Ronni Pedersen, profile picture
Uploaded byRonni Pedersen
PPTX, PDF1,936 views

SCUG.dk Windows 10 Management - September 2015

This document discusses various options for managing Windows 10 devices, including Group Policy, Microsoft Intune mobile device management (MDM), and the built-in Windows 10 MDM capabilities. It covers features of Intune management and Windows 10 MDM, and analogizes Intune to the "blue pill" and Windows 10 MDM to the "red pill" from The Matrix. It also discusses provisioning packages, Azure Active Directory join, managing personal vs corporate devices, and various Windows 10 management features.

Embed presentation

Downloaded 15 times
ccmexec http://ccmexec.comBlog:
TWO NEW SHERIFFS IN TOWN
MANAGEMENT OPTIONS
WINDOWS 10 MANAGEMENT • GROUP POLICIES WILL STILL WORK BUT…. • MDM POLICIES WILL HAVE A LOT OF THE SAME CAPABILITITES • FEATURES LIKE ENTERPRISE DATA PROTECTION, DEVICE HEALTH ATTESTATION WILL REQUIRE ONE OF THE TWO SHERIFFS.
WINDOWS MANAGEMENT FEATURES Windows Client WindowsManagementInstrumentation(WMI) WindowsRemoteManagement(WinRM) WindowsUpdate GroupPolicyClient Windows Server ActiveDirectory GroupPolicy WindowsServerUpdateServices(WSUS) Products SystemCenterConfigurationManager MicrosoftDesktopOptimizationPack(MDOP) Cloud Services AzureActiveDirectory AzureRMS MicrosoftIntune WindowsStore WindowsUpdate MobileDeviceManagement(MDM) PowerShell AppLocker
INTUNE MANAGEMENT • ” THIS IS YOUR LAST CHANCE. AFTER THIS, THERE IS NO TURNING BACK. YOU TAKE THE BLUE PILL - THE STORY ENDS, YOU WAKE UP IN YOUR BED AND BELIEVE WHATEVER YOU WANT TO BELIEVE. YOU TAKE THE RED PILL - YOU STAY IN WONDERLAND AND I SHOW YOU HOW DEEP THE RABBIT-HOLE GOES.” “THE MATRIX” • BLUE PILL = INTUNE MANAGEMENT WITH THE INTUNE AGENT • RED PILL = WINDOWS 10 MANAGEMENT WITH THE MDM AGENT
BLUE PILL – INTUNE MANAGEMENT • SAME FEATURES AS BEFORE IN INTUNE EXCEPT.. • WINDOWS DEFENDER MANAGEMENT REPLACES THE ENDPOINT PROTECTION CLIENT.
RED PILL – THE FUTURE OF MANAGEMENT • MANAGEMENT WITH THE BUILTIN MDM AGENT • BRING-YOUR-OWN-DEVICE • MANY MORE FEATURES IN WINDOWS 10 • MAC OSX SUPPORT COMING • INTEGRATION WITH AZURE AD JOIN • CUSTOM POLICIES • COMING FEATURES ENTERPRISE DATA PROTECTION, DEVICE HEALTH ATTESTATION
MOBILE DEVICE MANAGEMENT Significantinvestmentsinaddedfunctionalityforbothmobileanddesktopdevices BYOD: simple security settings Device Lockdown Fully managed corporate device Windows 8.1 Windows 10
MDM IN WINDOWS 10 Oneconsistent set ofMDM capabilities acrossMobile, Desktop,and Embedded products  Provisioning  Bulk enrollment  Simple bootstrap  Converged protocol  Azure AD Integration  Greatly extended set of policies (Parity with Windows Phone 8.1)  Context based policies  Client certificates – Direct install (PFX)  Enterprise Wi-Fi  VPN management  Email provisioning  MDM Push when user not logged in  Device Update control  Kiosk Mode, Start screen / Start menu configuration and control  Curated Windows Store  Business Store Portal app deployment; License reclaim/re-use  Enterprise App management  Simplified LOB app management  Win32 app management  App inventory (MDM/store apps)  App allow/deny lists through Applocker  Enterprise data protection  Full device wipe  Remote Lock, PIN reset, Ring, Find  Enhanced inventory for compliance decisions  Un-enrollment in two phases & alerts  Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)  Additional device inventory
WINDOWS 10 CUSTOM POLICY • OPEN MOBILE ALLIANCE DEVICE MANAGEMENT (OMA DM) • OPEN MOBILE ALLIANCE UNIFORM RESOURCE IDENTIFIER (OMA URI) • WINDOWS 10 MOBILE AND DESKTOP • INTUNE AND CONFIGURATION MANAGER • HTTPS://MSDN.MICROSOFT.COM/EN- US/LIBRARY/WINDOWS/HARDWARE/DN904962%28V=VS.85%29.ASPX
