Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

Similar documents
PLATFORM CONVERGENCE JOURNEY

Windows 10 prvi dve leti. Slavko Kukrika, MVP in prijazen fant

Quo vadis? System Center Configuration Manager Full managed desktop. Mobile device management Light managed device policies, inventory,

Phil Schwan Technical

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

MD-101: Modern Desktop Administrator Part 2

Windows 10 Azure AD / EMS

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Office 365: Modern Workplace

Mobility Windows 10 Bootcamp

Configuring Windows 10 Devices (697)

Mastering the Move to Modern Management using ConfigMgr

COURSE OUTLINE: B Deploying and Managing Windows 10 Using Enterprise Services. Course Name. Course Duration Course Structure Course Overview

Deployment Genval November 2018

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

How Windows 10 marks the end of Roaming Profiles

Use EMS to protect your mobile data and mobile app

Deploying and Managing Windows 10 Using Enterprise Services

Windows 10. scalable IT services & solutions. October 25, Bruce Ward, VP of Business Strategy. Dan Sharp, Senior Consultant

Managing and Maintaining Windows 8

for Education Jason Trump Senior Education Specialist - Devices

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Exam /Course C or B Configuring Windows Devices

Six steps to control the uncontrollable

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

ForeScout Extended Module for VMware AirWatch MDM

Deploying and Managing Windows 10 Using Enterprise Services

C: Deploying and Managing Windows 10 Using Enterprise Services. Duration: 5 days; Instructor-led

Deploying Windows 10

Course Outline. Deploying and Managing Windows 10 Using Enterprise Services Course B: 5 days Instructor Led

COURSE B: DEPLOYING AND MANAGING WINDOWS 10 USING ENTERPRISE SERVICES

Microsoft Deploying and Managing Windows 10 Using Enterprise Services

Windows 10. Tech Note. Open the Window to Endless Possibilities. Windows for the Enterprise. Universal App Experience

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Duration Level Technology Delivery Method Training Credits. System Center Configuration Manager

: A: Deploying and Managing Windows 10 Using Enterprise Services

Deploying and Managing Windows 10 Using Enterprise Services

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Desktop features placemat

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

At Course Completion After completing this course, students will be able to:

Deploying and Managing Windows 10 Using Enterprise Services ( )

NE Administering System Center Configuration Manager and Intune

SECURE, CENTRALIZED, SIMPLE

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Microsoft IT deploys Work Folders as an enterprise client data management solution

Today s focus Microsoft 365 powered devices

Adnan Cloud Solutions Architect. SAFFA living in Netherlands, work globally. Microsoft Trainer +25y (xrl MSLearning)

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Windows 8/RT Features Matrix

"Charting the Course... MOC C: Deploying and Managing Windows 10 Using Enterprise Services. Course Summary

9 Years in Consulting. Broad experience in Microsoft Infrastructure solutions. Specialised in Windows 10 & Surface familly

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Modern Management of Windows - Intune & Autopilot

Tech Dive: Microsoft Azure Identity Management and Office 365

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

Managing Windows 8.1 Devices with XenMobile

Microsoft. MS-101 EXAM Microsoft 365 Mobility and Security. m/ Product: Demo File

VMware Workspace ONE UEM Integration with Apple School Manager

Kolding June 12, 2018

Mobile device management at Microsoft

Windows 8 and Windows RT

Beta Material. This is subject to change

이창섭부장 IoT Device Experience Microsoft. Windows 10 IoT Technical Overview

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Administering System Center Configuration Manager

ForeScout Extended Module for MobileIron

VMware AirWatch Symbian Platform Guide Deploying and managing Symbian devices

33% 18% 66% President Convergent Computing

Hybrid Identity de paraplu in de cloud

Administering System Center Configuration Manager

70-697: Configuring Windows Devices Course 7 Managing Apps

Administering System Center Configuration Manager

Course A: Administering System Center Configuration Manager

CounterACT Afaria MDM Plugin

ASSURANCE CONTINUITY MAINTENANCE REPORT FOR. Microsoft Windows 10 IPsec VPN Client (VPNPP14)

Windows Phone 8 Security

BDPA Conference Windows 10

MOC 20416B: Implementing Desktop Application Environments

B Deploying and Managing Windows 10 Using Enterprise Services. Course Content. Course ID#: W Hours: 35. Course Description:

AirWatch Mobile Device Management

Securing Office 365 with MobileIron

VMware AirWatch: Directory and Certificate Authority

Windows 10 listening tour. What is REALLY on the minds of our customers?

