Transcript of ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
- 1. Windows 10 in the Enterprise Nico Sienaert (MVP) Tweet and
win an Ignite 2016 ticket #itproceed
- 2. KEY TAKEAWAYS Windows 10 Management Windows 10 Deployment
Prepare your environment
- 3. About Myself Nico Sienaert Innovation Manager @ Getronics
v-Technology Solutions Professional @ Microsoft Microsoft MVP
Enterprise Client Management http://scug.be/blogs/nico
@nsienaert
- 4. ONE WINDOWS Phone Small Tablet 2-in-1s (Tablet or Laptop)
Desktops & All-in-Ones Phablet Large Tablet Classic Laptop
- 5. BEST OF ALL WORLDS Windows 10 Converged OS kernel Converged
app model
- 6. LAST MAJOR RELEASE
- 7. GUI IMPROVEMENTS The Start Button Continuum Snap Assistant
Task View Modern Apps in Desktop viewCharms inside the Apps
Notification Center Apps: Cortana, New FotoApp, Music App, Better
Calendar for WP, Edge Browser Ctrl C + V in a Command Prompt
- 8. APP & DEVICE COMPAT
- 9. INTERNET EXPLORER A REQUIRED STEPPING STONE TO WINDOWS 10
Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016)
Enterprise Mode, offering improved Internet Explorer 8
compatibility and document type overrides Enterprise Site Discovery
Toolkit, to better understand how users are browsing
- 10. DEPLOYMENT CHOICES Traditional process Capture data and
settings Deploy (custom) OS image Inject drivers Install apps
Restore data and settings Still an option for all scenarios
(Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Let Windows
do the work Preserve all data, settings, apps, drivers Install
(standard) OS image Restore everything Recommended for existing
devices (Windows 7/8/8.1)
- 11. IN-PLACE NEW COMMAND LINE OPTIONS FOR SETUP.EXE /auto
upgrade Regain control after success or failure using /postoobe and
/postrollback switches Control driver migration operations using
/migratealldrivers and /installdrivers Copy log files to a location
of your choise using /copylogs (Default:
C:$Windows.~BTSourcesPanther) ENABLING UPGRADE FROM WINDOWS 7 VIA
WINDOWS UPDATE WindowsTechnicalPreview.exe (a.k.a. KB2990214)
enables installation via Windows Update on Windows 7 Removing
KB2990214 will remove the option KB3035583 (Optional KB tooltip
reserve upgrade) USE CONFIGMGR TO HAVE MAX CONTROL WSUS NOT
SUPPORTED (YET) NOT FOR ALL SCENARIOS
- 12. UPGRADE PROCESS System Check Inventory Apps Inventory
Drivers Assess Compatibility Prepare WinRe Lay down previous OS
Install new OS Prepare new OS Specialize the machine Migrate
drivers Migrate Apps More migration tasks Finalize installation
Welcome the user back
- 13. TOOLING SUPPORT CM12 and R2 will support full Windows 10
thru a Service Pack CM vNext will have full Windows 10 Support OoB
CM07 will support certain Windows 10 features MDT2013 will support
Windows 10 thru update (Preview today Only LTI)
http://blogs.technet.com/b/configmgrteam/archive/2014/09/30/windows-10-enterprise-management-with-sc-
configmgr-and-intune.aspx
- 14. DEPLOYMENT CHOICES Traditional process Capture data and
settings Deploy (custom) OS image Inject drivers Install apps
Restore data and settings Still an option for all scenarios
(Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Provisioning
Let Windows do the work Preserve all data, settings, apps, drivers
Install (standard) OS image Restore everything Recommended for
existing devices (Windows 7/8/8.1) Configure new devices Transform
into an Enterprise device Remove extra items, add organizational
apps and config New capability for new devices
- 15. PROVISIONING
- 16. MANAGEMENT CHOICES
- 17. IDENTITY CHOICES ORGANIZATIONOWNED(CYOD)
PERSONALLYOWNED(BYOD) Computer joins AD to establish trust User
signs on using AD account Group Policy + System Center Computer
registers with AD or AAD via Device Registration to establish trust
for remote resource access User signs in with a Microsoft account,
associates an AAD account Intune/MDM Computer joins AAD to
establish trust User signs on using AAD account Intune/MDM Settings
roaming
- 18. DOMAIN CLOUD JOIN
