BSM M/W10Olav Tvedt

Chief Consultant

MVP – Cloud & Server Installation and Servicing

@olavtwitt olavtvedt.blogspot.com

www.evry.no/windows10

FØR

http://electronics.howstuffworks.com/gadgets/other-gadgets/80s-tech12.htm

3

NÅ

4

The Perfect 10

NÅ

http://www.elvisnews.com/news.aspx/elvis-original-desk-and-car-for-sale/11052#.Vh0KAuTouUk

Elvis

Presley

Desktop

Tidlig visjonær

Brukervennlig

6

7

Hvor Brukervennlig?

Brukervennlig

Updates installed through Windows Update as they arrive

Diversity of hundreds of millions of consumers taking advantage of latest innovation

Active listening to a large user base drives agility and fast fixes to address issues

Examples: Air Traffic Control, Data Centers, Emergency Rooms

No new functionality on long term servicing branch

Security updates and fixes provided monthly

Patches and updates delivered through WSUS

ConsumerDevices

Mission Critical Systems

Business Users

Caught in the middle?

Consumer Devices

Updates are installed as they arrive

• Updates haven't been to the broad market yet;

• You haven’t had time to plan and test

• This may be a way to embrace consumerization, BUT….

• Is this the best solution for your users’ machines?

How should you treat your business users?

Mission Critical Systems

This is how you treat many devices today

• It is expensive

• Your users are not getting access to the latest features

• Your competitors may be getting ahead with more advanced devices for their users

Treat them as the professionals they are

Update their devices after features are validated in the market • Your organization gets access to the latest technology

and value sooner

• You have time to plan and test the updates after they have been released to the broad market

• You choose how you want your users’ devices to be updated:

• Via Windows Update – validated updates delivered to professional systems after a deferral period

• Via WSUS, with control over how you deploy updates in your environment within deferral time

Hundreds of millions users

Current Branch for Consumers

Several million users

Broad External Flights

100’s of thousands users

Limited ExternalFlights

10’s of thousandsusers

Broad Internal Validation

*Conceptual illustration only

Qu

ali

ty &

Valu

e*

TimeEngineering Builds

CurrentBranch forBusiness

Long TermServicingBranch

Market Driven Product Quality

Consumer Experience

Security updates and fixes

are delivered regularly

Consumers are up to date with

features as they are released

*Conceptual illustration only

Quality & Value*

Time

Quality & Value*

Time

Business User Experience

Security updates and fixes

are delivered regularly

Consumers are up to date with

features as they are released

Business customers can delay

receiving feature updates for

a few months

*Conceptual illustration only

Current Branch for Business

Current Branch for Business

Current Branch for Business

Current Branch for Business

Flexible Options for Business Customers

Time

LTSB

LTSB

LTSB

……

……

……

*Conceptual illustration only

1. Long Term Servicing Branch (LTSB) provides long term support where mission critical systems can stay

2. Current Branch for Business (CBB) -Option to keep business users up to date while having flexibility to deploy updates after they have been tested in the broad market

CBB

CBB

CBB

CBB

CBB

CBB

Windows 10 Deployment Options for Enterprises

Long Term Servicing BranchMission–critical ready

Current Branch for BusinessUp to date with the latest innovation

Update your devices frequently with latest features

• New enterprise deployment option for Windows 10

• Your devices can take advantage of the latest

innovation on an ongoing basis

• Features are released first to tech enthusiasts and

Windows Insiders and validated prior to getting

installed on your business devices

• You have several months to plan and test the updates

• You choose how you want the devices to be updated:

• Via Windows Update - reducing your

management costs

• Via WSUS using traditional mechanics

Receive security updates regularly; no new features

• Similar to what you have today with Windows 7

SP1/Windows 8.1

• Your mission critical environments are supported with

no change in functionality for duration of mainstream

and extended support (5+5 years)

• You control deployment of patches using WSUS

• You are able to use in-place upgrade to move from

one LTSB to another

Long Term Servicing Branch

WINDOWS

PHONE 8.1

WINDOWS 8.1

WINDOWS 10

• A single store for Windows devices: PCs, tablets,

phones, etc.

