During this session we will look into Windows 10 for the Enterprise.
Let’s explore the new management capabilities and choices.
Let’s understand the Windows 10 deployment infrastructure and mechanisms.
Let’s discover new Windows 10 features and improvements.
You are eager to learn about Windows 10 and want to gather early-stage info about this exciting Operating System… ?
Well you know what to do! See you there!
7. GUI IMPROVEMENTS
• The Start Button
• Continuum
• Snap Assistant
• Task View
• Modern Apps in Desktop view Charms inside the Apps
• Notification Center
• Apps: Cortana, New FotoApp, Music App, Better Calendar for WP,…
• Edge Browser
• Ctrl C + V in a Command Prompt ☺
9. INTERNET EXPLORER
A REQUIRED STEPPING STONE TO WINDOWS 10
• Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016)
• Enterprise Mode, offering improved Internet Explorer 8 compatibility and document
type overrides
• Enterprise Site Discovery Toolkit, to better understand how users are browsing
10. DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all
scenarios (Refresh, Replace,
Bare Metal)
Wipe-and-Load In-Place
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Recommended for existing
devices (Windows 7/8/8.1)
11. IN-PLACE
NEW COMMAND LINE OPTIONS FOR SETUP.EXE /auto upgrade
• Regain control after success or failure using /postoobe and /postrollback switches
• Control driver migration operations using /migratealldrivers and /installdrivers
• Copy log files to a location of your choise using /copylogs (Default: “C:$Windows.~BTSourcesPanther”)
ENABLING UPGRADE FROM WINDOWS 7 VIA WINDOWS UPDATE
• WindowsTechnicalPreview.exe (a.k.a. KB2990214) enables installation via Windows Update on Windows 7
• Removing KB2990214 will remove the option
• KB3035583 (Optional KB – tooltip “reserve upgrade”)
USE CONFIGMGR TO HAVE MAX CONTROL
WSUS NOT SUPPORTED (YET)
NOT FOR ALL SCENARIOS
12. UPGRADE PROCESS
System Check
Inventory Apps
Inventory Drivers
Assess Compatibility
Prepare WinRe
Lay down previous OS
Install new OS
Prepare new OS
Specialize the machine
Migrate drivers
Migrate Apps
More migration tasks
Finalize installation
Welcome the user back
13.
14. TOOLING SUPPORT
CM12 and R2 will support full Windows 10 thru a Service Pack
CM vNext will have full Windows 10 Support OoB
CM07 will support certain Windows 10 features
MDT2013 will support Windows 10 thru update (Preview today – Only LTI)
http://blogs.technet.com/b/configmgrteam/archive/2014/09/30/windows-10-enterprise-management-with-sc-
configmgr-and-intune.aspx
15. DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all
scenarios (Refresh, Replace,
Bare Metal)
Wipe-and-Load In-Place Provisioning
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Recommended for existing
devices (Windows 7/8/8.1)
Configure new devices
• Transform into an
Enterprise device
• Remove extra items, add
organizational apps and
config
New capability for new
devices
18. IDENTITY CHOICES
ORGANIZATIONOWNED(CYOD)
PERSONALLYOWNED(BYOD)
• Computer joins AD to
establish trust
• User signs on using AD
account
• Group Policy + System
Center
• Computer registers with AD or AAD via Device
Registration to establish trust for remote
resource access
• User signs in with a Microsoft account,
associates an AAD account
• Intune/MDM
• Computer joins AAD to
establish trust
• User signs on using
AAD account
• Intune/MDM
• Settings roaming
20. CLOUD JOIN OOBE
Windows Pro is typically purchased for work machines, so we made a guess – but now’s the
time to correct us.
Looks like your company owns this PC – Did we get that right?
NextBack
Help me choose
21. MOBILE DEVICE MGMT
• Provisioning
• Bulk enrollment
• Simple bootstrap
• Converged protocol
• Azure AD Integration
• Greatly extended set of policies
(Parity with Windows Phone 8.1)
• Context based policies
• Client certificates – Direct install
(PFX)
• Enterprise Wi-Fi
• VPN management
• Email provisioning
• MDM Push when user not
logged in
• Device Update control
• Kiosk Mode, Start screen / Start
menu configuration and control
• Curated Windows Store
• Business Store Portal app
deployment; License reclaim/re-
use
• Enterprise App management
• Simplified LOB app management
• Win32 app management
• App inventory (MDM/store apps)
• App allow/deny lists through
Applocker
• Enterprise data protection
• Full device wipe
• Remote Lock, PIN reset,
Ring, Find
• Enhanced inventory for
compliance decisions
• Un-enrollment in two
phases & alerts
• Removal of Enterprise
configuration (apps, certs,
profiles, policies) and
Enterprise encrypted data
(with EDP)
• Additional device inventory
23. MDM Architecture
New capabilities exposed
using Configuration Service
Provider (CSP) model
WMI Bridge gives access to
new CSPs
Rootcimv2mdm
MDM_*
CSP CSP / WMI
Wrapper
Common component Desktop component
MDM Client EAS Client
CSP CSP CSP CSP
WMI Bridge
PowerShell
Scripts
ConfigMgr
Settings Mgmt
Configuration component
24. ONE WINDOWS STORE
WINDOWS
PHONE 8.1
WINDOWS 8.1
WINDOWS
10
• Converged developer portal for Windows
and Windows Phone
• Separate user and developer capabilities
• Fully converged experience
• Best features from each
• New capabilities
XBOX
25. STORE OF TOMORROW
CONSUMER WINDOWS
STORE
• Modern apps
• Sign in with MSA
• Pay with credit card, gift card, PayPal,
Alipay, INICIS, mobile operators (Phone)
BUSINESS STORE
• Modern apps
• Organization Store for the org’s preferred
or LOB apps
• Sign in with MSA to acquire public apps;
sign in with AAD to acquire org apps
• Pay with credit card or PO/invoice
• Deploy modern apps offline, in images,
and more
ENTERPRISE APP STORE
• Sideload line-of-business modern apps
• Deploy apps from the Windows Store
(even when the Store UI is disabled)
27. SECURITY
Multi Factor Authentication
• Azure MFA
Secure Token Protection
• Hard Container (leverage Hyper-v)
Next Generation Credentials (alternatives for passwords)
• PIN
• Key Pair wih a phone, USB dongle,…
• BIO gestures (like face, Iris, fingerprint) -> “Windows Hello”
https://www.youtube.com/watch?v=1AsoSnOmhvU
Information
Protection
Secure
Identities
Threat
Resistance
28. SECURITY
Device Protection
• BitLocker
Data Protection
• (Azure) RMS
• Conditional Access
Accidental Data Leakage
• Corporate Personal Data
• Managed Applications
• SOFT or HARD Block Options
• Remote Wipe
Information
Protection
Secure
Identities
Threat
Resistance
29. SECURITY
Malware Prevention (Device Guard)
• Store Apps
• Signing Service
Pre-Booth Authentication
• Secure boot
• Trusted boot
• Measured boot
Information
Protection
Secure
Identities
Threat
Resistance
30. MISCELLANEOUS (1)
KMS
• New KMS and MAK keys for Windows 10
• Updates for existing KMS computers to support new products and keys
GROUP POLICIES (new ADMX files)
• Start Screen & Start Menu Settings
• Edge Browser Settings
• Universal App Management
NEW WMI CLASSES
• Win32_InstalledProgram +Usage +File +Framework
• Win32_DeviceContainer, Win32_InstalledDevice +HardwareID
31. MISCELLANEOUS (2)
Active Directory Changes
• Microsoft Passport
• Enterprise Data Protection
Windows 10 versions
• Home, Mobile, Pro (Upgrade for free the first year)
• Enterprise, Education, Mobile Enterprise
Windows Updates for Business (WUFB)
• Based on Telemetry
• Will not replace WSUS or ConfigMgr
• Hope to move customers to WUFB to improve the Windows Experience
32. THE END
Windows 10 will “probably” be the best OS Microsoft has ever released
Best of All Worlds
One Windows
You can still have impact by joining the Insider Program!
• Enterprise forums through TechNet
https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014
• Community discussions through Answers
http://answers.microsoft.com/en-us/windows/forum/windows_tp
• Windows Feature Suggestions
https://windows.uservoice.com
33. And win a Lumia 635
Feedback form will be sent to you by email
Give me feedback
35. Join the lunch sessions and
WIN NICE PRICES
Room Company Session
4 Go Hybrid with Azure Web Apps, by Tom Van Gramberen - Solutions Architect
Running dynamic websites? Always wanted to enjoy the scalability of Azure Web
Apps? But never could because you need to keep your data in a certain location? Now
with Azure Web App and Azure VNet everybody can overcome the hurdle of keeping
data "on-premise". Join us in this technical session where we will explore the basics of
Azure Web Apps and Virtual Networks. Learn about some possibilities to extend an
Azure VNet to your on-premise environment and how to integrate an Azure Web App
into the connection. In this demo packed session you will learn the specific network
requirements and network routing to make it all work together.
5 To the Cloud and Back – a Journey of Choices, by Paul van der Lingen, Consulting
Systems Engineer
The cloud is today the most compelling new technology, but as with all things new
and shiny, how do we make the most of it - leveraging all the good but deftly side-
stepping the bad. The key is choice and consistency. We believe customer data
remains at the heart of the new technology and in this session we’ll show how
transparent but consistent data movement and protection remain the most
important aspects of a complete cloud strategy.
6 Lost in translation - How Azure Networkingis different, by Joeri Van Hoof, Consulting
Sales Engineer
As one of the major cloud providers Microsoft Azure has a big adoption rate in a lot of
businesses around the world. Customers are moving parts of their infrastructure from
their own datacenter(s) to the Azure Cloud. Developers, system engineers, network
engineers and security staff are all effected by this change. On premise network
engineers have been building secure networks for years. Obviously they want to
extend and reuse this knowledge in the cloud. They are talking about network
firewalls, network segmentation, vlan’s. However in the Azure cloud this is slightly
different and some of the trusted mechanisms are unavailable. In this talk we go in-
depth on the various Azure networking options and how establish secure connectivity
between Azure and various on-premise locations
8 Effectively manage and resolve major IT incidents. A 24/7 solution in the palm of your
hand, by Matthes Derdack, CEO
Being on call is difficult enough. 24/7 IT operations require 24/7responsiveness. You
need to respond ASAP regardless of your week-end plans. Wouldn't it be great if you
could do whatever you wanted from wherever you are? Derdack now brings you an
innovative & intelligent companion that introduces a new level of on-call incident
handling. Your IT users will enjoy shorter down times and your team better KPIs. Our
Enterprise Alert mobile app comes with everything you need: reliably receive alerts
on the go, incident details and history analysis, collaborate with peers, inform users
on incident impacts, remote runbook execution & more. Join us on a journey through
your on-call day and enjoy an interactive, real-time and mobile experience.
10 Migration Center, Migrate Workloads as a service, by Anne-Elisabeth CAILLOT, Senior
Pre-Sales engineer
Double-Take Cloud Migration Center provides a self-service portal for customers and
partners who need the flexibility to move between virtualization and cloud
technologies. Five click migrations are now possible with the simplified workflow in
the Cloud Migration Center.