Spark the future.
May 4 – 8, 2015Chicago, IL
Minasi's Guide to Managing Windows 10: New Windows, New ToolsMark MinasiWriter, Speaker, [email protected] @mminasijoin my newsletter at www.minasi.com
BRK2302
First of all, relax… there's new stuff, but the old stuff still works
Big new stuff is cloud integration, solutions for wider arrays of devices, solutions for organization data on personal devices, apps for the newer types of devices, as well as a "package manager"
But before we get into that, I'm pretty sure you all have the same question about Windows 10
Hello! Let's Talk About Win 10 Management…
It is Windows 9, but in base 9 If it were Windows 9, it would fail in the German
market: "Windows? NEIN!" "Must … break … the curse … of … the … even-
numbered … Windows!" Making Gartner and other analysts wonder why
they skipped the nine may distract them from the fact that there still aren't folders or a hierarchy.
Too many installers reject Windows versions that start with "9," because of Win 95 and 98
Why Isn't it Windows 9?
4
Windows doesn't grow arithmetically, it grows exponentially
The version doesn't increment by one every time
The value rises by 17% ever time, then rounds
Here's the proof:
I Believe I Have Figured It Out
5
Anyone from Win 7 on can and will be encouraged to upgrade free (except Enterprise)
(Remember, 14 Jan 2020 and 10 Jan 2023 are far off)
No more flatten-and-reimage: it's upgrade & refresh
(Just like you do on your iPad) Windows 10 is the last Windows, as it's just
upgrades via Windows Update from here on in
Windows 10 is one OS for as many devices as they can get it on
Seriously, Though… Big Win 10 Things to Know:
Windows Likes Azure: New Identity in Win 10
Ultra Modern Apps New Store and New App Delivery PowerShell 5.0 OneGet… More App Delivery Misc New Tools
Topics
Azure and Windows 10
"Windows and the Cloud: Goin' Steady…"
It's not a strong relationship yet, just a crush…
But it's worth looking at now, as it's going to be a big growth area
Win 10 boxes can join Azure AD instead of a domain
You can log onto your cloud-joined Azure AD system with an Azure AD account
There are some benefits now, we'll see more later IMHO
Windows 10 Likes Azure
If you have Office 365, you already have an Azure AD domain ("Azure AD tenant" is the official phrase)… you've just never claimed it
It's free, limited to 500K directory objects Alternatively, "Basic" Azure AD costs
$1/user/month, "Premium" costs $4/user/month
"Azure AD?" Don't Have One."
One other wrinkle is that you'll want to set up directory synchronization between your Azure AD domain and your Office 365 domain
Enable Azure Active Directory Device Registration
Azure AD (continued)
Single sign-on and conditional access that isFrom Windows Phones, PCs, tablets (and Android as well in some scenarios), including devices that cannot be joined to on-premises AD
To on-premises apps, Azure apps, Office 365
Making a device "known" to Azure adds a factor of authentication, enabling things like simple PINs for sign on
"Why Exactly Am I Doing This?"
"Conditional access" overlaps the whole device join concept
In short, it allows you to build or exploit the notion that if you've got an app on premises on in the cloud that you might want to include device info when logging on -- is the device from the intranet or some coffee ship? Is the device known or unknown? Based on that, we might accept simpler security (password) or require more (a code on a cell phone)
More on Conditional Access
Normal Whoami
Joining the Cloud
Settings / System / About /
Joining the Cloud
Reboot, then log on as your Azure AD account. Type it asAzureAD\email
Give it a minute and the "Cloud Experience Host" will pop up and offer to create a PIN
Next restart, your logon screen will show a "Sign-in options link. Click it and your logon screen looks like this:
And WHOAMI looks like this:
And My New Whoami…
The AzureAD\ prefix should go away soon A machine can only join one Azure AD
domain A machine cannot be a member of an on-
premises AD and an Azure AD Management tools:
No group policies or System Center control Alternately, Mobile Device Management / Mobile Application
Management (MDM/MAM) solutions from Microsoft and others: inTune Third party MDM (AirWatch, MobileIron, XenMobile, etc)
Details
Management story is same as always, just like Windows XP, 7, or 8.1 -- group policies (for the right machines) and potentially Config Manager, Orchestrator and so on
What About On-Premises AD-Joined?
Well, permit me to ask: Do you still have a laptop, or do you only use a tablet to get your work
done? How about your friends and family… any "no-computer" users out
there? How many of your organizations have migrated to Office 365 or are
migrating there (or to a similar SaaS email service)?
An IDG survey of about 2000 orgs in November 2014 revealed that 16% have no on-premises IT infrastructure, and 5% more expect that by 2016
Why Are They Doing This?
Microsoft doesn't really rule in the tablet area
Or the phone area Fewer will buy laptops / desktops And they're not even Number One in clouds (However, I suspect they may achieve that
in the next two years)
That Leads to Another Problem
Result:A solid Microsoft cloud-based infrastructure populated by non-MS devices but managed by MS clouds and tools makes for a nice business modelOh, and it ensures that MS-based devices may not be the majority, but they "fit" a bit more nicely. (Just my take!)
A solid Microsoft cloud-based infrastructure populated by non-MS devices but managed by MS clouds and tools makes for a nice business model
Oh, and it ensures that MS-based devices may not be the majority, but they "fit" a bit more nicely.
Just my take…
Result
Applications and the Store
"What, you're not all using Metro apps? Seriously?"
They started talking about this in Win 8, but it's moving forward
The kernels are converging, as They really have figured out how to run what is basically honest-to-God
Windows on Snapdragon processors (good for Qualcomm!) RT's dead (bad for ARM, good for Intel!)
All of which means that it really may be possible to build apps that run on ever Microsoft OS
(If you haven't played with the Office beta yet, do!)
Universal Apps
Just one store (xBox, Phone, Windows) Desktop apps go in there too Purchasing Store apps is more flexible The Store understands personal apps
versus corporate apps Managing Store app licenses is now do-able Deploying Store apps is more flexible and
simple
Windows Storelots of good news
Store apps are visible to all, as now But you can create an alternative conduit,
the cloud-based Business Store Portal (BSP), which lets you Block Store apps you don't want your users getting Block entire areas, like Games Add in-house line of business (LOB) apps
You don't need System Center, inTune or even servers of your own in the basic scenario -- BSP is web-based
BusinessStore.Microsoft.com at the moment
Finding Apps
If you use Config Manager or inTune, you can buy apps for your org via the BSP and download the "appx" files, providing a local distribution point for apps
You can still build a company store with Config Manager or Company Store (in Codeplex), or via an MDM/MAM third party tool
Your LOB apps can be uploaded to the cloud via the BSP for distribution
You can even…
Delivering Apps
Inject them into images as we've done with Desktop apps
Familiar tools: dism, PowerShell (new noun: AppxVolume); MDT 2013 Update 1 Preview, Config Mgr via updates and then whatever ships in 2016 with Server vNext
They can be sysprepped When the user first starts up, the app looks for a
license and potentially whether that user is approved for the app
All centrally controlled Still have "deep links" as a deployment method
as well
Preinstall Apps in Images
The BSP and Store recognize two identities for you Log on with Azure AD, you get the corporate options (and you don't
need a credit card)… leave the organization, you lose the apps Log on with your MSA (as in today), you pay with credit card and any
apps you buy travel with yout
Organizations can buy apps in bulk Orgs can use purchase order, credit cards,
whatever In this model, you actually get the Appx
packages to put in your store when you purchase them through the BSP, and can then preinstall them on images
Paying for Apps
Many 8.1 users have disabled the Store altogether (it's simple and policy-driven)
With 10, Store apps get automatically updated
Handled by the Store service, WSService in Win 10, you can disable the store, only
offer apps in your company store, and WSService still runs, to the users get automatic updates
And of course, you can control update time with policies
Windows Store: App and Service
What about Desktop apps? Back in the late 90s, RedHat Linux created
an "app packager" that became popular and was known overall as a "package manager"
There are others Basic idea is one-line installs, repairs etc Windows has had many -- MSI files, Npackd,
Ninite, NSIS and others Posh 5.0 and Win 10 introduce another…
OneGet
Oh, and Speaking of Deployment
In the Windows world, we're used to install.exe
In contrast, the open source/Linux world tends to download the code and compile it
That's a pain, which led to package managers in the Linux world. They locate the code at a "software repository," download it, get it compiled and keep it updated
Yup, that's right… no Adobe or Java Updater!
Devs have package mgrs to keep libraries up to date
The Package Manager Story
Now, in the Windows world, we don't compile our apps, but many apps can be silently installed
Windows developers got a package manager in 2010 called NuGet (they have different deployment needs)
Some folks started chocolatey.org and defined a package format that lets it deliver compiled stuff with setup/install EXEs… a Windows app package mgr
Access the packages via a "gallery"
Package Managers and Windows
Microsoft's is building a single package manager interface for (ultimately) all package managers
It's called OneGet and PowerShell's the only way to get to it at the moment
Nouns: package, packageprovider, packagesource
It needs a plug-in for every provider, although eventually there will be a central repository
Chocolatey's in there from the beginning
OneGet: A Universal Package Manager
Add a provider: Register-PackageSource -Name chocolatey -ProviderName
Chocolatey -Location http://chocolatey.org/api/v2/
(Note that 's already done for Chocolatey) See what it has: Find-Package -ProviderName Chocolatey Install a package: Install-Package VLC Chocolatey already has 2,684 apps packaged Take a look at this… it's going to be important
Playing With OneGet
PowerShell 5.0 is baked into Windows 10 Zip file support ("archive" noun) ConvertFrom-String takes strings, parses
them and creates objects Event tracking support Encryption ("CMSMessage" noun) Get-item, New-Item, Remove-Item now
have a-symboliclink parameter
But the best part is, you can get it now on Win 8.1
Other PowerShell Goodies
40
What PowerShell Tells Us About 10 (Sort Of) They ain't talking yet, but a look at new
PowerShell nouns are interesting: FileShare: new sharing client? Contains a lot of protocol details PnpDevice: why now controllable with PoSH?
Returns last error, error text, problems and problem text, ID info Can enable or disable devices, as in get-pnpdevice -friendlyname *shutdown* | disable-pnpdevice
AppXVolume: works with the folders that contain your Appx files
41
CHKDSK got a big facelift in 8.1 But it had a few bugs, and 10 fixes them Also, the output from /F has changed and is
considerably more useful
And One More Tool…
Thanks for attending, please do an evaluation
Join me and Mark Russinovich talking about Azure and disruption on Thursday at 3:15 in Arie Crown Theater
Also, I'm doing an ask-anything-you-want session about Windows 10 on Thursday at 10:45 in E350 with Jeremy Moskowitz and Sami Laiho
"Win 10 Management Scenarios" on Friday 9 AM in E352
Thank You! Follow me at @mminasi
Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.
Please evaluate this sessionYour feedback is important to us!
© 2015 Microsoft Corporation. All rights reserved.