• Article

Information shared between Microsoft Intune and System Center 2012 R2 Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager SP1

As a Microsoft Intune customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust, and the privacy and security of your data is one of our top concerns.

The information presented below is intended to provide additional details about the shared data that is transmitted between Configuration Manager and Microsoft Intune when using the Microsoft Intune connector.

The Microsoft Intune connector lets you use Configuration Manager to manage mobile devices with Microsoft Intune. The connector extends Configuration Manager by establishing a connection to the cloud-based Microsoft Intune service that manages mobile devices over the Internet. With this connection the IT Administrator is able to manage and provide services (such as application distribution) to the devices employees love to use. In order to accomplish this, Microsoft Intune needs a certain amount of information about the users, enrolled devices, customer’s compliance configurations, and applications published through Microsoft Intune.

Microsoft Intune is designed to minimize the information needed to provide Intune services to users and devices, without compromising on the quality of those services.

Information and data sent by Configuration Manager to Microsoft Intune

Configuration Manager connects to the Microsoft Intune service and the following information and data is sent to and processed by Microsoft Intune.

Information and data sent to Microsoft Intune

Examples

To help the Admin manage enrolled devices and deploy company’s software to users devices

  • Compliance settings and values, such as requiring a minimum password length of 4 characters

  • E-mail profile information, such as email server name and time of day preferences

  • Information to generate certificates for VPN profiles (but not the certificate itself)

  • Software name, description, encrypted content, and icon for apps

  • Any setting needed to enroll devices

To manage their users’ experience

  • Settings applied to user’s devices

  • Whether the company portal has been installed

  • What software applications are displayed as available in the company portals

  • What software the user has requested and installed

  • User’s software request history

To help enrolled users use single sign-on

  • User Principal Name (UPN)

  • User Name

  • Email (if email profiles are enabled and deployed)

To quickly view relevant information about enrolled devices

  • Device name

  • Device friendly name

  • Device Type

  • Device OS

  • Device Acton (Wipe/Retire/Connect) state

  • Certificate expiry date

  • Primary user

  • Last connection time

To distribute certs for Wi-Fi and VPN profiles

  • NDES server information

  • System Center Endpoint Protection challenge encryption certificate (public-key only)

  • Certificate provisioning information

  • Certificate assignment and status

To quickly assess current status and versions

  • Microsoft Intune Connector Installation status e.g. “Windows Phone 8.1 extension (V1) is installed”

  • Configuration Manager Version Information e.g. “Connector Build Version 5.0.7958.1000”

To connect authorized users remotely

  • RD Gateway Server Settings

  • Machine names and Microsoft Intune users for which this feature is enabled

Information sent from Microsoft Intune to Configuration Manager

The following table shows the customer information that is retrieved from Microsoft Intune.

This information is deleted from Microsoft Intune after it has been successfully downloaded by Configuration Manager.

Information sent from Intune to Configuration Manager

Types of Information sent to Configuration Manager

To help the Admin manage enrolled devices and deploy company’s software to users devices

  • Compliance settings

  • Security policies

  • Software inventory including app names

To help manage software publication

  • Requested Application Installation Status

  • Side-loading key assignment

To authenticate information workers

  • Customer certificates for authorization and certificate provisioning

Other information sent by Microsoft Intune to Configuration Manager

The following table shows information that is generated by Microsoft Intune and shared with Configuration Manager. This information is deleted from Microsoft Intune after it has been successfully downloaded by Configuration Manager.

Type of Information

Examples

End-user initiated commands

  • Device Wipe/Retire action information

  • Application Request information

  • User-generated device commands (rename, wipe, retire, connect now)

Tenant, user, and device error messages

  • “Apple APNs Certificate Expired”

  • “Side-loading key could not be applied”

Customer commands temporarily stored in Microsoft Intune

Commands sent to and received from mobile devices are temporarily stored in the Microsoft Intune service while the device is actively connected to the service. This data is subsequently deleted after the device’s active session ends.

Microsoft’s commitment to customer data security and privacy

More information on Microsoft’s commitment can be found here: