SlideShare a Scribd company logo

Windows 10: Windows 10 de ITPros a ITPros

Juan Ignacio Oller Aznar
Juan Ignacio Oller Aznar

Presentación sobre las novedades y ventajas de Windows 10, contada para profesionales de ITP. Esta PPT es solo un apoyo a lo que se hace mediante demos.

Technology
1 of 161
Download to read offline
What customers are telling us Passwords are no longer sufficient We need to be adopting new technologies as fast as our customers My users need access to their apps and data anywhere, anytime Too many tools and too much fragmentation No more big deployments We want more transparency and an open dialogue with Microsoft IT Budgets are under pressure. Show us how we can cut IT costs How do I protect my corporate data Security of our mobile devices is a top concern
Enable mobility of the experience Natural interactions Most trusted platform Innovative new hardware Windows as a service Create more personal computing
One converged Windows platform
Be more productive Protection against modern security threats Innovative devices for your business Managed for continuous innovation
Protection against modern security threats
Targeting Sophistication 2003–2004 2005–present 2012–beyond
Source: Hackers Threaten Sony Employees in New Email: ‘Your Family Will Be in Danger’, Dave McNary, MSN, December 5, 2014. Image: G. Hodan Sony Hackers Threaten 9/11 Attack on Movie Theaters BRENT LANG Variety December 5, 2014 “The world will be full of fear, remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.” adding terror to playbook
Source: Hackers who breached White House network accessed sensitive data, Steven Musil, CNET, April 13, 2015 Hackers who breached White House network accessed sensitive data STEVEN MUSIL CNET April 13, 2015 "In the State Department breach, none of the department's classified email system was affected, a senior department official said, but the hackers used that breach to break in to the White House's network" unlimited budget, still vulnerable
Security from the inside out – beyond bigger walls RUIN THE ATTACKERS ECONOMIC MODEL BREAK THE ATTACK PLAYBOOK ELIMINATE THE VECTORS OF ATTACK Addressing the Threats Requires a New Approach
New challenges require a new platform Data protection Identity protection Threat resistance Device security
Defending Against Modern Security Threats SECURED DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
Hardware Rooted Trust SECURED DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
Device integrity Cryptographic processor Virtualization Biometric sensors Secured Hardware Secure Roots of Trust
Malware gains admin level privilege, gains full access to system, and disables system defenses to evade detection Processor based virtualization isolates critical system components and data and protects even in the event full system compromise Virtualization Malware tampers with hardware and corrupts Operating System before it even starts UEFI Secure Boot prevents device tampering and ensures OS starts with integrity Device integrity Attacker gains access to users Password/PIN and 2FA device Using a biometric for authentication increases the level of difficult for an attacker to the highest level Biometric sensors Malware compromises integrity related defenses and gains unauthorized access to sensitive information (e.g.: keys) TPM processor provides tamper proof integrity validation and prevents unauthorized access to sensitive information Cryptographic processor
The End of Passwords, Two-factor for Everyone Hardware Rooted Trust SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
Windows 10 Identity Goals Mainstream two-factor authentication Make credential breach, theft, and phish proof Deliver for consumer and business users Use credentials on familiar mobile devices for desktop sign-in
User Identity & Authentication
Shared Secrets shhh! Easily mishandled or lost (Hint: The user is the problem)
User The sites we use are a weak link Bad Guy 1 Social .com Bank .com Network .com LOL .com Obscure .com 1 2
User 1 3 5 Device IDP IDP IDP 2 4 Network Resource The user and device are the weak Links Bad Guy
PKI Solutions Complex, costly, and under attack
1 Windows 8.1 User 2 IDP Active Directory 3 4 5 6Network Resource The CA is under attack Bad Guy
Limited use of MFA creates weak links User UN/Password High-value assets Most network resources
Enterprise Demands Simplify implementation Reduce costs
Multifactor with Existing Devices Simplifying Deployment
Device-based Multi-factor UTILIZE FAMILIAR DEVICES SECURED BY HARDWARE USER CREDENTIAL An asymmetrical key pair Provisioned via PKI or created locally via Windows 10
IDP Active Directory Azure AD Google Facebook Microsoft Account 1 User 2 Windows10 3Intranet Resource 4 4Intranet Resource A new approach
Simplest implementation option No hardware dependencies User familiarity PIN Higher security Ease of use Impossible to forget Biometrics
Derived Credentials & Access Tokens
“Pass the Hash” Attacks Today’s security challenge
Today’s Security Challenge Pass the Hash Attacks
Today’s Security Challenge Pass the Hash Attacks Pass the hash attacks have gone from hypothetical to very real threats Enables an attacker to get user access tokens using common tools like MimiKatz Once obtained an attacker is often able to steal additional access tokens Enables an attacker to frequently persist even once detected
Solution VSM uses Hyper-V powered secure execution environment to protect NTLM tokens – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Requires Windows 10 client and domain controller Pass the Hash Attacks
The End of Passwords, Two-factor for Everyone Completing the Stack Democratizing Data Loss Prevention SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
Have accidentally sent sensitive information to the wrong person1 58% …of senior managers admit to regularly uploading work files to a personal email or cloud account1 87% Average per record cost of a data breach across all industries2 $240 PER RECORD 2HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012 1Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013
Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
Data-at-rest Protection The threat of lost or stolen devices
Data-at-rest Protection Risks of unencrypted devices go beyond exposed data Machine admin credentials can be reset with offline tools Decommissioned desktops and servers create risk
Device Encryption BitLocker Devices can be encrypted out-of- box with BitLocker Easiest deployment, leading security, reliability, and performance Single sign-on for modern devices and configurable Windows 7 hardware Enterprise grade management (MBAM) and compliance (FIPS) Increased global acceptance of TPM Pervasive on all Windows devices by 2015
Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
OR
Introducing Enterprise Data Protection A Different Approach Corporate vs personal data identifiable wherever it rests on the device Protects data at rest, and wherever it rests or may roam to Seamless integration into the platform, No mode switching and use any app Prevents unauthorized apps from accessing business data IT has fully control of keys and data and can remote wipe data on demand Common experience across all Windows devices with cross platform support
Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
Sharing Protection Rights Management Services Adding persistent and non-removable protection to data Support for all commonly used devices and systems – Windows, OSX, iOS, Android Protect all file types, everywhere they go, cloud, email, BYOD, … Can be automatically applied to mail, OneDrive Pro, etc. Support for B2B and B2B via Azure AD Support for on premise and cloud based scenarios (e.g.: Office 365) Seamless easy to provision and support for FIPS 140-2 regulation and compliance Significant improvements over Windows 7
Completing the stack Democratizing data loss prevention Active theat protection SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
TODAYS CHALLENGE APPS
Your future must depend on: APP TRUST MUST BE EARNED.
Según el informe de Cisco Systems: “Cisco 2014 Annual Security Report”, Windows Phone tiene las mejores estadísticas de seguridad de la industria. https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
Two Paths to Choose From Device Guard A new approach for Windows desktop Requires change in process for apps Offers incredible protection Traditional Approach The way things have always been Requires additional software to manage Carries increased risk
Device Guard Hardware Rooted App Control Windows desktop can be locked down to only run trusted apps, just like many mobile OS’s (e.g.: Windows Phone) Resistant to tampering by an administrator or malware Requires devices specially configured by either the OEM or IT Requires Windows Enterprise edition Untrusted apps and executables, such as malware, are unable to run
Device Guard Getting Apps into the Circle of Trust Supports all apps including Universal and Desktop (Win32). Trusted apps can be created by IHV, ISV, and Organizations using a Microsoft provided signing service. Signing service will be made available to OEM’s, IHV, ISV’s, and Enterprises. Apps must be specially signed using the Microsoft signing service. No additional modification is required.
Two Paths to Choose From Device Guard A new approach for Windows desktop Requires change in process for apps Offers incredible protection Traditional Approach The way things have always been Requires additional software to manage Carries increased risk
Device Tampering Vulnerabilities Malware Phishing Traditional Approach Type of threats to consider and mitigate
Device and Platform Integrity Ensuring Windows starts on a trustworthy device UEFI prevents firmware attacks and ensures Windows starts before any malware TPM enables local and remote verification of system integrity before system start Windows Trusted Boot prevents malware from starting during boot process and can protects anti-virus solutions Windows isolates system core and puts sensitive processes into containers – offering protection even with kernel level breach
