Duration 43:17
16+
Play
Video

Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD

Matt Brooks
Senior Technical Product Marketing Manager at Citrix
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 23 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
286
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speaker

  • Matt Brooks
    Senior Technical Product Marketing Manager at Citrix

About the talk

Topic: IT

Personal privacy and convenience are important to the user while security is important to the company. Oftentimes, these things are in direct conflict. In order to successfully implement a bring-your-own-device policy in an organization, you need to focus on securing the apps from the device, placing mobile apps into a secure container and creating a barrier between the personal and the business worlds. In this session, you will learn how to expand your Citrix Workspace experience to incorporate best practices for securing mobile apps on BYO devices with the use of restriction policies and micro-VPN.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.

Share

Okay, let's get started. Good morning and welcome to hands off my BYOD. My name is Matt Brooks. I'm a architect with Citrix 00:00 technical marketing company about eight years but a different roles customer-facing product and at least half of that time I focused on endpoint 00:10 management. So hoping to impart some of my knowledge. So y'all today and I'm glad we joined by my colleagues around here. Yeah, thanks mats, and I'm 00:19 happy to be in my name is going to be on the senior product marketing manager Citrix. I started at Citrix about 5 years ago as a Mobility as he so 00:28

Matt. Can you guide us through what the previous sessions over right? So if you were if you were here for the previous session. 00:37 tried again So we're having a 10-part series on the in a different aspects of work space. This is this is 00:47 our fifth session before this. We talked a lot about content right how you can store it in your networking storage zone. So you can start in different 00:56 locations and get to it with connectors and the various ways to secure site and provide it to users. Now. We're going to focus on getting some apps 01:06

getting mobile app specifically and utilizing that content. So with the idea behind hands off your title is that we're going to focus management 01:14 side unified endpoint management Enterprise main schools have the device management, which is more for corporate side. Were you going to actually be 01:24 able to take control that device and then there's the app management side works really want to focus on this Management corporate truth about these 01:34 uses the lights because it's their personal device. It's ever going to break it into four areas mobile app distribution will talk about how do you get 01:41

the app for the device? They will go into app security once you have the app on the device how to Protect it will get into Epcot activity. Once that 01:47 app is protected on the vice. How does it actually get it to the back end and get get data things it can do lies and then we'll close it out with 01:56 talking about conditional access every special kind of security work. You can allow the app to to be used to not use FaceTime conditions on the device 02:03 contextual security if you will. Where we get started we are going to talk about some roadmaps teacher. So I want everyone to be clear that the things 02:10

were talking about this there's no guarantee. If or when they'll be delivered. And with that let's get into a mobile app distribution Soldier on we 02:18 have a few different ways to get those apps out on the mobile in points. Yeah. Yeah. Thanks Maxx if we look at the current market and how absurd this 02:27 to everybody knows apparently about the Publix store so I can Apple Store the Google Store the Microsoft store and get your own identity 02:35 for Enterprise right till we have for Google Play for work the Microsoft store for business for example, 02:43

double allow you to curate your line of business application and even the public application and allow them to silent. So it's also has a 02:52 Persian off of private store. So we look at the Citrix workspace app and the Citrix secure Hub. Both are populating applications on 03:02 rap songs 8888 application software applications and line of business applications. And of course also web links and 03:12 that kind of application So that's. Basically the journey off of you bring your own device. Jethro Nintendo the Enterprise at 03:21

Star is going to be the benefits of the Publix Touareg auto updates, but Enterprise you can have more control that can decide which apps are available 03:31 and control fanfic licensing and priced all you have more control over then in the ship that's private or that is even the more gradual control of the 03:38 year of the application. So the advantages of a public computer at the apps, you can make sure that the apps are 03:46 a mandatory install and if you even use the public Source like Google Enterprise on Google Play for work has even being 03:56

scanned on malicious code in the applications on the device and on the store. So he's all good examples on how you can keep your applications, but 04:06 don't tell your device and you use a secure. It's a lot of benefits of the public stores. We actually even use those to disabuse the Citrus 04:15 productivity. Astray. I get can you tell us a little bit on how we went from Enterprise distribution to Publix store distribution, but maintaining 04:23 got to keep the security guard search which provides 04:33

