The document provides information about Windows 10 deployment options for enterprises. It discusses the Long Term Servicing Branch (LTSB) which provides long term support for mission critical systems. It also discusses the Current Branch for Business (CBB) which allows business users to stay up to date while giving IT flexibility to deploy updates after they have been tested. The CBB gives businesses access to the latest features on an ongoing basis while allowing time for planning and testing updates.
8. Updatesinstalled through WindowsUpdate
asthey arrive
Diversity of hundreds ofmillions of consumerstaking
advantageoflatest innovation
Activelistening toa largeuser base drivesagility
and fast fixes toaddress issues
Examples: Air TrafficControl,DataCenters,
EmergencyRooms
Nonew functionality onlong termservicing branch
Security updates and fixes provided monthly
Patchesand updates delivered through WSUS
Consumer
Devices
Mission Critical
Systems
Business Users
Caught in the middle?
9. Consumer Devices
Updates are installed
as they arrive
• Updates haven't been to the broad market yet;
• You haven’t had time to plan and test
• This may be a way to embrace consumerization,
BUT….
• Is this the best solution for your users’ machines?
How should you treat your business users?
Mission Critical Systems
This is how you treat many
devices today
• It is expensive
• Your users are not getting access
to the latest features
• Your competitorsmay be getting ahead
with more advanced devices for their users
10. Treat them as the professionals they are
Update their devices after features
are validated in the market
• Your organization gets access to the latest technology
and value sooner
• You have time to plan and test the updates after they
have been released to the broad market
• You choose how you want your users’ devices
to be updated:
• Via Windows Update – validatedupdates
deliveredto professionalsystems after
a deferral period
• Via WSUS, with control over how
you deployupdates in your
environmentwithin
deferral time
11. Hundreds of millions
users
Current Branch for Consumers
Several million
users
Broad External Flights
100’s of thousands
users
Limited External
Flights
10’s of thousands
users
Broad Internal
Validation
*Conceptual illustration only
Quality&Value*
TimeEngineering
Builds
Current
Branch for
Business
Long Term
Servicing
Branch
Market Driven Product Quality
12. Consumer Experience
Security updates and fixes
are delivered regularly
Consumers are up to date with
features as they are released
*Conceptual illustration only
Quality & Value*
Time
13. Quality & Value*
Time
Business User Experience
Security updates and fixes
are delivered regularly
Consumers are up to date with
features as they are released
Business customers can delay
receiving feature updates for
a few months
*Conceptual illustration only
CurrentBranch for Business
CurrentBranch for Business
CurrentBranch for Business
CurrentBranch for Business
14. Flexible Options for Business Customers
Time
LTSB
LTSB
LTSB
……
……
……
*Conceptual illustration only
1. Long Term Servicing Branch (LTSB)
provides long term support where
mission critical systems can stay
2. Current Branch for Business (CBB) -
Option to keep business users up to
date while having flexibility to deploy
updates after they have been tested in
the broad market
CBB
CBB
CBB
CBB
CBB
CBB
15. Windows 10 Deployment Options for Enterprises
Long Term Servicing Branch
Mission–critical ready
Current Branch for Business
Up to date with the latest innovation
Update your devices frequently with latest features
• New enterprise deployment option for Windows 10
• Your devices can take advantage of the latest
innovation on an ongoing basis
• Features are released first to tech enthusiasts and
Windows Insiders and validated prior to getting
installed on your business devices
• You have several months to plan and test the updates
• You choose how you want the devices to be updated:
• Via Windows Update - reducing your
management costs
• Via WSUS using traditional mechanics
Receive security updates regularly; no new features
• Similar to what you have today with Windows 7
SP1/Windows 8.1
• Your mission critical environments are supported with
no change in functionality for duration of mainstream
and extended support (5+5 years)
• You control deployment of patches using WSUS
• You are able to use in-place upgrade to move from
one LTSB to another
18. WINDOWS
PHONE 8.1
WINDOWS8.1
WINDOWS 10
• A single store for Windows devices: PCs, tablets,
phones, etc.
• A single Windows Dev Center for developers
• Fully converged experience
• Best features from each
• New capabilities
XBOX
19.
20. Windows Store
• Windows Store apps
• Sign in with MSA
• Pay with credit card, gift card,
PayPal, Alipay, INICIS, mobile
operators
Business Store Portal “Company Portal”
• Windows Store apps
• Leverages Azure Active Directory for
administration, some scenarios
• Private store for the org’s preferred
or LOB apps
• Pay with credit card or PO/invoice
• Deploy Windows Store apps offline,
in images, and more
• Windows Store app license
management
• Sideload line-of-business apps
• Deploy apps from the Windows Store
(even when the Store UI is disabled)
as well as uploaded LOB apps
through BSP integration using MDM
22. Hardware based security for better malware protection.
Secure Boot
Enterprise credential protection via hardware-based isolation
Help secure corporate identity to protect against
modern threats.
Microsoft Passport
Windows Hello
Help protect your corporate data, wherever the data is.
Enterprise data protection
Help eliminate malware on your devices.
Device Guard
More secure per-app connection for mobile workers.
Secure Remote Connection
23. Windows 10
identity
choices
It All Start With Identity
Organization-owned
• Computer joins AD to
establish trust
• User signs on using AD
account
• Group Policy + System
Center Configuration
Manager
Personally-owned
• Computer joins Azure
AD to establish trust
• User signs on using
Azure AD account
• MDM auto enroll with
Intune or 3rd party MDM
• Settings roaming
• Computer registers with AD or Azure AD via
Device Registration to establish trust for
remote resource access
• User signs in with a Microsoft account,
associates an Azure AD account
• MDM auto enroll with Intune or 3rd party MDM
Single sign-on to enterprise + cloud-based services
25. Secure Boot
Credential Guard
Device Guard
Enterprise Data Protection
Windows Hello
Enterprise Security
26. Enterprise Data Protection
How it works
Enterprise Data Protection relies on existing OS encryption technology - EFS used for Work Folders in Windows
8.1.
Enterprise Data Protection supports both Modern and Win32 applications
Define Enterprise
Boundaries
Configure Enterprise
Data Protection
Enterprise boundaries are defined in one of two ways:
Administrator defines a set of enterprise approved applications that are allowed to access data
Network Boundaries are defines (IP ranges, Cloud locations e.g. O365) - Defines if data is coming from or going
to a defined "Enterprise" location
Administrators can configure Enterprise Data Protection in one of three ways:
Blocking - blocks data from being moved to non-Enterprise locations
Policy Override - provides a prompt, but allows users to confirm they want to copy to non-enterprise locations,
audits event
Reporting Only - no blocks/roadblocks, just audits events
31. Multiple layers of protection
Identify and authorize user
Apply device policies
Apply application policies
Apply content policies
User IT
ActiveDirectoryPremium
Rights Management
Enterprise Mobility Suite
33. 52% of information workers
across 17 countries report
using three or more devices
for work*
>80% of employees admit to
using non-approved software-
as-a-service (SaaS) applications
in their jobs***
90% of enterprises will have
two or more mobile operating
systems to support in 2017**
Mobility is the new normal
52% 90% >80%
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013
** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115
*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
35. • Conditional Access
• Data Protection
• Data Loss Prevention
• Resource Access
o Applications
o Access
o Configurations
o Certificates
Protect And Serve
Mobilt
36. Enterprise Mobility Suite + Office 365
• Common identity infrastructure
• Control access to on prem and SaaS
• Authentication and SSO
• Encryption and policy at the file level
Azure AD
Azure RMS
Identity & Access
• World class productivity and collaboration
• Consistent experience across all devices
• IT compliance and data protection
Office 365
Productivity
Intune
Device & App Management
• Mobile device management
• Mobile application management
• Contain corporate data on devices
Integrated experiences
• Conditional email access
• Secure collaboration
• Email based enrollment
• Device and user provisioning
• Single sign-on
• Device compliance
• App restriction
• Lost or stolen device
• Device wipe
• Employee leaves the company
• …and more in the works