Transcript Windows offers the management features that businesses need. Business needs are evolving. Windows 10 offers management choices to meet those needs.

Windows offers the management
features that businesses need.
Business needs are evolving.
Windows 10 offers management
choices to meet those needs.
Recent Past
Mobile-first, Device-first
9-to-5 Monday-Friday employees at work
24x7x365 blur of work & personal activity
PCs on a LAN, connected to domain
Laptops, tablets, phones anywhere (on any network)
Corporate supplied and managed devices
Corporate and BYOD, business & personal apps/data
One device ecosystem
Heterogeneous ecosystems (Windows, iOS, Android, Chrome)
Extended operating system/servicing lifecycle
A faster upgrade cadence; shorter device lifecycle
On-premises applications and file sharing
SaaS applications and file sharing services
Access controls contained within organizational
Access controls span organizations, apps, individuals
Deep corporate management controls and policies
Lighter cloud-based management with fewer controls
Malware as vandalism and criminal activity
Malware as espionage and weaponry
Network perimeter as a viable defense boundary
Must operate under assumed breach of network
Vertically-integrated devices for task workers
Dynamically adapting devices for task workers
Available Choices
Identity
Active Directory; Azure Active Directory
Management
Group Policy, System Center Configuration Manager,
3rd party PC management; Intune, 3rd party MDM
Updates
Windows Update; Windows Server Update Services (WSUS);
Intune, 3rd party MDM
Infrastructure
On-premises or in the cloud
Ownership
Corporate-owned, CYOD; BYOD
Organizations may mix and match, depending on their specific scenario
Basic
Lightweight
Full Control
Exchange ActiveSync
Active Directory and/or
Azure Active Directory
Active Directory
Mobile Device Management
Group Policy
System Center
Windows Update
Windows Update/MDM
WSUS
BYOD (personal) devices
Company-owned
and BYOD devices
Company-owned devices
E-mail access only
Internet-facing
or corporate network
Corporate network
Products
System Center Configuration Manager
Microsoft Desktop Optimization Pack (MDOP)
Cloud Services
Windows Server
Azure Active Directory
Azure RMS
Microsoft Intune
Windows Store
Windows Update
Active Directory
Group Policy
Windows Server Update Services (WSUS)
Windows Client
Windows Management Instrumentation (WMI)
Windows Remote Management (WinRM)
Windows Update
Group Policy Client
Mobile Device Management (MDM)
PowerShell
AppLocker
Product
System Center 2012 R2
Configuration Manager
System Center 2012
Configuration Manager
System Center
Configuration Manager 2007
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008
Microsoft Deployment Toolkit 2013
Supports Windows 10
Management
Supports Windows 10
Deployment
Significant investments in added functionality
for both mobile and desktop devices
Fully managed
corporate device
Device Lockdown
BYOD: simple
security settings
Phone
Desktop
Windows 8.1
Phone
Desktop
Windows 10
• Unenrollment with alerts
• Removal of Enterprise
configuration (apps, certs, profiles,
policies) and Enterprise encrypted
data (with EDP)
• Full device wipe
• Remote Lock, PIN reset, Ring,
& Find
• Enhanced inventory for compliance
decisions
• Curated Windows Store
• Business Store app deployment;
license reclaim
• Enterprise App management
• Simplified LOB app management
• Win32 (MSI) app management
• App inventory (LOB/store apps)
• App allow/deny lists via Applocker
• Enterprise data protection
•
•
•
•
•
One consistent
set of MDM
capabilities
across Mobile,
Desktop, and IoT
Provisioning
Bulk enrollment
Simple bootstrap
Converged protocol
Azure AD Integration
• Additional device inventory
• Extended set of policies
Client certificate management
• Enterprise Wi-Fi
• VPN management
• Email provisioning
• MDM Push
• Device Update control
• Kiosk, Start screen, Start menu
configuration and control
Organization Owned
• Computer joins AD
to establish trust
• User signs on using AD
account
• Group Policy + System
Center
Personally Owned (BYOD)
• Computer joins Azure AD
to establish trust
• User signs on using Azure
AD account
• Intune/MDM
• Settings roaming
Single sign-on to enterprise + cloud-based services
• Computer registers with AD or Azure AD via Device
Registration to establish trust for remote resource access
• User signs in with a Microsoft account, associates an
Azure AD account
• Intune/MDM
Simple
connection
Windows Server
Active Directory
Other
Directories
Self-service
Single
sign on
Username
•••••••••••
SaaS
Azure
Intune
On-premises
Microsoft Azure Active Directory
Office 365
Cloud
Single admin
console
Intune
New in Windows 10
New from Windows 7
New policies to support Windows 10 features:
Capabilities from Windows 8.1:
• Start screen and start menu management
• Policy caching
• “Project Spartan” settings
• IPv6 support for printers, VPN, targeting
• Next-Generation Credential PIN settings
• Windows app management
Capabilities from Windows 8:
• Sign-in optimization for DirectAccess clients
• Better use of larger registry policies (registry.pol)
• Remote group policy refresh (GPUpdate)
• More efficient background processing
Windows Store
“Company Portal”
• Modern apps
• Sign in with MSA
• Pay with credit card, gift card, PayPal, Alipay,
INICIS, mobile operators (Phone)
• MDM-driven
• Sideload line-of-business modern apps
• Link to apps in the Windows Store
Convergence
WINDOWS 8.1
WINDOWS
PHONE 8.1
WINDOWS 10
XBOX
• Converged developer portal for Windows
and Windows Phone
• Separate user and developer capabilities
• Fully converged experience
• Best features from each
• New capabilities
Windows Store
• Modern apps
• Sign in with MSA
• Pay with credit card, gift card,
PayPal, Alipay, INICIS, mobile
operators
Business Store
• Modern apps
• Leverages Azure Active Directory for
administration, some scenarios
• Private organization store for the
org’s preferred or LOB apps
• Pay with credit card or PO/invoice
• Deploy modern apps offline, in
images, and more
• Modern app license management
“Company Portal”
• Sideload line-of-business modern
apps
• Deploy apps from the Windows Store
(even when the Store UI is disabled)
as well as uploaded LOB apps
through Business Store integration
using MDM
Flexible app deployment
Support for any
organization
Simplify via convergence
Online, offline, or included
in images
Teacher and classroom
One store, one Dev Center, one
Business Store
Through the store, via MDM,
or using System Center
LOB apps can be kept private
Small businesses and other
organizations
Large enterprises
Universal apps across
all device types
Reconciled sideloading processes
Online
Offline
• All org users need Azure AD accounts
• Installation files managed and deployed
by the Windows Store
• Licenses tracked by the Windows Store
• Updates installed via Windows Update
Private Store
MDM /
ConfigMgr
(deep links)
Direct
Assignment
• Org users do not need Azure AD accounts
• Installation files are downloaded and deployed
using org’s infrastructure
• No license tracking
• Updates installed via Windows Update
Imaging
MDM /
ConfigMgr
(sideload)
Manual
http://myignite.microsoft.com