Article Updates February 2013

I don’t revisit my old articles so often, usually because they stand complete as they are, and I’d rather produce new ones. However I saw it fit to make a few minor updates now as I have gained some more insight on the topics.

Last things first; in my article on MDM for Windows RT:

I said the following “the tool tip for the encryption setting states that Windows RT does not support encryption”, and found that slightly strange since RT should support encryption as such. I’ve run this by the Intune team, and it seems the tool tip is misleading. Windows RT supports encryption of the whole device, and it will be enabled by default provided you sign in to the device with your Microsoft account. This means that there is no setting for Intune to enable or disable it. So Intune doesn’t technically support controlling this on the device, but it should be in play nonetheless. (Of course it’s hard to enforce whether the user logs in with a Microsoft account or a local account.) You will not get encryption with a local account. The explanation I got for this design choice was that the cloud was needed for recovery of the Bitlocker key should you lose it.

Back in September I played around with mobile devices and IPv6:

Since I didn’t have access to Windows Phone 8 or Windows RT at the time I wasn’t able to test those operating systems. It’s been a couple of months since that though, so I have been able to test it now. I actually rolled out IPv6 on my secondary site in the meantime, and got it working properly more or less. (There are some minor snags but it works in general.)

Unsurprisingly Windows RT has top-notch support for IPv6 as it’s working just like regular Windows 8 for the desktop. I saw no issues using IPv6 on the Surface RT.

Windows Phone 8 however… Well, it supports IPv6 as far as I can tell, sort of…If you check the properties for the Wi-Fi connection it will only tell you the IPv4 address, but looking in the DHCP console I could see it having an address assigned by IPv6. I have also enabled SLAAC, but I’m not able to tell if the device has been in contact with the gateway device. I am however able to tell that I’m not able to get the device to connect to the IPv6 Internet in any way. That just isn’t working. Typing IPv6 addresses directly in the browser also informs me that it’s not a valid address. I don’t know for sure, but to me it looks like Windows Phone 8 supports DHCPv6, but not SLAAC. And as I said when I showed the setup for Windows Server you can’t get a fully working IPv6 infrastructure with DHCP alone… Could I have researched this further by setting up a non-Microsoft DHCP server? (I also tested with the Airport Express doing DHCP.) Yeah, probably, but my reasoning is that if Windows Phone doesn’t support IPv6 with a standard Microsoft architecture it doesn’t support IPv6.

I made some minor bug fixes for my online version of EAS MD, and most importantly I removed the captcha because it was a pain. It was just to darn hard to get right even if you are human.
It can still be found at

That’s it for now, and I’ll see to it that I update the original articles with this info as well.

System Center Configuration Manager 2012 SP1 – Arrival of MDM

Hot on the heels of the upgrade to the Windows Intune service Microsoft released Service Pack 1 for the System Center 2012 Suite of products to TechNet & MSDN. This update is also said to bring Mobile Device Management (MDM) support to System Center Configuration Manager so we’ll need to take a look at that 🙂

For a quick recap of what Windows Intune looks like on Windows RT:

I’ll admit that personally I’m more excited about SP1 for SC Virtual Machine Manager since I’m using it all the time whereas SCCM is sort of overkill for managing the home lab.

SCCM is of course historically, (including the preceding name of "SMS"), a product for managing traditional servers and clients, and while there are improvements in that area too I’m not diving into that. (Others will do so I assume, and they will probably be more knowledgeable than me in that part of the product.)

SCCM is now able to integrate with Windows Intune, exactly for the purpose of managing Windows RT and mobile devices through the "cloud".

Read more

Windows RT – MDM First Impressions

If you’ve had a hankering for some MDM love on the Windows 8 platform, (Windows RT and Windows Phone 8 specifically), Christmas comes early from Microsoft who has upgraded their Windows Intune platform to support the aforementioned devices. (I realize that there might be a limited audience of people desperate to manage these devices as I don’t think there’s been any large scale deployments yet, but people are starting to ask about what’s happening in the MDM space for MSFT operating systems so it’s worth looking into nonetheless.)

Not much has been released publicly regarding the MDM capabilities of Windows RT & Windows Phone 8 so far other than some vague statements about an MDM API, and support in Windows Intune and System Center Configuration Manager 2012 SP1. (SP1 has RTMed and should go GA in a matter of a few weeks.) A couple of third-party MDM vendors have also announced support, but they haven’t shared all that many details either. So let’s do a quick tour of what we can do now that we have a tool available.

Read more