3D the private server going to disability and the X-Files 04:35 where we provide that containerization of those apps. And so we handle most of the work with this certificate is thin provisioning profiles, then it's 04:45 only up to the admit to Don Pablo's in The X-Files load them into the rent Point men's Vincent's and then they get your taxes from the store. They get 04:53 pushed and they get basically married to the app when to start loading from the public store. So we have the listing for you. That's really that's 05:01

really cool. You have in in in 05:10 the current market. So of course everybody knows he have come pick Community. I'm going to talk a little bit about that. And I know that it is a team 05:20 that you've been seeing around shoulder Mobility sessions at Citrix container or a mobile device experience. 05:29 What is piatt County Community? Show me a comfort Community is a community-driven 05:38 solution which provides developers with an s t k to M bat basically keys and values 05:47

so that they can complete the application and one of the disadvantages of app, so 05:56 it's not completely in the bring-your-own-device Pace bus this morning that corporate on crashing and Abel's paste benefits of the downside of using 06:06 a little privacy. A little bit up to the benefits of surprised. You can live lavish D at 6 to email Investments. 06:16 You can use the execs at 3 p.m. And identity and access Management Solutions and the destruction beerus got to use our 06:25

voting experience. So with the doors and the public storage in combination with the app conflict, you have a 06:35 great selection of the business apps. So what's in it for the U of M o d e m Sanders so you left her to be always best practices so you can take care 06:45 of the functionality that the OEM provide so the functionality Apple Proviso Microsoft provides and you have a larger ecosystem of this is that 06:54 so it's basically very simple process. See you again provider to attach to that at comfort and we are a supporter of the Uptown 07:04

Funk, of course. You can see here. You can do that configuration. You can do to security policies in the access control 07:14 at tunneling and instead of using a separate a VPN solution. So it's all single turn on and the best years ice cream cheese you can get so 07:23 that's all some of the advantages you have any upcoming conflict community and I think some of you already said she's not 07:33 include some ability. You will see that Citrix has invested a lot of time of getting acquainted with the Android Enterprise and supporting Android and 07:43

price are basically four ways of onboarding an Android Enterprise device. So in a 07:51 bring your own scenario, all of these would be a fit if you are safe to use in that Device 08:01 factory reset is as needed but the most commonly used in a bring-your-own-device is the amount token or just your You piano email address 08:10 in our case. We have time to Oakland afw and then exam mobile still the old man because 08:20 the solution was ready before I know damn phones for sale watch launch and it's hard to change the DPC. Then 08:29

the QR codes is basically the out-of-box experience off of the factory reset. The users have sex 6 times at the screen and it will go into the 08:38 auto enrollment by scanning the QR code. That's a Citrix and pain management will provide to you and 08:48 show you configure a massive the violence that has all the complications into it like the Wi-Fi the URL of those at mobile 08:55 of the situation Court management instance, and I you touch devices and They automatically enroll and silver tux is basically almost a 09:05

nonzero. Infraction off of user with the enrollment. So he just has to accept the policies and that's basically all all the things he 09:15 needs to do. Next to that there are some management profiles and what talking in this scenario, of course, I'll bring you on the phone. So we're not 09:25 going to talk about old for the Dominican profile. So we will focus on that bring your own device and that's the work profile. So I think I have 09:34 a demo for it later on so we will have that but I don't want the phone. But we shall later on it was one of my favorite features in Android Enterprise 09:43

