ewug 1701 modern device management
TRANSCRIPT
WelcomeEWUG 1701 - Modern Device Management
Per LarsenSolution Architect, Technical Lead Microsoft Enterprise Mobility Suite (EMS) and Microsoft Partner Technology Solutions Professional (P-TSP)Co-Owner of Everything Windows User Group Denmark
e: [email protected] | m: +45 3078 1828 | t: @PerLarsen1975in: www.linkedin.com/in/perlarsen1975 | Blog: osddeployment.dk
#UpgradeYourWorld
#UpgradeYourWorld
The Windows 10 eco-system
Devices | Windows 10 | Cloud
One Windows across all devices
Modern Management
Windows 10 is born for Modern Management
Microsoft Surface Hub – Windows 10 Teams
Let’s have a closer lookSurface Hub management…
Let’s have a closer lookMicrosoft Intune – Ibiza Portal
Microsoft Intune in Azure – Ibiza portal
Microsoft Azure Active Directory
Microsoft Azure Active Directory (AAD)
Bringing the cloud to Windows desktops• Windows 10 is build for Microsoft Azure• It's not a strong relationship yet, more of a fling…• But it's worth looking at now, as it's going to be a big growth area• Windows 10 can join Azure AD instead of a on premise AD
If you have Office 365, you already have an Azure AD domain
Microsoft Azure Active Directory (AAD)
Microsoft Azure Active Directory (AAD)
Windows 10 will be powered by Azure AD, giving you options for:• Self-provisioning of corporate owned devices• Use existing organizational accounts• Single Sign-On
• Automatic MDM enrollment• Enterprise-ready Windows Store• Enterprise State Roaming• Store BitLocker Keys in Azure AD• New Azure AD portal
Let’s have a closer lookWhat's new…
Upgrade AnalyticsData is used to identify compatibility issues.
Upgrade Analytics
• Operations Management Suite - OMS• Requires Azure Subscriptions
• Windows 10 Readyness• Office Add-ins• Site Discovery
Let’s have a closer lookUpgrade Analytics
Windows Defender Advanced Threat ProtectionWDATP
Windows Defender Advanced Threat Protection
• Built into Windows, cloud powered• No additional deployment & Infrastructure. Continuously up to date;
lower costs.• Behavioral-based, post-breach detection
• Actionable, correlated alerts for known and unknown adversaries. Real-time and historical data.
• Rich timeline for investigation• Easily understand scope of breach. Data pivoting across endpoints.
Deep files and URLs analysis.• Unique threat intelligence knowledge base
• Unparalleled threat optics provides detailed actor profiles. First- and third-party threat intelligence data.
Let’s have a closer lookWindows Defender Advanced Threat Protection
Windows Store for BusinessThe one stop Store for Windows 10 Devices
Windows Store for Business
Find and acquire Manage Distribute
Designed for organizations
Personalized for your organization
Windows Store for Business
• The Business Store Portal (BSP) and Store recognize two identities for you• Log on with Azure AD, you get the corporate options (and you
don't need a credit card)… leave the organization, you lose the apps• Log on with your MSA (as in today), you pay with credit card and
any apps you buy travel with you• Organizations can buy apps in bulk• Organizations can use purchase order, credit cards.
You can get the Appx packages to put in your store when you purchase them through the BSP, and even preinstall Appx packages in your image
Let’s have a closer lookWindows Store for Business
Mobile device Management (MDM) in Windows 10Troubleshooting
How to troubleshout from the client side
• Getting Resultant Settings • MDM – Export Result• GPO – Result /H %TEMP%\gpo.html
• Event logging • MDM - Microsoft-Windows-DeviceManagement-Enterprise-
Diagnostics-Provider• GPO - Microsoft-Windows-GroupPolicy/Operational
Settings Synchronization interval
• MDM - Every 3 minutes for 30 minutes after enrollment, and then every 8 hours • Can be customized - DMClient CSP• Provider/ProviderID/Poll• Device Management Log XML to HTML Converter
• GPO - A default value of 90 minutes with a 30 minute random offset
DMClient CSP
Provider/ProviderID/Poll
Windows UpdateWindows Update for Business
What are the options ??
• Windows Update• WSUS• SCCM• Intune
Windows Update for Business – Deployment rings
Deployment ring Servicing branchTotal weeks after Current Branch (CB) or Current Branch for Business (CBB) release
Preview Windows Insider Pre-CB
Ring 1 Pilot IT CB CB + 0 weeks
Ring 2 Pilot business users CB CB + 4 weeks
Ring 3 Broad IT CB CB + 6 weeks
Ring 4 Broad business users CBB CBB + 0 weeks
Ring 5 Broad business users #2 CBB CBB + 2 weeks as required by capacity or other constraints
Category Maximum deferral Deferral increments Example Classification GUID
Feature Updates 180 days DaysFrom Windows 10, version 1511 to version 1607
3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
Quality Updates 30 days Days
Security updates0FA1201D-4330-4FA8-8AE9-B877473B6441
Drivers (optional)EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
Non-security updates
CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
Microsoft updates (Office, Visual Studio, etc.)
varies
Non-deferrable No deferral No deferral Definition updatesE0789628-CE08-4437-BE74-2495B842F43B
Capability Windows 10, version 1511 Windows 10, version 1607
Select Servicing Options: CB or CBBNot available. To defer updates, all systems must be on the Current Branch for Business (CBB)
Ability to set systems on the Current Branch (CB) or Current Branch for Business (CBB).
Quality UpdatesAble to defer receiving Quality Updates:•Up to 4 weeks•In weekly increments
Able to defer receiving Quality Updates:•Up to 30 days•In daily increments
Feature UpdatesAble to defer receiving Feature Updates:•Up to 8 months•In monthly increments
Able to defer receiving Feature Updates:•Up to 180 days•In daily increments
Pause updates•Feature Updates and Quality Updates paused together•Maximum of 35 days
Features and Quality Updates can be paused separately.•Feature Updates: maximum 60 days•Quality Updates: maximum 35 days
Drivers No driver-specific controls Drivers can be selectively excluded from Windows Update for Business.
Let’s have a closer lookWindows Update for Business
Thank you