350 likes | 362 Views
Explore the latest features in Windows 10 Management designed to address evolving business needs. Discover management choices, working with existing infrastructure, and advanced MDM support. Learn about Windows Update, Active Directory, Mobile Device Management, and more with this comprehensive guide.
E N D
What's New in Windows 10 Management and the Windows Store Michael Niehaus Senior Product Manager mniehaus@microsoft.com BRK3330
Windows offers the management features that businesses need.
Business needs are evolving. Windows 10 offers management choices to meet those needs.
Management Choices Works with existing infrastructure Continued support for Group Policy and WMI Advanced MDM support Consistent across PC/phone 1st and 3rd party solutions
Management Choices Organizations may mix and match, depending on their specific scenario
Management Choices Basic Lightweight Full Control Exchange ActiveSync Active Directory and/orAzure Active Directory Mobile Device Management Active Directory Group Policy System Center Windows Update Windows Update/MDM WSUS BYOD (personal) devices E-mail access only Company-owned and BYOD devices Internet-facing or corporate network Company-owned devices Corporate network
Windows Management Features Products System Center Configuration ManagerMicrosoft Desktop Optimization Pack (MDOP) Cloud Services Azure Active DirectoryAzure RMSMicrosoft IntuneWindows StoreWindows Update Windows Server Active DirectoryGroup PolicyWindows Server Update Services (WSUS) Windows Client Windows Management Instrumentation (WMI)Windows Remote Management (WinRM)Windows UpdateGroup Policy Client Mobile Device Management (MDM)PowerShellAppLocker
Windows 10 Works with Existing Infrastructure Updates will be required. New OS features may require newer versions for full support.
Mobile Device Management Significant investments in added functionality for both mobile and desktop devices Fully managed corporate device Device Lockdown BYOD: simple security settings Phone Desktop Phone Desktop
MDM in Windows 10 ENROLLMENT • Unenrollment with alerts • Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) • Provisioning • Bulk enrollment • Simple bootstrap • Converged protocol • Azure AD Integration UNENROLLMENT INVENTORY One consistent set of MDM capabilities across Mobile, Desktop, and IoT • Full device wipe • Remote Lock, PIN reset, Ring, & Find • Enhanced inventory for compliance decisions REMOTE ASSISTANCE • Additional device inventory DEVICE CONFIGURATION AND SECURITY • Extended set of policiesClient certificate management • Enterprise Wi-Fi • VPN management • Email provisioning • MDM Push • Device Update control • Kiosk, Start screen, Start menu configuration and control • Curated Windows Store • Business Storeapp deployment; license reclaim • Enterprise App management • Simplified LOB app management • Win32 (MSI) app management • App inventory (LOB/store apps) • App allow/deny lists via Applocker • Enterprise data protection APPLICATION MANAGEMENT
For More Information Janani Vasudevan Senior Program Manager, Microsoft Thursday, May 7 1:30 PM - 2:45 PM N426 Windows 10 Mobile Device Management (MDM) in Depth
Identity Choices Active Directory provides key business identity and security capabilities Azure Active Directory takes this to the cloud Both work together Windows 10 fully leverages both
Windows 10 Identity Choices Personally Owned (BYOD) Organization Owned Azure Active Directory • Computer joins AD to establish trust • User signs on using AD account • Group Policy + System Center • Computer joins Azure AD to establish trust • User signs on using Azure AD account • Intune/MDM • Settings roaming • Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access • User signs in with a Microsoft account, associates an Azure AD account • Intune/MDM Active Directory Single sign-on to enterprise + cloud-based services
Azure Active Directory Single sign on Simple connection Self-service Windows Server Active Directory SaaS Other Directories Azure Username ••••••••••• Office 365 Intune On-premises Cloud Microsoft Azure Active Directory
Demo Azure Active Directory
For More Information Jairo Cadena Program Manager, Microsoft Friday, May 8 12:30pm - 1:45pm S103 Microsoft Azure Active Directory and Windows 10: Better Together for Work or School
Device Management VisionA “single pane of glass” for managing all of your devices Windows PCs (x86/x64, Intel SOC), Windows To Go, Windows Embedded Organization-owned, on-premises Single admin console Windows PCs (x86/x64, Intel SOC) Windows mobile/phone devices Organization-owned or personally-owned (BYOD), internet-connected iOS / Android IT Administrator Intune
