1. 1. Windows 10 in the Enterprise Nico Sienaert (MVP) Tweet and win an Ignite 2016 ticket #itproceed
2. 2. KEY TAKEAWAYS Windows 10 Management Windows 10 Deployment Prepare your environment
3. 3. About Myself Nico Sienaert Innovation Manager @ Getronics v-Technology Solutions Professional @ Microsoft Microsoft MVP Enterprise Client Management http://scug.be/blogs/nico @nsienaert
4. 4. ONE WINDOWS Phone Small Tablet 2-in-1s (Tablet or Laptop) Desktops & All-in-Ones Phablet Large Tablet Classic Laptop
5. 5. BEST OF ALL WORLDS Windows 10 Converged OS kernel Converged app model
6. 6. LAST MAJOR RELEASE
7. 7. GUI IMPROVEMENTS The Start Button Continuum Snap Assistant Task View Modern Apps in Desktop viewCharms inside the Apps Notification Center Apps: Cortana, New FotoApp, Music App, Better Calendar for WP, Edge Browser Ctrl C + V in a Command Prompt
8. 8. APP & DEVICE COMPAT
9. 9. INTERNET EXPLORER A REQUIRED STEPPING STONE TO WINDOWS 10 Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016) Enterprise Mode, offering improved Internet Explorer 8 compatibility and document type overrides Enterprise Site Discovery Toolkit, to better understand how users are browsing
10. 10. DEPLOYMENT CHOICES Traditional process Capture data and settings Deploy (custom) OS image Inject drivers Install apps Restore data and settings Still an option for all scenarios (Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Let Windows do the work Preserve all data, settings, apps, drivers Install (standard) OS image Restore everything Recommended for existing devices (Windows 7/8/8.1)
11. 11. IN-PLACE NEW COMMAND LINE OPTIONS FOR SETUP.EXE /auto upgrade Regain control after success or failure using /postoobe and /postrollback switches Control driver migration operations using /migratealldrivers and /installdrivers Copy log files to a location of your choise using /copylogs (Default: C:$Windows.~BTSourcesPanther) ENABLING UPGRADE FROM WINDOWS 7 VIA WINDOWS UPDATE WindowsTechnicalPreview.exe (a.k.a. KB2990214) enables installation via Windows Update on Windows 7 Removing KB2990214 will remove the option KB3035583 (Optional KB tooltip reserve upgrade) USE CONFIGMGR TO HAVE MAX CONTROL WSUS NOT SUPPORTED (YET) NOT FOR ALL SCENARIOS
12. 12. UPGRADE PROCESS System Check Inventory Apps Inventory Drivers Assess Compatibility Prepare WinRe Lay down previous OS Install new OS Prepare new OS Specialize the machine Migrate drivers Migrate Apps More migration tasks Finalize installation Welcome the user back
13. 13. TOOLING SUPPORT CM12 and R2 will support full Windows 10 thru a Service Pack CM vNext will have full Windows 10 Support OoB CM07 will support certain Windows 10 features MDT2013 will support Windows 10 thru update (Preview today Only LTI) http://blogs.technet.com/b/configmgrteam/archive/2014/09/30/windows-10-enterprise-management-with-sc- configmgr-and-intune.aspx
14. 14. DEPLOYMENT CHOICES Traditional process Capture data and settings Deploy (custom) OS image Inject drivers Install apps Restore data and settings Still an option for all scenarios (Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Provisioning Let Windows do the work Preserve all data, settings, apps, drivers Install (standard) OS image Restore everything Recommended for existing devices (Windows 7/8/8.1) Configure new devices Transform into an Enterprise device Remove extra items, add organizational apps and config New capability for new devices
15. 15. PROVISIONING
16. 16. MANAGEMENT CHOICES
17. 17. IDENTITY CHOICES ORGANIZATIONOWNED(CYOD) PERSONALLYOWNED(BYOD) Computer joins AD to establish trust User signs on using AD account Group Policy + System Center Computer registers with AD or AAD via Device Registration to establish trust for remote resource access User signs in with a Microsoft account, associates an AAD account Intune/MDM Computer joins AAD to establish trust User signs on using AAD account Intune/MDM Settings roaming
18. 18. DOMAIN CLOUD JOIN http://scug.be/nico/2015/03/19/windows-10-azure-domain-join/
19. 19. CLOUD JOIN OOBE Windows Pro is typically purchased for work machines, so we made a guess but nows the time to correct us. Looks like your company owns this PC Did we get that right? NextBack Help me choose
20. 20. MOBILE DEVICE MGMT Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration Greatly extended set of policies (Parity with Windows Phone 8.1) Context based policies Client certificates Direct install (PFX) Enterprise Wi-Fi VPN management Email provisioning MDM Push when user not logged in Device Update control Kiosk Mode, Start screen / Start menu configuration and control Curated Windows Store Business Store Portal app deployment; License reclaim/re- use Enterprise App management Simplified LOB app management Win32 app management App inventory (MDM/store apps) App allow/deny lists through Applocker Enterprise data protection Full device wipe Remote Lock, PIN reset, Ring, Find Enhanced inventory for compliance decisions Un-enrollment in two phases & alerts Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) Additional device inventory
21. 21. ENROLL INTO INTUNE
22. 22. MDM Architecture New capabilities exposed using Configuration Service Provider (CSP) model WMI Bridge gives access to new CSPs Rootcimv2mdm MDM_* CSP CSP / WMI Wrapper Common component Desktop component MDM Client EAS Client CSP CSP CSP CSP WMI Bridge PowerShell Scripts ConfigMgr Settings Mgmt Configuration component
23. 23. ONE WINDOWS STORE WINDOWS PHONE 8.1 WINDOWS 8.1 WINDOWS 10 Converged developer portal for Windows and Windows Phone Separate user and developer capabilities Fully converged experience Best features from each New capabilities XBOX
24. 24. STORE OF TOMORROW CONSUMER WINDOWS STORE Modern apps Sign in with MSA Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) BUSINESS STORE Modern apps Organization Store for the orgs preferred or LOB apps Sign in with MSA to acquire public apps; sign in with AAD to acquire org apps Pay with credit card or PO/invoice Deploy modern apps offline, in images, and more ENTERPRISE APP STORE Sideload line-of-business modern apps Deploy apps from the Windows Store (even when the Store UI is disabled)
25. 25. STORE OF TOMORROW
26. 26. SECURITY Multi Factor Authentication Azure MFA Secure Token Protection Hard Container (leverage Hyper-v) Next Generation Credentials (alternatives for passwords) PIN Key Pair wih a phone, USB dongle, BIO gestures (like face, Iris, fingerprint) -> Windows Hello https://www.youtube.com/watch?v=1AsoSnOmhvU Information Protection Secure Identities Threat Resistance
27. 27. SECURITY Device Protection BitLocker Data Protection (Azure) RMS Conditional Access Accidental Data Leakage CorporatePersonal Data Managed Applications SOFT or HARD Block Options Remote Wipe Information Protection Secure Identities Threat Resistance
28. 28. SECURITY Malware Prevention (Device Guard) Store Apps Signing Service Pre-Booth Authentication Secure boot Trusted boot Measured boot Information Protection Secure Identities Threat Resistance
29. 29. MISCELLANEOUS (1) KMS New KMS and MAK keys for Windows 10 Updates for existing KMS computers to support new products and keys GROUP POLICIES (new ADMX files) Start Screen & Start Menu Settings Edge Browser Settings Universal App Management NEW WMI CLASSES Win32_InstalledProgram +Usage +File +Framework Win32_DeviceContainer, Win32_InstalledDevice +HardwareID
30. 30. MISCELLANEOUS (2) Active Directory Changes Microsoft Passport Enterprise Data Protection Windows 10 versions Home, Mobile, Pro (Upgrade for free the first year) Enterprise, Education, Mobile Enterprise Windows Updates for Business (WUFB) Based on Telemetry Will not replace WSUS or ConfigMgr Hope to move customers to WUFB to improve the Windows Experience
31. 31. THE END Windows 10 will probably be the best OS Microsoft has ever released Best of All Worlds One Windows You can still have impact by joining the Insider Program! Enterprise forums through TechNet https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014 Community discussions through Answers http://answers.microsoft.com/en-us/windows/forum/windows_tp Windows Feature Suggestions https://windows.uservoice.com
32. 32. And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
33. 33. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
34. 34. Join the lunch sessions and WIN NICE PRICES Room Company Session 4 Go Hybrid with Azure Web Apps, by Tom Van Gramberen - Solutions Architect Running dynamic websites? Always wanted to enjoy the scalability of Azure Web Apps? But never could because you need to keep your data in a certain location? Now with Azure Web App and Azure VNet everybody can overcome the hurdle of keeping data "on-premise". Join us in this technical session where we will explore the basics of Azure Web Apps and Virtual Networks. Learn about some possibilities to extend an Azure VNet to your on-premise environment and how to integrate an Azure Web App into the connection. In this demo packed session you will learn the specific network requirements and network routing to make it all work together. 5 To the Cloud and Back a Journey of Choices, by Paul van der Lingen, Consulting Systems Engineer The cloud is today the most compelling new technology, but as with all things new and shiny, how do we make the most of it - leveraging all the good but deftly side- stepping the bad. The key is choice and consistency. We believe customer data remains at the heart of the new technology and in this session well show how transparent but consistent data movement and protection remain the most important aspects of a complete cloud strategy. 6 Lost in translation - How Azure Networkingis different, by Joeri Van Hoof, Consulting Sales Engineer As one of the major cloud providers Microsoft Azure has a big adoption rate in a lot of businesses around the world. Customers are moving parts of their infrastructure from their own datacenter(s) to the Azure Cloud. Developers, system engineers, network engineers and security staff are all effected by this change. On premise network engineers have been building secure networks for years. Obviously they want to extend and reuse this knowledge in the cloud. They are talking about network firewalls, network segmentation, vlans. However in the Azure cloud this is slightly different and some of the trusted mechanisms are unavailable. In this talk we go in- depth on the various Azure networking options and how establish secure connectivity between Azure and various on-premise locations 8 Effectively manage and resolve major IT incidents. A 24/7 solution in the palm of your hand, by Matthes Derdack, CEO Being on call is difficult enough. 24/7 IT operations require 24/7responsiveness. You need to respond ASAP regardless of your week-end plans. Wouldn't it be great if you could do whatever you wanted from wherever you are? Derdack now brings you an innovative & intelligent companion that introduces a new level of on-call incident handling. Your IT users will enjoy shorter down times and your team better KPIs. Our Enterprise Alert mobile app comes with everything you need: reliably receive alerts on the go, incident details and history analysis, collaborate with peers, inform users on incident impacts, remote runbook execution & more. Join us on a journey through your on-call day and enjoy an interactive, real-time and mobile experience. 10 Migration Center, Migrate Workloads as a service, by Anne-Elisabeth CAILLOT, Senior Pre-Sales engineer Double-Take Cloud Migration Center provides a self-service portal for customers and partners who need the flexibility to move between virtualization and cloud technologies. Five click migrations are now possible with the simplified workflow in the Cloud Migration Center.
35. 35. Thank you!
36. 36. Belgiums biggest IT PRO Conference