Cloud services have become firmly established in the working day of many companies. Almost everywhere, initiatives or projects are in progress that deal with the workplace of the future. Windows 10, Intune and Azure Active Directory open up new opportunities for cloud-based management, authentication, and administration. Scenarios such as BYOD and COPE let companies think about how users access business resources and apps.
Take control of your SAP testing with UiPath Test Suite
Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hybrid solutions
1. Windows 10 and the cloud
- Why the future needs hybrid solutions
Alexander Benoit
Head of Competence Center Microsoft @sepago
@ITPirate
2. Alexander Benoit
Senior Consultant / Head of Competence Center Microsoft
„Future Workplace“, Security
SCCM, Intune, Windows 10, Defender Framework,…
Alexander.Benoit@sepago.de
@ITPirate
http://it-pirate.com/
4. Mobile-first, cloud-first reality
Data breaches
63% of confirmed data
breaches involve weak,
default, or stolen
passwords.
63% 0.6%
IT budget growth
Gartner predicts global IT
spend will grow only 0.6% in
2016.
Shadow IT
More than 80 percent of
employees
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
80%
6. &
Single Device
Business Owned
Corporate Network &
Legacy Apps
Manual
Reactive
High-touch
Classic IT
Multiple Devices
User and Business Owned
Cloud Managed &
SaaS Apps
Automated
Proactive
Self-Service
Modern IT
vs.
7. WINDOWS 10: DEPLOYMENT CHOICES
Transform new devices so they are
ready for productive use
No imaging required: Lower effort
and lower cost
Existing Windows 7 and 8.1 devices
migrated to Windows 10
Let Windows do all the work,
automatically migrating apps, data,
and settings
Image-based wipe-and-reload
approach for moving from Windows
7 and 8.1 to Windows 10
Higher effort and cost, but necessary
in some scenarios
10. Hardware Vendor
Harvest Device IDs
Windows AutoPilot Deployment Service
Upload
Device IDs
Configure
Profile
Employee unboxes
device, self-deploys
Ship Deliver direct to Employee
Self
Deploy
IT Admin
Existing Devices
INTRODUCING THE
WINDOWS AUTOPILOT DEPLOYMENT PROGRAM
Device IDs
21. Windows Update for Business
• All devices updated from Windows Update
cloud service
• Additional policies allow for deferral of
updates, control over Active Hours, etc.
• Compliance reporting provided through
Windows Analytics
Mobile Device Management
• Performs most of the configuration work:
• Applying settings
• Installing apps
• Get in touch with Intune!
AutoPilot Azure AD Intune WU for Business
Modern Deployment requires changes
26. On-Premises
Cloud
Windows 10
Enterprise
Device
Windows 10 Management Stack & Supporting Technologies
MDM Client
MSI
Group Policy
Client
Azure AD Join
Microsoft Deployment Toolkit
System Center
Configuration Manager
App-V
Domain Join
Group Policy
User Experience Virtualization
Enterprise State Roaming
User & Device Settings Application
System Center Configuration
Manager
Company
Portal
Software
Center
XenApp
Essentials
UWA
Group Policy
Active Directory
System Center
Configuration Manager
Microsoft Intune
Azure Active Directory Windows Store
Windows Store for Business
Intune Company
Portal App
Operating
System
UE-V Client
Exchange ActiveSync
Workgroup
User Policy
Computer
Policy
AppLocker
Microsoft Desktop Optimization Pack
Work Account
OSD
27. Identity as the core of enterprise mobility
Single sign-onSelf-service
Simple connection
On-premises
Other
directories
Windows Server
Active Directory
SaaSAzure
Public
cloud
Cloud
Microsoft Azure Active Directory
28. Identity Choices
Computer joins AD
to establish trust
User signs on using AD
account
Group Policy + System
Center
Computer registers with AD or
Azure AD via Device Registration
to establish trust for remote
resource access
User signs in with a Microsoft
account, associates an Azure AD
account
Microsoft Intune / Mobile Device
Management
Computer joins Azure AD
to establish trust
User signs on using
Azure AD account
Intune/MDM
Settings roaming
Single sign-on to enterprise + cloud-based services
Organization Owned Personally Owned (BYOD)
Azure VM joins AADDS
to establish trust
User signs on using AD or
AAD account
Limited Group Policy
Configuration
29. Secure Identity: solution overview
On-premises and private cloud
Enabling users
(Active Directory) Federation Services
SaaS
apps
Custom
appsWindows Server
Active Directory
Other apps
Core Identity Management
HR
Other Directories
Sync
OtherDirectories
RBAC, ABAC, B2B, B2C, Reporting, MFA,
IDManagement, Conditional Access, Risk
Reporting