App Security & Online Safety Protects system and apps from the most common forms of malware Windows vulnerability mitigations reduce or eliminate impact of exploits Windows sandboxes Universal Apps, validates app integrity, and offers app control Windows includes Windows Defender, an advanced antivirus and malware solution WinRE integration helps remediate when the OS or other defenses are inoperable Windows and IE SmartScreen blocks malicious websites and apps before they get a chance to impact the device
Conditional Access Blocking unhealthy devices to protect resources and prevent proliferation Windows Provable PC Health (PPCH) provides remote attestation services, and can initiate remediation when necessary Denying access to end points that are unable to “prove” that they’re healthy Intune will provide conditional access based on PPCH health state “claims” PPCH cloud service and health claims are available for use by 3rd party network access, security, and management solutions.
1 Health is assumed Important resources 2
1 PPCH provides health intel to MDMS Important resources 2 3 5 4
SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE Active threat protection
Hardware rooted trust Two-factor for everyone Data loss prevention Active threat protection SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
Hardware based security for better malware protection. Secure Boot Enterprise credential protection via hardware-based isolation Secure corporate identity to protect against modern threats. Microsoft Passport Windows Hello Protect your corporate data, wherever the data is. Enterprise data protection Eliminate malware on your devices. Device Guard More secure per-app connection for mobile workers. Secure Remote Connection
Managed for continuous innovation
Works with existing infrastructure Continued support for Group Policy and WMI Advanced MDM support Consistent across PC/mobile 1st and 3rd party solutions
Available Choices Identity Active Directory; Azure Active Directory Management Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM Updates Windows Update; Windows Server Update Services (WSUS); Intune, 3rd party MDM Infrastructure On-premises or in the cloud Ownership Corporate-owned, CYOD; BYOD Organizations may mix and match, depending on their specific scenario
Exchange ActiveSync Basic Windows Update BYOD (personal) devices E-mail access only Active Directory and/or Azure Active Directory Mobile Device Management Lightweight Windows Update/MDM Company-owned and BYOD devices Internet-facing or corporate network Active Directory Group Policy System Center Full Control WSUS Company-owned devices Corporate network
Windows Client Windows Management Instrumentation (WMI) Windows Remote Management (WinRM) Windows Update Group Policy Client Windows Server Active Directory Group Policy Windows Server Update Services (WSUS) Products System Center Configuration Manager Microsoft Desktop Optimization Pack (MDOP) Cloud Services Azure Active Directory Azure RMS Microsoft Intune Windows Store Windows Update Mobile Device Management (MDM) PowerShell AppLocker
Product Supports Windows 10 Management Supports Windows 10 Deployment System Center 2012 R2 Configuration Manager System Center 2012 Configuration Manager System Center Configuration Manager 2007 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 Microsoft Deployment Toolkit 2013
Windows 8.1 Windows 10 BYOD: simple security settings Device Lockdown Fully managed corporate device Phone Desktop Phone Desktop Significant investments in added functionality for both mobile and desktop devices
One consistent set of MDM capabilities across Mobile, Desktop, and IoT • Provisioning • Bulk enrollment • Simple bootstrap • Converged protocol • Azure AD Integration • Extended set of policies Client certificate management • Enterprise Wi-Fi • VPN management • Email provisioning • MDM Push • Device Update control • Kiosk, Start screen, Start menu configuration and control • Curated Windows Store • Business Store Portal (BSP) app deployment; license reclaim • Enterprise App management • Simplified LOB app management • Win32 (MSI) app management • App inventory (LOB/store apps) • App allow/deny lists via Applocker • Enterprise data protection • Full device wipe • Remote Lock, PIN reset, Ring, & Find • Enhanced inventory for compliance decisions • Unenrollment with alerts • Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) • Additional device inventory
Active Directory provides key business identity and security capabilities Azure Active Directory takes this to the cloud Both work together Windows 10 fully takes advantage of both
Organization Owned Personally Owned (BYOD) • Computer joins AD to establish trust • User signs on using AD account • Group Policy + System Center • Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access • User signs in with a Microsoft account, associates an Azure AD account • Intune/MDM • Computer joins Azure AD to establish trust • User signs on using Azure AD account • Intune/MDM • Settings roaming Single sign-on to enterprise + cloud-based services
Self-service Single sign on ••••••••••• Username Simple connection Cloud SaaS Azure Office 365Intune Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
Single admin console Intune
New policies to support Windows 10 features: • Start screen and start menu management • “Project Spartan” settings • Next-Generation Credential PIN settings • Universal app management New in Windows 10 Capabilities from Windows 8.1: • Policy caching • IPv6 support for printers, VPN, targeting Capabilities from Windows 8: • Sign-in optimization for DirectAccess clients • Better use of larger registry policies (registry.pol) • Remote group policy refresh (GPUpdate) • More efficient background processing New from Windows 7
Full support for Windows 10 Product Required/Recommended Version AGPM AGPM 4.0 SP3 (August) App-V App-V 5.1 (August) DaRT DaRT 10 (August) MBAM MBAM 2.5 SP1 (August), 2.5 is OK UE-V UE-V 2.1 SP1 (August)
Managed in-place upgrade Runtime configuration, customize without imaging Reduced validation and deployment costs
App & Device Compatibility Hardware requirements are unchanged Strong desktop app compatibility Windows Store apps are compatible Internet Explorer enterprise investments
Legacy Web Apps
Wipe-and-Load Traditional process • Capture data and settings • Deploy (custom) OS image • Inject drivers • Install apps • Restore data and settings Still an option for all scenarios In-Place Let Windows do the work • Preserve all data, settings, apps, drivers • Install (standard) OS image • Restore everything Recommended for existing devices (Windows 7/8/8.1) Provisioning Configure new devices • Transform into an Enterprise device • Remove extra items, add organizational apps and config New capability for new devices
• Supported with Windows 7, Windows 8, and Windows 8.1 • Consumers use Windows Update, but enterprises want more control • Use System Center Configuration Manager or MDT for managing the process • Uses the standard Windows 10 image • Automatically preserves existing apps, settings, and drivers • Fast and reliable, with automatic roll-back if issues are encountered • Popular for Windows 8 to Windows 8.1 • Piloted process with a customer to upgrade from Windows 7 to Windows 8.1, as a learning process • Feedback integrated into Windows 10 to provide additional capabilities for automation, drivers, logging, etc. • Working with ISVs for disk encryption Preferred option for enterprises Simplified process, builds on prior experience
Take off-the-shelf hardware Transform with little or no user interaction Device is ready for productive use
Provisioning, not reimaging • Company-owned devices: Azure AD join, either during OOBE or after from Settings • BYOD devices: “Add a work account” for device registration • Automatic MDM enrollment as part of both • MDM policies pushed down: • Change the Windows SKU • Apply settings • Install apps • Create provisioning package using Windows Imaging and Configuration Designer with needed settings: • Change Windows SKU • Apply settings • Install apps and updates • Enroll a device for ongoing management (just enough to bootstrap) • Deploy manually, add to images User-driven, from the cloud IT-driven, using new tools
Transform a Device • Enable the Enterprise SKU • Install apps and enterprise configuration • Enroll the device to be managed via MDM Flexible Methods • Using media, USB tethering, or even e-mail for manual distribution • Automatically trigged from the cloud or connection to a corporate network • Leverage NFC or QR codes
Enhancements to existing tools Minimal changes to existing deployment processes • New Assessment and Deployment Kit includes support for Windows 10, while continuing to support down to Windows 7 • Minor updates to System Center 2012 to add support • Minor updates to Microsoft Deployment Toolkit 2013 to add support • Will feel “natural” to IT Pros used to deploying Windows 7 and Windows 8.1 • Drop in a Windows 10 image, use it to create your new master image • Capture a Windows 10 image, use it for wipe-and- load deployments
Volume licensing Flexible distribution License reclaim/re-use Your company store
Windows Store “Company Portal” • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) • MDM-driven • Sideload line-of-business modern apps • Link to apps in the Windows Store
Convergence WINDOWS PHONE 8.1 WINDOWS 8.1 WINDOWS 10 • Converged developer portal for Windows and Windows Phone • Separate user and developer capabilities • Fully converged experience • Best features from each • New capabilities XBOX
Windows Store • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators Windows Store for Business “Company Portal” • Modern apps • Leverages Azure Active Directory for administration, some scenarios • Private organization store for the org’s preferred or LOB apps • Pay with credit card or PO/invoice • Deploy modern apps offline, in images, and more • Modern app license management • Sideload line-of-business modern apps • Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through BSP integration using MDM
Flexible app deployment Online, offline, or included in images Through the store, via MDM, or using System Center LOB apps can be kept private Support for any organization Teacher and classroom Small businesses and other organizations Large enterprises Simplify via convergence One store, one Dev Center, one Business Store Portal Universal apps across all device types Reconciled sideloading processes
• Org users do not need Azure AD accounts • Installation files are downloaded and deployed using org’s infrastructure • No license tracking • Updates installed via Windows Update • All org users need Azure AD accounts • Installation files managed and deployed by the Windows Store • Licenses tracked by the Windows Store • Updates installed via Windows Update Online Offline Private Store MDM / ConfigMgr (deep links) Direct Assignment Imaging MDM / ConfigMgr (sideload) Manual
IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO, invoice, or credit card End User ORGANIZATION STORE CREATED • Desired apps added LOG INTO WINDOWS • Using AD or Azure AD account ACCESS WINDOWS STORE • Sees organization store and public categories INSTALL APPS • Selected from the Private Store using Azure AD, or public categories using MSA NOTES • Cloud-based • No on-prem infrastructure requirements • No MDM service required • Apps automatically updated from the Windows Store • Can include LOB apps
Scenarios Mobile Device Management (ONLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User APPS ADDED TO MDM SERVICE • Link to the app in the BSP LOG INTO WINDOWS • Using AD or Azure AD account LAUNCH ENTERPRISE APP STORE (MDM) • Sees available app INSTALL APPS • Selected from the MDM- provided list • Installed by the Windows Store, as directed by the MDM service NOTES • Cloud-based or on-prem (depending on the MDM service used) • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired • APIs available to ISVs to automate the BSP interactions
Scenarios License Management (ONLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account VIEW ASSIGNED LICENSES • For any BSP app (LOB, free, paid) End User RECLAIM LICENSE • Available for use by another user LOG INTO WINDOWS • Using any account LAUNCH APP • Informed that license is no longer available NOTES • Devices periodically check to see if licenses are still valid • APIs available to ISVs to automate this process
Scenarios Imaging (OFFLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User DOWNLOAD APP INSTALLATION FILES • APPX files LOG INTO WINDOWS • Using AD or Azure AD account APPS INSTALL AUTOMATICALLY NOTES • Apps available to every user when they log in • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired ADD APPS TO ENTERPRISE IMAGE • Provisioned for all users
Scenarios Enterprise App Store using System Center Configuration Manager (OFFLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User DOWNLOAD APP INSTALLATION FILES • APPX files NOTES • Per-user app installation • ConfigMgr can push apps as well to users or groups • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired • ConfigMgr v.Next may integrate with the BSP to simplify this process ADD APPS TO CONFIGMGR • Available for installation (pull), or required (push) LOG INTO WINDOWS • Using AD or Azure AD account LAUNCH COMPANY PORTAL • Shows all available apps added by IT administrator INSTALL APPS • Installed by ConfigMgr
Scenarios Line of business apps (ONLINE or OFFLINE) IT Developer SIGN IN TO DEV PORTAL • Using Microsoft account ACCEPT INVITE • Authorizes developer to submit apps to the organization SUBMIT APP • Upload package • Choose organization’s catalog NOTES • Simplified app validation process, allowing use of enterprise capabilities • No sideloading needed in this case • Process will be streamlined later this year, with Dev Center support for Azure AD IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account INVITES DEVELOPER • Specified by e- mail address MAKE APP AVAILABLE • Via any scenario, online or offline
Choose management solutions that work best for you. Mobile Device Management Group Policy End of wipe and replace deployment. Dynamic provisioning In-place upgrade Corporate identity for the mobile-first, cloud-first world Azure AD Join (desktop and phone) Single sign on to apps, devices, data User state roaming Power your business with Universal Apps. Private catalog The Business Store Keep your devices secure and up to date with the latest technology. Windows Update for Business
Be more productive An experience users will love
Easy for Windows 7 users Familiar UX, scaled across devices Increasing user productivity
Continuum Continuum for Phone
Familiar Office experience on Windows Phones, Tablets, and Desktops Built for touch and mobile Office universal apps increase phone productivity Mail and Calendar apps Present from PowerPoint Edit Word documents
Internet Explorer 11
A familiar user experience that adapts to your device. Start menu Continuum Continuum for Phone Apps that can run on any Windows device. Windows Universal Apps The best productivity experience across all Windows devices. Office for Windows Modernize your web experience, stay compatible. Microsoft Edge Internet Explorer 11
Innovative devices for your business
Touch laptops Pen 2-in-1
Commercial devices Industry specific & ruggedized devices Purpose-built solutions
Exceptional way to create and brainstorm with others Engaging and productive meetings Platform for amazing large screen apps Advanced technology for the modern workplace
Latest Windows innovations on your existing PC fleet. Great mouse & keyboard support Hardware compatibility Granular UX Control Choose from the range of innovative Windows devices. Broad industry innovation 2-in-1 devices Surface Lumia Redefine productivity with revolutionary Windows devices. Surface Hub HoloLens
Keeping your devices secure and up-to-date
Customer challenges
Consumer devices Updates installed via Windows Update as they arrive Keeping hundreds of millions of consumers up to date and secure on the Current Branch Large and diverse user base helps drive quality of the OS updates BYOD devices are up to date & secure No new functionality on Long Term Servicing Branch Regular security updates Control with WSUS Examples: Air Traffic Control, Emergency Rooms Specialized systems Update their devices after features are validated in the market Current Branch for business Business users
Capabilities
Specialized systems Windows Update for Business Consumer devices Business users Integration with System Center Configuration Manager and customers’ existing tools Windows Server Update Services (WSUS) Windows Update
*Conceptual illustration only Current Branch for BusinessCurrent Branch Microsoft Insider Preview Branch Broad Microsoft internal validation Engineering builds Customer Internal Ring I Customer Internal Ring II Customer Internal Ring III Customer Internal Ring IV Users 10’s of thousands Several Million Hundreds of millions
Long Term Servicing Branch* Deploy for mission critical systems via WSUS Windows Insider Preview Branch Specific feature and performance feedback Application compatibility validation Ongoing engineering development Feedback and asks Stage broad deployment via WU for Business Current Branch For Business Deploy to appropriate audiences via WUB Test and prepare for broad deployment Current Branch *Enterprise or Education edition required
Hardware based security for better malware protection. Secure Boot Enterprise credential protection via hardware-based isolation Secure corporate identity to protect against modern threats. Microsoft Passport Windows Hello Protect your corporate data, wherever the data is. Enterprise data protection Eliminate malware on your devices. Device Guard More secure per-app connection for mobile workers. Secure Remote Connection Choose management solutions that work best for you. Mobile Device Management Group Policy End of wipe and replace deployment. Dynamic provisioning In-place upgrade Corporate identity for the mobile- first, cloud-first world Azure AD Join (desktop and phone) Single sign on to apps, devices, data User state roaming Power your business with Universal Apps. Private catalog The Business Store Keep your devices secure and up to date with latest technology. Windows Update for Business A familiar user experience that adapts to your device. Start menu Continuum Continuum for Phone Apps that can run on any Windows device. Windows Universal Apps The best productivity experience across all Windows devices. Office for Windows Modernize your web experience, stay compatible. Microsoft Edge Internet Explorer 11 Latest Windows innovations on your existing PC fleet. Great mouse & keyboard support Hardware compatibility Granular UX Control Choose from the range of innovative Windows devices. Broad industry innovation 2-in-1 devices Surface Lumia Redefine productivity with revolutionary Windows devices. Surface Hub HoloLens Be more productive Protection against modern security threats Innovative devices for your business Managed for continuous innovation
Get ready for Windows 10 Accelerate migration to IE11 Pilot Windows 10; build deployment plan Profile your systems and user groups Windows Update for Business Current Branch for Business WSUS / Long Term Servicing Branch Start adopting Windows Update for Business Test upcoming Windows Preview features Join the Windows Insider Program Give your feedback
Windows 10: Windows 10 de ITPros a ITPros

