Spark the future.

May 4 – 8, 2015Chicago, IL

What's New in Windows 10 Management and the Windows StoreMichael NiehausSenior Product Managermniehaus@microsoft.com

BRK3330

Windows offers the management features that businesses need.

Business needs are evolving. Windows 10 offers

management choices to meet those needs.

Evolving Business Needs

Recent Past9-to-5 Monday-Friday employees at work

PCs on a LAN, connected to domain

Corporate supplied and managed devices

One device ecosystem

Extended operating system/servicing lifecycle

On-premises applications and file sharing

Access controls contained within organizational

Deep corporate management controls and policies

Malware as vandalism and criminal activity

Network perimeter as a viable defense boundary

Vertically-integrated devices for task workers

Mobile-first, Device-first24x7x365 blur of work & personal activity

Laptops, tablets, phones anywhere (on any network)

Corporate and BYOD, business & personal apps/data

Heterogeneous ecosystems (Windows, iOS, Android, Chrome)

A faster upgrade cadence; shorter device lifecycle

SaaS applications and file sharing services

Access controls span organizations, apps, individuals

Lighter cloud-based management with fewer controls

Malware as espionage and weaponry

Must operate under assumed breach of network

Dynamically adapting devices for task workers

Management Choices

Works with existing infrastructure

Continued support for Group Policy and WMI

Advanced MDM support

Consistent across PC/phone

1st and 3rd party solutions

Management Choices

Available Choices

Identity Active Directory; Azure Active Directory

Management

Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM

Updates Windows Update; Windows Server Update Services (WSUS); Intune, 3rd party MDM

Infrastructure

On-premises or in the cloud

Ownership Corporate-owned, CYOD; BYODOrganizations may mix and match, depending on their specific scenario

Management Choices

Exchange ActiveSync

Basic

Windows Update

BYOD (personal) devices

E-mail access only

Active Directory and/orAzure Active Directory

Mobile Device Management

Lightweight

Windows Update/MDM

Company-owned and BYOD devices

Internet-facing or corporate network

Active Directory

Group Policy

System Center

Full Control

WSUS

Company-owned devices

Corporate network

Windows Management Features

Windows Client

Windows Management Instrumentation (WMI)Windows Remote Management (WinRM)Windows UpdateGroup Policy Client

Windows Server

Active DirectoryGroup PolicyWindows Server Update Services (WSUS)

Products

System Center Configuration ManagerMicrosoft Desktop Optimization Pack (MDOP) Cloud Services

Azure Active DirectoryAzure RMSMicrosoft IntuneWindows StoreWindows Update

Mobile Device Management (MDM)PowerShellAppLocker

Windows 10 Works with Existing Infrastructure

Product Supports Windows 10 Management

Supports Windows 10 Deployment

System Center 2012 R2Configuration Manager

System Center 2012Configuration Manager

System Center Configuration Manager 2007

Windows Server 2012 R2Windows Server 2012Windows Server 2008

Microsoft Deployment Toolkit 2013

Updates will be required. New OS features may require newer versions for full support.

Mobile Device Management

Windows 8.1 Windows 10

BYOD: simple security settings

Device Lockdown

Fully managed corporate device

Phone Desktop Phone Desktop

Significant investments in added functionality for both mobile and desktop devices

MDM in Windows 10

One consistent set of MDM capabilities

across Mobile, Desktop, and

IoT

• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration

• Extended set of policiesClient certificate management

• Enterprise Wi-Fi• VPN management• Email provisioning• MDM Push• Device Update control• Kiosk, Start screen, Start

menu configuration and control

• Curated Windows Store• Business Store app

deployment; license reclaim• Enterprise App management• Simplified LOB app

management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via

Applocker• Enterprise data protection

• Full device wipe • Remote Lock, PIN reset, Ring,

& Find• Enhanced inventory for

compliance decisions

• Unenrollment with alerts• Removal of Enterprise

configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)

ENROLLMENT

INV

EN

TO

RY

APPLICATION

MANAGEMENT

DEVICE

CONFIGURATIO

N AND

SECURITY

REM

OTE

ASS

ISTA

NC

E

UNENROLLMENT

• Additional device inventory

For More Information

Windows 10 Mobile Device Management (MDM) in Depth

Janani Vasudevan

Senior Program Manager, Microsoft

Thursday, May 7

1:30 PM - 2:45 PM

N426

Identity Choices

Active Directory provides key business identity and security capabilities

Azure Active Directory takes this to the cloud

Both work together

Windows 10 fully leverages both

Windows 10 Identity ChoicesOrganization Owned Personally Owned (BYOD)

