Upload
jodie-west
View
216
Download
2
Tags:
Embed Size (px)
Citation preview
Spark the future.
May 4 – 8, 2015Chicago, IL
Preparing Your Infrastructure for Windows 10Samesh Singh
BRK3325
Session Outline
Devices and DeploymentManagement & SecurityIdentityCloud
“Preparing for Windows 10 Deployment: Application Compatibility and Planning” by Michael Niehaus
The End State Determines the Journey
Corporate Device (N-1)
Corporate Device
(N)
New Features
Continuous Innovation
Corporate Device Today
New Features
Corporate Device or xYOD
on Windows 10
New Features
New Features
Management
Deconstructing a Device
Device
Windows 10
My Personal Applications
My CorporateApplications
My Personal Settings
My CorporateSettings
My Personal Data
My CorporateData
My Personal Identity
My Corporat
e Identity
Devices & Deployment
Devices
Standard Deployment Windows 10 Features
BitLocker WDDM 1.1
BitLocker Passport Virtual Secure Mode Secure Boot Device Guard WDDM 2.0
BIOS / UEFI TPM 1.2
UEFI Trusted Platform Module
Wipe or Upgrade?
Windows 7 Windows 8 Windows 8.1 Windows 8.1 Update
Complexity User Experience Helpdesk Setup IR
Custom Solution MDT Upgrade Update
80% FTE 1 Year 95% FTE 8 Months 95% FTE 3 Months 95% FTE 5 Weeks
Considering an In-Place Upgrade
In-Place UpgradeAppsOperating
SystemDevice
“Deploying Windows 10: Back to Basics” by Tim Mintner
Consider Wipe ‘n Load when…
Operating SystemDevice Apps In-Place
Upgrade
BIOS UEFI Disk layout Custom WinPE New device
Architecture Base language Domain Change Local Admins Configuration
drift <Windows 7 RTM Custom image
Bulk app change
Refresh
Preparing Imaging Processes for Windows 10
Windows Imaging &
Configuration Designer
Deployment & Image Servicing &
Management
Microsoft Deployment Toolkit
System Center Configuration
Manager
User State Migration Tool
Recovery Image
“What’s new with OSD in System Center Configuration Manager and the Microsoft Deployment Toolkit ” by Aaron Czechowski
User State Migration Tool
/Drivers /PPKG
Migrating Device Drivers
Provisioning
Take off-the-shelf hardware
Apply a provisioning package
Device is ready for productive use
“Provisioning Windows 10 Devices with New Tools” by Vladimir Holostov
Man
ag
em
en
t
Ru
nti
me P
rovis
ion
ing
Deploy TimeProvisioning Package
My Personal Applications
My CorporateApplications
My Personal Settings
My CorporateSettings
My Personal Data
My CorporateData
My Personal Identity
My Corporate Identity
Provisioning
Device
Operating System Image
Out Of Box Experience
RuntimeProvisioning
Out of Box Provisioning
Preparing for Windows 10 Provisioning
Bootstrapping MDM Enrollment
Non-Domain, Non-MDM Windows 10
Out of box compliance
Configuration Service Providers
Review Your Image
Cloud Services
Azure Active Directory
Azure RMSMicrosoft Intune
Windows Store
Windows Management
Server Software System Center Configuration Manager
Microsoft Desktop Optimization Pack (MDOP)
Windows Server Active DirectoryGroup PolicyWindows Server Update Services (WSUS)
Windows Client
Windows Management Instrumentation (WMI)
Windows Remote Management (WinRM)Windows UpdateGroup Policy Client Mobile Device Management (MDM) Agent
PowerShellAppLocker
Local Management
MDM Client
Common Device Configurator
WMI providers
Provisioning Engine
MDM Configuration Service Providers (CSP’s)
EAS Client WMI Bridge
DEVICE/OS
SERVICE/SERVER
EASProvisioningMDM (Intune) ConfigMgr
Common component PC component
“Windows 10 Mobile Device Management in Depth” by Janani Vasudevan
Domain Impact
ActivationGroup Policy
WMI Filters
Windows Server Update Services
Active Directory
Active Directory Changes for…
Microsoft Passport
Enterprise Data
Protection
“Protecting your data with containers without boxing yourself in” by Yogesh Mehta
Configuration Manager
Product Supports Windows 10 Management?