Recommended

Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
Juan Ignacio Oller Aznar
 
System Security
System SecuritySystem Security
System Security
Reddhi Basu
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
ijsrd.com
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 

Recommended

Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)Windows 10: Security Focus (part II)
Windows 10: Security Focus (part II)
Juan Ignacio Oller Aznar
 
System Security
System SecuritySystem Security
System Security
Reddhi Basu
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
ijsrd.com
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
COMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEMCOMPUTER SECURITY AND OPERATING SYSTEM
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices
Javier González
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
Information Technology
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
Srinu Potnuru
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
hanniw79
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
Temesgen Berhanu
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint Protection
Dan Buckley
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
Tabsheer Hasan
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
Ankur Kumar
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
Dedi Dwianto
 
Computer security
Computer securityComputer security
Computer security
EktaVaswani2
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
CAS
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mostafa Elgamala
 
UserLock Datasheet
UserLock DatasheetUserLock Datasheet
UserLock Datasheet
IS Decisions
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 

More Related Content

What's hot

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
Information Technology
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
Srinu Potnuru
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
Dedi Dwianto
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 

What's hot (19)

Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal DevicesBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint Protection
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Computer security
Computer securityComputer security
Computer security
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
UserLock Datasheet
UserLock DatasheetUserLock Datasheet
UserLock Datasheet
 
Information security threats
Information security threatsInformation security threats
Information security threats
 

Similar to Windows 10: Windows 10 de ITPros a ITPros

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Typical system servicesProgram executionIO operationsFile Sy.pdf
Typical system servicesProgram executionIO operationsFile Sy.pdfTypical system servicesProgram executionIO operationsFile Sy.pdf
Typical system servicesProgram executionIO operationsFile Sy.pdf
aptexx
 

Similar to Windows 10: Windows 10 de ITPros a ITPros (20)

Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Data security
Data securityData security
Data security
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Basics of IT security
Basics of IT securityBasics of IT security
Basics of IT security
 
Typical system servicesProgram executionIO operationsFile Sy.pdf
Typical system servicesProgram executionIO operationsFile Sy.pdfTypical system servicesProgram executionIO operationsFile Sy.pdf
Typical system servicesProgram executionIO operationsFile Sy.pdf
 
Information security
Information securityInformation security
Information security
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security Solutions
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Network Security
Network Security Network Security
Network Security
 
Onepager w10 security
Onepager w10 securityOnepager w10 security
Onepager w10 security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer security
Computer securityComputer security
Computer security
 

More from Juan Ignacio Oller Aznar

More from Juan Ignacio Oller Aznar (20)

Taller de Despliegue de imágenes en Azure
Taller de Despliegue de imágenes en AzureTaller de Despliegue de imágenes en Azure
Taller de Despliegue de imágenes en Azure
 
Despliegue de máquinas virtuales en Azure
Despliegue de máquinas virtuales en AzureDespliegue de máquinas virtuales en Azure
Despliegue de máquinas virtuales en Azure
 
Introducción a las máquinas virtuales en Azure
Introducción a las máquinas virtuales en AzureIntroducción a las máquinas virtuales en Azure
Introducción a las máquinas virtuales en Azure
 
Charla Azure Sentinel Zaragoza
Charla Azure Sentinel ZaragozaCharla Azure Sentinel Zaragoza
Charla Azure Sentinel Zaragoza
 
