windows 10 deploymentwindows 10 deployment in-depth overview michael niehaus @mniehaus...
TRANSCRIPT
Windows 10 DeploymentIn-Depth Overview
Michael [email protected]/mniehaus
Required Reading
Plan for Windows 10 Deploymenthttps://technet.microsoft.com/en-us/library/mt574241(v=vs.85).aspx
Introduction to Windows 10 Servicinghttps://technet.microsoft.com/en-us/library/mt598226(v=vs.85).aspx
Personal picture of your hobby or location picture
#MMSMOA
@mniehaus
Director of Product Marketing
http://blogs.technet.com/mniehaus
• 20 years with SMS/ConfigMgr
• 12 years with Microsoft
• 3 years with Windows product management
Redmond, WA, USA
Michael Niehaus
Only 1526 days until the end of support
for Windows 7
Windows 7 end of support date: January 14, 2020
Only 63 days until the end of support
for IE8, 9, and 10 on Windows 7
You need to move to IE11 by January 12, 2016. https://support.microsoft.com/en-us/gp/microsoft-internet-
explorer
Step 0. Get to Internet Explorer 11.
Enterprise Investments for Internet Explorer 11Help with Compatibility Issues
• Enterprise Mode, offering improved Internet Explorer 8 compatibility and document type overrides
• Enterprise Site Discovery Toolkit, to better understand how users are browsing
• All capabilities will be carried forward to Windows 10
A Natural Stepping Stone to Windows 10
• Migrate to Internet Explorer 11 on Windows 7 (before 2016) to prepare
• http://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx
Legacy Web Apps
Required Reading
Internet Explorer 11 (IE11) - Deployment Guide for IT Proshttps://technet.microsoft.com/en-us/library/dn338135.aspx
Stay up-to-date with Internet Explorerhttp://blogs.msdn.com/b/ie/archive/2014/08/07/stay-up-to-date-with-internet-explorer.aspx
Step 1. Prepare for Windows 10.
ConfigMgr and MDT Support for Windows 10
Configuration Manager v.Next Enhancements• Upgrade task sequence• Windows 10 configuration support• New Windows 10 servicing features• Configuration Manager as a service, to support Windows 10
CB/CBB
MDT 2013 Update 1 (re-release) Enhancements• Upgrade task sequence• Split WIM support• DISM for applying and capturing images• Bug fixes
Product Supports Windows 10 Management?
Supports Windows 10 Deployment?
System Center Configuration Manager 2007 with hotfix
System Center 2012 Configuration Manager with SP2
System Center 2012 R2 Configuration Manager
with SP1
System Center Configuration Manager v.Next
Microsoft Deployment Toolkit 2013 with Update 1
Required Reading
The Future of Configuration Managerhttp://blogs.technet.com/b/in_the_cloud/archive/2015/10/27/the-future-of-configuration-manager.aspx
System Center Configuration Manager: Support for Windows 10 and Microsoft Intunehttp://blogs.technet.com/b/configmgrteam/archive/2015/10/27/system-center-configmgr-support-for-win-10-and-intune.aspx
Windows update needed to support Windows 10 with existing KMS servers (Windows Server)• https://support.microsoft.com/en-us/kb/3058168 adds support with Windows 8,
Windows 8.1, Windows Server 2012, Windows Server 2012 R2• https://support.microsoft.com/en-us/kb/3079821 adds support for Windows 7 and
Windows Server 2008 R2
New KMS and MAK keys needed, available on VLSC on 8/1• Look for “Windows Srv 2012R2 Data Ctr/Std KMS for Windows 10” on VLSC under
licenses, not under downloads and keys
Continued support for Active Directory-based activation (re-configure with new KMS key)
Windows 10 Activation
Windows Server 2008 R2 and above• Previous versions are no longer supported, upgrade now
• Update KMS with a hotfix, as already discussed
• Any forest level, functional level, schema level (although some specific features may require higher)
Consider upgrading to Windows Server 2012 or above• WSUS support for deploying Windows 10 feature upgrades via hotfix
http://support.microsoft.com/kb/3095113
• Won’t be backported to Windows Server 2008 R2 (already in extended support)
• Be sure to select new products (for WSUS and ConfigMgr SUP)
Keep an eye on Windows Server 2016
Windows Server support for Windows 10
MDOP 2015 (released in August) adds Windows 10 support, via service pack-style releases
MDOP Support for Windows 10
Product Required/Recommended Version
AGPM AGPM 4.0 SP3
App-V App-V 5.1
DaRT DaRT 10
MBAM MBAM 2.5 SP1, 2.5 is OK
UE-V UE-V 2.1 SP1
App-V 5.1 Enhancements
App-V 5 Adoption
Application Compatibility Manageability
Added Windows 10 support
Added Advanced Package Editor Abilities
Expanded Copy-on-Write to support more file extensions