is that the user experience is a choice of the using so after user is enrolled into work profile. He can go into the workspace. That's the 09:53 operative down on the left. You can see it's a little little icon that's a Google provides when you enroll into to wear profile and if you tell me the 10:03 settings to use choose if all the applications are running the container or if you was once the applications like a normal map batch with a 10:11 briefcase and they're like no one I've seen you can move them. Round flat board. So that's a really cool feature. And I really like it 10:21

gif or uses his choice to use it. So it's flexible and makes it less intrusive on the user's personal environment. They know what you're after work, 10:31 which is the personal I can switch it on and off whenever they want. So that's that's really cool. And that's why I like it 10:37 Pacific Time Point management into the word profound. 10:43 Of course to use a headset device with a pink coat he will log into this private PIN codes. You will open the play store mobile check quickly that is 10:58

a private email address in so it's not too cold for that address and it will download Citrix if you hump you will install a panel installation 11:06 afterwards. He will open it. I was installing. Reusable open open it like any ordinary app 11:15 Apple also some access to specific services and later on. This will be just anxious in the in the word profound 11:24 using typed into his UPN. Yam rolls. What's Tina's password? And also this the work profile 11:33 creation was. And so this is the agreement. He has to check price the profile and see some flips forth between the security open 11:43

the device. That's just great in the profile greatest hits of Spin and you're enrolled in to see if it's on point management with with Android and 11:53 price of everybody knows I think you're secure mail and you'll see single sign-on is configured to use a doesn't have to type 12:01 in anything. We will show you the latest features and on the bottom, right and on the top light to see a new little blue I can with a key that means 12:11 that it's on the word profile. So, when do you have Scrolls through all the first time user experience? You won't have access to 12:20

secure my own self. That's peanuts. So they can you see the workspace app 12:30 you open at you go to the settings. You see that all the applications are now in the work space maintainer just with the Fletch flip the switch as 12:39 user and you will see that all the applications are now on the screen with an icon and you can move them around the designs wherever you want group 12:49 then put them on your home screen. That's it. It's one of those workouts for protected and inside that we're profile container. Hi Johnson, I'll let 12:58

you shift gears and talk about Civics MDX. How how we do containers? I'm so Wizards MDX. We have the ability to do it really do mobile app management 13:08 without enrolling you have we have the ability to put a container around apps and we do this with our third its productivity apps. 13:18 There's a look at the user experience. If you're not familiar with her and point management here. We have a iPad already enrolled will go ahead and 13:29 open secure mail will see that will select the email will selector ftdna opens up into a secure web and we'll see it's connecting to the back in 13:36

formica VPN to take that STD and we could have copied and as far as it's not going to work it's not and it's enabled it's outside of that container 13:45 that encrypted memory that we have to go back into a male here. We open a word doc will see that we can go ahead and try to do it open and into 13:52 Dropbox nothing to fill I probably index policies don't allow it then if we go ahead and try to copy it into the files were allowed to that's part of 14:00 the MDX ecosystem here. So once the doctors open we can go ahead and we can do edits to it. And then I when we're done 14:09

everything we can go ahead and save that off and then it's uploaded securely into an acidic files storage in the cloud. 14:19 It's what I think that's a quick look at the user experience for of MDX on the the endpoint. Just take a look at the architecture. See if we have an 14:30 app for simple email on a device. But if all is going to have access to all of this system functions, you can it can take a picture. It can store 14:40 files that can use the network. But at the same time the downside is that if their system vulnerabilities or virus is Ebola in both of those if the 14:48

device is jailbroken that you know, if things could access that privacy data the intellectual property and it's utilizing or if there is malware other 14:56 apps have malware could unknowingly be susceptible as well. Buy containerizing and what we're going to do is we're going to put buffers between those 15:04 system functions. So when that app price to call Platte from functions Network functions or use the memory, it's going to be intercepted. That's the 15:12 concept of containerization. If we have an app that tries to use the camera, we could block that through administrative policy. We can block storing 15:20

