Windows 10 Modern Management

@pimvandevis

Pim van de Vis

• Sr Solutions Architect at VMware

• Part of the field engineering team, working on Windows 10 modern management with AirWatch…ehh Workspace ONE UEM

• Joined VMware through the acquisition of Immidio in 2015

• IT infrastructure consultant for 10+ years

@pimvandevis

Agenda

• Why Modern Management?

• SCCM and AirLift

• Workspace ONE UEM• Dell integration

• Security - Windows Update & Bitlocker

• P2P for software distribution

• VMware CSP Fling

• Workspace ONE Intelligence

Legacy PCLM Doesn’t ScaleIt was built for this world… But it doesn’t work for this…

The New World

Private

CloudsHybrid

Clouds

Infrastructure

Devices

Apps

Traditional Apps Cloud-Native Apps SaaS Apps

Public

Clouds

“Digital Workspace” is the Convergence of Big Industry Trends

Any Application Mobile | Cloud | Web | Win

Any Device Unified Endpoint Management (UEM)

Any Identity Management Single Sign-On

Microsoft Embracing Modern Management of PCs

Comes with integrated MDM

framework for modern management

Enables OOBE device enrollment and

ongoing management from the cloud

Microsoft’s own IT moving away from

SCCM to modern management

Efficiencies for Windows 10 PCs

$0

$100

$200

$300

$400

$500

$600

$700

$800

Traditional ModernDeployment Software Administration Support Maintenance

$718

$276

62%lower

Workspace ONE UEM for Windows 10

Peer-to-Peer Distribution

Co-exist with PCLM

Updates On or Off Network

Device HealthAttestation

Win32 AppManagement

Instant Push Configuration

GPOs On or Off Domain

Data Protection

Patch Audit & Analytics

Granular Controls

5. Client Health & Security

3. OS Patch Management

4. SoftwareDistribution

2. ConfigurationManagement

1. MDM for Windows

Asset Tracking

Device and OS Lifecycle ManagementApp Management and

DeliveryEnd-to-end Security

Management

App Inventory

BitLocker Management

Company App Store & SSO

Imageless Provisioning

Out-of-the-BoxDeployment

Modern Management

Intelligent Insights and Rules Engine

BIOS Management

DeliveryOptimization

AutomatedCompliance

EXPANDED EXPANDED EXPANDEDNEWNEW

EXPANDED

On-premises PCLMWorkspace ONE“AirLift” Traditional PCLM Workloads to Workspace ONE

AirLiftNEW: Fast & Easy Transition to Modern MgmtWindows 10 Co-Management

Easing the Journey to Windows 10

COMPLEMENT

Clean move to cloud / modern management for

specific use cases

TRANSITION

Hybrid management for priority payloads

(iterative)

TRANSFORM

Full migration from legacy to cloud / modern management

VMware Workspace ONE Unified Endpoint Management for Windows 10

SaaS and Web Apps

3D Graphic Resspources

Virtualised Apps

Native Mobile Apps

SearchApp CatalogBookmark

Single Sign On

Sort Order Arrange Custom View

PublishedRSDH Desktops

PublishedApplications

LinuxDesktop

CitrixPublished Apps

Published Desktop

Workspace ONE portal + Samsung DEX

Dell Technologies is a unique family of businesses that provides the essential infrastructure for organizations to build their digital future, transform IT, and protect their most important asset: information.

Windows 10 Provisioning for Dell DevicesEliminate manual configuration of PCs and drop-ship straight to user

Factory End userDistributor SystemIntegrator

(Staging / Kitting)

ITDepartment

Factory End userWit

h W

ind

ow

s 1

0

Pro

visi

on

ing

Serv

ice

Cu

rren

t A

pp

roac

h

Cloud-Management to the Firmware Level

OS and App Level

End-to-End Security Management

Device and OS Lifecyle Management

App management and Delivery

Battery lifecycle and power

Hardware error reporting

BIOS health and password

Asset management

Security and virtualization

System Level

Dell Command | Monitor

Dell auto enrollment

Security

Windows Updates as a Service

Updates for Business

Windows Update Profile

Data Protection

Enable Per Application DATA Protection.

Define Work Apps and how the data will be stored and Encrypted.

Encryption Bit Locker Profile:

Unlock the Power of BitLocker

• Use built-in TPM for secure authentication at lower cost (no need for additional startup flash drives) and also ensure pre-startup OS integrity

• Enforce login PIN in conjunction with TPM for multifactor authentication and lock out the OS from auto-resume

• Set recovery password rotation meeting compliance requirements and protecting against the key falling into the wrong hands

• Display recovery password URL and escrow in self-service portal to reduce helpdesk tickets

• Suspend BitLocker temporarily for scheduled maintenance tasks so the user isn’t constantly prompted for password / PIN

Application ControlApp Locker - Profile

Integration into the Windows 10 App Locker settings.

Enable or Disable any application.Whitelist or Blacklist applications.

• Offices in remote locations with low bandwidth and with little means to increase the network bandwidth.

• Enterprises that use branch office hierarchies.

• Enterprises that have multiple branch offices that have a large number of devices.

• The peer distribution system works to reduce the traffic on networks and the time to install Win32 apps.

• This initial download takes time. However, installation times improve because devices are not taxing the storage system or the line of communication for the app package.

• If the network is busy, installations pauseuntil the network availability increases.

• Beneficial Use-Cases • Peer-to-Peer Overview

Peer-to-Peer (P2P) Distribution Overview

Enterprise-wide Software DeploymentsRapidly deploy any software to any location from a global CDN, even with large files like Windows apps

CDN

Replace servers with

breakthrough peer-to-peer

software deployment

technology

Adaptiva OneSite

VMware AirWatch UEM

Microsoft Windows

Traditional approaches to content delivery must rely on throttling to ensure the network is protected, which slows content delivery

OneSite’s unprecedented bandwidth harvesting technology proactively:

1. Predicts future network conditions - in milliseconds - to optimize software delivery with no throttling

2. Compresses the content, using advanced algorithms, to use bandwidth intelligently

3. Speeds the content when the time is right and without negatively impacting the network

Predictive Bandwidth Harvesting: No throttling

Competitive P2P solutions require admins to allocate storage on client machines, negatively impacting end users

OneSite prevents end user impacts by intelligently storing content locally in a self-forming Virtual Storage Area Network

• No estimating, configuring, or manual clean-up of storage

• Automatically caches content in unused space on peer computers using “zero footprint caching”

• Joins all content caches into a virtual SAN• Self-manages content caches to provide every

endpoint what it needs

Reduce WAN Impacts by Intelligently Storing Content

Self-forming Virtual SAN

No end user storage and performance impacts

GPO versus CSP (Configuration Service Provider)

VMware Policy Builder for CSP

Why Workspace ONE Intelligence?

Security Silos Result in Restrictive Policies

Infrastructure Security

Security Operations & Incident Response

Endpoint Security Application Security

Messaging Security Web Security

IoT Security Threat Intelligence Mobile Security Data Security

Cloud Security

Specialized Threat Analysis & Protection Identity & Access ManagementTransaction Security

Risk & Compliance

!

Growing Gap Between Experience and Security

EXPERIENCE SECURITY

Choice and Flexibility

Apps Everywhere

Cloud-Based Delivery

Siloed Solutions

Restrictive Policies

Perimeter-based Security

New Intelligence Service

Aggregate Correlate Recommend Automate

Workspace ONE Platform

Capabilities

Integrated Insights

App Analytics

Powerful Automation

Key Use Cases for Workspace ONE Intelligence

Security & Compliance

Resource Optimization

User Experience

Workspace One Intelligence

Vragen?