Apple OS Deployment Guide for the Enterprise

Microsoft Administering System Center Configuration Manager

Exam

A: Administering System Center Configuration Manager

Upgrading Your Skills to MCSA Windows 8

What s new in System Center Configuration Manager Current Branch? Ievgen Liashov

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

Exam /Course C or B Configuring Windows Devices

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

: 20696C: Administering System Center Configuration Manager and Intune

Microsoft Administering System Center Configuration Manager and Intune

Comprehensive cloud platform. Cost savings and increased efficiencies. Support for a modern work style

McAfee MVISION Mobile AirWatch Integration Guide

Transcription:

Windows 10 Management Technologies: What s New Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

Business needs are evolving. Windows 10 offers to meet those needs.

MANAGEMENT CHOICES BASIC LIGHTWEIGHT FULL CONTROL Exchange ActiveSync Active Directory and/or Azure Active Directory Mobile Device Management Active Directory Group Policy System Center BYOD (personal) devices E-mail access only Company-owned and BYOD devices Internet-facing or corporate network Company-owned devices Corporate network

WINDOWS MANAGEMENT FEATURES PRODUCTS System Center Configuration Manager Microsoft Desktop Optimization Pack (MDOP) WINDOWS SERVER Active Directory Group Policy Windows Server Update Services (WSUS) CLOUD SERVICES Azure Active Directory Azure RMS Microsoft Intune Windows Store WINDOWS CLIENT Windows Management Instrumentation (WMI) Windows Remote Management (WinRM) Windows Update Group Policy Client Mobile Device Management (MDM) Agent PowerShell AppLocker

WINDOWS MANAGEMENT CHOICES AVAILABLE CHOICES IDENTITY DEVICE MANAGEMENT WINDOWS STORE INFRASTRUCTURE OWNERSHIP Active Directory; Azure Active Directory Group Policy, ConfigMgr, 3rd party PC management; Intune, 3rd party MDM Unrestricted; Curated Organization Store; Managed (MDM, ConfigMgr, etc.) On-premises or in the cloud Corporate-owned, CYOD; BYOD Organizations may mix and match, depending on their specific scenario

IDENTITY CHOICES Active Directory provides key business identity and security capabilities Azure Active Directory takes this to the cloud Both work together Windows 10 fully leverages both

WINDOWS 10 IDENTITY CHOICES ORGANIZATION OWNED PERSONALLY OWNED (BYOD) Computer joins AD to establish trust User signs on using AD account Group Policy + System Center Computer joins AAD to establish trust User signs on using AAD account Intune/MDM Settings roaming Computer registers with AD or AAD via Device Registration to establish trust for remote resource access User signs in with a Microsoft account, associates an AAD account Intune/MDM

AZURE ACTIVE DIRECTORY Windows Store Create an Azure Active Directory tenant for your business Set up synchronization between Active Directory and Azure Active Directory (with ADFS or Password Sync, limited account details) Enable single sign-on with cloudbased services, including the Windows Store Enable roaming of app settings and data between devices

Demo Azure Active Directory walkthrough

MANAGEMENT CHOICES Works with existing infrastructure Advanced and simple MDM support Consistent across PC/mobile Intune and 3rd party solutions

WINDOWS 10 WORKS WITH EXISTING INFRASTRUCTURE PRODUCT System Center 2012 R2 Configuration Manager System Center 2012 Configuration Manager System Center Configuration Manager 2007 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 Microsoft Deployment Toolkit 2013 SUPPORTS WINDOWS 10 MANAGEMENT SUPPORTS WINDOWS 10 DEPLOYMENT Updates will be required. New OS features may require newer versions for full support.

MOBILE DEVICE MANAGEMENT Significant investments in added functionality for both mobile and desktop devices Fully managed corporate device Device Lockdown BYOD: simple security settings Phone Desktop Phone Desktop Windows 8.1 Windows 10

MDM IN WINDOWS 10 Un-enrollment in two phases & alerts Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration Full device wipe Remote Lock, PIN reset, Ring, Find Enhanced inventory for compliance decisions Curated Windows Store Business Store Portal app deployment; License reclaim/reuse Enterprise App management Simplified LOB app management Win32 app management App inventory (MDM/store apps) App allow/deny lists through Applocker Enterprise data protection Additional device inventory Greatly extended set of policies (Parity with Windows Phone 8.1) Context based policies Client certificates Direct install (PFX) Enterprise Wi-Fi VPN management Email provisioning MDM Push when user not logged in Device Update control Kiosk Mode, Start screen / Start menu configuration and control

Demo MDM Enrollment

MDM ARCHITECTURE PowerShell Scripts ConfigMgr Desired Config Converged MDM client across PC and mobile bridge MDM Client WMI Bridge EAS Client CSP Configuration Manager component CSP CSP CSP CSP CSP / WMI Wrapper Backward compatibility with existing MDM servers New capabilities exposed using Configuration Service Provider (CSP) model WMI Bridge gives access to new CSPs Common component Desktop component

Demo WMI Bridge

DEVICE MANAGEMENT VISION A single pane of glass for managing all of your devices Single admin console

GROUP POLICY NEW IN WINDOWS 10 NEW FROM WINDOWS 7 New policies to support Windows 10 features: Start screen and start menu management Project Spartan settings Next-Generation Credential PIN settings Universal app management Capabilities from Windows 8.1: Policy caching IPv6 support for printers, VPN, targeting Capabilities from Windows 8: Sign-in optimization for DirectAccess clients Better use of larger registry policies (registry.pol) Remote group policy refresh (GPUpdate) More efficient background processing

MICROSOFT DESKTOP OPTIMIZATION PACK (MDOP) Full support for Windows 10 at general availability, with updates for: App-V UE-V MBAM DaRT AGPM

AN APP STORE THAT S OPEN FOR BUSINESS Volume purchasing Flexible distribution License reclaim/re-use Your company store

TODAY WINDOWS STORE ENTERPRISE APP STORE Modern apps Sign in with MSA Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) MDM-driven Sideload line-of-business modern apps Link to apps in the Windows Store

ONE WINDOWS STORE Convergence WINDOWS 8.1 WINDOWS PHONE 8.1 WINDOWS 10 XBOX Converged developer portal for Windows and Windows Phone Separate user and developer capabilities Fully converged experience Best features from each New capabilities

ONE BIG STORE WITH EVERYTHING WITH WINDOWS 10, WE PROVIDE A SINGLE STORE TO SELL APPS AND OTHER DIGITAL GOODS, SUPPORTING MORE PAYMENT INSTRUMENTS THAN ANY OTHER APP STORE. COMMON, SAFE AND CONVENIENT WAYS TO PAY CURATED ORGANIZATION STORE TAILORED APP RECOMMENDATIONS SUPPORT FOR DIGITAL GOODS (Apps, Games, Music, Movies, etc.)

TOMORROW WINDOWS STORE WINDOWS STORE + BSP ENTERPRISE APP STORE Modern apps Sign in with MSA Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) Modern apps Organization Store for the org s preferred or LOB apps Sign in with MSA to acquire public apps; sign in with AAD to acquire org apps Pay with credit card or PO/invoice B2B purchasing and distribution Deploy modern apps offline, in images, and more Modern app license management Sideload line-of-business modern apps Deploy apps from the Windows Store (even when the Store UI is disabled) through BSP integration using MDM

SCENARIOS FOR ANY NEED FLEXIBLE APP DEPLOYMENT Online, offline, or included in images Through the store, via MDM, or using System Center LOB and B2B apps can be kept private SUPPORT FOR ANY ORGANIZATION Teacher and classroom Small businesses and other organizations Large enterprises SIMPLIFY VIA CONVERGENCE One store, one volume purchase program Universal apps across all device types Simplified sideloading processes