WINDOWS 10 & INTUNE
WINDOWS 10 IDENTITY CHOICES • ComputerjoinsAD toestablishtrust • UsersignsonusingADaccount • GroupPolicy+SystemCenter • ComputerjoinsAzureADtoestablishtrust • UsersignsonusingAzureADaccount • Intune/MDM • Settingsroaming Single sign-on to enterprise + cloud-based services
AZURE AD JOIN • SINGLE SIGN ON TO APPS PROTECTED BY AZURE AD (OFFICE 365) • SYNCED BACK ON-PREM FOR USE IN ADFS • CONDITIONAL ACCESS FOR OFFICE 365 • CONDITIONAL ACCESS FOR ON-PREMISE (ADFS)
REQUIREMENTS AZURE AD JOIN/INTUNE • EMS / AZURE AD PREMIUM / INTUNE SUBSCRIPTION • AZURE AD CONNECT TO SYNCHRONIZE YOUR IDENTITIES • REGISTER YOUR DOMAINNAME • ADFS OR PASSWORD SYNC DNS: • ENTERPRISEENROLLMENT.YOURDOMAIN.COM • ENTERPRISEREGISTRATION.YOURDOMAIN.COM
PERSONAL VS CORPORATE DEVICES PERSONAL DEVICE • INTUNE ENROLLMENT FORCES A WORKPLACE JOIN IN AZURE AD • ENROLLED DEVICE=PERSONAL DEVICE CORPORATE DEVICE • AZURE AD JOIN, OPTIONAL INTUNE ENROLLEMENT. • ENROLLED DEVICE = CORPORATE DEVICE • GLOBAL ADMINISTRATORS ARE MADE LOCAL ADMINISTRATORS • ADD ADDITIONAL LOCAL ADMINISTRATORS
AZURE AD JOIN
PROVISIONING PACKAGES • QUICKLY CONFIGURE A NEW DEVICE WITHOUT GOING THROUGH THE PROCESS OF INSTALLING A NEW IMAGE. • SAVE TIME BY CONFIGURING MULTIPLE DEVICES USING ONE PROVISIONING PACKAGE. • QUICKLY CONFIGURE EMPLOYEE-OWNED DEVICES IN AN ORGANIZATION WITHOUT A MOBILE DEVICE MANAGEMENT (MDM) INFRASTRUCTURE. • SET UP A DEVICE WITHOUT THE DEVICE HAVING NETWORK CONNECTIVITY.
PROVISIONING PACKAGES • APPLICATIONS WINDOWS APPS, LINE-OF-BUSINESS APPLICATIONS • BULK ENROLLMENT INTO MDM AUTOMATIC ENROLLMENT INTO MICROSOFT INTUNE OR A THIRD-PARTY MDM SERVICE • CERTIFICATES ROOT CERTIFICATION AUTHORITY (CA), CLIENT CERTIFICATES • CONNECTIVITY PROFILES WI-FI, PROXY SETTINGS, EMAIL • MUCH MORE…
PROVISIONING PACKAGE
POP QUIZ - WHICH FEATURE IS THIS OLD NUGGET? • LOCAL ADMIN PASSWORD SOLUTION (LAPS) • EHANCED MITIGATION EXPERIENCE TOOLKIT (EMET) • DRIVERS ERRORS • APPLICATIONS ERRORS • UNTRUSTED FONT BLOCKING EVENT FORWARDING!
COMMUNITY SOLUTIONS • IF YOU DON’T USE ANY CLIENT MONITORING TOOL • USE EVENT FORWARDING! COMMUNITY SOLUTION • POWERSHELL SCRIPT TO WRITE FORWARDED EVENT LOGS TO A SQL DATABASE HTTPS://BLOG.NETNERDS.NET/2013/03/IMPORTING-WINDOWS-FORWARDED-EVENTS-INTO-SQL-SERVER- USING-POWERSHELL/
EDGE FAVORITES LOCATION • %USERPROFILE%APPDATALOCALPACKAGESMICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWEACMI CROSOFTEDGEUSERDEFAULT TO COPY FAVORITES THE FOLLOWING REGISTRY KEY MUST BE DELETED AS WELL OTHERWISE COPIED FAVORITES WILL NOT SHOW UP. ”HKEY_CLASSES_ROOTLOCAL SETTINGSSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONAPPCONTAINERSTORAGEMICROSOFT. MICROSOFTEDGE_8WEKYB3D8BBWEMICROSOFTEDGEFAVORDER”
EDGE • YOU CANNOT IMPORT FAVORITES FROM IE IF FOLDER REDIRECTION IS USED. • FAVORITES CAN ONLY BE IMPORTED FROM %USERPROFILE%FAVORITES • USE POWERSHELL: HTTPS://GALLERY.TECHNET.MICROSOFT.COM/PO WERHSELL-SCRIPT-TO-COPY-1E300DE5
UNINSTALL BUILT-IN APPS • FOR CURRENT USER, USE: • REMOVE-APPXPACKAGE • TO REMOVE THEM FOR ALL NEW USERS CREATING THEIR PROFILE. • REMOVE-APPXPROVISIONEDPACKAGE HTTP://CCMEXEC.COM/2015/08/REMOVING-BUILT-IN-APPS-FROM-WINDOWS-10-USING-POWERSHELL/
BLOCK BUILT-IN APPS USING APPLOCKER • EDGE, WINDOWS FEEDBACK, CONTACT SUPPORT CANNOT BE UNINSTALLED. • IF BLOCKED WITH APPLOCKER AND THE POLICY IS APLIED TO THE COMPUTER BEFORE THE USER LOGS IN THE FIRST TIME. THE APPLICATIONIS NOT INSTALLED FOR THE USER AT ALL. HTTP://CCMEXEC.COM/2015/08/BLOCKING-BUILT-IN-APPS-IN-WINDOWS-10-USING-APPLOCKER/
QUESTIONS?
SCUG.dk Windows 10 Management - September 2015

More Related Content

PPTX
SCUG.DK: Protecting Company Data using EMS, April 2015
byRonni Pedersen
 
PPTX
SCUG.DK - 1E Nomad Overview - April 2015
byRonni Pedersen
 
PPTX
SCUG.DK - Windows 10 Planning - April 2015
byRonni Pedersen
 
PPTX
SCUG.DK: Visualizing Your Data, April 2015
byRonni Pedersen
 
PDF
MMS 2015: Deploy mac os x os with sccm (002) final
byPeter Daalmans
 
PDF
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
byITCamp
 
PDF
#MFSummit2016 Operate: Towards a unified endpoint management strategy
byMicro Focus
 
PDF
#MFSummit2016 Operate: Solving desktop challenges with application virtualisa...
byMicro Focus
 
SCUG.DK: Protecting Company Data using EMS, April 2015
byRonni Pedersen
 
SCUG.DK - 1E Nomad Overview - April 2015
byRonni Pedersen
 
SCUG.DK - Windows 10 Planning - April 2015
byRonni Pedersen
 
SCUG.DK: Visualizing Your Data, April 2015
byRonni Pedersen
 
MMS 2015: Deploy mac os x os with sccm (002) final
byPeter Daalmans
 
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
byITCamp
 
#MFSummit2016 Operate: Towards a unified endpoint management strategy
byMicro Focus
 
