Spark the future.

May 4 – 8, 2015Chicago, IL

Minasi's Guide to Managing Windows 10: New Windows, New ToolsMark MinasiWriter, Speaker, Consultanthelp@minasi.comTwitter @mminasijoin my newsletter at www.minasi.com

BRK2302

First of all, relax… there's new stuff, but the old stuff still works

Big new stuff is cloud integration, solutions for wider arrays of devices, solutions for organization data on personal devices, apps for the newer types of devices, as well as a "package manager"

But before we get into that, I'm pretty sure you all have the same question about Windows 10

Hello! Let's Talk About Win 10 Management…

It is Windows 9, but in base 9 If it were Windows 9, it would fail in the German

market: "Windows? NEIN!" "Must … break … the curse … of … the … even-

numbered … Windows!" Making Gartner and other analysts wonder why

they skipped the nine may distract them from the fact that there still aren't folders or a hierarchy.

Too many installers reject Windows versions that start with "9," because of Win 95 and 98

Why Isn't it Windows 9?

4

Windows doesn't grow arithmetically, it grows exponentially

The version doesn't increment by one every time

The value rises by 17% ever time, then rounds

Here's the proof:

I Believe I Have Figured It Out

5

Anyone from Win 7 on can and will be encouraged to upgrade free (except Enterprise)

(Remember, 14 Jan 2020 and 10 Jan 2023 are far off)

No more flatten-and-reimage: it's upgrade & refresh

(Just like you do on your iPad) Windows 10 is the last Windows, as it's just

upgrades via Windows Update from here on in

Windows 10 is one OS for as many devices as they can get it on

Seriously, Though… Big Win 10 Things to Know:

Windows Likes Azure: New Identity in Win 10

Ultra Modern Apps New Store and New App Delivery PowerShell 5.0 OneGet… More App Delivery Misc New Tools

Topics

Azure and Windows 10

"Windows and the Cloud: Goin' Steady…"

It's not a strong relationship yet, just a crush…

But it's worth looking at now, as it's going to be a big growth area

Win 10 boxes can join Azure AD instead of a domain

You can log onto your cloud-joined Azure AD system with an Azure AD account

There are some benefits now, we'll see more later IMHO

Windows 10 Likes Azure

If you have Office 365, you already have an Azure AD domain ("Azure AD tenant" is the official phrase)… you've just never claimed it

It's free, limited to 500K directory objects Alternatively, "Basic" Azure AD costs

$1/user/month, "Premium" costs $4/user/month

"Azure AD?" Don't Have One."

One other wrinkle is that you'll want to set up directory synchronization between your Azure AD domain and your Office 365 domain

Enable Azure Active Directory Device Registration

Azure AD (continued)

Single sign-on and conditional access that isFrom Windows Phones, PCs, tablets (and Android as well in some scenarios), including devices that cannot be joined to on-premises AD

To on-premises apps, Azure apps, Office 365

Making a device "known" to Azure adds a factor of authentication, enabling things like simple PINs for sign on

"Why Exactly Am I Doing This?"

"Conditional access" overlaps the whole device join concept

In short, it allows you to build or exploit the notion that if you've got an app on premises on in the cloud that you might want to include device info when logging on -- is the device from the intranet or some coffee ship? Is the device known or unknown? Based on that, we might accept simpler security (password) or require more (a code on a cell phone)

More on Conditional Access

Normal Whoami

Joining the Cloud

Settings / System / About /

Joining the Cloud

Reboot, then log on as your Azure AD account. Type it asAzureAD\email

Give it a minute and the "Cloud Experience Host" will pop up and offer to create a PIN

Next restart, your logon screen will show a "Sign-in options link. Click it and your logon screen looks like this:

And WHOAMI looks like this:

And My New Whoami…

The AzureAD\ prefix should go away soon A machine can only join one Azure AD

domain A machine cannot be a member of an on-

premises AD and an Azure AD Management tools:

No group policies or System Center control Alternately, Mobile Device Management / Mobile Application

Management (MDM/MAM) solutions from Microsoft and others: inTune Third party MDM (AirWatch, MobileIron, XenMobile, etc)

Details

Management story is same as always, just like Windows XP, 7, or 8.1 -- group policies (for the right machines) and potentially Config Manager, Orchestrator and so on

What About On-Premises AD-Joined?

Well, permit me to ask: Do you still have a laptop, or do you only use a tablet to get your work

done? How about your friends and family… any "no-computer" users out

there? How many of your organizations have migrated to Office 365 or are

migrating there (or to a similar SaaS email service)?

An IDG survey of about 2000 orgs in November 2014 revealed that 16% have no on-premises IT infrastructure, and 5% more expect that by 2016

Why Are They Doing This?

Microsoft doesn't really rule in the tablet area

Or the phone area Fewer will buy laptops / desktops And they're not even Number One in clouds (However, I suspect they may achieve that

in the next two years)

That Leads to Another Problem

Result:A solid Microsoft cloud-based infrastructure populated by non-MS devices but managed by MS clouds and tools makes for a nice business modelOh, and it ensures that MS-based devices may not be the majority, but they "fit" a bit more nicely. (Just my take!)

A solid Microsoft cloud-based infrastructure populated by non-MS devices but managed by MS clouds and tools makes for a nice business model

Oh, and it ensures that MS-based devices may not be the majority, but they "fit" a bit more nicely.

Just my take…

Result

Applications and the Store

"What, you're not all using Metro apps? Seriously?"

