • You can install the required PKI certificates on the mobile device and the Configuration Manager site systems (management point and distribution point).

  • You want to install software packages on the mobile device and collect hardware inventory.

Manage mobile devices by using the Exchange Server connector when the mobile device can connect to Exchange Server by using ActiveSync and when either of the following conditions applies:

  • You do not require the security that a PKI offers or you do not have a PKI.

  • You do not require all the management functions and settings that enrollment provides.

You can enroll a mobile device by using Configuration Manager and also manage it by using the Exchange Server connector. In this scenario, although you see only one mobile device in the Configuration Manager console, you have dual management for a mobile device and the following consequences:

  • No settings are applied from the Exchange Server connector; you must configure the mobile device settings by deploying a configuration baseline.

  • If you collect hardware inventory by enabling the client setting for hardware inventory and by using the Exchange Server connector, the hardware inventory information from the mobile device is consolidated by Configuration Manager.

See Also

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft