Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Windows 10 in the Enterprise
Nico Sienaert (MVP)
Tweet and win an Ignite 2016 ticket #itproceed
KEY TAKEAWAYS
Windows 10 Management
Windows 10 Deployment
Prepare your environment
About Myself
Nico Sienaert
• Innovation Manager @ Getronics
• v-Technology Solutions Professional @ Microsoft
• Microsoft ...
ONE WINDOWS
Phone
Small
Tablet
2-in-1s
(Tablet or Laptop)
Desktops
& All-in-Ones
Phablet
Large
Tablet
Classic
Laptop
BEST OF ALL WORLDS
Windows 10
Converged
OS kernel
Converged
app model
LAST MAJOR RELEASE
GUI IMPROVEMENTS
• The Start Button
• Continuum
• Snap Assistant
• Task View
• Modern Apps in Desktop view  Charms inside ...
APP & DEVICE COMPAT
INTERNET EXPLORER
A REQUIRED STEPPING STONE TO WINDOWS 10
• Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016)...
DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install a...
IN-PLACE
NEW COMMAND LINE OPTIONS FOR SETUP.EXE /auto upgrade
• Regain control after success or failure using /postoobe an...
UPGRADE PROCESS
System Check
Inventory Apps
Inventory Drivers
Assess Compatibility
Prepare WinRe
Lay down previous OS
Inst...
TOOLING SUPPORT
CM12 and R2 will support full Windows 10 thru a Service Pack
CM vNext will have full Windows 10 Support Oo...
DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install a...
PROVISIONING
MANAGEMENT CHOICES
IDENTITY CHOICES
ORGANIZATIONOWNED(CYOD)
PERSONALLYOWNED(BYOD)
• Computer joins AD to
establish trust
• User signs on usin...
DOMAIN CLOUD JOIN
http://scug.be/nico/2015/03/19/windows-10-azure-domain-join/
CLOUD JOIN OOBE
Windows Pro is typically purchased for work machines, so we made a guess – but now’s the
time to correct u...
MOBILE DEVICE MGMT
• Provisioning
• Bulk enrollment
• Simple bootstrap
• Converged protocol
• Azure AD Integration
• Great...
ENROLL INTO INTUNE
MDM Architecture
New capabilities exposed
using Configuration Service
Provider (CSP) model
WMI Bridge gives access to
new ...
ONE WINDOWS STORE
WINDOWS
PHONE 8.1
WINDOWS 8.1
WINDOWS
10
• Converged developer portal for Windows
and Windows Phone
• Se...
STORE OF TOMORROW
CONSUMER WINDOWS
STORE
• Modern apps
• Sign in with MSA
• Pay with credit card, gift card, PayPal,
Alipa...
STORE OF TOMORROW
SECURITY
Multi Factor Authentication
• Azure MFA
Secure Token Protection
• Hard Container (leverage Hyper-v)
Next Generati...
SECURITY
Device Protection
• BitLocker
Data Protection
• (Azure) RMS
• Conditional Access
Accidental Data Leakage
• Corpor...
SECURITY
Malware Prevention (Device Guard)
• Store Apps
• Signing Service
Pre-Booth Authentication
• Secure boot
• Trusted...
MISCELLANEOUS (1)
KMS
• New KMS and MAK keys for Windows 10
• Updates for existing KMS computers to support new products a...
MISCELLANEOUS (2)
Active Directory Changes
• Microsoft Passport
• Enterprise Data Protection
Windows 10 versions
• Home, M...
THE END
Windows 10 will “probably” be the best OS Microsoft has ever released
Best of All Worlds
One Windows
You can still...
And win a Lumia 635
Feedback form will be sent to you by email
Give me feedback
Follow Technet Belgium
@technetbelux
Subscribe to the TechNet newsletter
aka.ms/benews
Be the first to know
Join the lunch sessions and
WIN NICE PRICES
Room Company Session
4 Go Hybrid with Azure Web Apps, by Tom Van Gramberen - S...
Thank you!
Belgiums’ biggest IT PRO Conference
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
Upcoming SlideShare
Loading in …5
×

ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise

672 views

Published on

During this session we will look into Windows 10 for the Enterprise.
Let’s explore the new management capabilities and choices.
Let’s understand the Windows 10 deployment infrastructure and mechanisms.
Let’s discover new Windows 10 features and improvements.
You are eager to learn about Windows 10 and want to gather early-stage info about this exciting Operating System… ?
Well you know what to do! See you there!

Published in: Technology
  • My car battery was completely dead before I used your methods! I reconditioned my dead car battery a few weeks ago with your program and it's been working perfectly since then! My car battery was completely dead before I used your methods. This just saved me hundreds of dollars on a new battery! ■■■ https://bit.ly/2t1uc6e
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise

  1. 1. Windows 10 in the Enterprise Nico Sienaert (MVP) Tweet and win an Ignite 2016 ticket #itproceed
  2. 2. KEY TAKEAWAYS Windows 10 Management Windows 10 Deployment Prepare your environment
  3. 3. About Myself Nico Sienaert • Innovation Manager @ Getronics • v-Technology Solutions Professional @ Microsoft • Microsoft MVP – Enterprise Client Management • http://scug.be/blogs/nico • @nsienaert
  4. 4. ONE WINDOWS Phone Small Tablet 2-in-1s (Tablet or Laptop) Desktops & All-in-Ones Phablet Large Tablet Classic Laptop
  5. 5. BEST OF ALL WORLDS Windows 10 Converged OS kernel Converged app model
  6. 6. LAST MAJOR RELEASE
  7. 7. GUI IMPROVEMENTS • The Start Button • Continuum • Snap Assistant • Task View • Modern Apps in Desktop view Charms inside the Apps • Notification Center • Apps: Cortana, New FotoApp, Music App, Better Calendar for WP,… • Edge Browser • Ctrl C + V in a Command Prompt ☺
  8. 8. APP & DEVICE COMPAT
  9. 9. INTERNET EXPLORER A REQUIRED STEPPING STONE TO WINDOWS 10 • Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016) • Enterprise Mode, offering improved Internet Explorer 8 compatibility and document type overrides • Enterprise Site Discovery Toolkit, to better understand how users are browsing
  10. 10. DEPLOYMENT CHOICES Traditional process • Capture data and settings • Deploy (custom) OS image • Inject drivers • Install apps • Restore data and settings Still an option for all scenarios (Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Let Windows do the work • Preserve all data, settings, apps, drivers • Install (standard) OS image • Restore everything Recommended for existing devices (Windows 7/8/8.1)
  11. 11. IN-PLACE NEW COMMAND LINE OPTIONS FOR SETUP.EXE /auto upgrade • Regain control after success or failure using /postoobe and /postrollback switches • Control driver migration operations using /migratealldrivers and /installdrivers • Copy log files to a location of your choise using /copylogs (Default: “C:$Windows.~BTSourcesPanther”) ENABLING UPGRADE FROM WINDOWS 7 VIA WINDOWS UPDATE • WindowsTechnicalPreview.exe (a.k.a. KB2990214) enables installation via Windows Update on Windows 7 • Removing KB2990214 will remove the option • KB3035583 (Optional KB – tooltip “reserve upgrade”) USE CONFIGMGR TO HAVE MAX CONTROL WSUS NOT SUPPORTED (YET) NOT FOR ALL SCENARIOS
  12. 12. UPGRADE PROCESS System Check Inventory Apps Inventory Drivers Assess Compatibility Prepare WinRe Lay down previous OS Install new OS Prepare new OS Specialize the machine Migrate drivers Migrate Apps More migration tasks Finalize installation Welcome the user back
  13. 13. TOOLING SUPPORT CM12 and R2 will support full Windows 10 thru a Service Pack CM vNext will have full Windows 10 Support OoB CM07 will support certain Windows 10 features MDT2013 will support Windows 10 thru update (Preview today – Only LTI) http://blogs.technet.com/b/configmgrteam/archive/2014/09/30/windows-10-enterprise-management-with-sc- configmgr-and-intune.aspx
  14. 14. DEPLOYMENT CHOICES Traditional process • Capture data and settings • Deploy (custom) OS image • Inject drivers • Install apps • Restore data and settings Still an option for all scenarios (Refresh, Replace, Bare Metal) Wipe-and-Load In-Place Provisioning Let Windows do the work • Preserve all data, settings, apps, drivers • Install (standard) OS image • Restore everything Recommended for existing devices (Windows 7/8/8.1) Configure new devices • Transform into an Enterprise device • Remove extra items, add organizational apps and config New capability for new devices
  15. 15. PROVISIONING
  16. 16. MANAGEMENT CHOICES