#MFSummit2016 Operate: Solving desktop challenges with application virtualisa...
byMicro Focus
 

What's hot

PPTX
Managing Mobility - Microsoft Enterprise Mobility - Accelerate, Protec and M...
byHerman Arnedo
 
PDF
Environment Manager Policy
byIvanti
 
PDF
SCCM 2007 Introduction - PICC 2012
bycapriguy84
 
PDF
System Center Configuration Manager and Mobile Device Management
byC/D/H Technology Consultants
 
PPTX
Microsoft System Center Configuration Manager for Education
byHerman Arnedo
 
PDF
#MFSummit2016 Operate: The race for space
byMicro Focus
 
PDF
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
byMicro Focus
 
PPT
Desktop Management: Achieving Unrivaled Performance
byScriptLogic
 
PDF
MMS 2015: Manage those mac os x devices with intune and vnext
byPeter Daalmans
 
PPTX
IT Trends 2016: Taking Windows Applications Beyond Hardware Limits
byParallels Inc
 
PDF
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
byITCamp
 
PDF
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
byRonni Pedersen
 
PDF
Sccm hands-on-lab
byDPA
 
PPTX
IBM Endpoint Manager for Server Automation presentation
byRMayo22
 
PDF
Benefits of VMware Monitoring Tools
bytiresomerat7000
 
PDF
Dell Solutions Tour 2015 - Chromebook - Dell og Google viser vei, Ross Mahon ...
byKenneth de Brucq
 
PDF
SCOM: The Unsung Hero of the System Center Suite April 24, 2013
byC/D/H Technology Consultants
 
PPTX
IBM Endpoint Manager for Server Automation (Overview)
byKimber Spradlin
 
DOCX
Sccm Interview Questions and Answers
byKashifSCCMTrainer
 
PPTX
Explore RBAC and PIM in M365
byNanddeep Nachan
 
Managing Mobility - Microsoft Enterprise Mobility - Accelerate, Protec and M...
byHerman Arnedo
 
Environment Manager Policy
byIvanti
 
SCCM 2007 Introduction - PICC 2012
bycapriguy84
 
System Center Configuration Manager and Mobile Device Management
byC/D/H Technology Consultants
 
Microsoft System Center Configuration Manager for Education
byHerman Arnedo
 
#MFSummit2016 Operate: The race for space
byMicro Focus
 
#MFSummit2016 Secure: Is your mainframe less secure than your fileserver
byMicro Focus
 
Desktop Management: Achieving Unrivaled Performance
byScriptLogic
 
MMS 2015: Manage those mac os x devices with intune and vnext
byPeter Daalmans
 
IT Trends 2016: Taking Windows Applications Beyond Hardware Limits
byParallels Inc
 
ITCamp 2011 - Adrian Stoian - System Center Configuration Manager 2012
byITCamp
 
Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020
byRonni Pedersen
 
Sccm hands-on-lab
byDPA
 
IBM Endpoint Manager for Server Automation presentation
byRMayo22
 
Benefits of VMware Monitoring Tools
bytiresomerat7000
 
Dell Solutions Tour 2015 - Chromebook - Dell og Google viser vei, Ross Mahon ...
byKenneth de Brucq
 
SCOM: The Unsung Hero of the System Center Suite April 24, 2013
byC/D/H Technology Consultants
 
