Wednesday, 28 August 2013

System Center 2012 Configuration Manager SP1 and Windows Intune - Configuring the Exchange Connector

This is a post in a series of posts on Windows Intune and the new integration capabilities found in System Center 2012 SP1 Configuration Manager.  The other posts can be found here.

This post will show you how to establish a connection between Configuration Manager and your E-Mail Service.

For this example I’ve actually chosen to connect ConfigMgr into my Office 365 account as I made the decision not to have local infrastructure where possible in the lab.

Why would you want to connect ConfigMgr to your Exchange/Office 365 environment?  Well while iOS and Windows Phone utilise direct MDM management, Android doesn’t have a native MDM capability for controlling settings (That is until Intune Wave F is available later this year), but it does allow configuration via ActiveSync policies.

  • From within the ConfigMgr admin console, navigate to the Administration node | Expand Hierarchy Configuration | Click on Exchange Server Connectors
  • Click on Add Exchange Server on the Ribbon
  • Either choose On-premise Exchange Server or Hosted Exchange Server and supply the information of where to connect to.
    For an on-premise exchange this can be either the FQDN of the Exchange server or a URL to the PowerShell component.
    For Office365 (Hosted Exchange Server) use this URL - https://ps.outlook.com/PowerShell-LiveID
  • Click Next
InitialSetup
  • On the Account section either select an existing account if you have one setup already with the relevant permissions, or create a new one.  Take a note of the PowerShell cmdlets the account is required to be able to run.

    The following Exchange Server management roles include these cmdlets: Recipient Management; View-Only Organization Management; and Server Management.

    If you try to install or use the Exchange Server connector without the required cmdlets, you will see an error logged with the message Invoking cmdlet <cmdlet> failed in the EasDisc.log log file on the site server computer.

    There is a script available on the TechNet Gallery by Stephan Schwarz that will help with granting these permissions - http://gallery.technet.microsoft.com/office/Configure-Exchange-cmdlet-c4f2affd
  • Click Next
account
  • Choose a schedule for how often you would like for synchronisation to occur, as with everything, be mindful of extra load you may place on both your site server and Exchange.
  • Choose to ignore inactive devices based on how long they have been inactive if you wish
  • If you’ve chosen an on-premise Exchange connection you can filter down the discovery more, if like me you’ve chosen Office365 hosted Exchange then you cannot.
  • Click Next
discover
  • On the Settings tab, you can choose at this point to either leave the policies that are applied to the mobile devices to be assigned by Exchange, or choose the Edit button for a relevant group of settings and modify the policy.

    Be aware that the settings applied through ConfigMgr will take precedence over the Exchange ActiveSync policies.
  • Click Next
configure
settings
  • Review the Exchange connector settings in the Summary tab and click Next
confirm
  • The connector should complete successfully and show the result.  Review and then click Next
complete

No comments: