Modern devices Management of Windows 10 - What is new in Windows 10 1703, How to Manage Windows 10 with Microsoft Intune, and monitor with Windows Analytics
17. Multi-user support for Windows 10 Creators Update
• Multi-user can get user assigned application
• Multi-user can get user assigned policy
• Multi-user cannot use the Company Portal for selfservice
• Like Application installation
18. New CSP in Windows Creators Update
• DynamicManagement CSP
• CleanPC CSP
• BitLocker CSP
• NetworkProxy CSP
• Office CSP
• EnterpriseAppVManagement CSP
19. Let’s have a closer look
Windows 10 Creators Update
27. Upgrade Analytics
• Operations Management Suite - OMS
• Requires Azure Subscriptions
• Windows 10 Readiness
• Office Add-ins
• Site Discovery
28. Update Compliance
• OS Update Overview
• Overall Quality Update Status
• Latest Security Update Status
• Overall Feature Update Stat
• Current Branch (CB) Deployment Status
About the presenter:
Please do not hesitate to ask questions during the presentation, we will have a Q&A at the end of the presentation but I prefer a open dialog and see where it will take us
About me:
Microsoft MVP - Enterprise Mobility, Solution Architect, Technical Lead Microsoft Enterprise Mobility Suite (EMS) and Microsoft Partner Technology Solutions Professional (P-TSP)
Co-Owner of Everything Windows User Group Denmark
Find me:
E-mail: per.larsen@atea.dk
Phone: +45 3078 1828
Follow me:
Twitter: https://twitter.com/perlarsen1975/
LinkedIn: https://www.linkedin.com/in/perlarsen1975/
Join me:
Everything User Group Denmark: http://ewug.dk
#UpgradeYourWorld
It has been a journey, with lot’s of up’s and down’s and still is!
Let me introduce you to Tom and Bob…
The Windows 10 eco-system
For a successful implementation of Windows 10, a clear Workstyle Strategy is essential.
Do you have a Work style Strategy?
Do you have a Work place Strategy?
Do you have a BYOD strategy?
Do you have a Virtual Desktop Infrastructure strategy?
Devices
Do you have a (one) Device Strategy?
Windows 10
Do you have a OS Strategy?
Cloud
Do you have a Cloud Strategy?
Microsoft Azure AD
Office 365
Windows 10, one Windows across all devices
Let’s try to contextualize the achievement of Windows 10 being a converged platform for Microsoft.
Windows has been synonymous with a PC. However, as this slide illustrates, Windows devices are no longer just the realm of PCs – from IoT to Perceptive Pixel Interfaces (PPIs).
Reduce CTO
Hybrid – Cloud only
Enterprise Mobility + Security
Windows licens management
Simple Application deployment needs
Simple management needs
Not for all devices
Mobile Application Management (MAM) for Windows
The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10, version 1703.
Chrome Extention ”Windows 10 Accounts”
Gives Singel Signon and works with Conditional Access
Multi-user support for Windows 10 Creators Update
We've added support for multi-user management for devices that run the Windows 10 Creators Update and are Azure Active Directory domain-joined. This means that when different standard users log onto the device with their Azure AD credentials, they will receive any apps and policies that were assigned to their user name. Users cannot currently use the Company Portal for self-service scenarios like installing apps.
New CSP in Windows 10 Creators Update :
DynamicManagement CSP allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
CleanPC CSP allows removal of user-installed and pre-installed applications, with the option to persist user data.
BitLocker CSP is used to manage encryption of PCs and devices. For example, you can require storage card encryption on mobile devices, or require encryption for operating system drives.
NetworkProxy CSP is used to configure a proxy server for ethernet and Wi-Fi connections.
Office CSP enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see Configuration options for the Office Deployment Tool.
EnterpriseAppVManagement CSP is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM.
Live Demo
Microsoft Azure Active Directory
Microsoft Azure Active Directory (AAD)
Microsoft Azure Active Directory (AAD)
Microsoft Azure Active Directory (AAD)
Microsoft Azure Active Directory (AAD)
Microsoft Azure Active Directory | Bringing the cloud to enterprise devices
Windows 10 will be powered by Azure AD, giving you the options for:
Self-provisioning of corporate owned devices. With Windows 10, employees can configure a brand new device in the out-of-box experience, without IT involvement.
Use existing organizational accounts. Employees can use their Azure AD account to login to Windows (the same account they use to sign into Office365).
Automatic MDM enrollment. Windows 10 PC's and tablets can be automatically enrolled in an organizations device management solution as part of joining them to Azure AD. This will work with Microsoft Intune and with 3rd party MDMs.
Single Sign-On to company resources in the cloud. Users will get single sign-on from the Windows desktop to apps and resources in the cloud, such as Office 365 and thousands of business applications that rely on Azure AD for authentication.