Charla Azure Security Center en Zaragoza
Charla Azure Security Center en ZaragozaCharla Azure Security Center en Zaragoza
Charla Azure Security Center en Zaragoza
 
Introduccion hyper v
Introduccion hyper vIntroduccion hyper v
Introduccion hyper v
 
Charla Azure Security Barcelona 2019-12-14
Charla Azure Security Barcelona 2019-12-14Charla Azure Security Barcelona 2019-12-14
Charla Azure Security Barcelona 2019-12-14
 
DevOps a vista de pajaro
DevOps a vista de pajaroDevOps a vista de pajaro
DevOps a vista de pajaro
 
Intro a la accesibilidad digital
Intro a la accesibilidad digitalIntro a la accesibilidad digital
Intro a la accesibilidad digital
 
Gppb event promotion deck zaragoza
Gppb event promotion deck zaragozaGppb event promotion deck zaragoza
Gppb event promotion deck zaragoza
 
Getting started power apps
Getting started power appsGetting started power apps
Getting started power apps
 
Gppb digital accesibility
Gppb digital accesibilityGppb digital accesibility
Gppb digital accesibility
 
DevOps a vista de pajaro
DevOps a vista de pajaroDevOps a vista de pajaro
DevOps a vista de pajaro
 
Windows Sever 2016: Administración Remota
Windows Sever 2016: Administración RemotaWindows Sever 2016: Administración Remota
Windows Sever 2016: Administración Remota
 
Windows Server: Servidor de DNS
Windows Server: Servidor de DNSWindows Server: Servidor de DNS
Windows Server: Servidor de DNS
 
Windows Server 2016: Servidor de DHCP
Windows Server 2016: Servidor de DHCPWindows Server 2016: Servidor de DHCP
Windows Server 2016: Servidor de DHCP
 
Hyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualizaciónHyper-V y Contenedores, una nueva forma de virtualización
Hyper-V y Contenedores, una nueva forma de virtualización
 
Windows Server 2016: roles, caracteristicas y...
Windows Server 2016: roles, caracteristicas y...Windows Server 2016: roles, caracteristicas y...
Windows Server 2016: roles, caracteristicas y...
 
Novedades de Windows Server 2016
Novedades de Windows Server 2016Novedades de Windows Server 2016
Novedades de Windows Server 2016
 
Windows PowerShell: Gestión de Servicios
Windows PowerShell: Gestión de ServiciosWindows PowerShell: Gestión de Servicios
Windows PowerShell: Gestión de Servicios
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Windows 10: Windows 10 de ITPros a ITPros