files locally what we could allow it to be stored through that encrypt container container in the memories. All the index apps can use it if we tried 15:27 to use the network we can redirect that to his cigarette smoker VPN again control which apps that can get to Essence of the idea with containerization 15:35 is that we can actually rap some code around that the file or we can either developers can use their SDK to do you integrate that when it's developed 15:44 and that's what we do that that's how we put that container around the app app itself. I'll Methodist. That's really cool. And it's a micro VPN and 15:53

copy and paste is not the only policies we have any on the Internet Security controls around lisette's. 16:02 So take a look at the the admin experience. I hear we starting to the spot we going for endpoint Management console and will drop 16:13 her first single seeing or MDX section. We have a nvx service of cloud. This is where you can upload your ipas apks are actually wrap your apps. We do 16:23 this for you. If you check out Civic specs on will give you some stickers at the end. You'll find a detailed video on doing this for iOS actually 16:32

creating those provisioning profiles can go ahead and open the open the secure mail in RMV accept Section, which we downloaded from Cityside, download 16:39 section will see some of the policies and reply here. We control the copy and paste. Here's the opening that prevented us from going to drop box. But 16:48 a lot of to get to Citrix files in here at the bottom to the app specific details. So this is the same layout know we go ahead and apply that to our 16:56 deliverer group in the end user has it when they once they can roll. Acceptable Aldi dndx policy you could you see there and what we 17:03

provide the citric right just to know there's that you saw only Androids in the MDX option there. But since this week that results will an option for 17:13 Android Enterprise there so you can put rmbh application or yam the ex-file that configures the NBA draft location into the city of Sandpoint 17:23 mannequin. So we make it more easier for you to to observe all the applications and all the platform Center in Tifton pain management 17:32 to select your OS as you go that you need to configure for each particular up 17:40

on the device getting a container around let's talk about getting some conductivity for it to get to the back end. So we have we have 17:49 a few different options here. We mentioned Michael VPN. This is our own device VPN service. We listen is included with the index 17:59 Library. We have our own networking Library set all the apps to get setup without using any deplatformed functionality. But we also have so 18:09 if you were here for a session 3 we talked about mobile. What's the song We utilize that right? That's that it's important for setting up fully full 18:18

VPN. And you know, it's a great user experience book about mobile app management in the previous piece. We 18:26 have the encryption fond of her offer MDX technology. Now, we're going to talk about Collective tomorrow about 18:36 so here's a real high-level architecture overseeing on the left. There's basically what we describe what we created that 18:42 MDX container and this in this case when it goes to make a network all that call for Tammy from Akron Beacon Library, it's going to reach out to a 18:52

sitting Skateway and that's coming on for a more. Now. We offer in the cloud. If you probably heard a lot about students can't we in the club this 19:00 week's and now that's that's a possibility to use a productivity apps with endpoint management. So take a quick look at the user 19:07 experience in this is with Gateway service at frankly. There's nothing different from the use of perspective. They open secure web. They go to their 19:17 homepage in the internet in there. They have no clue where they went through non-prime Gateway or Gateway service. So really really just showing this 19:25

to show that there is no difference in the in the functionality. How to walk to the architectures micro VPN just a little bit. So we mention you know, 19:34 where that in the absence of microvilli sandwiches per app on demand. You may have to set up a full VPN, you know, you make yourself more susceptible 19:42 to vulnerabilities you have other apps. Can you hijack that eventually we might a VPN? What we're doing is having the apps to do a specific tunnel, 19:50 you know through the gateways and they going to have a specific app where you can configure. It's like I'm going to get this specific endpoints a 19:59

really narrowing down under the scope of of access. And I wouldn't why introducing a Gateway service what we're doing is we're eliminating that the 20:04 Datacenter DMZ setup for you're in a serious ABC on Prime. Now, we're going you're going to have your mic if you can go to a sitter pop think that we 20:14 dance we have a dozen we announced two more this week. So there's there's 14 pops around the world music are Intelligent Traffic Management Service 20:22 when user ghost democracy plane goes to set up and then tries to reach this is fqdn. It's going to direct it to the nearest pops. You're getting you 20:29