  17. 17. IDENTITY CHOICES ORGANIZATIONOWNED(CYOD) PERSONALLYOWNED(BYOD) • Computer joins AD to establish trust • User signs on using AD account • Group Policy + System Center • Computer registers with AD or AAD via Device Registration to establish trust for remote resource access • User signs in with a Microsoft account, associates an AAD account • Intune/MDM • Computer joins AAD to establish trust • User signs on using AAD account • Intune/MDM • Settings roaming
  18. 18. DOMAIN CLOUD JOIN http://scug.be/nico/2015/03/19/windows-10-azure-domain-join/
  19. 19. CLOUD JOIN OOBE Windows Pro is typically purchased for work machines, so we made a guess – but now’s the time to correct us. Looks like your company owns this PC – Did we get that right? NextBack Help me choose
  20. 20. MOBILE DEVICE MGMT • Provisioning • Bulk enrollment • Simple bootstrap • Converged protocol • Azure AD Integration • Greatly extended set of policies (Parity with Windows Phone 8.1) • Context based policies • Client certificates – Direct install (PFX) • Enterprise Wi-Fi • VPN management • Email provisioning • MDM Push when user not logged in • Device Update control • Kiosk Mode, Start screen / Start menu configuration and control • Curated Windows Store • Business Store Portal app deployment; License reclaim/re- use • Enterprise App management • Simplified LOB app management • Win32 app management • App inventory (MDM/store apps) • App allow/deny lists through Applocker • Enterprise data protection • Full device wipe • Remote Lock, PIN reset, Ring, Find • Enhanced inventory for compliance decisions • Un-enrollment in two phases & alerts • Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) • Additional device inventory
  21. 21. ENROLL INTO INTUNE
  22. 22. MDM Architecture New capabilities exposed using Configuration Service Provider (CSP) model WMI Bridge gives access to new CSPs Rootcimv2mdm MDM_* CSP CSP / WMI Wrapper Common component Desktop component MDM Client EAS Client CSP CSP CSP CSP WMI Bridge PowerShell Scripts ConfigMgr Settings Mgmt Configuration component
  23. 23. ONE WINDOWS STORE WINDOWS PHONE 8.1 WINDOWS 8.1 WINDOWS 10 • Converged developer portal for Windows and Windows Phone • Separate user and developer capabilities • Fully converged experience • Best features from each • New capabilities XBOX
  24. 24. STORE OF TOMORROW CONSUMER WINDOWS STORE • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) BUSINESS STORE • Modern apps • Organization Store for the org’s preferred or LOB apps • Sign in with MSA to acquire public apps; sign in with AAD to acquire org apps • Pay with credit card or PO/invoice • Deploy modern apps offline, in images, and more ENTERPRISE APP STORE • Sideload line-of-business modern apps • Deploy apps from the Windows Store (even when the Store UI is disabled)
  25. 25. STORE OF TOMORROW
  26. 26. SECURITY Multi Factor Authentication • Azure MFA Secure Token Protection • Hard Container (leverage Hyper-v) Next Generation Credentials (alternatives for passwords) • PIN • Key Pair wih a phone, USB dongle,… • BIO gestures (like face, Iris, fingerprint) -> “Windows Hello” https://www.youtube.com/watch?v=1AsoSnOmhvU Information Protection Secure Identities Threat Resistance
  27. 27. SECURITY Device Protection • BitLocker Data Protection • (Azure) RMS • Conditional Access Accidental Data Leakage • Corporate Personal Data • Managed Applications • SOFT or HARD Block Options • Remote Wipe Information Protection Secure Identities Threat Resistance
  28. 28. SECURITY Malware Prevention (Device Guard) • Store Apps • Signing Service Pre-Booth Authentication • Secure boot • Trusted boot • Measured boot Information Protection Secure Identities Threat Resistance
  29. 29. MISCELLANEOUS (1) KMS • New KMS and MAK keys for Windows 10 • Updates for existing KMS computers to support new products and keys GROUP POLICIES (new ADMX files) • Start Screen & Start Menu Settings • Edge Browser Settings • Universal App Management NEW WMI CLASSES • Win32_InstalledProgram +Usage +File +Framework • Win32_DeviceContainer, Win32_InstalledDevice +HardwareID
  30. 30. MISCELLANEOUS (2) Active Directory Changes • Microsoft Passport • Enterprise Data Protection Windows 10 versions • Home, Mobile, Pro (Upgrade for free the first year) • Enterprise, Education, Mobile Enterprise Windows Updates for Business (WUFB) • Based on Telemetry • Will not replace WSUS or ConfigMgr • Hope to move customers to WUFB to improve the Windows Experience
  31. 31. THE END Windows 10 will “probably” be the best OS Microsoft has ever released Best of All Worlds One Windows You can still have impact by joining the Insider Program! • Enterprise forums through TechNet https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014 • Community discussions through Answers http://answers.microsoft.com/en-us/windows/forum/windows_tp • Windows Feature Suggestions https://windows.uservoice.com
  32. 32. And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
  33. 33. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
  34. 34. Join the lunch sessions and WIN NICE PRICES Room Company Session 4 Go Hybrid with Azure Web Apps, by Tom Van Gramberen - Solutions Architect Running dynamic websites? Always wanted to enjoy the scalability of Azure Web Apps? But never could because you need to keep your data in a certain location? Now with Azure Web App and Azure VNet everybody can overcome the hurdle of keeping data "on-premise". Join us in this technical session where we will explore the basics of Azure Web Apps and Virtual Networks. Learn about some possibilities to extend an Azure VNet to your on-premise environment and how to integrate an Azure Web App into the connection. In this demo packed session you will learn the specific network requirements and network routing to make it all work together. 5 To the Cloud and Back – a Journey of Choices, by Paul van der Lingen, Consulting Systems Engineer The cloud is today the most compelling new technology, but as with all things new and shiny, how do we make the most of it - leveraging all the good but deftly side- stepping the bad. The key is choice and consistency. We believe customer data remains at the heart of the new technology and in this session we’ll show how transparent but consistent data movement and protection remain the most important aspects of a complete cloud strategy. 6 Lost in translation - How Azure Networkingis different, by Joeri Van Hoof, Consulting Sales Engineer As one of the major cloud providers Microsoft Azure has a big adoption rate in a lot of businesses around the world. Customers are moving parts of their infrastructure from their own datacenter(s) to the Azure Cloud. Developers, system engineers, network engineers and security staff are all effected by this change. On premise network engineers have been building secure networks for years. Obviously they want to extend and reuse this knowledge in the cloud. They are talking about network firewalls, network segmentation, vlan’s. However in the Azure cloud this is slightly different and some of the trusted mechanisms are unavailable. In this talk we go in- depth on the various Azure networking options and how establish secure connectivity between Azure and various on-premise locations 8 Effectively manage and resolve major IT incidents. A 24/7 solution in the palm of your hand, by Matthes Derdack, CEO Being on call is difficult enough. 24/7 IT operations require 24/7responsiveness. You need to respond ASAP regardless of your week-end plans. Wouldn't it be great if you could do whatever you wanted from wherever you are? Derdack now brings you an innovative & intelligent companion that introduces a new level of on-call incident handling. Your IT users will enjoy shorter down times and your team better KPIs. Our Enterprise Alert mobile app comes with everything you need: reliably receive alerts on the go, incident details and history analysis, collaborate with peers, inform users on incident impacts, remote runbook execution & more. Join us on a journey through your on-call day and enjoy an interactive, real-time and mobile experience. 10 Migration Center, Migrate Workloads as a service, by Anne-Elisabeth CAILLOT, Senior Pre-Sales engineer Double-Take Cloud Migration Center provides a self-service portal for customers and partners who need the flexibility to move between virtualization and cloud technologies. Five click migrations are now possible with the simplified workflow in the Cloud Migration Center.
  35. 35. Thank you!
  36. 36. Belgiums’ biggest IT PRO Conference

×