1 / 55

What’s new in Windows 10 mobile device management (MDM)

What’s new in Windows 10 mobile device management (MDM). Heena Macwan (Sr. Program Manager Lead). BRK3017. OS manageability. NOT READY. Platform readiness by GP parity. 17%. 28%. 28%. 27%. 0% gap between GP settings and MDM. IE manageability only. 1-10% settings gap .

jubal
Download Presentation

What’s new in Windows 10 mobile device management (MDM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s new in Windows 10 mobile device management (MDM) Heena Macwan (Sr. Program Manager Lead) BRK3017

  2. OS manageability NOT READY

  3. Platform readiness by GP parity 17% 28% 28% 27% 0% gap between GP settings and MDM IE manageability only 1-10% settings gap > 10% settings gap

  4. Platform readiness by scenarios • Security baselines • S mode unlock • Privacy policies • Kiosk management • Other improvements

  5. Simplicity Productivity • Why do organizations need endpoint management ? Unified Endpoint Management Security

  6. The Digital Transformation The Modern Workplace The Classic Workplace

  7. Management architectures: Cloud only Cloud Modern Management Intune & Azure Active Directory

  8. Management architectures: On-prem only AD & ConfigMgr Device Compliance Patching Software Distribution On-premises

  9. Management architectures: Co-managed AD & ConfigMgr Device Compliance Patching Software Distribution Cloud Modern Management Intune & Azure Active Directory On-premises

  10. Co-management Paths New Devices Existing Devices • Hybrid AAD Joined (DJ++) • + ConfigMgr agent • Hybrid AAD Joined (DJ++) • + Intune MDM

  11. Getting Ready for Cloud Attach • ** Optional, only for cloud born devices bootstrapping ConfigMgr client

  12. Management Powered by the M365 Cloud (BRK3021)

  13. Microsoft MDM security baseline

  14. IT admin security policies concerns… • Want easy and efficient way to secure devices • Want industry standard security policies • Want approval by security counterparts • Want security compliance monitoring • Want easy and intuitive change management without downtime Microsoft MDM security baseline will release with RS5 GA

  15. Security baseline creation process Microsoft Security Assurance External security experts Customer input Applicable for MDM/ AADJ? Microsoft GP based security baseline Microsoft MDM security baseline Yes Microsoft Companion GPO Security baseline No

  16. Criteria for exclusion from MDM security baseline SAMPLE Also available publicly in Oct

  17. Customer voice for security baselines Positive feedback from 3 customers General Electric Digital Given the transition from traditional endpoint management tools, it is becoming increasingly critical to understand the strategy behind including or excluding settings from Windows CSP and MDM. Microsoft guidance on the rationale behind the exclusion of settings in modern management tools will help IT organizations shift away from legacy management methods and mindsets. • Coca-Cola • Generally this looks good. Here are a few comments to make the reasons clear. • Where the item has been deprecated because there is a different setting that should be in place, provide a link or at least the name of that setting so it’s easy to look-up and confirm it has been configured. • When stating next major release, clarify if it’s the next release of Intune, or the next release of Windows, or will it require both to be updated. • For an item like where it recommends disabling the Built-in Administrator account as an alternative, it would be good to know if there is still a CSP available or not if for some reason we cannot disable the Built-in Administrator account. New Signature This is exactly what we’d hope to see. The level is just enough to be useful toquickly scroll through and see what Microsoft’s recommendations are. The only thing the team noticed was that it might be nice to carve out the deprecated ones into a separate section along with those expirations as we could quickly verify whether a customer had any that way.

  18. Cloud managed security baseline Cloud Modern Management Intune & Azure Active Directory Microsoft MDM security baseline

  19. Co-managed security baseline option 1 AD & ConfigMgr Device Compliance Patching Software Distribution Cloud Modern Management Intune & Azure Active Directory On-premises Microsoft GP based security baseline Keep doing what you are doing, but if you want more….

  20. Co-managed security baseline option 2 AD & ConfigMgr Device Compliance Patching Software Distribution Cloud Modern Management Intune & Azure Active Directory Microsoft MDM security baseline On-premises Microsoft GP based security baseline MDM security baseline for better compliance reporting , Conditional access and M365 ATP integration (immediate cloud attach value)

  21. Co-managed security baseline option 2 AD & ConfigMgr Device Compliance Patching Software Distribution Cloud Modern Management Intune & Azure Active Directory Microsoft MDM security baseline On-premises Microsoft Companion GPO Security baseline Cloud value still holds

  22. Demo: MDM security baseline using Intune

  23. Platform updates • Security settings • User rights policies (RS4) • More Windows Defender Security Center UI control policies (RS4) • New IE setting (RS4) and Edge manageability (RS4, RS5) • New security options policies (RS4) • Additional bit-locker policies for standard user encryption (RS5) • New Windows Defender Device Guard polices (RS4) • More Windows Hello of Business policies (RS5) • Additional WIP settings (Rs4, RS5)

  24. Windows 10 S mode management

  25. Windows 10 in S mode Value Proposition Performance that lasts Microsoft-Verified Security Enduring Customer Satisfaction Modernize the Windows Experience

  26. Enduring Customer Satisfaction 15% Longer Battery Life 15% longer Faster Boot-up Time Up to 80% better boot performance* for the life of the device Security and Protection Every application is Microsoft-verified Delivered Through Store and Universal Drivers Increased Product Satisfaction

  27. Platform updates • S mode settings • IT admin can unlock the device via MDM • IT admin can block end users from opting out of S mode

  28. Platform updates • Privacy compliance made easy • End user override of the IT defined telemetry levels (RS4) • New Zero Day exhaust privacy policies (RS5) • Kiosk devices for Firstline workers (BRK3016) • Multi- app support, fast login, app update policies, reboot notification, Kiosk browser policies (RS4, RS5) • Additional improvements • Touch keypad policies (RS4) • Remote management policies (RS4) • New device update policies (RS5)

  29. Tooling updates • MDM Migration Analysis Tool (MMAT) http://aka.ms/MMAT • GP to MDM mapping for your domain joined devices. • Updated with RS5 capabilities • Added 2 new columns of data based on customer feedback; MDM CSP settings URI and Windows OS Version

  30. MMAT tool demo

  31. Learn more about cloud-connected • management with Microsoft Intune

  32. Ready - Set … • Takeaways • Co-manage devices get your cloud value today • MDM Platform is ready more than you think it is • Microsoft MDM security baseline will ship with RS5, available to all vendors to integrate

  33. Go!!! • Call to action • Turn on co-management for your on-prem devices - today • Use MDM security baseline to secure your devices – mid Oct • Use http://aka.ms/MMAT to report missing MDM hooks for settings you care about – late Oct Keep providing feedback, help us help you do you job better!!!

  34. Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

More Related