Upload
sherilyn-beasley
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
Spark the future.
May 4 – 8, 2015Chicago, IL
What's New in Windows 10 Management and the Windows StoreMichael NiehausSenior Product [email protected]
BRK3330
Windows offers the management features that businesses need.
Business needs are evolving. Windows 10 offers
management choices to meet those needs.
Evolving Business Needs
Recent Past9-to-5 Monday-Friday employees at work
PCs on a LAN, connected to domain
Corporate supplied and managed devices
One device ecosystem
Extended operating system/servicing lifecycle
On-premises applications and file sharing
Access controls contained within organizational
Deep corporate management controls and policies
Malware as vandalism and criminal activity
Network perimeter as a viable defense boundary
Vertically-integrated devices for task workers
Mobile-first, Device-first24x7x365 blur of work & personal activity
Laptops, tablets, phones anywhere (on any network)
Corporate and BYOD, business & personal apps/data
Heterogeneous ecosystems (Windows, iOS, Android, Chrome)
A faster upgrade cadence; shorter device lifecycle
SaaS applications and file sharing services
Access controls span organizations, apps, individuals
Lighter cloud-based management with fewer controls
Malware as espionage and weaponry
Must operate under assumed breach of network
Dynamically adapting devices for task workers
Management Choices
Works with existing infrastructure
Continued support for Group Policy and WMI
Advanced MDM support
Consistent across PC/phone
1st and 3rd party solutions
Management Choices
Available Choices
Identity Active Directory; Azure Active Directory
Management
Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM
Updates Windows Update; Windows Server Update Services (WSUS); Intune, 3rd party MDM
Infrastructure
On-premises or in the cloud
Ownership Corporate-owned, CYOD; BYODOrganizations may mix and match, depending on their specific scenario
Management Choices
Exchange ActiveSync
Basic
Windows Update
BYOD (personal) devices
E-mail access only
Active Directory and/orAzure Active Directory
Mobile Device Management
Lightweight
Windows Update/MDM
Company-owned and BYOD devices
Internet-facing or corporate network
Active Directory
Group Policy
System Center
Full Control
WSUS
Company-owned devices
Corporate network
Windows Management Features
Windows Client
Windows Management Instrumentation (WMI)Windows Remote Management (WinRM)Windows UpdateGroup Policy Client
Windows Server
Active DirectoryGroup PolicyWindows Server Update Services (WSUS)
Products
System Center Configuration ManagerMicrosoft Desktop Optimization Pack (MDOP) Cloud Services
Azure Active DirectoryAzure RMSMicrosoft IntuneWindows StoreWindows Update
Mobile Device Management (MDM)PowerShellAppLocker
Windows 10 Works with Existing Infrastructure
Product Supports Windows 10 Management
Supports Windows 10 Deployment
System Center 2012 R2Configuration Manager
System Center 2012Configuration Manager
System Center Configuration Manager 2007
Windows Server 2012 R2Windows Server 2012Windows Server 2008
Microsoft Deployment Toolkit 2013
Updates will be required. New OS features may require newer versions for full support.
Mobile Device Management
Windows 8.1 Windows 10
BYOD: simple security settings
Device Lockdown
Fully managed corporate device
Phone Desktop Phone Desktop
Significant investments in added functionality for both mobile and desktop devices
MDM in Windows 10
One consistent set of MDM capabilities
across Mobile, Desktop, and
IoT
• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start
menu configuration and control
• Curated Windows Store• Business Store app
deployment; license reclaim• Enterprise App management• Simplified LOB app
management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via
Applocker• Enterprise data protection
• Full device wipe • Remote Lock, PIN reset, Ring,
& Find• Enhanced inventory for
compliance decisions
• Unenrollment with alerts• Removal of Enterprise
configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
ENROLLMENT
INV
EN
TO
RY
APPLICATION
MANAGEMENT
DEVICE
CONFIGURATIO
N AND
SECURITY
REM
OTE
ASS
ISTA
NC
E
UNENROLLMENT
• Additional device inventory
For More Information
Windows 10 Mobile Device Management (MDM) in Depth
Janani Vasudevan
Senior Program Manager, Microsoft
Thursday, May 7
1:30 PM - 2:45 PM
N426
Identity Choices
Active Directory provides key business identity and security capabilities
Azure Active Directory takes this to the cloud
Both work together
Windows 10 fully leverages both
Windows 10 Identity ChoicesOrganization Owned Personally Owned (BYOD)
• Computer joins AD to establish trust
• User signs on using AD account
• Group Policy + System Center
Active Directory
• Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access
• User signs in with a Microsoft account, associates an Azure AD account
• Intune/MDM
Azure Active Directory
• Computer joins Azure AD to establish trust
• User signs on using Azure AD account
• Intune/MDM• Settings roaming
Single sign-on to enterprise + cloud-based services
Azure Active Directory
Self-service Single sign on
•••••••••••
Username
Simple connection
Cloud
SaaSAzure
Office 365Intune
Other Directories
Windows ServerActive Directory
On-premises
Microsoft Azure Active Directory
Demo
Azure Active Directory
For More Information
Microsoft Azure Active Directory and Windows 10: Better Together for Work or SchoolJairo Cadena
Program Manager, Microsoft
Friday, May 8
12:30pm - 1:45pm
S103
Device Management VisionA “single pane of glass” for managing all of your devices
IT Administrator
Single adminconsole
Windows PCs(x86/x64, Intel SOC),Windows To Go,Windows Embedded
Organization-owned, on-premises
Windows PCs(x86/x64, Intel SOC)
Windows mobile/phone devices
Organization-owned or personally-owned (BYOD), internet-connected
iOS / Android
Intune
Demo
Deploying a line-of-business Windows app
Group Policy
New policies to support Windows 10 features:
• Start screen and start menu management
• “Project Spartan” settings
• Next-Generation Credential PIN settings
• Windows app management
New in Windows 10
Capabilities from Windows 8.1:
• Policy caching
• IPv6 support for printers, VPN, targeting
Capabilities from Windows 8:
• Sign-in optimization for DirectAccess clients
• Better use of larger registry policies (registry.pol)
• Remote group policy refresh (GPUpdate)
• More efficient background processing
New from Windows 7
Microsoft Desktop Optimization Pack (MDOP)
Full support for Windows 10 at general availability, with updates for:
App-V
UE-V
MBAM
DaRT
AGPM
An App Store That’s Open for BusinessVolume purchasing
Flexible distribution
License reclaim/re-use
Your company store
Windows 8.1 at a Glance
Windows Store “Company Portal”
• Modern apps• Sign in with MSA• Pay with credit card, gift card, PayPal,
Alipay, INICIS, mobile operators (Phone)
• MDM-driven• Sideload line-of-business modern
apps• Link to apps in the Windows Store
One Windows StoreConvergence
WINDOWSPHONE 8.1
WINDOWS 8.1
WINDOWS 10
• Converged developer portal for Windows and Windows Phone
• Separate user and developer capabilities
• Fully converged experience• Best features from each• New capabilities
XBOX
Introducing the Business Store
A web site for businesses, schools, or other organizations• Free to use, easy to sign up• Used by IT administrators, purchasers
Provides key functionality for acquiring, using, and deploying apps in an organization• Including line-of-business apps
Complements the Windows Store and existing management solutions• Flexible scenarios for any need
Windows 10 at a Glance
Windows Store
• Modern apps• Sign in with MSA• Pay with credit card, gift card,
PayPal, Alipay, INICIS, mobile operators
Business Store “Company Portal”
• Modern apps• Leverages Azure Active
Directory for administration, some scenarios
• Private organization store for the org’s preferred or LOB apps
• Pay with credit card or PO/invoice
• Deploy modern apps offline, in images, and more
• Modern app license management
• Sideload line-of-business modern apps
• Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through Business Store integration using MDM
Scenarios for any need
Flexible app deployment
Online, offline, or included in images
Through the store, via MDM, or using System Center
LOB apps can be kept private
Support for any organization
Teacher and classroom
Small businesses and other organizations
Large enterprises
Simplify via convergence
One store, one Dev Center, one Business Store
Universal apps across all device types
Reconciled sideloading processes
• Org users do not need Azure AD accounts
• Installation files are downloaded and deployed using org’s infrastructure
• No license tracking• Updates installed via Windows Update
• All org users need Azure AD accounts• Installation files managed and deployed
by the Windows Store• Licenses tracked by the Windows Store• Updates installed via Windows Update
Working with Store AppsBusiness Store Scenarios
Online Offline
Private StoreMDM /
ConfigMgr(deep links)
Direct Assignment Imaging
MDM / ConfigMgr(sideload)
Manual
Demo
Business Store
For More Information
Using the Business Store with Windows 10 Devices
Ford McKinstry
Principal Program Manager Lead, Microsoft
Tejas Patel
Senior Program Manager, MicrosoftThursday, May 7
1:30pm - 2:45pm
S503
Key Investment SummaryBusiness Store• Allows orgs to acquire apps, manage licenses, download
app files• Pay using standard business methods, including purchase
orders, invoices, and credit cards
Private Store inside the Windows Store• Fully curated list of apps from within the Windows Store• Can include public apps as well as Line-of-Business apps
Full management support• Mobile device management (MDM) control
(using services such as Intune)• Control for agent-based management solutions
(such as System Center Configuration Manager)
Getting Ready for Windows 10
Set up Azure Active Directory
Get current with System Center Configuration Manager and Windows Server
Consider mobile device needs
Think about scenario-based management
Work with Windows apps
Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.
Please evaluate this sessionYour feedback is important to us!
© 2015 Microsoft Corporation. All rights reserved.