Microsoft Future Decoded

Delivering the Future

of WorkHow to Modernise Management and Deployment of the Tools your Employees Need

Our ambition is to become the leading home improvement company. We believe everyone should have a home they feel good about, so our purpose is to make home improvement accessible for everyone.

Session Objectives

• Understand Windows Servicing and how to apply it

• Understand how to deliver and manage a Modern Device

• Learn how Windows Autopilot will enable Modern Deployment

Traditional IT

Multiple Devices

User and Business Owned

Cloud Managed & SaaS Apps

Automated

Proactive

Self-Service

Modern IT

Single Device

Business Owned

Corporate Network & Legacy Apps

Manual

Reactive

High-touch

“Our client road-map has us moving towards a world of only being cloud joined and cloud managed”

- James Lloyd (Kingfisher)

Windows 10 ServicingFrom Project to Process

WINDOWS AS A SERVICE

A new way to build,

deploy and service

Windows

A single cumulative update each month with no new features

• Security fixes, reliability fixes, bug fixes, etc.

• Supersedes the previous month’s update

QualityUpdates

Twice per year with new capabilities

• New features and innovation APIs and security capabilities

• Very reliable, with built-in rollback capabilities

• Simple deployment using in-place upgrade, driven by existing tools

• Try them out with Insider Preview

FeatureUpdates

Modern Desktop Servicing Framework

Plan and

DevelopValidate

Broad

Deployment

Purpose

Early

evaluation

of new

features

Validate before

broad

deployment

Production

Deployment

Release

cadence

Target March

and September

As fast as

safe

Windows

Windows

Insider

Program for

Business

Semi-Annual

Channel

(Targeted)

Semi-Annual

Channel

Office Monthly

Semi-Annual

Channel

(Targeted)

Semi-Annual

Channel

Audience

IT Pros and

Developers

who need to

evaluate new

features

Representative

sample of

production

devices derived

from M365

Analytics

All remaining

production

device

Is each department/business group

represented?

Are all of the apps and configurations

sufficiently covered?

Jan Mar Apr JunFeb May Jul Sep Oct DecAug Nov

Windows 10 Semi

Annual (Targeted)

SCCM CB

Active Directory

Intune

Window 10 Semi

Annual (Widely-

Adopted)

Assess

Readiness

Deploy to Pilot Group

Deploy to Group

1801 1802 1803 1804 1805 1806 1807 181018091808 1811 1812

1803 1809

Q1 Q2 Q3 Q4 Q1 Q2

6 months between major deployments

6 months between major deployments

W10 Servicing Timeline (Semi-Annual Channel)2017 2018 2019 2020

Additional Servicing (ENT/EDU Only)

2021 2022

12 months18 months

2023

Windows Insider Program

6 months 12 months18 months

6 months 12 months18 months

6 months 12 months18 months

6 months 18 months

6 months 12 months18 months

Windows 10 1607

Windows 10 1703

Windows 10 1709

Windows 10 1803

Windows 10 19H1

Windows 10 19H2

12 months6 months 18 months

Windows 10 1809

Modern Updates

• Windows Update for Business/Intune

• Delivery Optimisation

Getting to Modern Desktop

Azure Active Directory Join

What can you do? What can’t you do?

✓ SSO - Modern On-premise & SaaS applications

✓ AD Member Server UNC Paths✓ AD Member Web Server with

Windows Security ✓ Self-Service Password/PIN Reset✓ Server Administration Tools✓ Windows Hello For Business

