BSM M/W10 MVP – Cloud & Server Installation and Servicing
•
2 j'aime•713 vues
The document provides information about Windows 10 deployment options for enterprises. It discusses the Long Term Servicing Branch (LTSB) which provides long term support for mission critical systems. It also discusses the Current Branch for Business (CBB) which allows business users to stay up to date while giving IT flexibility to deploy updates after they have been tested. The CBB gives businesses access to the latest features on an ongoing basis while allowing time for planning and testing updates.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à BSM M/W10 MVP – Cloud & Server Installation and Servicing
Similaire à BSM M/W10 MVP – Cloud & Server Installation and Servicing (20)
Plus de Olav Tvedt
Plus de Olav Tvedt (20)
Dernier
Dernier (20)
BSM M/W10 MVP – Cloud & Server Installation and Servicing
- 1. BSM M/W10 Olav Tvedt Chief Consultant MVP – Cloud & Server Installation and Servicing @olavtwitt olavtvedt.blogspot.com www.evry.no/windows10
- 3. 3 NÅ
- 8. Updatesinstalled through WindowsUpdate asthey arrive Diversity of hundreds ofmillions of consumerstaking advantageoflatest innovation Activelistening toa largeuser base drivesagility and fast fixes toaddress issues Examples: Air TrafficControl,DataCenters, EmergencyRooms Nonew functionality onlong termservicing branch Security updates and fixes provided monthly Patchesand updates delivered through WSUS Consumer Devices Mission Critical Systems Business Users Caught in the middle?
- 9. Consumer Devices Updates are installed as they arrive • Updates haven't been to the broad market yet; • You haven’t had time to plan and test • This may be a way to embrace consumerization, BUT…. • Is this the best solution for your users’ machines? How should you treat your business users? Mission Critical Systems This is how you treat many devices today • It is expensive • Your users are not getting access to the latest features • Your competitorsmay be getting ahead with more advanced devices for their users
- 10. Treat them as the professionals they are Update their devices after features are validated in the market • Your organization gets access to the latest technology and value sooner • You have time to plan and test the updates after they have been released to the broad market • You choose how you want your users’ devices to be updated: • Via Windows Update – validatedupdates deliveredto professionalsystems after a deferral period • Via WSUS, with control over how you deployupdates in your environmentwithin deferral time
- 11. Hundreds of millions users Current Branch for Consumers Several million users Broad External Flights 100’s of thousands users Limited External Flights 10’s of thousands users Broad Internal Validation *Conceptual illustration only Quality&Value* TimeEngineering Builds Current Branch for Business Long Term Servicing Branch Market Driven Product Quality
- 12. Consumer Experience Security updates and fixes are delivered regularly Consumers are up to date with features as they are released *Conceptual illustration only Quality & Value* Time
- 13. Quality & Value* Time Business User Experience Security updates and fixes are delivered regularly Consumers are up to date with features as they are released Business customers can delay receiving feature updates for a few months *Conceptual illustration only CurrentBranch for Business CurrentBranch for Business CurrentBranch for Business CurrentBranch for Business
- 14. Flexible Options for Business Customers Time LTSB LTSB LTSB …… …… …… *Conceptual illustration only 1. Long Term Servicing Branch (LTSB) provides long term support where mission critical systems can stay 2. Current Branch for Business (CBB) - Option to keep business users up to date while having flexibility to deploy updates after they have been tested in the broad market CBB CBB CBB CBB CBB CBB
- 15. Windows 10 Deployment Options for Enterprises Long Term Servicing Branch Mission–critical ready Current Branch for Business Up to date with the latest innovation Update your devices frequently with latest features • New enterprise deployment option for Windows 10 • Your devices can take advantage of the latest innovation on an ongoing basis • Features are released first to tech enthusiasts and Windows Insiders and validated prior to getting installed on your business devices • You have several months to plan and test the updates • You choose how you want the devices to be updated: • Via Windows Update - reducing your management costs • Via WSUS using traditional mechanics Receive security updates regularly; no new features • Similar to what you have today with Windows 7 SP1/Windows 8.1 • Your mission critical environments are supported with no change in functionality for duration of mainstream and extended support (5+5 years) • You control deployment of patches using WSUS • You are able to use in-place upgrade to move from one LTSB to another
- 16. Long Term Servicing Branch
- 18. WINDOWS PHONE 8.1 WINDOWS8.1 WINDOWS 10 • A single store for Windows devices: PCs, tablets, phones, etc. • A single Windows Dev Center for developers • Fully converged experience • Best features from each • New capabilities XBOX
- 20. Windows Store • Windows Store apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators Business Store Portal “Company Portal” • Windows Store apps • Leverages Azure Active Directory for administration, some scenarios • Private store for the org’s preferred or LOB apps • Pay with credit card or PO/invoice • Deploy Windows Store apps offline, in images, and more • Windows Store app license management • Sideload line-of-business apps • Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through BSP integration using MDM
- 21. Sikkert 2 1
- 22. Hardware based security for better malware protection. Secure Boot Enterprise credential protection via hardware-based isolation Help secure corporate identity to protect against modern threats. Microsoft Passport Windows Hello Help protect your corporate data, wherever the data is. Enterprise data protection Help eliminate malware on your devices. Device Guard More secure per-app connection for mobile workers. Secure Remote Connection
- 23. Windows 10 identity choices It All Start With Identity Organization-owned • Computer joins AD to establish trust • User signs on using AD account • Group Policy + System Center Configuration Manager Personally-owned • Computer joins Azure AD to establish trust • User signs on using Azure AD account • MDM auto enroll with Intune or 3rd party MDM • Settings roaming • Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access • User signs in with a Microsoft account, associates an Azure AD account • MDM auto enroll with Intune or 3rd party MDM Single sign-on to enterprise + cloud-based services
- 24. Second Factor
- 25. Secure Boot Credential Guard Device Guard Enterprise Data Protection Windows Hello Enterprise Security
- 26. Enterprise Data Protection How it works Enterprise Data Protection relies on existing OS encryption technology - EFS used for Work Folders in Windows 8.1. Enterprise Data Protection supports both Modern and Win32 applications Define Enterprise Boundaries Configure Enterprise Data Protection Enterprise boundaries are defined in one of two ways: Administrator defines a set of enterprise approved applications that are allowed to access data Network Boundaries are defines (IP ranges, Cloud locations e.g. O365) - Defines if data is coming from or going to a defined "Enterprise" location Administrators can configure Enterprise Data Protection in one of three ways: Blocking - blocks data from being moved to non-Enterprise locations Policy Override - provides a prompt, but allows users to confirm they want to copy to non-enterprise locations, audits event Reporting Only - no blocks/roadblocks, just audits events
- 27. Microsoft Passport A world without passwords
- 29. Hallo – vNext
- 30. Key Component In Modern Security! UEFI
- 31. Multiple layers of protection Identify and authorize user Apply device policies Apply application policies Apply content policies User IT ActiveDirectoryPremium Rights Management Enterprise Mobility Suite
- 32. Mobilt 3 2
- 33. 52% of information workers across 17 countries report using three or more devices for work* >80% of employees admit to using non-approved software- as-a-service (SaaS) applications in their jobs*** 90% of enterprises will have two or more mobile operating systems to support in 2017** Mobility is the new normal 52% 90% >80% * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115 *** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
- 34. Mobilt
- 35. • Conditional Access • Data Protection • Data Loss Prevention • Resource Access o Applications o Access o Configurations o Certificates Protect And Serve Mobilt
- 36. Enterprise Mobility Suite + Office 365 • Common identity infrastructure • Control access to on prem and SaaS • Authentication and SSO • Encryption and policy at the file level Azure AD Azure RMS Identity & Access • World class productivity and collaboration • Consistent experience across all devices • IT compliance and data protection Office 365 Productivity Intune Device & App Management • Mobile device management • Mobile application management • Contain corporate data on devices Integrated experiences • Conditional email access • Secure collaboration • Email based enrollment • Device and user provisioning • Single sign-on • Device compliance • App restriction • Lost or stolen device • Device wipe • Employee leaves the company • …and more in the works
- 37. InTune