about - microsoft azuremsservicesday.azurewebsites.net/content/presentations... · 2017-11-11 ·...
TRANSCRIPT
About
9 Years in Consulting
Broad experience in Microsoft
Infrastructure solutions
Specialised in Windows 10 &
Surface familly
Windows XP Windows 7 wasn’t easy
It often took between 3-7 years!
We know…
5 major
Migration
Painpoints
Windows 7
Drivers
1
X86
App1
X86
App2
HW
Mo
del 1
Windows 7
Drivers
2
X86
App1
X86
App3
HW
Mo
del 2
Drivers
1
X86
App1
X86
App2
Drivers
2
X86
App3
Win10 ready?
Win10 ready?
Win10 ready?
Win10 ready?
Win10 ready?
HW1
HW2
Win10 ready?
Win10 ready?Consumer devices
Enterprise devices
Won´t upgrade!
Win10 ready!
Win10 ready!
Needs Attention!
Win10 ready!
Win10 ready!
Needs Attention!IT Tim
(IT admin)
Extend your
information
base
Devices Ready
To Pilot And
Deploy
Clients Win10
Readiness
Status
Type=UAComputer | measure count() by UpgradeAssessment
Apps by Issue Type=UAApp IsRollup=true RollupLevel=Granular | measure
count() as AppCount by Issue
Apps blocking
UpgradeType=UAApp IsRollup=true RollupLevel=Granular
Issue="Blocking upgrade" | sort TotalInstalls desc | select
AppVendor, AppName, AppVersion, TotalInstalls,
MonthlyActiveComputers, PercentActiveComputers,
Guidance, ReadyForWindows
Driver Win10
Readiness
Status
Type=UADriver | measure count() by Issue
Type=UADriver Issue="Driver will not migrate to new OS" |
measure count() by UpgradeAssessment
Upgrade Analytics Deployment Steps
telemetry data collected
Upgrade Analytics FAQ
Rapid deployment
Familiar tools and capabilities
Deploy Windows 10
Feature rich deployment
Evaluate new capabilities against business needs
Deploy Windows 10
Security
Management
Productivity
Devices
Windows 10
Wipe-and-Load
Traditional process
• Capture data and settings
• Deploy (custom) OS image
• Inject drivers
• Install apps
• Restore data and settings
Still an option for all scenarios
In-Place
Let Windows do the work
• Preserve all data, settings,
apps, drivers
• Install (standard) OS image
• Restore everything
• Must use standard WIM, but can
lay down custom apps after
Recommended for existing
devices (Windows 7/8/8.1)
Provisioning
Configure new devices
• Transform into an Enterprise
device
• Remove extra items, add
organizational apps and config
New capability for new
devices – covered in
subsequent slides
App, web and device compatibility
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Windows Defender ATP
Breach detection
investigation &
response
Device protection
Device Health attestation
Device Guard
Device Control
Security policies
Information protection
Device protection / Drive encryption
Enterprise Data Protection
Conditional access
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello ;)
Identity protection
Breach detection
investigation &
response
Device protection
Information protection
Threat resistance
Conditional Access
Windows Defender ATP
Device integrity
Device control
BitLocker and BitLocker to Go
Windows Information Protection
SmartScreen
Windows Firewall
Microsoft Edge
Device Guard
Windows Defender
Windows Hello ;)
Credential Guard
Identity protection
Windows 7 Windows 10
Windows Secure Boot
Windows Hello for Business
Credential Guard
Device Guard
Windows Information Protection
Windows Defender ATP
WINDOWS 7 WINDOWS 10
With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality
Typical Windows 7 PC:
Selectively Patched
Windows 7 Test Lab PC:
Fully Patched
What customers
are running
What we
are testing
Y
YY
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Traditional deployment (every 3-5 years)
Apps Infra Imaging Deploy Service Packs
2017 2018 2019 2020 2021 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030
Windows as a service (twice per year)
Apps Infra Imaging Deploy WaaS Prep
Pilot Broad
2017 2018 2019 2020
18 months for each release
Windows 10 1709
Plan & Prepare
Windows 10 1803
Windows 10 1809