Group Policy ObjectsLegacy On-Premises Applications(Non-Kerberos)DirectAccess

Azure Active Directory Join

User

Certificate

Device

Azure AD Proxy appsSaaS apps

Office 365

Password

Web servers

Office workloads

File/Print servers

No join required here Azure AD Join

Windows 10 in S Mode

Security and Protection

Out-of-Box

Longer Battery Life

15% longer

Faster Boot-up Time

Up to 80% better boot performance* for the life of

the device

Apps Delivered Through Store and

Modern Drivers

Microsoft Verified Trust

Hassle-Free Device Satisfaction

15%

Windows Virtual Desktop

Microsoft service on Azure for VDI/RDSH management

• Enables a multi-user Windows 10 experience,

optimized for Office 365 ProPlus

• Most scalable service to deploy and manage

• Most flexible service allowing you to virtualize both

desktops and apps

• Windows 7 virtual desktop with free Extended

Security Updates

• Integrated with the security and management of

Microsoft 365

Modern Device Management

Many workloads need to be

modernized at the same time

Doesn't address the needs of the full organization

Iteratively move workloads to

modern

A new organization starting with modern

workplace

Paths to Modern Management

Bridging to Modern Management

AD/AAD

connect

Adopt Windows 10

Adopt Office 365/ProPlus

Imaging to Signature Image

GPO to MDM Policy

Kerberos to Modern Auth

Win32 to Modern Apps

ConfigMgr Content Delivery to Cloud Content Delivery

WSUS to WUfB

Adopt & Connect Transition to Modern

Modernizing with a

co-management bridge

1/2020Today

Windows AutoPilot Service

Microsoft Intune

Azure Active Directory

On-Premise Active Directory

On-Premise

System Center Configuration Manager

Cloud Management

Gateway

Azure Portal

AD Connect

Sync

Co-Management

On-premises

Traditional OS Deployment

Win32 app management

Configuration and GPO

Bitlocker Management

Hardware and software inventory

Update management

Cloud attached Cloud only

Unified Endpoint Management – Windows, iOS, macOS, Android

Modern access control – Compliance, Conditional Access

Modern provisioning – Autopilot, DEP, Zero Touch, KME

Modern security – Hello, Attestation, ATP, Secure Score

Modern policy – Security Baselines, Guided Deployments

Modern app management – O365 Pro Plus, Stores, SaaS, VPP

Full M365 integration – Analytics, Graph, Console, RBAC, Audit

Windows Autopilot

Hardware Vendor

Windows Autopilot Service

Employee unboxes device, self-deploys

Ship Deliver direct to Employee

Self-deploy

IT Admin

Existing Devices

Register devices

Intune and AAD

Register devices,

configure profiles

DEMOUser-Driven Autopilot experience

OEMs, distributors, and resellers make the process easy:

• Automatically add new devices to Azure tenant at time of shipment

• Associate devices to customer’s purchase order for easy device

grouping

• Tag devices with a customer specified label

• Provide an preinstalled image that is ready for configuration*

For a list of those supporting Windows Autopilot supply chain integration please visit:

https://aka.ms/WindowsAutopilot

Registering new devices

To register existing devices:

• Use the PowerShell script available at

https://www.powershellgallery.com/packages/Get-

WindowsAutoPilotInfo

• Run for each device (requires Windows 10 1703 or higher)

• Upload resulting CSV file via Intune portal

• See https://docs.microsoft.com/en-

us/windows/deployment/windows-autopilot/add-

devices#collecting-the-hardware-id-from-existing-devices-

using-powershell for more information

Registering existing devices

Configure important details:

• Deployment mode

• Specific settings required for the deployment mode

• New! BitLocker encryption even for non-admin

users (requires Windows 10 1809)

• Out-of-box experience (OOBE) settings

• New! Hide change account options (requires

Windows 10 1809)

• New! Device naming pattern, supporting variable

substitution (requires Windows 10 1809):

• %SERIAL%

• %RAND:x% (where X is the number of digits)

Creating an Autopilot profile

DEMOCreate Office ProPlus deployment profile

• Windows 7 to Windows 10 Migration

• Hybrid AD join (Line of Sight)

• Enrolment restrictions

• Unlock Windows 10 in S mode from MDM

• Windows Autopilot Reset

• Auto-Device Deployment

What’s New?

DEMOAuto-Deployed Kiosk Device

Web App - Single App - Multi App

Windows Autopilot

Reseal

White glove provisioning completed successfully. Print welcome letter and shipping label, then reseal to reseal the device.

Organization: Contoso

Deployment type: Self-service AAD

Assigned user: juliet@contoso.com

White glove: Enabled

Elapsed time: 1 hours 37 minutes

Call to Action• Define your Windows as a Service strategy

• Go and try Azure Active Directory Join

• Review your requirements for management and

evaluate your organisation for modern management

• Start conversations internally to change traditional

deployment processes into modern deployment

processes using Windows Autopilot

Additional ResourcesBRK3037 - Windows devices and Azure Active Directory: What’s new and

what’s upcoming:https://myignite.techcommunity.microsoft.com/sessions/64607

BRK3014 - Modern deployment with Windows Autopilot and Microsoft 365

(Part 1 of 2)https://myignite.techcommunity.microsoft.com/sessions/64503

BRK3015 - Modern deployment with Windows Autopilot and Microsoft 365

(Part 2 of 2)https://myignite.techcommunity.microsoft.com/sessions/64504

BRK3039 - Windows 10 and Microsoft Office 365 ProPlus lifecycle and

servicing updatehttps://myignite.techcommunity.microsoft.com/sessions/64610

TODAY 1.30pm L3 Session Room 11 – The future workplace: what does it look

like, how do you deliver it and ensure that people love it.

Session Feedback

Please rate this session in the Future Decoded app!

Visit our Hands-on Labs on Level 3

Try technology out with on-demand labs and expert help

Go deep with Documentation

http://docs.microsoft.com

Things to do next

Thank You