know getting on the network faster. And obviously we have a lot more of philibert sites. A lot of times was on Prime you're limited to two maybe three 20:37 of filler side solo benefits there in the way it works is we have the Gateway service in the cloud talks to a Gateway connector on premise. So we 20:43 covered this morning other sessions, but just to recap this is essentially Citrix ATC code running in a virtual machine in your on your hypervisor. 20:53 The Gateway service in the cloud is able to communicate with that in your research location. It sets of a reversed tunnel to the networking in. It's 21:01

essentially establishes this tunnel that you know, navigate through these Gateway service and we can figure that stuff for the demo. So we recorded by 21:09 you see nothing but it's basically left like 15 minutes and we got it up and running very straightforward and from an administrator perspective. 21:18 Obviously, I meant to some of the benefits but if if you've installed in pain management before, you know, one of the first things you get as a 21:27 script, right they have to configure in your netscaler in your ass. Are you Civic TDC your gateway 21:33

has been a Workhorse for years. But with Gateway now you eliminate that 21:38 aspect write your cervix said if it's going to be going straight to the cloud you haven't you can access endpoint management insipid cuantos going to 21:48 access Gateway set up printer to fax. I'm so let's take a look at the administration to hear 21:56 weed. I threw it into setting up a Gateway connector. We're putting a virtual machine. She looks like putting a sittercity CZ p x at the end and 22:06

that's a DHCP IP address and Port 8443 going to connect to the UI in this working machine. We're going to enter our default credentials to access it. 22:15 Then what friend we ask is for some basic information. First thing we'll do is we'll change the password. I was you would want to use the the default 22:26 provider with and we'll go ahead and have the ability to put in a static IP address always a good idea. H e p i need to do to activate. It is enter a 22:33 code which were going to get back from the cloud. So back in our resource locations where we downloaded the image, we going to get this activation 22:41

code. It's a bit long are alphanumeric string wants to be saved that off of finished. We'll see if we get a green light and conductivity on the 22:50 virtual machine itself then back in the cloud we can detect it and verify we have connectivity. So now they gave me Services talking to the Gateway 22:58 connector on-prem then back in the endpoint Management console. We're going to drop into settings netscaler Gateway service 23:05 and when they select a resource location will see that this string corresponds. It shows up on your your vehicle. If you look back at that snout, 23:15

that's it. That's it for the setup on the Gateway side Ops want to change the the 23:23 network kind of TV slightly. 3 using a secure browsing history rate. We're not using full VPN here. So I'm going to go ahead and force that to use a 23:33 Tunnel web SSO. To initially were we're not seeing text preview and we're going to support think secure mail and secure 23:41 web initially. I was going to come Okay, so I think we're doing get a time and kept talking to you both here. 23:51

I'm getting a stain or getting access to the back in. I want to talk about conditional access to really making sure you're safe and 24:00 free access to use the app to access your intellectual property about the applications. 24:10 That's what we have everything in place to provide conditions to the endpoint that allows you to get access to corporate resources. 24:19 I chose for Windows 10 and points for Windows 10. We have 800 850 million. I witnessed and 24:29 endpoints are there around the world? The most of the audience right now pretty pretty popular platform to demo on exactly an end of 24:39

shift tomorrow to Management's makes it logical that everything goes into one single Management in the face and that you can set the policies and 24:49 restrictions on your application with some easy confirmation clicks and flow at to all those different 10 points 24:57 away from Land tools to manage a Windows 10 point in using the similar Mobility management tools to manage that so he can control 25:04 anywhere in the world where it gets on the night worker uses apps in Windows 10. And basically it's one big framework a way that provides 25:14