• Computer joins AD to establish trust

• User signs on using AD account

• Group Policy + System Center

Active Directory

• Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access

• User signs in with a Microsoft account, associates an Azure AD account

• Intune/MDM

Azure Active Directory

• Computer joins Azure AD to establish trust

• User signs on using Azure AD account

• Intune/MDM• Settings roaming

Single sign-on to enterprise + cloud-based services

Azure Active Directory

Self-service Single sign on

•••••••••••

Username

Simple connection

Cloud

SaaSAzure

Office 365Intune

Other Directories

Windows ServerActive Directory

On-premises

Microsoft Azure Active Directory

Demo

Azure Active Directory

For More Information

Microsoft Azure Active Directory and Windows 10: Better Together for Work or SchoolJairo Cadena

Program Manager, Microsoft

Friday, May 8

12:30pm - 1:45pm

S103

Device Management VisionA “single pane of glass” for managing all of your devices

IT Administrator

Single adminconsole

Windows PCs(x86/x64, Intel SOC),Windows To Go,Windows Embedded

Organization-owned, on-premises

Windows PCs(x86/x64, Intel SOC)

Windows mobile/phone devices

Organization-owned or personally-owned (BYOD), internet-connected

iOS / Android

Intune

Demo

Deploying a line-of-business Windows app

Group Policy

New policies to support Windows 10 features:

• Start screen and start menu management

• “Project Spartan” settings

• Next-Generation Credential PIN settings

• Windows app management

New in Windows 10

Capabilities from Windows 8.1:

• Policy caching

• IPv6 support for printers, VPN, targeting

Capabilities from Windows 8:

• Sign-in optimization for DirectAccess clients

• Better use of larger registry policies (registry.pol)

• Remote group policy refresh (GPUpdate)

• More efficient background processing

New from Windows 7

Microsoft Desktop Optimization Pack (MDOP)

Full support for Windows 10 at general availability, with updates for:

App-V

UE-V

MBAM

DaRT

AGPM

An App Store That’s Open for BusinessVolume purchasing

Flexible distribution

License reclaim/re-use

Your company store

Windows 8.1 at a Glance

Windows Store “Company Portal”

• Modern apps• Sign in with MSA• Pay with credit card, gift card, PayPal,

Alipay, INICIS, mobile operators (Phone)

• MDM-driven• Sideload line-of-business modern

apps• Link to apps in the Windows Store

One Windows StoreConvergence

WINDOWSPHONE 8.1

WINDOWS 8.1

WINDOWS 10

• Converged developer portal for Windows and Windows Phone

• Separate user and developer capabilities

• Fully converged experience• Best features from each• New capabilities

XBOX

Introducing the Business Store

A web site for businesses, schools, or other organizations• Free to use, easy to sign up• Used by IT administrators, purchasers

Provides key functionality for acquiring, using, and deploying apps in an organization• Including line-of-business apps

Complements the Windows Store and existing management solutions• Flexible scenarios for any need

Windows 10 at a Glance

Windows Store

• Modern apps• Sign in with MSA• Pay with credit card, gift card,

PayPal, Alipay, INICIS, mobile operators

Business Store “Company Portal”

• Modern apps• Leverages Azure Active

Directory for administration, some scenarios

• Private organization store for the org’s preferred or LOB apps

• Pay with credit card or PO/invoice

• Deploy modern apps offline, in images, and more

• Modern app license management

• Sideload line-of-business modern apps

• Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through Business Store integration using MDM

Scenarios for any need

Flexible app deployment

Online, offline, or included in images

Through the store, via MDM, or using System Center

LOB apps can be kept private

Support for any organization

Teacher and classroom

Small businesses and other organizations

Large enterprises

Simplify via convergence

One store, one Dev Center, one Business Store

Universal apps across all device types

Reconciled sideloading processes

• Org users do not need Azure AD accounts

• Installation files are downloaded and deployed using org’s infrastructure

• No license tracking• Updates installed via Windows Update

• All org users need Azure AD accounts• Installation files managed and deployed

by the Windows Store• Licenses tracked by the Windows Store• Updates installed via Windows Update

Working with Store AppsBusiness Store Scenarios

Online Offline

Private StoreMDM /

ConfigMgr(deep links)

Direct Assignment Imaging

MDM / ConfigMgr(sideload)

Manual

Demo

Business Store

For More Information

Using the Business Store with Windows 10 Devices

Ford McKinstry

Principal Program Manager Lead, Microsoft

Tejas Patel

Senior Program Manager, MicrosoftThursday, May 7

1:30pm - 2:45pm

S503

Key Investment SummaryBusiness Store• Allows orgs to acquire apps, manage licenses, download

app files• Pay using standard business methods, including purchase

orders, invoices, and credit cards

Private Store inside the Windows Store• Fully curated list of apps from within the Windows Store• Can include public apps as well as Line-of-Business apps

Full management support• Mobile device management (MDM) control

(using services such as Intune)• Control for agent-based management solutions

(such as System Center Configuration Manager)

Getting Ready for Windows 10

Set up Azure Active Directory

Get current with System Center Configuration Manager and Windows Server

Consider mobile device needs

Think about scenario-based management

Work with Windows apps

Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.

Please evaluate this sessionYour feedback is important to us!

© 2015 Microsoft Corporation. All rights reserved.