Windows 8 Deployment Best Practices and Lessons Learned. Martin Weber Technology Solution Professional Microsoft Switzerland GmbH

Similar documents
Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

12/5/2013. work-life blur. more mobile. digital generation. multiple devices. tech. fast savvy

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Mobility has changed the way we live and work

Windows 8 Deployment

Windows 10 Pro device opportunity

Configuring Windows 10 Devices (697)

Managing and Maintaining Windows 8

Six Myths of Windows RT Revealed!

Windows in the enterprise

Windows 8 Boot Camp 6439; 5 Days, Instructor-led

GSE/Belux Enterprise Systems Security Meeting

Windows 8 and Windows RT

Upgrading Your Skills to MCSA Windows 8

MCSA Windows 10. A Success Guide to Prepare- Microsoft Configuring Windows Devices. edusum.com

Windows 10 Management Technologies: What s New. Michael Niehaus Senior Product Marketing Manager, Windows Microsoft

Microsoft Upgrading Your Skills to MCSA Windows 8

Exam /Course C or B Configuring Windows Devices

MD-100: Modern Desktop Administrator Part 1

COPYRIGHTED MATERIAL. Contents. Assessment Test

"Charting the Course... MOC D Configuring Windows 8.1 Course Summary

MCSE- Windows Server 2012

Course Outline. Implementing and Managing Windows 10 Course C: 5 days Instructor Led

Upgrading Your Skills to MCSA Windows 8.1

Phil Schwan Technical

Installing and Configuring Windows 10 5 Days, Instructor-led

Windows 7, Enterprise Desktop Support Technician

Implementing and Managing Windows 10

Computer Visions Course Outline

Mobility Windows 10 Bootcamp

Course D:Implementing and Managing Windows 100

benefits for customers with subscriptions in CSP

MCSA: Windows 10 Boot Camp

Course 20416B: Implementing Desktop Application Environments Page 1 of 7

Windows Client, Enterprise Desktop Support Technician

Installing and Configuring Windows 10

EXAM Upgrading Your Windows XP Skills to MCSA Windows 8.1. Buy Full Product.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Implementing a Desktop Infrastructure

Configuring Windows 8 Course 20687A - Five days - Instructor-led - Hands-on

COURSE OUTLINE MOC 20697: INSTALLING AND CONFIGURING WINDOWS 10

This course also serves as preparation for Exam : Upgrading Your Skills to MCSA Windows 8.

Course : Installing and Configuring Windows 10

Citrix XenMobile and Windows 10

CompTIA A+ Accelerated course for & exams

MIS NETWORK ADMINISTRATOR PROGRAM

Vendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo

MODERN DESKTOP SECURITY

Implementing and Managing Windows 10

Microsoft Windows Exam Objectives

20416B: Implementing Desktop Application Environments

Course: Windows 7 Enterprise Desktop Support Technician Boot Camp (MCITPWIN7)

Q&As. Windows Operating System Fundamentals. Pass Microsoft Exam with 100% Guarantee

Course Outline. Installing and Configuring Windows 10 Course 20698A 5 days Instructor Led

Implementing Desktop Application Environments

Supporting and Troubleshooting Windows 10 va. Overview

MD-101: Modern Desktop Administrator Part 2

Microsoft Configuring Windows 8.1

Session 6: Desktop Deployment

Various editions of Windows 7

COURSE B: INSTALLING AND CONFIGURING WINDOWS 10

MOC 20416B: Implementing Desktop Application Environments

50331 Windows Client, Enterprise Desktop Support Technician

Configuring Windows 8

Identify Windows Editions and Upgrade Paths

Windows Phone 8 Security

Windows 10 edition. Find out which. is right for you. Core features. Familar, and better than ever Home Pro Enterprise Education Mobile.

