During this session we will look into Windows 10 for the Enterprise.
Let’s explore the new management capabilities and choices.
Let’s understand the Windows 10 deployment infrastructure and mechanisms.
Let’s discover new Windows 10 features and improvements.
You are eager to learn about Windows 10 and want to gather early-stage info about this exciting Operating System… ?
Well you know what to do! See you there!
5. BEST OF ALL WORLDS
Windows 10
Converged
OS kernel
Converged
app model
6. GUI IMPROVEMENTS
• The Start Button
• Continuum
• Snap Assistant
• Task View
• Modern Apps in Desktop view
• Notification Center
• Apps: Cortana, New FotoApp, Better Calendar for Phone,…
• Project “Spartan”
• Ctrl C + V in a Command Prompt ☺
9. INTERNET EXPLORER
A REQUIRED STEPPING STONE TO WINDOWS 10
• Migrate to Internet Explorer 11 on Windows 7 (before JAN 2016)
• Enterprise Mode, offering improved Internet Explorer 8 compatibility and document
type overrides
• Enterprise Site Discovery Toolkit, to better understand how users are browsing
10. DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all
scenarios (Refresh, Replace,
Bare Metal)
Wipe-and-Load In-Place
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Recommended for existing
devices (Windows 7/8/8.1)
11. IN-PLACE
NEW COMMAND LINE OPTIONS FOR SETUP.EXE
• Regain control after success or failure using /postoobe and /postrollback switches
• Control driver migration operations using /migratealldrivers and /installdrivers
• Copy log files to a location of your choise using /copylogs (Default: “C:$Windows.~BTSourcesPanther”)
ENABLING UPGRADE FROM WINDOWS 7 VIA WINDOWS UPDATE
• WindowsTechnicalPreview.exe (a.k.a. KB2990214) enables installation via Windows Update on Windows 7
• Removing KB2990214 will remove the option
USE CONFIGMGR TO HAVE MAX CONTROL
WSUS NOT SUPPORTED
NOT FOR ALL SCENARIOS
12. SUPPORT
CM12 and R2 will support full Windows 10 thru a Service Pack
CM vNext will have full Windows 10 Support OoB
CM07 will support certain Windows 10 features
MDT2013 will support Windows 10 thru update (Preview today)
http://blogs.technet.com/b/configmgrteam/archive/2014/09/30/windows-10-enterprise-
management-with-sc-configmgr-and-intune.aspx
You can play already with the upgrade process thru Win10
http://blogs.technet.com/b/configmgrteam/archive/2014/10/29/how-to-upgrade-to-win-10-using-
the-task-sequence-in-sc-2012-r2-configmgr.aspx
15. DEPLOYMENT CHOICES
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all
scenarios (Refresh, Replace,
Bare Metal)
Wipe-and-Load In-Place Provisioning
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
Recommended for existing
devices (Windows 7/8/8.1)
Configure new devices
• Transform into an
Enterprise device
• Remove extra items, add
organizational apps and
config
New capability for new
devices
16. PROVISIONING
TAKE OFF-THE-SHELF
HARDWARE
APPLY A PROVISIONING
PACKAGE
DEVICE IS READY FOR
PRODUCTIVE USE
TRANSFORM A DEVICE
• Install apps
• Enterprise configuration
FLEXIBLE METHODS
• Automatically trigged at first boot (OOBE)
• Launch via GUI
NEW TOOL FOR PROVISIONING
• Windows Imaging and Configuration Designer (ICD)
• Configure running devices or deploy to a new one
PROVISIONING CAPABILITIES
• Installation of language packs, updates, apps, certs
• Configuration of wi-fi, e-mail, IE, etc.
• Enrollment in mobile device management
19. IDENTITY CHOICES
ORGANIZATIONOWNED(CYOD)
PERSONALLYOWNED(BYOD)
• Computer joins AD to
establish trust
• User signs on using AD
account
• Group Policy + System
Center
• Computer registers with AD or AAD via Device
Registration to establish trust for remote
resource access
• User signs in with a Microsoft account,
associates an AAD account
• Intune/MDM
• Computer joins AAD to
establish trust
• User signs on using
AAD account
• Intune/MDM
• Settings roaming
21. CLOUD JOIN OOBE
Windows Pro is typically purchased for work machines, so we made a guess – but now’s the
time to correct us.
Looks like your company owns this PC – Did we get that right?