Supports Windows 10 Deployment?
System Center Configuration Manager 2007
System Center 2012 Configuration Manager
System Center 2012 R2 Configuration Manager
System Center Configuration Manager v.Next
• Support for the new ADK for Windows 10 (2012 and above)• Upgrade task sequence (v.Next)
Configuration Manager
System Center Configuration Manager Technical Preview
Currently w/c 11 May Q4 CY 2015 In-Place Upgrade
vNext Technical Preview
All current System Center 2012 Configuration Manager R2 functionality for Windows 10
vNext System Center
Configuration Manager 2007 compatibility pack (no OSD or client deployment)
“Managing Windows 10 with Intune and System Center Configuration Manager” by Jason Githens & Mark Florida
Azure Active Directory
Cloud Identity
Independent cloud identity
Synchronized Identity
Single identity, enabling a same sign-on experience with password hash sync
Federated Identity
Single federated identity, enabling single sign-on in some scenarios and additional flexibility
Microsoft IntuneConfiguration Service ProviderA CSP is an interface to read, set, modify, or delete configuration settings on the device
SyncMLFile with all information to configure CSP
Sample SyncML - MinDevicePasswordLength<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncHdr> <VerDTD>1.2</VerDTD> <VerProto>DM/1.2</VerProto> <SessionID>1</SessionID> <MsgID>1</MsgID> <Target>
<LocURI>{unique device ID}</LocURI> </Target> <Source>
<LocURI>https://www.contoso.com/mgmt-server</LocURI> </Source> </SyncHdr> <SyncBody> <!-- update device setting --> <Replace>
<CmdID>2</CmdID> <Item>
<Target> <LocURI>./Vendor/MSFT/PolicyManager/My/DeviceLock/MinDevicePasswordLength</LocURI>
</Target> <Meta>
<Type xmlns="syncml:metinf">text/plain</Type> <Format xmlns="syncml:metinf">int</Format>
</Meta> <Data>6</Data> </Item>
</Replace> <Final /> </SyncBody> </SyncML>
OMA-URIOpen Mobile Alliance
Uniform Resource Uniform Resource
Identifier
Syn
cM
L
Syn
cH
ead
er
Syn
cB
od
y
Value
Device
Cloud Domain Join &Enrollment
How to Get Ready for Mobile Solutions
Common Identity(Active Directory + Azure Active Directory)
Device
Mobile Device Management
Data Protection & Access
Server Software Microsoft Desktop Optimization PackDaRT
System Center 2012 R2 Configuration Manager*
Upgrade possible Update to support
upgrade, deploy, manage
Windows Server Active Directory 2008 or later
Group PolicyADMX Update
Windows Server Update Services
Windows Update Activation
Windows Update
Windows Image In-Place Upgrade*
Windows 10 Image
MDT UpdateArchitectureConfiguration
DeviceFirmwareDisk Layout
Modernizing with Windows 10 – Heat Map
Extending with Windows 10 – Heat MapDeploymentProvisioning
New Windows ADKWICDMDM service
ManagementCM vNextMDM
New feature management and configuration
IdentityMicrosoft PassportWindows Hello
Azure ADAzure AD ConnectPKISchema/DCs
SecurityVirtualization-based security
Device GuardEnterprise Data Protection
Secure BootTrusted Boot
DeviceUEFI 2.3.1 or laterTPM 1.2 or laterVirtualization ExtensionsBiometric Reader
Quality-Based Releases
Enterprise-ready
CurrentBranch forBusiness
Long TermServicingBranchC
urr
en
t B
ran
ch
Hundredsof millions
Bro
ad
Exte
rnal
Flig
hts
Several million
Lim
ited
Exte
rnal
Flig
hts
100’s ofthousands
Bro
ad
In
tern
al
Valid
ati
on
10’s of thousands
En
gin
eeri
ng
B
uild
s
# Users
Time
Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.
Please evaluate this sessionYour feedback is important to us!
© 2015 Microsoft Corporation. All rights reserved.