TestOut Client Pro - English 5.1.x LESSON PLAN

Managing and Maintaining Windows 8

Windows Vista and the Optimized Desktop. Danny Beck Senior Enterprise Windows Manager Microsoft Australia

Going Mobile with Windows

COURSE 20698A: INSTALLING AND CONFIGURING WINDOWS 10

TECHNOLOGY GUIDELINES FOR PARCC ASSESSMENTS VERSION 4.4 January 2015 Update

Microsoft. Microsoft. Course 20688D: Supporting Windows 8.1. Level : 200 Technology : Windows 8 Delivery Method : Instructor-led (classroom)

The secondary audience for this course can include students preparing to take exam

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

Implementing a Desktop Infrastructure

SAM Suite System Requirements & Technical Overview Version 2.4.x

이창섭부장 IoT Device Experience Microsoft. Windows 10 IoT Technical Overview

Supporting Windows Vista and Applications in the Enterprise COURSE OVERVIEW PREREQUISITES AUDIENCE OBJECTIVES COURSE OUTLINE. Course No.

PLATFORM CONVERGENCE JOURNEY

Microsoft 365 Business FAQs

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

CIS Controls Measures and Metrics for Version 7

Quo vadis? System Center Configuration Manager Full managed desktop. Mobile device management Light managed device policies, inventory,

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

IMPLEMENTING A DESKTOP INFRASTRUCTURE. Course: 20415A Duration: 5 Days; Instructor-led

Installing and Configuring Windows 10

Improve productivity with modernized PCs and Windows 10. Christopher Choong, DTM Field Marketing Manager

Deploying Windows Desktops and Enterprise Applications. Course Code: 20695D; Duration: 5 days; Instructor-led

CIS Controls Measures and Metrics for Version 7

905M 67% of the people who use a smartphone for work and 70% of people who use a tablet for work are choosing the devices themselves

Installing and Configuring Windows 10

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

What s new in System Center Configuration Manager Current Branch? Ievgen Liashov

preview.windows.com preview.windows.com

Securing Today s Mobile Workforce

Microsoft Supporting Windows 8.1

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Transcription:

Windows 8 Deployment Best Practices and Lessons Learned Martin Weber Technology Solution Professional Microsoft Switzerland GmbH

Preparation is key Application Management Create repeatable, automated processes Infrastructure Readiness Project Management Office Deployment The result: A permanent part of your infrastructure Image Engineering

Windows 8 tablets with Intel Core 64-bit processors Windows 8 tablets with Intel Atom 32-bit processors Windows RT tablets with ARM processors

Know the Choices of 1 Windows-Powered Tablets Determine Customer s Device Needs 2 Choose a Device Based on Capabilities 3 Windows 8 Tablets with Intel Core Processors Mobility Weight Battery Life CAPABILITIES Mobility CHOICE OF TABLETS Best Mobility: Windows 8 Tablets with Intel Atom processors or Windows RT Tablets Windows 8 Tablets with Intel Atom Processors Windows RT Tablets with ARM Processors Workload Casual Intensive Apps Desktop apps Windows Store apps LOB apps Remote apps Workload Apps More Intensive Workloads: Windows 8 Tablets with Intel Core processors Desktop Apps: Windows 8 Tablets with Intel Core or Intel Atom processors Dedicated LOB Apps: Windows 8 Tablets with Intel Core or Intel Atom processors or Windows RT Tablets Best Connectivity: Windows 8 Tablets with Intel Core or Intel Atom processors running Windows 8 Enterprise (DirectAccess) Connectivity Corporate Access Always On Connectivity Occasional Connectivity: Windows 8 Tablets with Intel Core or Intel Atom processors that can automatically sync files using SkyDrive or SkyDrive Pro Through VPN Connections: All Windows 8 and Windows RT* tablets Manageability Full Simple Governance Always On: Windows 8 Tablets with Intel Atom processors or Windows RT Tablets Full Manageability: Windows 8 Tablets with Intel Core or Intel Atom processors Manageability Simple Manageability: All Windows 8 or Windows RT Tablets managed by Windows Intune Governance: All Windows 8 and Windows RT Tablets with Exchange ActiveSync policies

Desktop Apps (x86/x64) and Modern Apps Compatible with broad range of peripherals Full enterprise management and rich security Running on low power ARM Processors Office pre-installed (Home & Student 2013 RT) Compatible with printers, mice, keyboards etc. Device Encryption for advanced data protection Inbox VPN client: MS, Cisco, CheckPoint, Juniper Non Domain-Joined // No Group Policies No Windows Media Player // No Media Center Security Policies by Exchange ActiveSync (EAS) Cloud Management capable by Windows Intune

on x86/x64

on ARM

Form Factor Boot Time Heat and Noise x86 or x64 Battery Life Industry Target RT Pro Win 8 AOAC* Many Many Many Many Good Okay Okay Best Fanless More More Fanless ARM x64 Both x86 UEFI Good Okay n/a Both Consumer Both Both Both Always On Always Connected (AOAC) is a new Windows 8 device type

RT Pro Win8 AOAC Domain join capable Group Policy capable Cost AOAC capable Able to run classic applications TPM DirectAccess $$$ $$$$ $$$ $$$

Group policy Roaming profiles Other options Activation Network load Disk storage User data Applications Images Helpdesk Application Management System Center Configuration Manager Windows Intune Third-party tools Coexistence Management Capacity Bring Your Own Device Wireless access Proxy configuration (WPAD) Infrastructure Readiness Project Management Office Image Engineering Deployment

Tools to help Application Compatibility Toolkit Microsoft Assessment and Planning Toolkit System Center 2012 Configuration Manager Windows Intune Categorize Critical Supported Unsupported Blocked Rationalize Perfection is impossible, focus based on risk and cost Don t test everything Choose when to be reactive instead of proactive Simplify the structured testing process Choices Shim Upgrade Replace Eliminate Infrastructure Readiness Application Management Project Management Office Deployment Image Engineering Gather inventory Prioritize your portfolio Perform testing when appropriate Remediate when needed Windows 7 applications are compatible with Windows 8

Tools to help Line-of-business sites Third-party internal sites External sites Categorize Critical Supported Unsupported Blocked Rationalize Perfection is impossible, focus based on risk and cost Don t test everything Choose when to be reactive instead of proactive Choices Fix Upgrade Replace Eliminate Application Management Simplify the structured testing process Infrastructure Readiness Project Management Office Deployment Image Engineering Gather inventory Prioritize your portfolio Perform testing when appropriate Remediate when needed Many web site compatibility issues are easy to fix

New Features LTI / ZTI / UDI Installation

Accelerates 30 customers worldwide

Banking Construction Oil and Gas Aerospace Windows to Go Work on the Road Services Offered Utilize Windows to Go as a disaster recovery tool Allow true transportable model Windows 8 Application Windows to Go Work on the Road Services Offered Touch First Applications + Device Work on the Road: Executives being effective on the road Win 8 Style Application PC Refresh, PC Reset, Secure Boot Services Offered Reduce helpdesk PC repair time Machine refreshed to resolve the issue Win 8 style application, Windows to Go, end-to-end security Services Touch-enabled interactive selling Implement changes to data integrity and stability European Insurance Retail Provider Education Hospitality Win 8 style application, VDI Services Allows sales transaction without leaving the customer s side Accelerate the deployment of VDI Number of applications 1512 Services Offered Vendor research, install and launch testing, remediation, and packaging Win 8 application, enhanced end-to-end security. Services offered Windows tablets to Students Ability to manage stable devices Protect student data Win 8 style application, enhanced end-to-end security, Windows to Go Services offered Provide an improved mobile experience to executives Allow guests to boot corporate images

Repeatable and automated Keep it simple Strive for a single image Include only what is needed for the majority, or what saves time Leverage the deployment process for per-computer customization Don t get carried away with configuration Capture new image Install operating system Install common applications Infrastructure Readiness Application Management Project Management Office Deployment Decide on security settings and runtime components early Configure OS settings and default Apply updates and patches Image Engineering

http://www.microsoft.com/en-us/download/details.aspx?id=25175

Modern Application Deployment Download public apps from Windows Store Install corporate apps (SideLoading) Through the cloud Directly on-premise Windows 8 or Windows RT devices Custom LOB Supported Windows Store app links

Windows 8 Configure AllowAllTrustedApps registry key*** Sign.appx file with trusted enterprise code signing certificate Side loading key required Client is Domain joined Windows 8 Enterprise Yes Yes** Required if client is not joined to a domain Yes Windows 8 Professional Yes Yes** Yes Does not enable sideloading* Windows RT Yes Yes** Yes Cannot be joined to a domain* Windows Server 2012 Yes Yes** Does not support sideloading key Yes * The side-loading key must be configured ** Signed using trusted code signing CA on Windows 8 clients *** HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1 Note: The Publisher Name in the app package manifest must match the Publisher Name in the certificate that is used to sign the app.

