Take Away

  1. New improvements coming to Intune to manage Android for Work.  This session actually gave a good overview regarding the fragmented state of Android OS as well as the MDM challenges around it.  The session discussed upcoming Intune tools to help with this problem.
  2. Vittorio Bertocci best speaker of day in his session Secure your web applications with Microsoft Identity.  I would imagine he throws a great party as well.  Nice walk through of building an asp.net app in VS 2015 using Azure AD authentication.  To be upfront this session was geared more towards web developers but I stayed because I do keep up with Vittorio’s blog.  He is great dynamic speaker and I enjoyed his style.  
  3. The IoT session Explore IOT Scenarios from the field and their reference architectures was mind expanding and my head was swimming with ideas after this session.  Great presentation on what could be an incredible opportunity.

My Notes below for each session

Intune Session to manage Android

  1. Android
    1. Protect identity
    2. App – conditional access
    3. Device
  2. EMS
    1. MDM
    2. MAM
  3. Android fragmentation
    1. 1,294 brands
    2. 24,000 devices
    3. Great for end users but difficult to manage in enterprise
  4. Intune Android management
    1. Native Android 4.0 +MDM
    2. Samsung KNOX
    3. MAM policy for data protection – built into apps
    4. Companion apps
    5. Threat protection for Lookout
  5. Tour of Android and Intune
  6. Android for Work
    1. Common pain points
      1. missing VPN, silent app install, configurable end client
      2. Android fragmentation affects managebility
    2. Enhanced on-device management capability
      1. Android 6.0
    3. App management
    4. Productivity apps
    5. Partnership community
  7. Intune Support for Android for Work  **Roll Out starts in October
    1. Enhanced device management
    2. App management improvements
    3. Security apps
    4. Email client app config
  8. Android for Work Scenarios
    1. BYOD (Available Oct) – Some apps owned by corp IT others by users
    2. Corp owned, personally enabled
    3. Kiosk (COSU)
  9. New provisioning requirements
    1. IT admin must onboard Itune tennant before enrollment
    2. Previous requirements for for Google domain are no longer a requirement
    3. Deploy apps (play.google.com/work)
    4. LOBs
  10. Android for Work and Intune MAM for data protection (See presentation)
  11. MAM –
    1. enforce corp data access requirements
      1. Require PIN for launching app
    2. Prevent data leakage

Explore IOT Scenarios from the field and their reference architectures

  1. Ref architecture
    1. Example – Car – lots of devices but all aggregated on platform gateway
  2. World’s largest integration project
  3. Azure IOT Suite – really a solution (azureiotsuite.com)
  4. Need to be careful about cost implications in architecture

Real Customers

Towering IoT

  1. Problem – brownfield systems
    1. Old and proprietary
    2. BACNET is legacy protocol
  2. Drivers – Green Buildings
    1. BMS (Building management systems) and cloud

Azure IoT Hub

  1. Older brother is event hubs
    1. Event hub is one direction and is limited to 5k devices per namespaces
  2. IoT Hub hyper-scale solution
  3. Cloud scale messaging
  4. Two way communication
  5. Per device auth
  6. Multi-protocol support
  7. Cloud-scale
  8. Communication is TLS based
  9. Device management



  1. Connect my medical device
  2. Allow physician to access data
  3. Gateway is changing
    1. Replace event hubs with Iot hub
    2. Replace service bus with event hub


IoT Discarded

  1. Trash bin
    1. Am I full?
    2. Remote location
    3. 5+ year battery life
    4. ¾ G Connectivity
    5. 1 data point per day
    6. Route optimization based on when bin is full during the day


Industrial IoT

  1. PLCs (Industrial protocol)
  2. 80% of projects will be industrial IoT
  3. Industrial IoT is hard
    1. Lots of protocols
    2. Lots of PLCs and no standards
    3. Lots of machine manufactures
    4. Integration


Global Deployment

  1. Front door/provisioning/Bootstrapping
    1. IoT fascade calls end point to determine device identity and route to correct hub
    2. Suitable for new, reset or offline system
    3. Devices needing geo-location
    4. Migration from IoT Hub to IoT hub
    5. HA/DR

Secure your web applications with Microsoft Identity

  1. Vittorio Bertocci best speaker of day.  I would imagine he throws a great party as well.
  2. Nice walk through of building an asp.net app in VS 2015 using Azure AD authentication