Environment Variables are merged in Connection Groups
Modernized the App-V Server User Interface
Consolidated and simplified client logging
Improved Q:\ drive support for App-V 4 package conversion
Added support for multiple scripts per trigger
UE-V 2.1 SP1 Enhancements
Windows 10Network Printers Others
Network printers synchronized between devices
Synchronized default printer setting
Improved performance when deploying templates from a Template Catalog
Fixed automatic population of AD Home Path for Setting Storage Path configuration
Added Windows 10 compatibility
New Windows 10 desktop settings
Improve MBAM server logging and diagnostic
abilities
TPM Auto-Unlock after BitLocker Recovery
Customize the message in the BitLocker
Recovery Screen (Win10)
Full Windows 10 support
Encrypted Hard Drive support
International Domain Name support
FIPS compliant recovery password support on Windows 7 (requires
Windows hotfix: http://aka.ms/bitlockerfips)
Deployability
Manageability
Industry Compatibilit
yImprove managing the
enablement of BitLocker during Windows Imaging
Import BitlLocker/TPM recovery information
from AD to MBAM
Backup Windows-created TPM OwnerAuth (not just
MBAM-created)
MBAM 2.5 SP1 Enhancements
Step 2. Deploy Windows 10.
How to deploy
Wipe-and-LoadTraditional process• Capture data and settings• Deploy (custom) OS image• Inject drivers• Install apps• Restore data and settings
Still an option for all scenarios
In-PlaceLet Windows do the work• Preserve all data, settings,
apps, drivers• Install (standard) OS image• Restore everything
Recommended for existing devices (Windows 7/8/8.1)
ProvisioningConfigure new devices• Transform into an Enterprise
device• Remove extra items, add
organizational apps and config
New capability for new devices
Moving In-place
• Supported with Windows 7, Windows 8, and Windows 8.1
• Consumers use Windows Update, but enterprises want more control
• Use System Center Configuration Manager or MDT for managing the process
• Uses the standard Windows 10 image
• Automatically preserves existing apps, settings, and drivers
• Fast and reliable, with automatic roll-back if issues are encountered
• Popular for Windows 8 to Windows 8.1
• Piloted process with a customer to upgrade from Windows 7 to Windows 8.1, as a learning process
• Feedback integrated into Windows 10 to provide additional capabilities for automation, drivers, logging, etc.
• Working with ISVs for disk encryption
Preferred option for enterprises Simplified process, builds on prior experience
Moving In-place
ConfigMgr v.Next
MDT 2013 Update 1
When not to use in-place upgrade?• Changing from Windows x86 to x64• Systems using Windows To Go, Boot from VHD• Changing from legacy BIOS to UEFI• Dual boot and multi-boot systems• Image creation processes (can’t sysprep after
upgrade)• Using certain third-party disk encryption
products• Wholesale changes to the apps on existing PCs
Provisioning, not reimaging
Take off-the-shelf hardware
Transform with little or no user interaction
Device is ready for productive use
Provisioning, not reimaging
• Company-owned devices:Azure AD join, either during OOBE or after from Settings
• BYOD devices:“Add a work account” for device registration
• Automatic MDM enrollment as part of both
• MDM policies pushed down:
• Change the Windows SKU
• Apply settings
• Install apps
• Create provisioning package using Windows Imaging and Configuration Designer with needed settings:
• Change Windows SKU
• Apply settings
• Install apps and updates
• Enroll a device for ongoing management (just enough to bootstrap)
• Deploy manually, add to images
User-driven, from the cloud IT-driven, using new tools
Enhancements to existing tools
Minimal changes to existing deployment processes
• New Assessment and Deployment Kit includes support for Windows 10, while continuing to support down to Windows 7
• Minor updates to System Center 2012 to add support
• Minor updates in Microsoft Deployment Toolkit 2013 Update 1 to add support
• Will feel “natural” to IT Pros used to deploying Windows 7 and Windows 8.1
• Drop in a Windows 10 image, use it to create your new master image
• Capture a Windows 10 image, use it for wipe-and-load deployments
Traditional Deployment
App & Device Compatibility
• Hardware requirements are unchanged• Strong desktop app compatibility• Windows Store apps are compatible• Internet Explorer enterprise investments
Step 3. Keep Windows 10 up to date.
