cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Data sent to and from Windows Intune and System Center 2012 R2 Configuration Manager
By
Yvette O'Meally
Published Oct 16 2018 06:34 PM 503 Views
Yvette O'Meally
Microsoft
‎Oct 16 2018 06:34 PM

Data sent to and from Windows Intune and System Center 2012 R2 Configuration Manager

‎Oct 16 2018 06:34 PM
First published on CLOUDBLOGS on Sep 11, 2014
Author: Craig Morris, Principal Program Manager, Enterprise Client and Mobility.

As a Windows Intune customer, you have entrusted Microsoft to help protect your data. Microsoft values this trust, and the privacy and security of your data is one of our top concerns.

The information presented below is intended to provide additional details about the shared data that is transmitted between and stored in Configuration Manager and Windows Intune when using the Windows Intune connector.

The Windows Intune connector lets you use Configuration Manager to manage mobile devices with Windows Intune. The connector extends Configuration Manager by establishing a connection to the cloud-based Windows Intune service that manages mobile devices over the Internet. With this connection the IT Administrator is able to manage and provide services (such as application distribution) to the devices employees love to use. In order to accomplish this, the Windows Intune service needs a certain amount of information about the users, enrolled devices, security settings configured, and applications published through Windows Intune.

The goal from the outset of this integration was to minimize the data needed to provide Windows Intune services to users and devices, without compromising on the quality of those services.

The information below refers to the January 2014 releases of Windows Intune and System Center 2012 R2 Configuration Manager. You should read the System Center 2012 R2 Privacy Statement and the Windows Intune Privacy statement in conjunction with this article.

Customer Data from Configuration Manager stored in Windows Intune


Configuration Manager connects to the Windows Intune service and the following customer data is sent to and stored in Windows Intune.
Customer Data stored in Windows Intune

Examples

Compliance settings, app information, and profile information



  • Compliance settings and values, such as requiring a minimum password length of 4 characters.

  • E-mail profile information, such as email server name and time of day preferences.

  • Information to generate certificates for VPN profiles (but not the certificate itself).

  • Name, description, encrypted content, and icon for apps.

  • Any setting needed to onboard devices.


Settings and application assignments for users and devices.



  • Software applications deployed to a user

  • Settings applied to devices


Basic information about enrolled users that is used for single sign-on







  • User Principal Name (UPN)

  • User Name

  • Email (if Email profiles are enabled and deployed)


User application request information (for display in company portal)







  • Software applications requested

  • Installation state

  • Request history


Basic information about enrolled devices for use in the company portal.



  • Device name

  • Device friendly name

  • Device Type

  • Device OS

  • Device Acton (Wipe/Retire/Connect) state

  • Certificate expiry date

  • Primary user

  • Last connection time


Information used to distribute certs for Wi-Fi and VPN profiles







  • NDES server information

  • System Center Endpoint Protection challenge encryption certificate (public-key only)

  • Certificate provisioning information

  • Certificate assignment and status


Windows Intune Extension Installation status


Windows Phone 8.1 extension (V1) is installed


Configuration Manager Version Information


Connector Build Version 5.0.7958.1000


Encrypted Side-loading key and assignment information


N/A (this is encrypted data)


Remote Connection Profile information for licensed Windows Intune users



  • RD Gateway Server Settings

  • Machine names and Windows Intune users for which this feature is enabled





Customer Data retrieved from Windows Intune and stored in Configuration Manager


The below table reflects the customer data that is retrieved from Windows Intune and stored in the Configuration Manager database.

This data is deleted from Windows Intune after it has been successfully downloaded by Configuration Manager.
Type of Customer Data

Information

Customer Data that Windows Intune relays from mobile devices







  • Software and Hardware Inventory

  • Compliance setting

  • Requested Application Installation Status

  • Device Status (enrollment, registration status, wipe/retire state)

  • Side-loading key assignment


End-user initiated commands



  • Device Wipe/Retire action information

  • Application Request information

  • User-generated device commands (rename, wipe, retire, connect now)


Tenant, User, and Device error messages



  • Apple APNS Certificate Expired

  • Side-loading key could not be applied


Windows Intune Extension Packages


N/A (this is binary data)


License status for Windows Intune Users


GUID (generated per user)


Application distribution status


“Application content could not be uploaded to Windows Intune.”



NOTE: For Windows Phone and Android devices, we maintain a cache of inventory data between device sessions to reduce bandwidth costs. It will be removed (within the 90-day data retention period described below under Data Retention ) when the device is un-enrolled or the account is deleted.

Customer Data temporarily stored in Windows Intune


Commands sent to and received from mobile devices are temporarily stored in the Windows Intune service while the device is actively connected to the service. This data is subsequently deleted within an hour of the device’s active session expiring.

Microsoft’s commitment to customer data security and privacy


More information on Microsoft’s commitment can be found here:
Windows Intune Trust Center
Windows Intune’s privacy/security whitepaper

Data Security Area

Microsoft’s commitment

Data Location

Microsoft has a regionalized data center strategy. The customer’s country or region, which the customer’s administrator inputs during initial setup of the online services account, determines the primary storage location for customer data.

Data Retention

Microsoft believes that customers own their own data. When customers do not renew their Windows Intune subscriptions (i.e., they terminate or allow their subscriptions to expire), there is a 90-day data retention period with limited customer access. Thirty days after the end of the data retention period, customer data stored in the Windows Intune service is deleted.



Customers who actively cancel their subscription may choose to disable their accounts and request deletion of their subscriber data.


--Craig Morris

Configuration Manager Resources

Documentation Library for System Center 2012 Configuration Manager

Configuration Manager 2012 Forums

System Center 2012 Configuration Manager Survival Guide

System Center Configuration Manager Support

This posting is provided "AS IS" with no warranties and confers no rights.

0 Likes
Like
Version history
Last update:
‎Oct 16 2018 06:34 PM
Updated by:
Labels