• A single Windows Dev Center for developers

• Fully converged experience

• Best features from each

• New capabilities

XBOX

Windows Store

• Windows Store apps

• Sign in with MSA

• Pay with credit card, gift card,

PayPal, Alipay, INICIS, mobile

operators

Business Store Portal “Company Portal”

• Windows Store apps

• Leverages Azure Active Directory for

administration, some scenarios

• Private store for the org’s preferred

or LOB apps

• Pay with credit card or PO/invoice

• Deploy Windows Store apps offline,

in images, and more

• Windows Store app license

management

• Sideload line-of-business apps

• Deploy apps from the Windows Store

(even when the Store UI is disabled)

as well as uploaded LOB apps

through BSP integration using MDM

Sikkert

21

Hardware based security for better malware protection.Secure Boot

Enterprise credential protection via hardware-based isolation

Help secure corporate identity to protect against modern threats. Microsoft Passport

Windows Hello

Help protect your corporate data, wherever the data is.Enterprise data protection

Help eliminate malware on your devices.Device Guard

More secure per-app connection for mobile workers.Secure Remote Connection

Windows 10 identity choices

It All Start With Identity

Organization-owned

• Computer joins AD to

establish trust

• User signs on using AD

account

• Group Policy + System

Center Configuration

Manager

Personally-owned

• Computer joins Azure

AD to establish trust

• User signs on using

Azure AD account

• MDM auto enroll with

Intune or 3rd party MDM

• Settings roaming

• Computer registers with AD or Azure AD via

Device Registration to establish trust for

remote resource access

• User signs in with a Microsoft account,

associates an Azure AD account

• MDM auto enroll with Intune or 3rd party MDM

Single sign-on to enterprise + cloud-based services

Second Factor

Secure Boot

Credential Guard

Device Guard

Enterprise Data Protection

Windows Hello

Enterprise Security

Enterprise Data Protection

How it works Enterprise Data Protection relies on existing OS encryption technology - EFS used for Work Folders in Windows

8.1. Enterprise Data Protection supports both Modern and Win32 applications

Define Enterprise Boundaries

Configure Enterprise Data Protection

Enterprise boundaries are defined in one of two ways: Administrator defines a set of enterprise approved applications that are allowed to access data Network Boundaries are defines (IP ranges, Cloud locations e.g. O365) - Defines if data is coming from or going

to a defined "Enterprise" location

Administrators can configure Enterprise Data Protection in one of three ways: Blocking - blocks data from being moved to non-Enterprise locations Policy Override - provides a prompt, but allows users to confirm they want to copy to non-enterprise locations,

audits event Reporting Only - no blocks/roadblocks, just audits events

Microsoft

Passport

A world without passwords

User Credential

Key Based

Credential Based

Hallo – vNext

Key Component In Modern Security!

UEFI

Multiple layers of protection

Identify and authorize user

Apply device policies

Apply application policies

Apply content policies

User IT

Active Directory Premium

Rights Management

Enterprise Mobility Suite

Mobilt

32

52% of information workers

across 17 countries report

using three or more devices

for work*

>80% of employees admit to

using non-approved software-

as-a-service (SaaS) applications

in their jobs***

90% of enterprises will have

two or more mobile operating

systems to support in 2017**

Mobility is the new normal52% 90% >80%

* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21 , 2013** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115*** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report

Mobilt

• Conditional Access

• Data Protection

• Data Loss Prevention

• Resource Access

o Applications

o Access

o Configurations

o Certificates

Protect And Serve

Mobilt

Enterprise Mobility Suite + Office 365

• Common identity infrastructure

• Control access to on prem and SaaS

• Authentication and SSO

• Encryption and policy at the file level

Azure ADAzure RMSIdentity & Access

• World class productivity and collaboration

• Consistent experience across all devices

• IT compliance and data protectionOffice 365

Productivity

IntuneDevice & App Management

• Mobile device management

• Mobile application management

• Contain corporate data on devices

Integrated experiences• Conditional email access• Secure collaboration• Email based enrollment• Device and user provisioning• Single sign-on• Device compliance• App restriction• Lost or stolen device• Device wipe• Employee leaves the company• …and more in the works

InTune