Demo Deploying a line-of-business Windows app
Group Policy New in Windows 10 New from Windows 7 New policies to support Windows 10 features: • Start screen and start menu management • “Project Spartan” settings • Next-Generation Credential PIN settings • Windows app management Capabilities from Windows 8.1: • Policy caching • IPv6 support for printers, VPN, targeting Capabilities from Windows 8: • Sign-in optimization for DirectAccess clients • Better use of larger registry policies (registry.pol) • Remote group policy refresh (GPUpdate) • More efficient background processing
Microsoft Desktop Optimization Pack (MDOP) Full support for Windows 10 at general availability, with updates for: App-V UE-V MBAM DaRT AGPM
An App Store That’s Open for Business Volume purchasing Flexible distribution License reclaim/re-use Your company store
Windows 8.1 at a Glance “Company Portal” Windows Store • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) • MDM-driven • Sideload line-of-business modern apps • Link to apps in the Windows Store
One Windows StoreConvergence WINDOWS 8.1 WINDOWS 10 WINDOWSPHONE 8.1 XBOX • Converged developer portal for Windows and Windows Phone • Separate user and developer capabilities • Fully converged experience • Best features from each • New capabilities
Introducing the Business Store A web site for businesses, schools, or other organizations Free to use, easy to sign up Used by IT administrators, purchasers Provides key functionality for acquiring, using, and deploying apps in an organization Including line-of-business apps Complements the Windows Store and existing management solutions Flexible scenarios for any need
Windows 10 at a Glance Windows Store Business Store “Company Portal” • Modern apps • Sign in with MSA • Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators • Modern apps • Leverages Azure Active Directory for administration, some scenarios • Private organization store for the org’s preferred or LOB apps • Pay with credit card or PO/invoice • Deploy modern apps offline, in images, and more • Modern app license management • Sideload line-of-business modern apps • Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through Business Store integration using MDM
Scenarios for any need • Flexible app deployment • Online, offline, or included in images • Through the store, via MDM, or using System Center • LOB apps can be kept private • Support for any organization • Teacher and classroom • Small businesses and other organizations • Large enterprises • Simplify via convergence • One store, one Dev Center, one Business Store • Universal apps across all device types • Reconciled sideloadingprocesses
Working with Store AppsBusiness Store Scenarios Offline Online • All org users need Azure AD accounts • Installation files managed and deployed by the Windows Store • Licenses tracked by the Windows Store • Updates installed via Windows Update • Org users do not need Azure AD accounts • Installation files are downloaded and deployed using org’s infrastructure • No license tracking • Updates installed via Windows Update Private Store MDM / ConfigMgr(deep links) Direct Assignment Imaging MDM / ConfigMgr(sideload) Manual
Demo Business Store
For More Information Ford McKinstry Principal Program Manager Lead, Microsoft Tejas Patel Senior Program Manager, Microsoft Thursday, May 7 1:30pm - 2:45pm S503 Using the Business Store with Windows 10 Devices
Key Investment Summary Business Store Allows orgs to acquire apps, manage licenses, download app files Pay using standard business methods, including purchase orders, invoices, and credit cards Private Store inside the Windows Store Fully curated list of apps from within the Windows Store Can include public apps as well as Line-of-Business apps Full management support Mobile device management (MDM) control (using services such as Intune) Control for agent-based management solutions (such as System Center Configuration Manager)
Getting Ready for Windows 10 Set up Azure Active Directory Get current with System Center Configuration Manager and Windows Server Consider mobile device needs Think about scenario-based management Work with Windows apps
Please evaluate this session Your feedback is important to us! VisitMyigniteathttp://myignite.microsoft.comor download and use the Ignite Mobile Appwith the QR code above.