IBM Endpoint Manager for Server Automation (Overview)
byKimber Spradlin
 
Sccm Interview Questions and Answers
byKashifSCCMTrainer
 
Explore RBAC and PIM in M365
byNanddeep Nachan
 

Viewers also liked

PPTX
SCUG.DK - Welcome - September 2015
byRonni Pedersen
 
PPTX
SCUG.DK: Welcome, April 2015
byRonni Pedersen
 
PPTX
SCUG.DK - Automation Strategy - April 2015
byRonni Pedersen
 
PPTX
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
byJan Ketil Skanke
 
PPTX
Presentation1
bykiran khan
 
PPTX
Protection and deprotection of carboxylic acid
byShivam Sharma
 
PPTX
Organic chemistry
byRaed Al-Hweiyyan
 
PPTX
Felipe M, João e Gabriel T
byprofessorajulianafigueirdocamara
 
PDF
5° básico a semana 04 al 08 abril
byColegio Camilo Henríquez
 
ODP
Presentacion Maria Jose y Eliana
byRosalía García
 
PDF
Abril jardim
bypatronatobonanca
 
DOCX
The day i felt my life ruined
byMane Omsy
 
PDF
[Sevendays] CopyLinker.com IR 2015.02.21_by shawn
byJEONG HAN Eom
 
PDF
Presentación sobre desarrollo para iPhone
byAndres Karp
 
PPTX
ME ME MEme magic
byToni Lane Casserly, TLC.
 
SCUG.DK - Welcome - September 2015
byRonni Pedersen
 
SCUG.DK: Welcome, April 2015
byRonni Pedersen
 
SCUG.DK - Automation Strategy - April 2015
byRonni Pedersen
 
Azure AD Premium @ Windows 10 Partner Technical Bootcamp Microsoft Norway Oct...
byJan Ketil Skanke
 
Presentation1
bykiran khan
 
Protection and deprotection of carboxylic acid
byShivam Sharma
 
Organic chemistry
byRaed Al-Hweiyyan
 
Felipe M, João e Gabriel T
byprofessorajulianafigueirdocamara
 
5° básico a semana 04 al 08 abril
byColegio Camilo Henríquez
 
Presentacion Maria Jose y Eliana
byRosalía García
 
Abril jardim
bypatronatobonanca
 
The day i felt my life ruined
byMane Omsy
 
[Sevendays] CopyLinker.com IR 2015.02.21_by shawn
byJEONG HAN Eom
 
Presentación sobre desarrollo para iPhone
byAndres Karp
 
ME ME MEme magic
byToni Lane Casserly, TLC.
 

Similar to SCUG.dk Windows 10 Management - September 2015

PPTX
Ewug 1701 modern device management
byPer Larsen
 
PDF
#EVRYWhatsNext EMS Slide Deck
byOlav Tvedt
 
PDF
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
byITProceed
 
PPTX
Microsoft System center Configuration manager 2012 sp1
bysolarisyougood
 
PPTX
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
byJan Ketil Skanke
 
PPTX
Microsoft Solutions For Windows Vista Management
byMicrosoft TechNet
 
PDF
NGN-NGI Windows 10 Beheer & Uitrol
byRonny de Jong
 
PDF
Ngn ngi windows 10 beheer
byNgi-NGN Online
 
PDF
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
byNCCOMMS
 
PDF
Working with MS Endpoint Manager
byGeorge Grammatikos
 
PDF
Bsm mw10
byOlav Tvedt
 
PDF
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
byEuropean Collaboration Summit
 
PPTX
Getting started with the Enterprise Mobility Suite (EMS)
byRonni Pedersen
 
PDF
Windows 10: all you need to know!
byMicrosoft TechNet - Belgium and Luxembourg
 
PPTX
1 modern desktop - shift to a modern desktop
byAndrew Bettany
 
PDF
In tune inaction
byOlav Tvedt
 
PDF
MTUG - På tide med litt oversikt og kontroll?
byOlav Tvedt
 
PPTX
Unified device management_the_royal_albert_hall_v4_public
byHerman Arnedo
 
PPTX
System Center 2012 R2 Configuration Manager (SCCM) with Windows Intune
byAmit Gatenyo
 
PPTX
How Microsoft Technologies And Windows Vista Improve Supporting
byMicrosoft TechNet
 
Ewug 1701 modern device management
byPer Larsen
 
#EVRYWhatsNext EMS Slide Deck
byOlav Tvedt
 
ITPROCEED_WorkplaceMobility_Windows 10 in the enterprise
byITProceed
 
Microsoft System center Configuration manager 2012 sp1
bysolarisyougood
 
Windows 10 and EMS better together @ Windows 10 Partner Technical Bootcamp Mi...
byJan Ketil Skanke
 