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. What customers are telling us Passwords are no longer sufficient We need to be adopting new technologies as fast as our customers My users need access to their apps and data anywhere, anytime Too many tools and too much fragmentation No more big deployments We want more transparency and an open dialogue with Microsoft IT Budgets are under pressure. Show us how we can cut IT costs How do I protect my corporate data Security of our mobile devices is a top concern
  • 8. Enable mobility of the experience Natural interactions Most trusted platform Innovative new hardware Windows as a service Create more personal computing
  • 10. Be more productive Protection against modern security threats Innovative devices for your business Managed for continuous innovation
  • 13. Source: Hackers Threaten Sony Employees in New Email: ‘Your Family Will Be in Danger’, Dave McNary, MSN, December 5, 2014. Image: G. Hodan Sony Hackers Threaten 9/11 Attack on Movie Theaters BRENT LANG Variety December 5, 2014 “The world will be full of fear, remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.” adding terror to playbook
  • 14. Source: Hackers who breached White House network accessed sensitive data, Steven Musil, CNET, April 13, 2015 Hackers who breached White House network accessed sensitive data STEVEN MUSIL CNET April 13, 2015 "In the State Department breach, none of the department's classified email system was affected, a senior department official said, but the hackers used that breach to break in to the White House's network" unlimited budget, still vulnerable
  • 15. Security from the inside out – beyond bigger walls RUIN THE ATTACKERS ECONOMIC MODEL BREAK THE ATTACK PLAYBOOK ELIMINATE THE VECTORS OF ATTACK Addressing the Threats Requires a New Approach
  • 16. New challenges require a new platform Data protection Identity protection Threat resistance Device security
  • 19. Device integrity Cryptographic processor Virtualization Biometric sensors Secured Hardware Secure Roots of Trust
  • 20. Malware gains admin level privilege, gains full access to system, and disables system defenses to evade detection Processor based virtualization isolates critical system components and data and protects even in the event full system compromise Virtualization Malware tampers with hardware and corrupts Operating System before it even starts UEFI Secure Boot prevents device tampering and ensures OS starts with integrity Device integrity Attacker gains access to users Password/PIN and 2FA device Using a biometric for authentication increases the level of difficult for an attacker to the highest level Biometric sensors Malware compromises integrity related defenses and gains unauthorized access to sensitive information (e.g.: keys) TPM processor provides tamper proof integrity validation and prevents unauthorized access to sensitive information Cryptographic processor
  • 21. The End of Passwords, Two-factor for Everyone Hardware Rooted Trust SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
  • 22. Windows 10 Identity Goals Mainstream two-factor authentication Make credential breach, theft, and phish proof Deliver for consumer and business users Use credentials on familiar mobile devices for desktop sign-in
  • 24. Shared Secrets shhh! Easily mishandled or lost (Hint: The user is the problem)
  • 25. User The sites we use are a weak link Bad Guy 1 Social .com Bank .com Network .com LOL .com Obscure .com 1 2
  • 27. PKI Solutions Complex, costly, and under attack
  • 28. 1 Windows 8.1 User 2 IDP Active Directory 3 4 5 6Network Resource The CA is under attack Bad Guy
  • 29. Limited use of MFA creates weak links User UN/Password High-value assets Most network resources
  • 32. Device-based Multi-factor UTILIZE FAMILIAR DEVICES SECURED BY HARDWARE USER CREDENTIAL An asymmetrical key pair Provisioned via PKI or created locally via Windows 10
  • 33. IDP Active Directory Azure AD Google Facebook Microsoft Account 1 User 2 Windows10 3Intranet Resource 4 4Intranet Resource A new approach
  • 34. Simplest implementation option No hardware dependencies User familiarity PIN Higher security Ease of use Impossible to forget Biometrics
  • 35.
  • 37.
  • 40. Today’s Security Challenge Pass the Hash Attacks Pass the hash attacks have gone from hypothetical to very real threats Enables an attacker to get user access tokens using common tools like MimiKatz Once obtained an attacker is often able to steal additional access tokens Enables an attacker to frequently persist even once detected
  • 41. Solution VSM uses Hyper-V powered secure execution environment to protect NTLM tokens – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Requires Windows 10 client and domain controller Pass the Hash Attacks
  • 42. The End of Passwords, Two-factor for Everyone Completing the Stack Democratizing Data Loss Prevention SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
  • 43. Have accidentally sent sensitive information to the wrong person1 58% …of senior managers admit to regularly uploading work files to a personal email or cloud account1 87% Average per record cost of a data breach across all industries2 $240 PER RECORD 2HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012 1Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013
  • 44. Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
  • 45. Data-at-rest Protection The threat of lost or stolen devices
  • 46. Data-at-rest Protection Risks of unencrypted devices go beyond exposed data Machine admin credentials can be reset with offline tools Decommissioned desktops and servers create risk
  • 47. Device Encryption BitLocker Devices can be encrypted out-of- box with BitLocker Easiest deployment, leading security, reliability, and performance Single sign-on for modern devices and configurable Windows 7 hardware Enterprise grade management (MBAM) and compliance (FIPS) Increased global acceptance of TPM Pervasive on all Windows devices by 2015
  • 48. Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
  • 49. OR
  • 50. Introducing Enterprise Data Protection A Different Approach Corporate vs personal data identifiable wherever it rests on the device Protects data at rest, and wherever it rests or may roam to Seamless integration into the platform, No mode switching and use any app Prevents unauthorized apps from accessing business data IT has fully control of keys and data and can remote wipe data on demand Common experience across all Windows devices with cross platform support
  • 51. Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
  • 52. Device Protection Protect system and data when device is lost or stolen Containment BYOD separation Data Separation Prevent unauthorized apps from accessing data Leak Protection Protect data when shared with others, or shared outside of organizational devices and control Sharing Protection
  • 53. Sharing Protection Rights Management Services Adding persistent and non-removable protection to data Support for all commonly used devices and systems – Windows, OSX, iOS, Android Protect all file types, everywhere they go, cloud, email, BYOD, … Can be automatically applied to mail, OneDrive Pro, etc. Support for B2B and B2B via Azure AD Support for on premise and cloud based scenarios (e.g.: Office 365) Seamless easy to provision and support for FIPS 140-2 regulation and compliance Significant improvements over Windows 7
  • 54. Completing the stack Democratizing data loss prevention Active theat protection SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
  • 56. Your future must depend on: APP TRUST MUST BE EARNED.
  • 57. Según el informe de Cisco Systems: “Cisco 2014 Annual Security Report”, Windows Phone tiene las mejores estadísticas de seguridad de la industria. https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
  • 58. Two Paths to Choose From Device Guard A new approach for Windows desktop Requires change in process for apps Offers incredible protection Traditional Approach The way things have always been Requires additional software to manage Carries increased risk
  • 59. Device Guard Hardware Rooted App Control Windows desktop can be locked down to only run trusted apps, just like many mobile OS’s (e.g.: Windows Phone) Resistant to tampering by an administrator or malware Requires devices specially configured by either the OEM or IT Requires Windows Enterprise edition Untrusted apps and executables, such as malware, are unable to run
  • 60. Device Guard Getting Apps into the Circle of Trust Supports all apps including Universal and Desktop (Win32). Trusted apps can be created by IHV, ISV, and Organizations using a Microsoft provided signing service. Signing service will be made available to OEM’s, IHV, ISV’s, and Enterprises. Apps must be specially signed using the Microsoft signing service. No additional modification is required.
  • 61. Two Paths to Choose From Device Guard A new approach for Windows desktop Requires change in process for apps Offers incredible protection Traditional Approach The way things have always been Requires additional software to manage Carries increased risk
  • 63. Device and Platform Integrity Ensuring Windows starts on a trustworthy device UEFI prevents firmware attacks and ensures Windows starts before any malware TPM enables local and remote verification of system integrity before system start Windows Trusted Boot prevents malware from starting during boot process and can protects anti-virus solutions Windows isolates system core and puts sensitive processes into containers – offering protection even with kernel level breach
  • 64. App Security & Online Safety Protects system and apps from the most common forms of malware Windows vulnerability mitigations reduce or eliminate impact of exploits Windows sandboxes Universal Apps, validates app integrity, and offers app control Windows includes Windows Defender, an advanced antivirus and malware solution WinRE integration helps remediate when the OS or other defenses are inoperable Windows and IE SmartScreen blocks malicious websites and apps before they get a chance to impact the device
  • 65. Conditional Access Blocking unhealthy devices to protect resources and prevent proliferation Windows Provable PC Health (PPCH) provides remote attestation services, and can initiate remediation when necessary Denying access to end points that are unable to “prove” that they’re healthy Intune will provide conditional access based on PPCH health state “claims” PPCH cloud service and health claims are available for use by 3rd party network access, security, and management solutions.
  • 67. 1 PPCH provides health intel to MDMS Important resources 2 3 5 4
  • 69. Hardware rooted trust Two-factor for everyone Data loss prevention Active threat protection SECURE DEVICES SECURED IDENTITIES INFORMATION PROTECTION THREAT RESISTANCE
  • 70. Hardware based security for better malware protection. Secure Boot Enterprise credential protection via hardware-based isolation Secure corporate identity to protect against modern threats. Microsoft Passport Windows Hello Protect your corporate data, wherever the data is. Enterprise data protection Eliminate malware on your devices. Device Guard More secure per-app connection for mobile workers. Secure Remote Connection
  • 72. Works with existing infrastructure Continued support for Group Policy and WMI Advanced MDM support Consistent across PC/mobile 1st and 3rd party solutions
  • 73. Available Choices Identity Active Directory; Azure Active Directory Management Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM Updates Windows Update; Windows Server Update Services (WSUS); Intune, 3rd party MDM Infrastructure On-premises or in the cloud Ownership Corporate-owned, CYOD; BYOD Organizations may mix and match, depending on their specific scenario
  • 74. Exchange ActiveSync Basic Windows Update BYOD (personal) devices E-mail access only Active Directory and/or Azure Active Directory Mobile Device Management Lightweight Windows Update/MDM Company-owned and BYOD devices Internet-facing or corporate network Active Directory Group Policy System Center Full Control WSUS Company-owned devices Corporate network
  • 75. Windows Client Windows Management Instrumentation (WMI) Windows Remote Management (WinRM) Windows Update Group Policy Client Windows Server Active Directory Group Policy Windows Server Update Services (WSUS) Products System Center Configuration Manager Microsoft Desktop Optimization Pack (MDOP) Cloud Services Azure Active Directory Azure RMS Microsoft Intune Windows Store Windows Update Mobile Device Management (MDM) PowerShell AppLocker
  • 76. Product Supports Windows 10 Management Supports Windows 10 Deployment System Center 2012 R2 Configuration Manager System Center 2012 Configuration Manager System Center Configuration Manager 2007 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 Microsoft Deployment Toolkit 2013
  • 77. Windows 8.1 Windows 10 BYOD: simple security settings Device Lockdown Fully managed corporate device Phone Desktop Phone Desktop Significant investments in added functionality for both mobile and desktop devices
  • 78. One consistent set of MDM capabilities across Mobile, Desktop, and IoT • Provisioning • Bulk enrollment • Simple bootstrap • Converged protocol • Azure AD Integration • Extended set of policies Client certificate management • Enterprise Wi-Fi • VPN management • Email provisioning • MDM Push • Device Update control • Kiosk, Start screen, Start menu configuration and control • Curated Windows Store • Business Store Portal (BSP) app deployment; license reclaim • Enterprise App management • Simplified LOB app management • Win32 (MSI) app management • App inventory (LOB/store apps) • App allow/deny lists via Applocker • Enterprise data protection • Full device wipe • Remote Lock, PIN reset, Ring, & Find • Enhanced inventory for compliance decisions • Unenrollment with alerts • Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) • Additional device inventory
  • 79. Active Directory provides key business identity and security capabilities Azure Active Directory takes this to the cloud Both work together Windows 10 fully takes advantage of both
  • 80. Organization Owned Personally Owned (BYOD) • Computer joins AD to establish trust • User signs on using AD account • Group Policy + System Center • Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access • User signs in with a Microsoft account, associates an Azure AD account • Intune/MDM • Computer joins Azure AD to establish trust • User signs on using Azure AD account • Intune/MDM • Settings roaming Single sign-on to enterprise + cloud-based services
  • 81. Self-service Single sign on ••••••••••• Username Simple connection Cloud SaaS Azure Office 365Intune Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
  • 82.
  • 84. New policies to support Windows 10 features: • Start screen and start menu management • “Project Spartan” settings • Next-Generation Credential PIN settings • Universal app management New in Windows 10 Capabilities from Windows 8.1: • Policy caching • IPv6 support for printers, VPN, targeting Capabilities from Windows 8: • Sign-in optimization for DirectAccess clients • Better use of larger registry policies (registry.pol) • Remote group policy refresh (GPUpdate) • More efficient background processing New from Windows 7
  • 85. Full support for Windows 10 Product Required/Recommended Version AGPM AGPM 4.0 SP3 (August) App-V App-V 5.1 (August) DaRT DaRT 10 (August) MBAM MBAM 2.5 SP1 (August), 2.5 is OK UE-V UE-V 2.1 SP1 (August)
  • 86. Managed in-place upgrade Runtime configuration, customize without imaging Reduced validation and deployment costs
  • 87. App & Device Compatibility Hardware requirements are unchanged Strong desktop app compatibility Windows Store apps are compatible Internet Explorer enterprise investments
  • 89.
  • 90. Wipe-and-Load Traditional process • Capture data and settings • Deploy (custom) OS image • Inject drivers • Install apps • Restore data and settings Still an option for all scenarios In-Place Let Windows do the work • Preserve all data, settings, apps, drivers • Install (standard) OS image • Restore everything Recommended for existing devices (Windows 7/8/8.1) Provisioning Configure new devices • Transform into an Enterprise device • Remove extra items, add organizational apps and config New capability for new devices
  • 91. • Supported with Windows 7, Windows 8, and Windows 8.1 • Consumers use Windows Update, but enterprises want more control • Use System Center Configuration Manager or MDT for managing the process • Uses the standard Windows 10 image • Automatically preserves existing apps, settings, and drivers • Fast and reliable, with automatic roll-back if issues are encountered • Popular for Windows 8 to Windows 8.1 • Piloted process with a customer to upgrade from Windows 7 to Windows 8.1, as a learning process • Feedback integrated into Windows 10 to provide additional capabilities for automation, drivers, logging, etc. • Working with ISVs for disk encryption Preferred option for enterprises Simplified process, builds on prior experience
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100. Take off-the-shelf hardware Transform with little or no user interaction Device is ready for productive use
  • 101. Provisioning, not reimaging • Company-owned devices: Azure AD join, either during OOBE or after from Settings • BYOD devices: “Add a work account” for device registration • Automatic MDM enrollment as part of both • MDM policies pushed down: • Change the Windows SKU • Apply settings • Install apps • Create provisioning package using Windows Imaging and Configuration Designer with needed settings: • Change Windows SKU • Apply settings • Install apps and updates • Enroll a device for ongoing management (just enough to bootstrap) • Deploy manually, add to images User-driven, from the cloud IT-driven, using new tools
  • 102.
  • 103.
  • 104.
  • 105.
  • 106.
  • 107.
  • 108.
  • 109.
  • 110. Transform a Device • Enable the Enterprise SKU • Install apps and enterprise configuration • Enroll the device to be managed via MDM Flexible Methods • Using media, USB tethering, or even e-mail for manual distribution • Automatically trigged from the cloud or connection to a corporate network • Leverage NFC or QR codes
  • 111. Enhancements to existing tools Minimal changes to existing deployment processes • New Assessment and Deployment Kit includes support for Windows 10, while continuing to support down to Windows 7 • Minor updates to System Center 2012 to add support • Minor updates to Microsoft Deployment Toolkit 2013 to add support • Will feel “natural” to IT Pros used to deploying Windows 7 and Windows 8.1 • Drop in a Windows 10 image, use it to create your new master image • Capture a Windows 10 image, use it for wipe-and- load deployments
  • 112. Volume licensing Flexible distribution License reclaim/re-use Your company store
  • 113. Windows Store “Company Portal” • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) • MDM-driven • Sideload line-of-business modern apps • Link to apps in the Windows Store
  • 114. Convergence WINDOWS PHONE 8.1 WINDOWS 8.1 WINDOWS 10 • Converged developer portal for Windows and Windows Phone • Separate user and developer capabilities • Fully converged experience • Best features from each • New capabilities XBOX
  • 115.
  • 116. Windows Store • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators Windows Store for Business “Company Portal” • Modern apps • Leverages Azure Active Directory for administration, some scenarios • Private organization store for the org’s preferred or LOB apps • Pay with credit card or PO/invoice • Deploy modern apps offline, in images, and more • Modern app license management • Sideload line-of-business modern apps • Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through BSP integration using MDM
  • 117. Flexible app deployment Online, offline, or included in images Through the store, via MDM, or using System Center LOB apps can be kept private Support for any organization Teacher and classroom Small businesses and other organizations Large enterprises Simplify via convergence One store, one Dev Center, one Business Store Portal Universal apps across all device types Reconciled sideloading processes
  • 118.
  • 119.
  • 120.
  • 121.
  • 122.
  • 123.
  • 124.
  • 125.
  • 126.
  • 127. • Org users do not need Azure AD accounts • Installation files are downloaded and deployed using org’s infrastructure • No license tracking • Updates installed via Windows Update • All org users need Azure AD accounts • Installation files managed and deployed by the Windows Store • Licenses tracked by the Windows Store • Updates installed via Windows Update Online Offline Private Store MDM / ConfigMgr (deep links) Direct Assignment Imaging MDM / ConfigMgr (sideload) Manual
  • 128. IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO, invoice, or credit card End User ORGANIZATION STORE CREATED • Desired apps added LOG INTO WINDOWS • Using AD or Azure AD account ACCESS WINDOWS STORE • Sees organization store and public categories INSTALL APPS • Selected from the Private Store using Azure AD, or public categories using MSA NOTES • Cloud-based • No on-prem infrastructure requirements • No MDM service required • Apps automatically updated from the Windows Store • Can include LOB apps
  • 129. Scenarios Mobile Device Management (ONLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User APPS ADDED TO MDM SERVICE • Link to the app in the BSP LOG INTO WINDOWS • Using AD or Azure AD account LAUNCH ENTERPRISE APP STORE (MDM) • Sees available app INSTALL APPS • Selected from the MDM- provided list • Installed by the Windows Store, as directed by the MDM service NOTES • Cloud-based or on-prem (depending on the MDM service used) • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired • APIs available to ISVs to automate the BSP interactions
  • 130. Scenarios License Management (ONLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account VIEW ASSIGNED LICENSES • For any BSP app (LOB, free, paid) End User RECLAIM LICENSE • Available for use by another user LOG INTO WINDOWS • Using any account LAUNCH APP • Informed that license is no longer available NOTES • Devices periodically check to see if licenses are still valid • APIs available to ISVs to automate this process
  • 131. Scenarios Imaging (OFFLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User DOWNLOAD APP INSTALLATION FILES • APPX files LOG INTO WINDOWS • Using AD or Azure AD account APPS INSTALL AUTOMATICALLY NOTES • Apps available to every user when they log in • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired ADD APPS TO ENTERPRISE IMAGE • Provisioned for all users
  • 132. Scenarios Enterprise App Store using System Center Configuration Manager (OFFLINE) IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account APPS ACQUIRED • Free apps • Purchased using a PO or invoice End User DOWNLOAD APP INSTALLATION FILES • APPX files NOTES • Per-user app installation • ConfigMgr can push apps as well to users or groups • Apps automatically updated from the Windows Store • The Windows Store can be disabled if desired • ConfigMgr v.Next may integrate with the BSP to simplify this process ADD APPS TO CONFIGMGR • Available for installation (pull), or required (push) LOG INTO WINDOWS • Using AD or Azure AD account LAUNCH COMPANY PORTAL • Shows all available apps added by IT administrator INSTALL APPS • Installed by ConfigMgr
  • 133. Scenarios Line of business apps (ONLINE or OFFLINE) IT Developer SIGN IN TO DEV PORTAL • Using Microsoft account ACCEPT INVITE • Authorizes developer to submit apps to the organization SUBMIT APP • Upload package • Choose organization’s catalog NOTES • Simplified app validation process, allowing use of enterprise capabilities • No sideloading needed in this case • Process will be streamlined later this year, with Dev Center support for Azure AD IT Administrator SIGN IN TO WINDOWS STORE FOR BUSINESS • Using Azure AD account INVITES DEVELOPER • Specified by e- mail address MAKE APP AVAILABLE • Via any scenario, online or offline
  • 134. Choose management solutions that work best for you. Mobile Device Management Group Policy End of wipe and replace deployment. Dynamic provisioning In-place upgrade Corporate identity for the mobile-first, cloud-first world Azure AD Join (desktop and phone) Single sign on to apps, devices, data User state roaming Power your business with Universal Apps. Private catalog The Business Store Keep your devices secure and up to date with the latest technology. Windows Update for Business
  • 135. Be more productive An experience users will love
  • 136. Easy for Windows 7 users Familiar UX, scaled across devices Increasing user productivity
  • 137.
  • 139.
  • 140. Familiar Office experience on Windows Phones, Tablets, and Desktops Built for touch and mobile Office universal apps increase phone productivity Mail and Calendar apps Present from PowerPoint Edit Word documents
  • 141.
  • 142.
  • 144. A familiar user experience that adapts to your device. Start menu Continuum Continuum for Phone Apps that can run on any Windows device. Windows Universal Apps The best productivity experience across all Windows devices. Office for Windows Modernize your web experience, stay compatible. Microsoft Edge Internet Explorer 11
  • 146.
  • 147. Touch laptops Pen 2-in-1
  • 148. Commercial devices Industry specific & ruggedized devices Purpose-built solutions
  • 149. Exceptional way to create and brainstorm with others Engaging and productive meetings Platform for amazing large screen apps Advanced technology for the modern workplace
  • 150.
  • 151. Latest Windows innovations on your existing PC fleet. Great mouse & keyboard support Hardware compatibility Granular UX Control Choose from the range of innovative Windows devices. Broad industry innovation 2-in-1 devices Surface Lumia Redefine productivity with revolutionary Windows devices. Surface Hub HoloLens
  • 152. Keeping your devices secure and up-to-date
  • 154. Consumer devices Updates installed via Windows Update as they arrive Keeping hundreds of millions of consumers up to date and secure on the Current Branch Large and diverse user base helps drive quality of the OS updates BYOD devices are up to date & secure No new functionality on Long Term Servicing Branch Regular security updates Control with WSUS Examples: Air Traffic Control, Emergency Rooms Specialized systems Update their devices after features are validated in the market Current Branch for business Business users
  • 156. Specialized systems Windows Update for Business Consumer devices Business users Integration with System Center Configuration Manager and customers’ existing tools Windows Server Update Services (WSUS) Windows Update
  • 157. *Conceptual illustration only Current Branch for BusinessCurrent Branch Microsoft Insider Preview Branch Broad Microsoft internal validation Engineering builds Customer Internal Ring I Customer Internal Ring II Customer Internal Ring III Customer Internal Ring IV Users 10’s of thousands Several Million Hundreds of millions
  • 158. Long Term Servicing Branch* Deploy for mission critical systems via WSUS Windows Insider Preview Branch Specific feature and performance feedback Application compatibility validation Ongoing engineering development Feedback and asks Stage broad deployment via WU for Business Current Branch For Business Deploy to appropriate audiences via WUB Test and prepare for broad deployment Current Branch *Enterprise or Education edition required
  • 159. Hardware based security for better malware protection. Secure Boot Enterprise credential protection via hardware-based isolation Secure corporate identity to protect against modern threats. Microsoft Passport Windows Hello Protect your corporate data, wherever the data is. Enterprise data protection Eliminate malware on your devices. Device Guard More secure per-app connection for mobile workers. Secure Remote Connection Choose management solutions that work best for you. Mobile Device Management Group Policy End of wipe and replace deployment. Dynamic provisioning In-place upgrade Corporate identity for the mobile- first, cloud-first world Azure AD Join (desktop and phone) Single sign on to apps, devices, data User state roaming Power your business with Universal Apps. Private catalog The Business Store Keep your devices secure and up to date with latest technology. Windows Update for Business A familiar user experience that adapts to your device. Start menu Continuum Continuum for Phone Apps that can run on any Windows device. Windows Universal Apps The best productivity experience across all Windows devices. Office for Windows Modernize your web experience, stay compatible. Microsoft Edge Internet Explorer 11 Latest Windows innovations on your existing PC fleet. Great mouse & keyboard support Hardware compatibility Granular UX Control Choose from the range of innovative Windows devices. Broad industry innovation 2-in-1 devices Surface Lumia Redefine productivity with revolutionary Windows devices. Surface Hub HoloLens Be more productive Protection against modern security threats Innovative devices for your business Managed for continuous innovation
  • 160. Get ready for Windows 10 Accelerate migration to IE11 Pilot Windows 10; build deployment plan Profile your systems and user groups Windows Update for Business Current Branch for Business WSUS / Long Term Servicing Branch Start adopting Windows Update for Business Test upcoming Windows Preview features Join the Windows Insider Program Give your feedback