*Conceptual illustration only
Current Branch for BusinessCurrent BranchMicrosoftInsider Preview Branch
Broad Microsoft internal validation
Engineering builds
Users
10’s of thousands
Several Million
Hundredsof millions
Time
4 to 6 months
4 months
8 months
Customer Internal Ring I
Customer Internal Ring II
Customer Internal Ring III
Customer Internal Ring IV
Market driven quality: external and internal
Application Compatibility TestingWindows as a Service requires a new approach:
Identify mission-critical applications and web sites• Focus testing effort on just these apps
Leverage internal flights for testing other applications and web sites• From initial pilot groups to large populations of users
• Define groups to ensure broad hardware and software coverage prior to broad deployment
• React to issues reported, remediate issues before expanding
Talk to your ISVs to determine how they plan to support Windows as a service
Costs for deployment
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Traditional deployment (every 3-5 years)
Apps Infra Imaging
2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028
Windows as a service (2-3 times per year)
Apps Infra Imaging
Current Branch for Business
Stage broad deployment
Information workersGeneral population
Long Term Servicing Branch
Deploy for mission critical systems
Specialized systems
Specific feature and performance feedback
Application compatibility validation
Windows Insider Preview Branch
Test machines, small pilots
Current Branch
Deploy to appropriate audiences
Test and prepare for broad deployment
Early adopters, initial pilots, IT devices
STAGE
NU
MB
ER
OF D
EV
ICES
Release
Thinking through deployment strategy
Configuring to receive feature upgrades via CBB
If you are using WSUS or ConfigMgr, the setting doesn’t really matter. Affects Windows Update.
Computer Configuration -> Administrative Templates -> Windows Components ->
Windows Update
Settings-> Update and Security-> Windows Update -> Advanced Options
What to deploy
Microsoft Windows 10 Enterprise(Current Branch, Current Branch for
Business)
Microsoft Windows 10 Enterprise 2015 LTSB
Windows Insider Preview Branch
Specific feature and performance feedback
Application compatibility validation
When to deploy
Stage broad deployment via WU for
Business
Current Branch For Business
Deploy to appropriate audiences via WUB
Test and prepare for broad deployment
Current Branch
Evaluate Pilot Deploy
4-8 months of active development
4 months (minimum) 8 months (minimum)
12 month deployment (minimum)
When to deploy
• There will be two supported CBB releases in the market at all times• Be prepared to jump from one release to the next• Don’t try to skip one, as it compresses the deployment timeline too
much
Evaluate Pilot Deploy
Evaluate Pilot Deploy
Evaluate Pilot Deploy
Staying up to date with Windows 10
Windows Update
• Cloud• Upgrades
installed as they are released (subject to throttling)
• Delivery optimization for peer-to-peer distribution
• Only option for Windows 10 Home
Windows Update for Business
• Cloud• Upgrades can be
deferred• Uses Windows
Update for content
Windows Server Update Services
• On-Prem• Upgrades are
deployed when you approve them
• Content distributed from WSUS servers
• Requires KB3095113
System Center Configuration
Manager• On-Prem• Choice of task
sequence-based upgrades or (with vNext) software update capabilities
• Content distributed from ConfigMgr DPs
Configuring Windows Update for Business
Computer Configuration -> Administrative Templates ->
Windows Components -> Windows Update
Step 1. Point all computers to Windows Update directly (no WSUS or SUP)
Step 2. Create policies (GPO) or settings (MDM) to specify how long groups of machines should defer.
Step 3. Target policies or settings to different groups of PCs.
Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS!Session Title: Deploying Windows 10 in the Enterprise
Discuss…
Ask your questions-real world answers!Plenty of time to engage, share knowledge.
SPO
NSO
RS