Single Sign-on on-premises: Windows 10 PC's and tablets that are joined to Azure AD will also provide SSO to on-premises resources when connect to the corporate network and from anywhere with the Azure AD Application Proxy.
Enterprise-ready Windows store. The Windows Store will support app acquisition and licensing with Azure AD accounts. Organizations will be able to volume-license apps and make them available to the users in their organization.
Support for modern form factors. Azure AD Join will work on devices that don't have the traditional domain join capabilities.
Enterprise State Roaming. Things like OS settings, Desktop wall paper, Tile configuration, websites and Wi-Fi passwords will be synchronized across corporate owned Azure AD joined devices.
http://blogs.technet.com/b/ad/archive/2015/05/13/azure-active-directory-and-windows-10-making-the-enterprise-cloud-a-reality.aspx
Microsoft Azure Active Directory | Bringing the cloud to enterprise devices
Windows 10 will be powered by Azure AD, giving you the options for:
Self-provisioning of corporate owned devices. With Windows 10, employees can configure a brand new device in the out-of-box experience, without IT involvement.
Use existing organizational accounts. Employees can use their Azure AD account to login to Windows (the same account they use to sign into Office365).
Automatic MDM enrollment. Windows 10 PC's and tablets can be automatically enrolled in an organizations device management solution as part of joining them to Azure AD. This will work with Microsoft Intune and with 3rd party MDMs.
Single Sign-On to company resources in the cloud. Users will get single sign-on from the Windows desktop to apps and resources in the cloud, such as Office 365 and thousands of business applications that rely on Azure AD for authentication.
Single Sign-on on-premises: Windows 10 PC's and tablets that are joined to Azure AD will also provide SSO to on-premises resources when connect to the corporate network and from anywhere with the Azure AD Application Proxy.
Enterprise-ready Windows store. The Windows Store will support app acquisition and licensing with Azure AD accounts. Organizations will be able to volume-license apps and make them available to the users in their organization.
Support for modern form factors. Azure AD Join will work on devices that don't have the traditional domain join capabilities.
Enterprise State Roaming. Things like OS settings, Desktop wall paper, Tile configuration, websites and Wi-Fi passwords will be synchronized across corporate owned Azure AD joined devices.
http://blogs.technet.com/b/ad/archive/2015/05/13/azure-active-directory-and-windows-10-making-the-enterprise-cloud-a-reality.aspx
About AzureAD| What's new
Microsoft Upgrade Analytics
http://mms.Microsoft.com
Windows Defender Advanced Threat Protection is a new service that helps our enterprise customers to detect, investigate, and respond to advanced and targeted attacks on their networks.
Windows 10 is the most secure enterprise platform today, but cyberattacks are getting more sophisticated as they are using social engineering, zero-day vulnerabilities, or even misconfiguration to break into corporate networks. Thousands of such attacks were reported in 2015 alone.
Building on the existing pre-breach security defenses built into Windows 10, we have released a new service, Windows Defender Advanced Threat Protection (ATP), which provides a post-breach layer of protection.
Windows Defender Advanced Threat Protection is a new service that helps our enterprise customers to detect, investigate, and respond to advanced and targeted attacks on their networks.
Windows 10 is the most secure enterprise platform today, but cyberattacks are getting more sophisticated as they are using social engineering, zero-day vulnerabilities, or even misconfiguration to break into corporate networks. Thousands of such attacks were reported in 2015 alone.
Building on the existing pre-breach security defenses built into Windows 10, we have released a new service, Windows Defender Advanced Threat Protection (ATP), which provides a post-breach layer of protection.
https://securitycenter.windows.com
Microsoft Windows Store for Business
The one stop Store for Windows 10 Devices
Microsoft Windows Store for Business
The one stop Store for Windows 10 Devices
Designed for organizations
The Windows Store for Business is the place where IT decision makers and administrators find, acquire, manage, and distribute apps to Windows 10 devices.
Find and acquire
Quickly and easily find the right apps for your teams. Acquire apps individually or in volume.
Manage
Manage your organization’s inventory of apps in one place. You can assign, reclaim, or reassign licenses as well as control updates.
Distribute
Choose from scalable distribution options.
Using accounts assigned by your organization, directly provide apps to individuals and groups, or let employees find apps in your private store.
Connect your management server for more options.
Managing computers not connected to the internet? Distribute offline-licensed apps.
Windows Store for Business
Inject them into images as we've done with Desktop apps
Familiar tools: dism.exe, PowerShell (new noun: AppxVolume); MDT 2013 Update 2, System Center Configuration Manager via updates and then whatever ships with Windows Server 2016
They can be sysprep’ped
When the user first starts up, the app looks for a license and potentially whether that user is approved for the APP
All centrally controlled
Still have "deep links" as a deployment method as well
Let’s have a closer look: Microsoft Windows Store for Business
https://businessstore.microsoft.com/
https://www.microsoft.com/business-store/
https://www.microsoft.com/en-us/business-store/