the compression policies with every new release that bring they update them with the customs fees fees or a compressor service provider the 25:23 Whizzinator mail file that's bill on the MGM channel that lets you allowed to configure the Windows 10 machine as it was an IOS and Android device. 25:32 Som de set the stage of a little bit for the weather for this week we of course want to validate the endpoint and conditions that would be no sense a 25:40 little bit different there is no real name only configuration there. So the user needs to unbolt it through as your ID or two sets of Sandpoint 25:49

management so you can get some stages of the device. So Windows held at the station Services a good one to start with its replies back some of the 25:57 conditions turn off the device management and we want to update the complaint States. So if anything changed on the App Store on 26:06 the Southside on on the right side, whitelist and Blacklist of that doesn't matter, it should report back into 26:16 shape again Point management to do something with those actions you can sense you are able to allow and then I access so this is 26:26

quite a long damn about 5 minutes 5 minutes and 30 seconds, but it's Inova hidden gems. We have which one which was on point management? So as soon as 26:36 you enroll in Windows 10 device into seclusion Point management what 6 it will sign the install Windows 10 on Windows 10 with a Windows 10 agent. 26:45 You can do pawn shops pay pin a lot of other cool stuff, but the windows agent also replies back the information in Json format, then we'll see what 26:55 later on to decision Point management and can change the state of the device. So basically you have your Model Management tools available to do all 27:04

the cool stuff with Powershell. So let's walk through the prerequisites in the industry 27:13 compliance me control demo. So we are going to look at the Windows update service example, you can choose any service you 27:23 want to just run a Powershell command to see what what services are running or you can go to the control pain or the past manager and 27:33 selector the name of the service. So that's really I will show that later on. So we have a very simple Powershell script and only that the Powershell 27:42

script as got runs the get service come on on the machine Through the Windows agent and in this case has two Windows update service and it requires 27:50 the status and the states is Canby stop a running show in the body of water of the Powershell with you see the Windows update status. That's a 27:59 reference. We need to lay down to configure the reactions on the policy. So basically we are giving you the name so when the windows agent receives 28:07 the reply back from this Converted to Jason and that's what we'll be feedback into citizen Point management. So that's step one. 28:17

You can choose any and any service or any other thing you want to check that is really easy step to you 28:27 upload it and you will see that there is the description. This part will be used by the Windows 28:35 10 agent so you don't have to attach it to I need to leave for a group because durable deploy the windows agents through the device later on so 28:45 doubt are the policies, and that's basically at this point. So you created when does agent policy and you see the Rind you have the app 28:55

options and you can add multiple Powershell scripts and just give it a name make sure that the thought stop is Powershell and you can 29:04 select the script that you uploaded before or if you have a central Repository. Call your straight talk you can face any URL there. 29:14 So it was like always but now you can schedule it in a frequency 29:21 of 1 hour while also looking at make it more granule. So do it in in minutes and a days. We have more gradual control. 29:31 So that's in a 3 1/4 and 1/5 is of course the action you want to attach to that song. We push the pharmacy. We got the reply Bank 29:42

off of what the status is on that service and now you we want to set the device in or out of compliance. So that are basically two policies. The one 29:51 is for of course for out of compliance and the other one will be for enough complaining. So you go to the action section into Sixers. I'm poor 29:59 management. You create a policy there. You see that the policy return pounding now, it's Windows 10 agent instead of specific device or use the 30:06 properties. You see the convention named that's all the information that we have put in in the SQL script Powershell script and in the Windows 10 30:15

agents that reference you can look it up at a r. E. How specifically the name convention goes when the service is stop the 30:24 devices Market out of compliance and you have a grinder of control on how you want to do that. Also in this case. I said it to me. When is on a sink 30:34 in the in the other scenario? No, it's not but you can also set it to zero and then it will set it directly out of compliance. So we have the second 30:43 one script but then it will Mark the device as important for the 30:52