WORKING WITH STORE APPS BSP SCENARIOS ONLINE Requires the use of Azure AD accounts Installation files managed and deployed by the Windows Store Licenses tracked by the Windows Store Updates installed via Windows Update / WSUS OFFLINE No dependency on Azure AD (or any other identities) Installation files are downloaded and deployed using org s infrastructure No license tracking Updates installed via Windows Update / WSUS

SCENARIOS ORGANIZATION STORE (HOSTED) IT ADMINISTRATOR SIGN IN TO BUSINESS STORE PORTAL Using AAD account APPS ACQUIRED Free apps Purchased using a PO or invoice ORGANIZATION STORE CREATED Desired apps added NOTES Cloud-based No on-prem infrastructure requirements No MDM service required Apps automatically updated from the Windows Store END USER Can include LOB apps LOG INTO WINDOWS Using AD or AAD account ACCESS WINDOWS STORE Sees Organization Store and public categories INSTALL APPS Selected from the Private Store using AAD, or public categories using MSA

SCENARIOS MOBILE DEVICE MANAGEMENT IT ADMINISTRATOR SIGN IN TO BUSINESS STORE PORTAL Using AAD account APPS ACQUIRED Free apps Purchased using a PO or invoice APPS ADDED TO MDM SERVICE Link to the app in the BSP NOTES Cloud-based or on-prem (depending on the MDM service used) Apps automatically updated from the Windows Store The Windows Store can be disabled if desired END USER LOG INTO WINDOWS Using AD or AAD account LAUNCH ENTERPRISE APP STORE (MDM) Sees available app INSTALL APPS Selected from the MDMprovided list Installed by the Windows Store, as directed by the MDM service

SCENARIOS IMAGING IT ADMINISTRATOR SIGN IN TO BUSINESS STORE PORTAL Using AAD account APPS ACQUIRED Free apps Purchased using a PO or invoice DOWNLOAD APP INSTALLATION FILES Save locally ADD APPS TO ENTERPRISE IMAGE Provisioned for all users NOTES Apps available to every user when they log in Apps automatically updated from the Windows Store The Windows Store can be disabled if desired END USER License tracking needs to be done by the customer LOG INTO WINDOWS Using AD or AAD account APPS INSTALL AUTOMATICALLY Per user installs from provisioned app

SCENARIOS ENTERPRISE APP STORE USING SYSTEM CENTER CONFIGURATION MANAGER IT ADMINISTRATOR SIGN IN TO BUSINESS STORE PORTAL Using AAD account END USER APPS ACQUIRED Free apps Purchased using a PO or invoice DOWNLOAD APP INSTALLATION FILES Save files locally ADD APPS TO CONFIGMGR Available for installation (pull), or required (push) NOTES Per-user app installation Apps automatically updated from the Windows Store The Windows Store can be disabled if desired License tracking needs to be done by the customer LOG INTO WINDOWS Using AD or AAD account LAUNCH COMPANY PORTAL Shows all available apps added by IT administrator INSTALL APPS Installed by ConfigMgr

SCENARIOS LICENSE MANAGEMENT IT ADMINISTRATOR SIGN IN TO BUSINESS STORE PORTAL Using AAD account VIEW ASSIGNED LICENSES For any BSP app (LOB, free, paid) REVOKE LICENSE Available for reuse NOTES Devices periodically check to see if licenses are still valid END USER LOG INTO WINDOWS LAUNCH APP Using any account Informed that license is no longer available

KEY STORE INVESTMENTS BUSINESS STORE PORTAL Allows orgs to acquire apps, manage licenses, download app files Pay using additional methods, including purchase orders, invoices, and Enterprise Agreement (EA) and other volume license (VL) programs ORGANIZATION STORE Fully curated list of apps from within the Windows Store Can include public apps as well as ISV and Line-of-Business apps FULL MANAGEMENT SUPPORT Mobile device management (MDM) control (using services such as Intune) Control for agent-based management solutions (such as System Center Configuration Manager) Application update approval

Session Evaluation http://aka.ms/wcp362

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback