Free, online, technical courses

Take a free online course.http://www.microsoftvirtualacademy.com

Microsoft Virtual Academy

What's new in Windows 10 Management and the Windows Store

Anthony BartoloTechnical EvangelistEmail abartolo@Microsoft.comTwitter: @WirelessLife

Pierre RomanMicrosoft CanadaEmail pierre.roman@Microsoft.comTwitter: @PierreRoman

Windows offers the management features that businesses need.

Business needs are evolving. Windows 10 offers management choices to meet those needs.

Evolving business needsRecent past9 to 5, Monday through Friday employees at work

PCs on a LAN, connected to domain

Corporate supplied and managed devices

One device ecosystem

Extended operating system/servicing lifecycle

On-premises applications and file sharing

Access controls contained within organizational

Deep corporate management controls and policies

Malware as vandalism and criminal activity

Network perimeter as a viable defense boundary

Vertically-integrated devices for task workers

Mobile-first, device-first24x7x365 blur of work and personal activity

Laptops, tablets, phones anywhere (on any network)

Corporate and BYOD, business, and personal apps/data

Heterogeneous ecosystems (Windows, iOS, Android, Chrome)

A faster upgrade cadence; shorter device lifecycle

SaaS applications and file sharing services

Access controls span organizations, apps, individuals

Lighter cloud-based management with fewer controls

Malware as espionage and weaponry

Must operate under assumed breach of network

Dynamically adapting devices for task workers

Management choicesWorks with existing infrastructureContinued support for group policy and WMI

Advanced MDM supportConsistent across PC/phoneFirst and third-party solutions

Management choicesAvailable choices

Identity Active Directory; Azure Active Directory

Management Group Policy, System Center Configuration Manager, third party PC management; Intune, third-party MDM

Updates Windows Update; Windows Server Update Services (Windows US); Intune, third-party MDM

Infrastructure On-premises or in the cloud

Ownership Corporate-owned, CYOD; BYOD

Organizations may mix and match, depending on their specific scenario

Management choicesBasic Lightweight Full controlExchange ActiveSync Active Directory and/or

Azure Active DirectoryMobile Device Management

Active DirectoryGroup PolicySystem Center

Windows update Windows update/MDM Windows US

BYOD (personal) devicesEmail access only

Company-owned and BYOD devicesInternet-facing or corporate network

Company-owned devicesCorporate network

Windows management featuresProducts Windows Server Cloud servicesSystem Center Configuration ManagerMicrosoft Desktop Optimization Pack (MDOP)

Active DirectoryGroup PolicyWindows Server Update Services (Windows US)

Azure Active DirectoryAzure RMSMicrosoft IntuneWindows StoreWindows Update

Windows clientWindows Management Instrumentation (WMI)Windows Remote Management (WinRM)Windows updateGroup policy client

Mobile Device Management (MDM)PowerShellAppLocker

Windows 10 works with existing infrastructure

Updates will be required. New OS features may require newer versions for full support.

Product Supports Windows 10 management

Supports Windows 10 deployment

System Center 2012 R2Configuration Manager System Center 2012Configuration Manager System Center Configuration Manager 2007 Windows Server 2012 R2Windows Server 2012Windows Server 2008

Microsoft Deployment Toolkit 2013

Mobile device management

BYOD: simple security settings

Device Lockdown

Fully managed corporate device

Windows 8.1 Windows 10

Phone Desktop Phone Desktop

Significant investments in added functionality for both mobile and desktop devices

MDM in Windows 10

One consistent set of MDM capabilities

across Mobile, Desktop, and IoT

• Provisioning• Bulk enrollment• Simple bootstrap• Converged protocol• Azure AD Integration

• Extended set of policiesClient certificate management

• Enterprise WiFi• VPN management• Email provisioning• MDM push• Device update control• Kiosk, Start screen, Start

menu configuration and control

• Curated Windows Store• Business store app

deployment; license reclaim• Enterprise app management• Simplified LOB app

management• Win32 (MSI) app management• App inventory (LOB/store apps)• App allow/deny lists via

AppLocker• Enterprise data protection

• Full device wipe • Remote lock, PIN reset,

ring, and find• Enhanced inventory for

compliance decisions

• Un-enrollment with alerts• Removal of Enterprise

configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)

ENROLLMENT

INVEN

TORY

APPLICATION

MANAGEMENT

DEVICE

CONFIGURATIO

N AND

SECURITY

REM

OTE

AS

SIST

ANCE

UNENROLLMENT

• Additional device inventory

Identity choicesActive Directory provides key business identity and security capabilitiesAzure Active Directory takes this to the cloudBoth work togetherWindows 10 fully leverages both

Windows 10 identity choicesOrganization owned Personally owned

(BYOD)

Computer joins Active Directory to establish trustUser signs on using Active Directory accountGroup Policy + System Center

Computer joins Azure Active Directory to establish trustUser signs on using Azure Active Directory accountIntune/MDMSettings roaming

Computer registers with Active Directory or Azure Active Directory

via device registration to establish trust for remote resource accessUser signs in with a Microsoft account, associates an Azure Active Directory accountIntune/MDM