50m that like we had smartaccess or analytics or third-party threat detection things. They could actually 31:02 through the API and check is this device compliant or not? And then take action face then. This is a big deal setting that stay right exactly. Mmm 31:12 good that you mentioned it and we'll see that in the video also also directly change the compliant stage in Hydra active directory if the device is 31:19 enrolled without the Parlor. So if you using specific applications, or you can restrict access to that other user also 31:28

dishes to console. We go to analyze 31:36 you will see that we have one non-compliant device and that's not the device were going to demo with but this just to show you that already one device 31:46 is out of compliance AC the out of compliance. Is that the truth? So we going to switch to the demo machine just a demo machine. We were running a 31:54 quick scripts that will show you the device name in this case is desktop 483 TSL now we're going to reference that later. So you can see that 32:03

sent the vine test to change. We have to mate with male application. We send the I change policy to it and will send a test email. That should be 32:13 receiving the received sound access to his corporate resources. We go to The Exchange Management console and we'll see on the properties of the 32:23 mailbox of the user that access granted to The Exchange ActiveSync ProCom. So we also have something that's called Imports management connector for a 32:32 change that will ten kickoff Powershell script to a change and I will communicate which is an appointment and see that the test using now as to Green 32:40

marks and it's allowed to access exchange service just for foot is using Okay, so 32:50 we'll check him as a Powershell script will see that the Windows update service running. We will go to Azure active directory 33:00 compliance. They're all so true. So everything is donkey donkey as I get 33:08 to a website will run a script that will disable 33:17 that service. Are we going to assimilate that by just manually disabling the service that we're going to stop at then? We're going to disable it. 33:26

I'm here. You also see the service name that are using the power strip Powershell Spade on top. So if you don't want to run a Powershell script just 33:38 go in there and check it out. We run the script again agency automatically 33:44 adjust showing how the process works makes its makes a better to understand. 37. 33:51 So now the communication on below will happen between the Windows 10 agent pushing the Jason to Sandpoint management changing the compliance you 34:01 staying? The Exchange connector from Citrix will check in with Citrus and pain management will see you hate. This device is not compliant will send up 34:10

Powershell script to The Exchange on Plant Services and will allow access for it and Sam will also send the command to Azure active directory. That is 34:19 the same as here. And if we check it you will see that it's the device that we were 34:29 dominant to 4803 CSL. Send a complaint to Sheetz State out-of-state is true. I would check the 34:39 change on Azure active directory do a quick refresh man. I will see that it changed everything you configured unconditional access to act like the 34:49

active directory for this machine will not be out of compliance. 34:58 What's the connection between Sam and this 35:10 too is don't you see that he accesses the night? Block, that's good. 35:19 I wish I could switch to The Exchange quick refresh and the stages should be changing to access granted to access denied. 35:31 So have all components in place now that the device is out of compliance. So the user should not have access to its Exchange ActiveSync. 35:42 protocol, so we do a quick reply to get the activation protocol working again, and you should should see a warning 35:53

sign popping up there that says Panera and it will show the error code 0 x 68 something 36:03 that will mean that's coming acacian with The Exchange ActiveSync protocol for this user is not allowed. So basically we're stick to user. from Exodus 36:13 mailbox So when that's done, that's that's nice. You prevent some from Reese for your organization's the it will 36:22 fix the risk and that the device is compliant. Again, Vine starting the Windows update service again, so we going to revert all the actions 36:32

we did now with just simply enabling the service again, it will change back to run. 36:42 Cuz you're on the recap the Powershell script can look at any service running on the window Center Point look in the registry to make sure any service 36:56 isn't able to disable that you choose to and based on that changed flying status. And then anything is Kiev that this case were looking at the 37:04 ActiveSync ID of the device in the basement cuz I was out of the flying to be sent to block its email through the power to go to The Exchange. We will 37:11

include in The Reef you off his friend station another them also, and that's the same with them. I was dead. But this that will check on wrecks 37:20 turkeys. So then the Windows 10 agents with a Powershell script will check if a specific rights Tiki value exchange and we'll set the device out of 37:27 compliance on that. So if you're a hero with Powershell when you can do basically everything with it, and you see now him that the state is back to 37:36 allows. We refresh the sink and the mail comes comes back in again. So that's basically 37:46