Windows 10 1703
Phase Broad DeployPlan & Prepare
Insider PreviewState
6 months 18 months
Windows 10 1803
Semi Annual Channel (Targeted) Semi Annual Channel
approx. 4 months approx. 14 months
Targeted Deploy
OS Release Ready for Broad Deployment
• IT Test User
• IT Validators
• Project Team
• IT Department
• App Holder
• App Test User
• Project Team
• Uncompliant
Broad Users
• Broad Deployment
• Knowledge-
Management
• Preparation
• Validation of
new Features
• Feature Closings
• Setting Infrastructure
Requirements
• Proactive LoB Testing
• Upgrade Testing
• Upgrade Testing
• Proactive LoB Testing
• ADMX / GPOs
• SCCM – TS / Reports
• Integrate and
validate new
Features
• Feedback
Management
Phase Plan & Prepare
Insider Preview Semi Annual Channel (Targeted) Semi Annual Channel
• Upgrade
• Compliance
Cleanup
• Reinstall
State
User
Workflow
• Broad Users• Targeted
Production
Users
• Pilot
Deployment
• Targeting all
Apps, OUs
and network
segments
• Feedback
Management
Upgrade
• Special Machines
• First uncompliant
Broad Users
• Broad Use
• Close to Upgrade
• Upgrading first
Machines
Reactive Testing & Production
Targeted Deploy Broad Deploy
6 months approx. 4 months approx. 14 months
Proactive TestingState
Identity Management Updates Infrastructure Ownership
Active Directory
Azure Active Directory
Group Policy
System Center
Configuration
Manager
3rd party PC
management
Intune
3rd party MDM
Windows Update
Windows Update
for Business
Windows Server
Update Services
(WSUS)
Intune
3rd party MDM
On-premises
In the cloud
Corporate-owned
CYOD
BYOD
Single Device
Business Owned
Corporate Network & Legacy Apps
Manual
Reactive
High-touch
Classic IT
Multiple Devices
User and Business Owned
Cloud Managed & SaaS Apps
Automated
Proactive
Self-Service
Modern IT
&
Customized Windows 10 set
up experience through
Windows Store for Business
Windows 10 device can be
directly shipped or handed to
the end user
Employee sets up the device
with a streamlined flow
Employee account without
admin privileges
Windows 10 automatically
enrolls in MDM* and initiates
additional config steps
including settings and apps
LitWare Azure Cloud
Hardware Vendor
Harvest Device IDs
Upload
Device IDs
Configure Profile
Employee unboxes device, self-deploys
Ships new Windows 10 Devices Deliver direct to Employee
Self
Deploy
IT Admin
Existing Devices
Device IDs
Intune
Azure AD
SaaS Apps
WSfB
Mobile Device, Application
and Computer Mgmt.
Continue in English?
English
Next
Would you like to continue in English?
United Arab Emirates
United Kingdom
United States
Let’s start with region. Is this right?
Yes
Is this the right keyboard layout?
US
United States-Dvorak for left hand DVORAK L
United States-Dvorak for right hand DVORAK R
United States-International QWERTY
Albanian QWERTZ
Yes
SkipAdd layout
Want to add a second keyboard layout?
Skip for now
Network4
Open
HalHome5GWiFi
Secured
MyHomeNetwork
Connect
Connect automatically
Sammashed
Secured
Let’s connect you to a network
HalHome5GWiFi
Secured
MyHomeNetwork
Enter the network security key
Cancel
You can also connect by pushing the on the router.
Enter your password
Skip for now
HalHome5GWiFi
Secured
MyHomeNetwork
Cancel
Enter the network security key
Next
You can also connect by pushing the on the router.
Enter your password
Skip for now
……….
Great, you’re connected!
Network4
Open
HalHome5GWiFi
Secured
MyHomeNetwork
Properties
Sammashed
Secured
Skip for now
Disconnect
Alright, you’re connected. Just a moment…
Now we’ll check for any updates…
Next
Sign in with Contoso.com
This device is registered to Contoso.com. Enter your contoso.com email address
Change account
Just a moment…
We’re getting everything ready for you.
This might take several minutes
A complete, intelligent, secure
solution to empower employees.
Microsoft 365 Introducing
Office 365
Windows 10 Enterprise
Enterprise Mobility + Security