Microsoft Solutions For Windows Vista Management
byMicrosoft TechNet
 
NGN-NGI Windows 10 Beheer & Uitrol
byRonny de Jong
 
Ngn ngi windows 10 beheer
byNgi-NGN Online
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
byNCCOMMS
 
Working with MS Endpoint Manager
byGeorge Grammatikos
 
Bsm mw10
byOlav Tvedt
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
byEuropean Collaboration Summit
 
Getting started with the Enterprise Mobility Suite (EMS)
byRonni Pedersen
 
Windows 10: all you need to know!
byMicrosoft TechNet - Belgium and Luxembourg
 
1 modern desktop - shift to a modern desktop
byAndrew Bettany
 
In tune inaction
byOlav Tvedt
 
MTUG - På tide med litt oversikt og kontroll?
byOlav Tvedt
 
Unified device management_the_royal_albert_hall_v4_public
byHerman Arnedo
 
System Center 2012 R2 Configuration Manager (SCCM) with Windows Intune
byAmit Gatenyo
 
How Microsoft Technologies And Windows Vista Improve Supporting
byMicrosoft TechNet
 

Recently uploaded

PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
December Patch Tuesday
byIvanti
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
The year in review - MarvelClient in 2025
bypanagenda
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
December Patch Tuesday
byIvanti
 