how we do at compliant States online on a Windows 10 machine to email we can control anything in the Microsoft Andromeda 37:55 prevent access to OneDrive or PowerPoint. What-have-you basement blinds stay 38:05 but if you use exchange online compliancy with a Sharda. 38:10 Directly will help you so Denzel mobile mail manager or the endpoint management connector for Exchange ActiveSync right name will send a Powershell 38:20 come on to exchange online pretty powerful controls. We can apply to exact Windows devices of modern management. 38:30

Okay, so I think this is another demo you did showing using a registry write this directions to ya ya think we can probably talk to this part of it is 38:42 skip the video. So this is the cinema demo with the same. Powershell script 38:50 and in this case, we will check if the firewall is enabled and we do it specifically on the domain 38:59 profile. So Windows Firewall has at three different sentence in the 500s elected to the main profile. You see you again that I gave it a name in the 39:08

body. So if I will enable is true of firewall enable is Foles. It returns to Json file again through the windows agent to the 6 in 10.92 Smith's 39:17 solution. You create the same and Android and the price again for uploading the Powershell script. 39:26 And you do the same thing again for uploading the the windows agent and sending the concreation. I hear you see the three policies that we set up 39:36 checking 4150 policy. You can create three scripts or extend the Powershell script to check out with all the oldest trees. 39:46

It is the example that I set the value in the actions to zero and you will see on the bottom in the summary that it will change to out of compliance 39:58 immediately. So it's very dry and you're wrong how you can control the settings. And of course, I'm referring back to unlock the device 40:07 has complaints if you do it once it's really easy to repeat and do all kinds of different settings on that great. So 40:17 skip to the other video registry settings. Skip 40:26 trace of containerization really important to be taking a nap and tickly on BYOD devices 40:32

where you may not want to have them enrolled students Gateway now available to interact with Michael vpns, you can use to cure male insecure without 40:42 any set up on your on your premise of a Cebu City Cebu Pacific Gateway and then obviously conditional security. We just finished a really important 40:50 thing to provide additional protections are on which apps can be used in make sure they're only used when the device is compliant. 40:58 Turkey to take out check out text zone are we have said there's a video of Second Sight on the MDX iOS container rapping on my Chrome VPN 41:11

and there's always more to come and hang around. I got funny stickers. They ended up going to put them on your your mobile phones in your feces. So 41:21 that that finished us up here and next episode next episode. Are we going to get into some of the different platforms 41:29 Mac Raspberry Pi Works pay stub and wide the different security protections we can do using the device policies on those 41:38 frozen points. Before you leave, please do the survey in your app. And if you hadn't caught it yesterday, we have these sessions available on demand 41:48

through the that you're right. It's on the website and June 3rd will have the presentation available. So you can download and check out those demos. 41:57 We had and drones other one on the registry there and you can always to reach I'm still out here if you have questions and we are happy to help you 42:07 out. Yes, and please do give us feedback out of the tell me know what to tweak for next next time and stuff add stuff to change and do the 42:14 game on play the game on if you can. And finally, please tweet about it. If you tweet tweet Citrix energies. Is it something some money goes to 42:24

charity send 134 is that special name or this series is called geek's Guide to the workspace. This was the specials go halfway down there would have 42:33 been to all five so far. All right. We have some you give me all the prize if you make all 10. Hopefully you do. Okay, so it looks like we have a few 42:42 minutes for questions then buddy have any questions for Scooby-Doo of please step up the water the mics. We be happy to take your questions. 42:51 Okay, okay. If not yet. Please hang around and let me give you all some texts on stickers, but thanks for attending today. Have a good day. Thank you. 43:03

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN134 - Geek's guide to the workspace (part 5): hands off my BYOD”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content