Single sign-on to enterprise + cloud-based services

Azure Active DirectorySelf-service Single

sign-on

•••••••••••Username

Simple connection

Cloud

SaaSAzure

Office 365Intune

Other Directories

Windows ServerActive Directory

On-premises Microsoft Azure Active Directory

Device management vision“Single pane of glass” for managing all your devices

IT Administrator

Single admin console

Windows PCs(x86/x64, Intel SOC), Windows To Go, Windows Embedded

Organization-owned, on-premises

Windows PCs(x86/x64, Intel SOC)

Windows mobile/phone devices

Organization-owned or personally-owned (BYOD), internet-connected

iOS/Android

Microsoft System Center Configuration Manager

Group PolicyNew in Windows 10 New from Windows 7

New policies to support Windows 10 features:• Start screen and start menu management• Edge Browser (Project Spartan) settings• Next-generation credential PIN settings• Windows app management

Capabilities from Windows 8.1:• Policy caching• IPv6 support for printers, VPN, targeting

Capabilities from Windows 8:• Sign-in optimization for DirectAccess clients• Better use of larger registry policies (registry.pol)• Remote group policy refresh (GPUpdate)• More efficient background processing

Microsoft Desktop Optimization Pack (MDOP)Full support for Windows 10 at general availability, with updates for:App-VUE-VMBAM DaRTAGPM

An app store that’s open for businessVolume purchasingFlexible distributionLicense reclaim/re-useYour company store

Windows 8.1 at a glanceWindows Store “Company Portal”

• Modern apps• Sign in with MSA• Pay with credit card, gift card, PayPal,

Alipay, INICIS, mobile operators (phone)

• MDM-driven• Side-load line-of-business modern

apps• Link to apps in the Windows Store

One Windows StoreConvergence

• Converged developer portal for Windows and Windows Phone• Separate user and developer capabilities• Fully converged experience• Best features from each• New capabilities

Windows 8.1

Windows Phone 8.1

Xbox

Windows 10

Introducing the business storeA website for businesses, schools, or other organizations• Free to use, easy to sign up• Used by IT administrators, purchasers

Provides key functionality for acquiring, using, and deploying apps in an organization• Including line-of-business apps

Complements the Windows Store and existing management solutions• Flexible scenarios for any need

Windows 10 at a glanceWindows Store Business store “Company portal”

Modern appsSign in with MSAPay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators

Modern appsLeverages Azure Active Directory for administration, some scenariosPrivate organization store for the organization’s preferred or LOB appsPay with credit card or PO/invoiceDeploy modern apps offline, in images, and moreModern app license management

Side-load line-of-business modern appsDeploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through Business Store integration using MDM

Scenarios for any needFlexible app deployment Support for any

organizationSimplify via convergence

Online, offline, or included in imagesThrough the store, via MDM, or using System CenterLOB apps can be kept private

Teacher and classroomSmall businesses and other organizationsLarge enterprises

One store, one dev center, one business storeUniversal apps across all device typesReconciled side-loading processes

Working with store appsBusiness store scenarios

Online OfflineAll org users need Azure Active Directory accountsInstallation files managed and deployed by the Windows StoreLicenses tracked by the Windows StoreUpdates installed via Windows update

Org users do not need Azure Active Directory accounts Installation files are downloaded and deployed using organization’s infrastructureNo license trackingUpdates installed via Windows update

Private store MDM/Configuration Manager(deep links)

Direct assignment

Imaging MDM/Configuration Manager (side-load)

Manual

Business store• Allows orgs to acquire apps, manage licenses, download app files• Pay using standard business methods, including purchase orders,

invoices, and credit cards

Private store inside the Windows Store• Fully curated list of apps from within the Windows Store• Can include public apps as well as line-of-business apps

Full management support• Mobile Device Management (MDM) control

(using services such as Intune)• Control for agent-based management solutions

(such as System Center Configuration Manager)

Key investment summary

Getting ready for Windows 10Set up Azure Active DirectoryGet current with System Center Configuration Manager and Windows ServerConsider mobile device needsThink about scenario-based managementWork with Windows apps

Deep technical content and free product evaluations

Hands-on deep technical labs

Free, online, technical courses

Download Microsoft software trials today.

Find Hand On Labs. Take a free online course.

Technet.microsoft.com/evalcenter

Technet.microsoft.com/virtuallabs

microsoftvirtualacademy.com

At the TechNet Evaluation Center you can download free, trial versions of Microsoft software, with no feature limits. Dozens of trials are available – all at no cost. Try Windows Server 2012 R2 for up to 180 days. Download the Windows 8.1 Enterprise 90-day evaluation. Or try Microsoft Azure at no-cost for up to 90 days.

Microsoft Hands On Labs offer virtual environments that will take you through guided, technically deep product learning experience.Learn at your own pace in labs that you can complete in 90 minutes or less. There is no complex setup or installation is required to use TechNet Virtual Labs.

Microsoft Virtual Academy provides free online training on the IT scenarios that are important to your company and your career. Learn at your own pace and boost your IT skills with over 100 courses across more than 15 Microsoft technologies including Windows Server, Windows 8, Microsoft Azure, Office 365, virtualization, Windows Phone, and more.

TechNet Virtual Labs

© 2015 Microsoft Corporation. All rights reserved.