http://scug.be/nico/2015/03/19/windows-10-azure-domain-join/
- 19. CLOUD JOIN OOBE Windows Pro is typically purchased for work
machines, so we made a guess but nows the time to correct us. Looks
like your company owns this PC Did we get that right? NextBack Help
me choose
- 20. MOBILE DEVICE MGMT Provisioning Bulk enrollment Simple
bootstrap Converged protocol Azure AD Integration Greatly extended
set of policies (Parity with Windows Phone 8.1) Context based
policies Client certificates Direct install (PFX) Enterprise Wi-Fi
VPN management Email provisioning MDM Push when user not logged in
Device Update control Kiosk Mode, Start screen / Start menu
configuration and control Curated Windows Store Business Store
Portal app deployment; License reclaim/re- use Enterprise App
management Simplified LOB app management Win32 app management App
inventory (MDM/store apps) App allow/deny lists through Applocker
Enterprise data protection Full device wipe Remote Lock, PIN reset,
Ring, Find Enhanced inventory for compliance decisions
Un-enrollment in two phases & alerts Removal of Enterprise
configuration (apps, certs, profiles, policies) and Enterprise
encrypted data (with EDP) Additional device inventory
- 21. ENROLL INTO INTUNE
- 22. MDM Architecture New capabilities exposed using
Configuration Service Provider (CSP) model WMI Bridge gives access
to new CSPs Rootcimv2mdm MDM_* CSP CSP / WMI Wrapper Common
component Desktop component MDM Client EAS Client CSP CSP CSP CSP
WMI Bridge PowerShell Scripts ConfigMgr Settings Mgmt Configuration
component
- 23. ONE WINDOWS STORE WINDOWS PHONE 8.1 WINDOWS 8.1 WINDOWS 10
Converged developer portal for Windows and Windows Phone Separate
user and developer capabilities Fully converged experience Best
features from each New capabilities XBOX
- 24. STORE OF TOMORROW CONSUMER WINDOWS STORE Modern apps Sign
in with MSA Pay with credit card, gift card, PayPal, Alipay,
INICIS, mobile operators (Phone) BUSINESS STORE Modern apps
Organization Store for the orgs preferred or LOB apps Sign in with
MSA to acquire public apps; sign in with AAD to acquire org apps
Pay with credit card or PO/invoice Deploy modern apps offline, in
images, and more ENTERPRISE APP STORE Sideload line-of-business
modern apps Deploy apps from the Windows Store (even when the Store
UI is disabled)
- 25. STORE OF TOMORROW
- 26. SECURITY Multi Factor Authentication Azure MFA Secure Token
Protection Hard Container (leverage Hyper-v) Next Generation
Credentials (alternatives for passwords) PIN Key Pair wih a phone,
USB dongle, BIO gestures (like face, Iris, fingerprint) ->
Windows Hello https://www.youtube.com/watch?v=1AsoSnOmhvU
Information Protection Secure Identities Threat Resistance
- 27. SECURITY Device Protection BitLocker Data Protection
(Azure) RMS Conditional Access Accidental Data Leakage
CorporatePersonal Data Managed Applications SOFT or HARD Block
Options Remote Wipe Information Protection Secure Identities Threat
Resistance
- 28. SECURITY Malware Prevention (Device Guard) Store Apps
Signing Service Pre-Booth Authentication Secure boot Trusted boot
Measured boot Information Protection Secure Identities Threat
Resistance
- 29. MISCELLANEOUS (1) KMS New KMS and MAK keys for Windows 10
Updates for existing KMS computers to support new products and keys
GROUP POLICIES (new ADMX files) Start Screen & Start Menu
Settings Edge Browser Settings Universal App Management NEW WMI
CLASSES Win32_InstalledProgram +Usage +File +Framework
Win32_DeviceContainer, Win32_InstalledDevice +HardwareID
- 30. MISCELLANEOUS (2) Active Directory Changes Microsoft
Passport Enterprise Data Protection Windows 10 versions Home,
Mobile, Pro (Upgrade for free the first year) Enterprise,
Education, Mobile Enterprise Windows Updates for Business (WUFB)
Based on Telemetry Will not replace WSUS or ConfigMgr Hope to move
customers to WUFB to improve the Windows Experience
- 31. THE END Windows 10 will probably be the best OS Microsoft
has ever released Best of All Worlds One Windows You can still have
impact by joining the Insider Program! Enterprise forums through
TechNet
https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014
Community discussions through Answers
http://answers.microsoft.com/en-us/windows/forum/windows_tp Windows
Feature Suggestions https://windows.uservoice.com
- 32. And win a Lumia 635 Feedback form will be sent to you by
email Give me feedback
- 33. Follow Technet Belgium @technetbelux Subscribe to the
TechNet newsletter aka.ms/benews Be the first to know
- 34. Join the lunch sessions and WIN NICE PRICES Room Company
Session 4 Go Hybrid with Azure Web Apps, by Tom Van Gramberen -
Solutions Architect Running dynamic websites? Always wanted to
enjoy the scalability of Azure Web Apps? But never could because
you need to keep your data in a certain location? Now with Azure
Web App and Azure VNet everybody can overcome the hurdle of keeping
data "on-premise". Join us in this technical session where we will
explore the basics of Azure Web Apps and Virtual Networks. Learn
about some possibilities to extend an Azure VNet to your on-premise
environment and how to integrate an Azure Web App into the
connection. In this demo packed session you will learn the specific
network requirements and network routing to make it all work
together. 5 To the Cloud and Back a Journey of Choices, by Paul van
der Lingen, Consulting Systems Engineer The cloud is today the most
compelling new technology, but as with all things new and shiny,
how do we make the most of it - leveraging all the good but deftly
side- stepping the bad. The key is choice and consistency. We
believe customer data remains at the heart of the new technology
and in this session well show how transparent but consistent data
movement and protection remain the most important aspects of a
complete cloud strategy. 6 Lost in translation - How Azure
Networkingis different, by Joeri Van Hoof, Consulting Sales
Engineer As one of the major cloud providers Microsoft Azure has a
big adoption rate in a lot of businesses around the world.
Customers are moving parts of their infrastructure from their own
datacenter(s) to the Azure Cloud. Developers, system engineers,
network engineers and security staff are all effected by this
change. On premise network engineers have been building secure
networks for years. Obviously they want to extend and reuse this
knowledge in the cloud. They are talking about network firewalls,
network segmentation, vlans. However in the Azure cloud this is
slightly different and some of the trusted mechanisms are
unavailable. In this talk we go in- depth on the various Azure
networking options and how establish secure connectivity between
Azure and various on-premise locations 8 Effectively manage and
resolve major IT incidents. A 24/7 solution in the palm of your
hand, by Matthes Derdack, CEO Being on call is difficult enough.
24/7 IT operations require 24/7responsiveness. You need to respond
ASAP regardless of your week-end plans. Wouldn't it be great if you
could do whatever you wanted from wherever you are? Derdack now
brings you an innovative & intelligent companion that
introduces a new level of on-call incident handling. Your IT users
will enjoy shorter down times and your team better KPIs. Our
Enterprise Alert mobile app comes with everything you need:
reliably receive alerts on the go, incident details and history
analysis, collaborate with peers, inform users on incident impacts,
remote runbook execution & more. Join us on a journey through
your on-call day and enjoy an interactive, real-time and mobile
experience. 10 Migration Center, Migrate Workloads as a service, by
Anne-Elisabeth CAILLOT, Senior Pre-Sales engineer Double-Take Cloud
Migration Center provides a self-service portal for customers and
partners who need the flexibility to move between virtualization
and cloud technologies. Five click migrations are now possible with
the simplified workflow in the Cloud Migration Center.
- 35. Thank you!
- 36. Belgiums biggest IT PRO Conference