They started talking about this in Win 8, but it's moving forward

The kernels are converging, as They really have figured out how to run what is basically honest-to-God

Windows on Snapdragon processors (good for Qualcomm!) RT's dead (bad for ARM, good for Intel!)

All of which means that it really may be possible to build apps that run on ever Microsoft OS

(If you haven't played with the Office beta yet, do!)

Universal Apps

Just one store (xBox, Phone, Windows) Desktop apps go in there too Purchasing Store apps is more flexible The Store understands personal apps

versus corporate apps Managing Store app licenses is now do-able Deploying Store apps is more flexible and

simple

Windows Storelots of good news

Store apps are visible to all, as now But you can create an alternative conduit,

the cloud-based Business Store Portal (BSP), which lets you Block Store apps you don't want your users getting Block entire areas, like Games Add in-house line of business (LOB) apps

You don't need System Center, inTune or even servers of your own in the basic scenario -- BSP is web-based

BusinessStore.Microsoft.com at the moment

Finding Apps

If you use Config Manager or inTune, you can buy apps for your org via the BSP and download the "appx" files, providing a local distribution point for apps

You can still build a company store with Config Manager or Company Store (in Codeplex), or via an MDM/MAM third party tool

Your LOB apps can be uploaded to the cloud via the BSP for distribution

You can even…

Delivering Apps

Inject them into images as we've done with Desktop apps

Familiar tools: dism, PowerShell (new noun: AppxVolume); MDT 2013 Update 1 Preview, Config Mgr via updates and then whatever ships in 2016 with Server vNext

They can be sysprepped When the user first starts up, the app looks for a

license and potentially whether that user is approved for the app

All centrally controlled Still have "deep links" as a deployment method

as well

Preinstall Apps in Images

The BSP and Store recognize two identities for you Log on with Azure AD, you get the corporate options (and you don't

need a credit card)… leave the organization, you lose the apps Log on with your MSA (as in today), you pay with credit card and any

apps you buy travel with yout

Organizations can buy apps in bulk Orgs can use purchase order, credit cards,

whatever In this model, you actually get the Appx

packages to put in your store when you purchase them through the BSP, and can then preinstall them on images

Paying for Apps

Many 8.1 users have disabled the Store altogether (it's simple and policy-driven)

With 10, Store apps get automatically updated

Handled by the Store service, WSService in Win 10, you can disable the store, only

offer apps in your company store, and WSService still runs, to the users get automatic updates

And of course, you can control update time with policies

Windows Store: App and Service

What about Desktop apps? Back in the late 90s, RedHat Linux created

an "app packager" that became popular and was known overall as a "package manager"

There are others Basic idea is one-line installs, repairs etc Windows has had many -- MSI files, Npackd,

Ninite, NSIS and others Posh 5.0 and Win 10 introduce another…

OneGet

Oh, and Speaking of Deployment

In the Windows world, we're used to install.exe

In contrast, the open source/Linux world tends to download the code and compile it

That's a pain, which led to package managers in the Linux world. They locate the code at a "software repository," download it, get it compiled and keep it updated

Yup, that's right… no Adobe or Java Updater!

Devs have package mgrs to keep libraries up to date

The Package Manager Story

Now, in the Windows world, we don't compile our apps, but many apps can be silently installed

Windows developers got a package manager in 2010 called NuGet (they have different deployment needs)

Some folks started chocolatey.org and defined a package format that lets it deliver compiled stuff with setup/install EXEs… a Windows app package mgr

Access the packages via a "gallery"

Package Managers and Windows

Microsoft's is building a single package manager interface for (ultimately) all package managers

It's called OneGet and PowerShell's the only way to get to it at the moment

Nouns: package, packageprovider, packagesource

It needs a plug-in for every provider, although eventually there will be a central repository

Chocolatey's in there from the beginning

OneGet: A Universal Package Manager

Add a provider: Register-PackageSource -Name chocolatey -ProviderName

Chocolatey -Location http://chocolatey.org/api/v2/

(Note that 's already done for Chocolatey) See what it has: Find-Package -ProviderName Chocolatey Install a package: Install-Package VLC Chocolatey already has 2,684 apps packaged Take a look at this… it's going to be important

Playing With OneGet

PowerShell 5.0 is baked into Windows 10 Zip file support ("archive" noun) ConvertFrom-String takes strings, parses

them and creates objects Event tracking support Encryption ("CMSMessage" noun) Get-item, New-Item, Remove-Item now

have a-symboliclink parameter

But the best part is, you can get it now on Win 8.1

Other PowerShell Goodies

40

What PowerShell Tells Us About 10 (Sort Of) They ain't talking yet, but a look at new

PowerShell nouns are interesting: FileShare: new sharing client? Contains a lot of protocol details PnpDevice: why now controllable with PoSH?

Returns last error, error text, problems and problem text, ID info Can enable or disable devices, as in get-pnpdevice -friendlyname *shutdown* | disable-pnpdevice

AppXVolume: works with the folders that contain your Appx files

41

CHKDSK got a big facelift in 8.1 But it had a few bugs, and 10 fixes them Also, the output from /F has changed and is

considerably more useful

And One More Tool…

Thanks for attending, please do an evaluation

Join me and Mark Russinovich talking about Azure and disruption on Thursday at 3:15 in Arie Crown Theater

Also, I'm doing an ask-anything-you-want session about Windows 10 on Thursday at 10:45 in E350 with Jeremy Moskowitz and Sami Laiho

"Win 10 Management Scenarios" on Friday 9 AM in E352

Thank You! Follow me at @mminasi

Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.

Please evaluate this sessionYour feedback is important to us!

© 2015 Microsoft Corporation. All rights reserved.