Detect sideloaded LoB App Detect (Get-AppxPackage name Contoso.SampleLOBApp).version

Install sideloaded LoB App Detect Add-AppxPackage \\fileserver\contoso\samplelobapp.appx

Remove sideloaded LoB App Detect Install/Update Get-AppxPackage -name Contoso.SampleLOBApp Remove-AppxPackage

Advanced Modern Device Management Simplified Administration Experience Administration Available user targeted apps DeepLink support In console deployment monitoring

Build Enterprise builds LoB app or gets app from ISV outside of the store Cer tif y Certify LoB app using Windows App Certification kit Sign Sign with Enterprise trusted cert Publisher name in the certificate and package must match Deploy Deploy using System Center 2012 Configuration Manager SP1

Mouse alternatives for touch gestures TOUCH MOUSE TOUCH MOUSE Point to the lower right corner of the screen. Point to the bottom of the app and use the scrollbar. Right click the app to see the app commands. Drag an app to the lower edge to close. Press the Ctrl key while moving the mouse wheel to zoom in and out. Point to an item to see more options. Click an item to perform an action.

Xperf Performance Analysis unchained, Windows Assessment Toolkit revealed http://blogs.technet.com/b/jeff_stokes/archive/2013/03/16/xperf-for-the-laymanperformance-analysis-unchained-windows-assessment-toolkit-revealed.aspx Windows Assessment and Deployment Kit (ADK) for Windows 8 http://www.microsoft.com/en-us/download/details.aspx?id=30652

Can I customize the Start screen layout? http://technet.microsoft.com/en-us/library/jj134269.aspx Can I prevent users from installing <Windows Store app>? http://companystore.codeplex.com/ Antoine.Journaux@microsoft.com

Why is the Windows Store disabled on Windows To Go? Where can I get a SideLoad Product Key? http://www.microsoft.com/licensing/servicecenter

Can I use the Mail app without a Microsoft ID? Can I programmatically install an app from the Windows Store? Why can t the Windows Store apps find my proxy server? http://support.microsoft.com/kb/2777643 http://support.microsoft.com/kb/2778122 http://windows8ready http://infopedia/docstore/pages/kcdoc.aspx?docid=191045

7 OEM Android tablets 10 OEM Android tablets Entertainment only iphone Kindle Fire Google Nexus 7 ipad Windows 8 Windows RT + Office Productivity & Fun Full productivity applications Full peripheral support Full business integration Full Security & Management + Creation

Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer (2003) 9/11 Mainly exploiting buffer overflows Script kiddies Time from patch to exploit: Several days to weeks Key Threats Zotob (2005) Attacks «moving up the stack» (Summer of Office 0-day) Rootkits Exploitation of Buffer Overflows Script Kiddies Raise of Phishing User running as Admin Key Threats Organized Crime Botnets Identity Theft Conficker (2008) Time from patch to exploit: days Key Threats Organized Crime, potential state actors Sophisticated Targeted Attacks Operation Aurora (2009) Stuxnet (2010) 1995 2001 2004 2007 2009 2012 Windows 95 - Windows XP Logon (Ctrl+Alt+Del) Access Control User Profiles Security Policy Encrypting File System (File Based) Smartcard and PKI Support Windows Update Windows XP SP2 Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Security Development Lifecycle (SDL) Auto Update on by Default Firewall on by Default Windows Security Center WPA Support Windows Vista Bitlocker Patchguard Improved ASLR and DEP Full SDL User Account Control Internet Explorer Smart Screen Filter Digital Right Management Firewall improvements Signed Device Driver Requirements TPM Support Windows Integrity Levels Secure by default configuration (Windows features and IE) Windows 7 Improved ASLR and DEP Full SDL Improved IPSec stack Managed Service Accounts Improved User Account Control Enhanced Auditing Internet Explorer Smart Screen Filter AppLocker BitLocker to Go Windows Biometric Service Windows Action Center Windows Defender Windows 8 UEFI (Secure Boot) Firmware Based TPM Trusted Boot (w/elam) Measured Boot and Remote Attestation Support Significant Improvements to ASLR and DEP AppContainer Windows Store Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) Application Reputation moved into Core OS BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support Virtual Smartcard Picture Password, PIN Dynamic Access Control Built-in Anti-Virus 55

Single admin console Devices & Platforms

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback