A tale of Modern Management Part 1
Speaker introduction @JankeSkanke @okieselb jan.ketil.skanke@cloudway.no oliver.kieselbach@glueckkanja.com Principal Cloud Architect - CloudWay Lead Cloud Architect Glück & Kanja Consulting AG
The Cloud is Coming A tale of Modern Management Part 1
Where do you want to be? vs
Get Current Get to Windows 10 Get to a Modern version of Office Get started on Modern Management
STAY CURRENT U P D A T E A G I L E U P D A T E C Y C L E U P D A T E Being up to date is the foundation of modern IT 2 U P D AT E S P E R Y E A R
STAY CURRENT 2018 2019 2020 Windows 10 1709 Office 365 ProPlus 1708 Windows 10 1803 Aligned with Office For simpler deployment planning Office 365 ProPlus 1802 Windows 10 1809 Office 365 ProPlus 1808
Windows as a service Internal Deployment rings Plan and Prepare Targeted Pilot Validation Deployment Decision Deploy and Use IT/Developer IT Selfhost Pilot All Users
Example: Office Support O365 ProPlus will not be supported on Windows 10 Semi-Annual Channel (SAC) versions that are no longer being serviced. Effective January 14, 2020, O365 ProPlus will no longer be supported on the following versions of Windows. This will ensure that both Office and Windows receive regular, coordinated updates to provide the most secure environment with the latest capabilities. Any Windows 10 LTSC release Windows Server 2016 and older Windows 8.1 and older Office 2019 apps will be supported on: Any supported Windows 10 SAC release Windows 10 Enterprise LTSC 2018 The next LTSC release of Windows Server
Traditional IT Modern IT Single Device Business Owned Corporate Network & Legacy Apps Manual Reactive High-touch Multiple Devices User and Business Owned Cloud Managed & SaaS Apps Automated Proactive Self-Service
Intune OEM Image Windows Update for Business Traditional Modern Corpnet Connection Advanced Threat Protection (ATP) Any Internet Connection Azure Active Directory (AAD) Microsoft Store for Business
CHALLENGES WHEN MOVING TO MODERN MANAGEMENT The monolithic Partner and home Feature gaps Windows 7 "One Day" problem grown solutions
Components in Modern IT Identity Multifactor Auth Conditional Access Information Protection Application Access Threat protection
Securing the Identity is Crucial 7.100.000 300.000 5000 82 1% 9% 3% 5% 7% 72% 18% 69% 16%
Step 1 Securing the Identity / Access Multifactor Authentication Hybrid Identity Hybrid Password Protection Smart Lookout Banned Passwords Password Hash Sync Passthrough Authentication AAD Identity Protection Conditional Access Privileged Access Management
Conditional access User attributes Group membership Devices Hybrid Domain Joined Compliant Platform type Threat Level Application Per app policy Type of client (Web, mobile, legacy) Location IP Range, Country ALLOW ENFORCE MFA BLOCK Cloud and On-premises applications Risk Session risk Device Risk User risk London 2018
Hybrid Password Protection architecture DC agent(s) download new policies via proxies (shared via sysvol) User submits password change DC Agent evaluates new password against local copy of policy (using same logic as Azure) User sees standard Windows error message (no change to Windows clients) Audit mode available for evaluation purposes London 2018
Step 2 Control your devices Pick n Choose your tools Intune / ConfigMgr / Co-Managed Stay Current / Think Modern Servicing Deployment Rings Modern Threat Protection Behavior analytics / Advanced Threat Protection Risk Score on Devices
Monitoring WUFB with analytics
Windows ANALYTICS Setup OMS Workspace for Analytics Subscribe to Windows Analytics Copy Commercial ID Turn on Telemetry After 1803- DeviceName not reported unless Opt-In GPO or Script 27
Conditional access - Device risk Integrated Intune and Defender ATP for Risk Scoring 28
Conditional access - Device risk Integrated Intune and Defender ATP for Risk Scoring 29
Conditional access - Device risk Integrated Intune and Defender ATP for Risk Scoring 30
Step 3 Control your data Intune APP / MAM / O365 DLP / WIP ++ Protect against accidental leakages Azure Information Protection Protect against accidental leakages Prevent unauthorized access to data In Transit and at rest
Paths to Modern Management Cloud-first A new organization starting with modern workplace Big Switch Transition Group by Group Transition Many workloads need to be modernized at the same time Doesn't address the needs of the full organization Iterative (Co-management) Iteratively move workloads to modern
Different scenarios for Management Co-management Configuration Manager and Intune A practical way to migrate over time Modern is not all or nothing Minimize risk
BRIDGING TO MODERN MANAGEMENT Adopt & Connect Transition to Modern ConfigMgr Local Content Delivery to Cloud Content Delivery Win32 to Modern Apps Kerberos to Modern Auth GPO to MDM Policy Imaging to Signature Image WSUS to WUFB Adopt Windows 10 Modernizing with a co-management bridge AD/AAD connect Adopt Office 365/ProPlus Today 1/2020 London 2018
Get in touch @JankeSkanke @okieselb jan.ketil.skanke@cloudway.no oliver.kieselbach@glueckkanja.com