NextBack
Help me choose
22. MOBILE DEVICE MGMT
• Provisioning
• Bulk enrollment
• Simple bootstrap
• Converged protocol
• Azure AD Integration
• Greatly extended set of policies
(Parity with Windows Phone 8.1)
• Context based policies
• Client certificates – Direct install
(PFX)
• Enterprise Wi-Fi
• VPN management
• Email provisioning
• MDM Push when user not
logged in
• Device Update control
• Kiosk Mode, Start screen / Start
menu configuration and control
• Curated Windows Store
• Business Store Portal app
deployment; License reclaim/re-
use
• Enterprise App management
• Simplified LOB app management
• Win32 app management
• App inventory (MDM/store apps)
• App allow/deny lists through
Applocker
• Enterprise data protection
• Full device wipe
• Remote Lock, PIN reset,
Ring, Find
• Enhanced inventory for
compliance decisions
• Un-enrollment in two
phases & alerts
• Removal of Enterprise
configuration (apps, certs,
profiles, policies) and
Enterprise encrypted data
(with EDP)
• Additional device inventory
23. MDM Architecture
New capabilities exposed
using Configuration Service
Provider (CSP) model
WMI Bridge gives access to
new CSPs
Rootcimv2mdm
MDM_*
CSP CSP / WMI
Wrapper
Common component Desktop component
WMI bridge
MDM Client WMI Bridge EAS Client
Configuration component
CSP CSP CSP CSP
PowerShell
Scripts
ConfigMgr
Desired Config
24. ONE WINDOWS STORE
WINDOWS
PHONE 8.1
WINDOWS 8.1
WINDOWS
10
• Converged developer portal for Windows
and Windows Phone
• Separate user and developer capabilities
• Fully converged experience
• Best features from each
• New capabilities
XBOX
25. STORE OF TOMORROW
CONSUMER WINDOWS
STORE
• Modern apps
• Sign in with MSA
• Pay with credit card, gift card, PayPal,
Alipay, INICIS, mobile operators (Phone)
ENTERPRISE WINDOWS
STORE
ENTERPRISE APP STORE
• Modern apps
• Organization Store for the org’s preferred
or LOB apps
• Sign in with MSA to acquire public apps;
sign in with AAD to acquire org apps
• Pay with credit card or PO/invoice
• B2B purchasing and distribution
• Deploy modern apps offline, in images,
and more
• Sideload line-of-business modern apps
• Deploy apps from the Windows Store
(even when the Store UI is disabled)
26. SECURITY
Multi Factor Authentication
• Azure MFA
Secure Token Protection
• Hard Container (leverage Hyper-v)
Next Generation Credentials (alternatives for passwords)
• PIN
• When devices are enrolled a PIN can be set (SSO)
• Key Pair wih a phone, USB dongle,… (roaming scenarios)
• BIO gestures (like face, Iris, fingerprint) -> “Windows Hello”
https://www.youtube.com/watch?v=1AsoSnOmhvU
Information
Protection
Secure
Identities
Threat
Resistance
27. SECURITY
Device Protection
• BitLocker
Data Protection
• (Azure) RMS
• Conditional Access
Accidental Data Leakage
• Corporate Personal Data
• Managed Applications
• SOFT or HARD Block Options
• Remote Wipe
Information
Protection
Secure
Identities
Threat
Resistance
28. SECURITY
Malware Prevention
• Store Apps
• Signing Service
Pre-Booth Authentication
• Secure boot
• Trusted boot
• Measured boot
Information
Protection
Secure
Identities
Threat
Resistance
29. MISCELLANEOUS
KMS
• New KMS and MAK keys for Windows 10
• Updates for existing KMS computers to support new products and keys
GROUP POLICIES
• Start Screen & Start Menu Settings
• “Project Spartan” Settings
• Universal App Management
NEW WMI CLASSES
• Win32_InstalledProgram +Usage +File +Framework
• Win32_DeviceContainer, Win32_InstalledDevice +HardwareID
30. THE END
Windows 10 will “probably” be the best OS Microsoft has ever released
Best of All Worlds
One Windows
You can still have impact by joining the Insider Program!
• Enterprise forums through TechNet
https://social.technet.microsoft.com/Forums/en-US/home?category=WinPreview2014
• Community discussions through Answers
http://answers.microsoft.com/en-us/windows/forum/windows_tp
• Windows Feature Suggestions
https://windows.uservoice.com