software-security-intro in information security.ppt
byismaeelsahib032
 

SCUG.dk Windows 10 Management - September 2015

  • 1.
  • 2.
  • 3.
  • 4.
    WINDOWS 10 MANAGEMENT •GROUP POLICIES WILL STILL WORK BUT…. • MDM POLICIES WILL HAVE A LOT OF THE SAME CAPABILITITES • FEATURES LIKE ENTERPRISE DATA PROTECTION, DEVICE HEALTH ATTESTATION WILL REQUIRE ONE OF THE TWO SHERIFFS.
  • 5.
    WINDOWS MANAGEMENT FEATURES WindowsClient WindowsManagementInstrumentation(WMI) WindowsRemoteManagement(WinRM) WindowsUpdate GroupPolicyClient Windows Server ActiveDirectory GroupPolicy WindowsServerUpdateServices(WSUS) Products SystemCenterConfigurationManager MicrosoftDesktopOptimizationPack(MDOP) Cloud Services AzureActiveDirectory AzureRMS MicrosoftIntune WindowsStore WindowsUpdate MobileDeviceManagement(MDM) PowerShell AppLocker
  • 6.
    INTUNE MANAGEMENT • ”THIS IS YOUR LAST CHANCE. AFTER THIS, THERE IS NO TURNING BACK. YOU TAKE THE BLUE PILL - THE STORY ENDS, YOU WAKE UP IN YOUR BED AND BELIEVE WHATEVER YOU WANT TO BELIEVE. YOU TAKE THE RED PILL - YOU STAY IN WONDERLAND AND I SHOW YOU HOW DEEP THE RABBIT-HOLE GOES.” “THE MATRIX” • BLUE PILL = INTUNE MANAGEMENT WITH THE INTUNE AGENT • RED PILL = WINDOWS 10 MANAGEMENT WITH THE MDM AGENT
  • 7.
    BLUE PILL –INTUNE MANAGEMENT • SAME FEATURES AS BEFORE IN INTUNE EXCEPT.. • WINDOWS DEFENDER MANAGEMENT REPLACES THE ENDPOINT PROTECTION CLIENT.
  • 8.
    RED PILL –THE FUTURE OF MANAGEMENT • MANAGEMENT WITH THE BUILTIN MDM AGENT • BRING-YOUR-OWN-DEVICE • MANY MORE FEATURES IN WINDOWS 10 • MAC OSX SUPPORT COMING • INTEGRATION WITH AZURE AD JOIN • CUSTOM POLICIES • COMING FEATURES ENTERPRISE DATA PROTECTION, DEVICE HEALTH ATTESTATION
  • 9.
    MOBILE DEVICE MANAGEMENT Significantinvestmentsinaddedfunctionalityforbothmobileanddesktopdevices BYOD:simple security settings Device Lockdown Fully managed corporate device Windows 8.1 Windows 10
  • 10.
    MDM IN WINDOWS10 Oneconsistent set ofMDM capabilities acrossMobile, Desktop,and Embedded products  Provisioning  Bulk enrollment  Simple bootstrap  Converged protocol  Azure AD Integration  Greatly extended set of policies (Parity with Windows Phone 8.1)  Context based policies  Client certificates – Direct install (PFX)  Enterprise Wi-Fi  VPN management  Email provisioning  MDM Push when user not logged in  Device Update control  Kiosk Mode, Start screen / Start menu configuration and control  Curated Windows Store  Business Store Portal app deployment; License reclaim/re-use  Enterprise App management  Simplified LOB app management  Win32 app management  App inventory (MDM/store apps)  App allow/deny lists through Applocker  Enterprise data protection  Full device wipe  Remote Lock, PIN reset, Ring, Find  Enhanced inventory for compliance decisions  Un-enrollment in two phases & alerts  Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)  Additional device inventory
  • 11.
    WINDOWS 10 CUSTOMPOLICY • OPEN MOBILE ALLIANCE DEVICE MANAGEMENT (OMA DM) • OPEN MOBILE ALLIANCE UNIFORM RESOURCE IDENTIFIER (OMA URI) • WINDOWS 10 MOBILE AND DESKTOP • INTUNE AND CONFIGURATION MANAGER • HTTPS://MSDN.MICROSOFT.COM/EN- US/LIBRARY/WINDOWS/HARDWARE/DN904962%28V=VS.85%29.ASPX
  • 12.
  • 13.
    WINDOWS 10 IDENTITYCHOICES • ComputerjoinsAD toestablishtrust • UsersignsonusingADaccount • GroupPolicy+SystemCenter • ComputerjoinsAzureADtoestablishtrust • UsersignsonusingAzureADaccount • Intune/MDM • Settingsroaming Single sign-on to enterprise + cloud-based services
  • 14.
    AZURE AD JOIN •SINGLE SIGN ON TO APPS PROTECTED BY AZURE AD (OFFICE 365) • SYNCED BACK ON-PREM FOR USE IN ADFS • CONDITIONAL ACCESS FOR OFFICE 365 • CONDITIONAL ACCESS FOR ON-PREMISE (ADFS)
  • 15.
    REQUIREMENTS AZURE ADJOIN/INTUNE • EMS / AZURE AD PREMIUM / INTUNE SUBSCRIPTION • AZURE AD CONNECT TO SYNCHRONIZE YOUR IDENTITIES • REGISTER YOUR DOMAINNAME • ADFS OR PASSWORD SYNC DNS: • ENTERPRISEENROLLMENT.YOURDOMAIN.COM • ENTERPRISEREGISTRATION.YOURDOMAIN.COM
  • 16.
    PERSONAL VS CORPORATEDEVICES PERSONAL DEVICE • INTUNE ENROLLMENT FORCES A WORKPLACE JOIN IN AZURE AD • ENROLLED DEVICE=PERSONAL DEVICE CORPORATE DEVICE • AZURE AD JOIN, OPTIONAL INTUNE ENROLLEMENT. • ENROLLED DEVICE = CORPORATE DEVICE • GLOBAL ADMINISTRATORS ARE MADE LOCAL ADMINISTRATORS • ADD ADDITIONAL LOCAL ADMINISTRATORS
  • 17.
  • 18.
    PROVISIONING PACKAGES • QUICKLYCONFIGURE A NEW DEVICE WITHOUT GOING THROUGH THE PROCESS OF INSTALLING A NEW IMAGE. • SAVE TIME BY CONFIGURING MULTIPLE DEVICES USING ONE PROVISIONING PACKAGE. • QUICKLY CONFIGURE EMPLOYEE-OWNED DEVICES IN AN ORGANIZATION WITHOUT A MOBILE DEVICE MANAGEMENT (MDM) INFRASTRUCTURE. • SET UP A DEVICE WITHOUT THE DEVICE HAVING NETWORK CONNECTIVITY.
  • 19.
    PROVISIONING PACKAGES • APPLICATIONSWINDOWS APPS, LINE-OF-BUSINESS APPLICATIONS • BULK ENROLLMENT INTO MDM AUTOMATIC ENROLLMENT INTO MICROSOFT INTUNE OR A THIRD-PARTY MDM SERVICE • CERTIFICATES ROOT CERTIFICATION AUTHORITY (CA), CLIENT CERTIFICATES • CONNECTIVITY PROFILES WI-FI, PROXY SETTINGS, EMAIL • MUCH MORE…
  • 20.
  • 21.
    POP QUIZ -WHICH FEATURE IS THIS OLD NUGGET? • LOCAL ADMIN PASSWORD SOLUTION (LAPS) • EHANCED MITIGATION EXPERIENCE TOOLKIT (EMET) • DRIVERS ERRORS • APPLICATIONS ERRORS • UNTRUSTED FONT BLOCKING EVENT FORWARDING!
  • 22.
    COMMUNITY SOLUTIONS • IFYOU DON’T USE ANY CLIENT MONITORING TOOL • USE EVENT FORWARDING! COMMUNITY SOLUTION • POWERSHELL SCRIPT TO WRITE FORWARDED EVENT LOGS TO A SQL DATABASE HTTPS://BLOG.NETNERDS.NET/2013/03/IMPORTING-WINDOWS-FORWARDED-EVENTS-INTO-SQL-SERVER- USING-POWERSHELL/
  • 24.
    EDGE FAVORITES LOCATION • %USERPROFILE%APPDATALOCALPACKAGESMICROSOFT.MICROSOFTEDGE_8WEKYB3D8BBWEACMI CROSOFTEDGEUSERDEFAULT TOCOPY FAVORITES THE FOLLOWING REGISTRY KEY MUST BE DELETED AS WELL OTHERWISE COPIED FAVORITES WILL NOT SHOW UP. ”HKEY_CLASSES_ROOTLOCAL SETTINGSSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONAPPCONTAINERSTORAGEMICROSOFT. MICROSOFTEDGE_8WEKYB3D8BBWEMICROSOFTEDGEFAVORDER”
  • 25.
    EDGE • YOU CANNOTIMPORT FAVORITES FROM IE IF FOLDER REDIRECTION IS USED. • FAVORITES CAN ONLY BE IMPORTED FROM %USERPROFILE%FAVORITES • USE POWERSHELL: HTTPS://GALLERY.TECHNET.MICROSOFT.COM/PO WERHSELL-SCRIPT-TO-COPY-1E300DE5
  • 26.
    UNINSTALL BUILT-IN APPS •FOR CURRENT USER, USE: • REMOVE-APPXPACKAGE • TO REMOVE THEM FOR ALL NEW USERS CREATING THEIR PROFILE. • REMOVE-APPXPROVISIONEDPACKAGE HTTP://CCMEXEC.COM/2015/08/REMOVING-BUILT-IN-APPS-FROM-WINDOWS-10-USING-POWERSHELL/
  • 27.
    BLOCK BUILT-IN APPSUSING APPLOCKER • EDGE, WINDOWS FEEDBACK, CONTACT SUPPORT CANNOT BE UNINSTALLED. • IF BLOCKED WITH APPLOCKER AND THE POLICY IS APLIED TO THE COMPUTER BEFORE THE USER LOGS IN THE FIRST TIME. THE APPLICATIONIS NOT INSTALLED FOR THE USER AT ALL. HTTP://CCMEXEC.COM/2015/08/BLOCKING-BUILT-IN-APPS-IN-WINDOWS-10-USING-APPLOCKER/
  • 28.

Editor's Notes

  • #4 Source: Ignite BRK2337_Hunter.pptx
  • #6 Source: Ignite BRK2337_Hunter.pptx
  • #10 Source: Ignite BRK2337_Hunter.pptx
  • #11 Source: Ignite BRK2337_Hunter.pptx
  • #14 Source: Ignite BRK2337_Hunter.pptx