Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /16/2017 3:59 PM

Published bySherilyn Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /16/2017 3:59 PM"— Presentation transcript:

1 Microsoft Ignite 2015 4/16/2017 3:59 PM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 What's New in Windows 10 Management and the Windows Store
BRK3330 What's New in Windows 10 Management and the Windows Store Michael Niehaus Senior Product Manager

3 Windows offers the management features that businesses need.
4/16/2017 Windows offers the management features that businesses need. This has been true for a long time: Windows contains many management features designed to meet the needs of businesses. This legacy goes back many years, with capabilities that started in Windows for Workgroups 3.11 and has continued to evolve since. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 4/16/2017 Business needs are evolving. Windows 10 offers management choices to meet those needs. But of course your needs continue to evolve, and Windows will continue to evolve with it. That doesn’t mean that we radically overall what we’re currently doing. Instead, we are looking to add new capabilities, and in some cases entirely new scenarios, for managing Windows. As a result, we believe Windows 10 will have the best set of management choices – we’ll have a solution, regardless of your specific scenario or scenarios. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Evolving Business Needs
4/16/2017 Evolving Business Needs Recent Past 9-to-5 Monday-Friday employees at work PCs on a LAN, connected to domain Corporate supplied and managed devices One device ecosystem Extended operating system/servicing lifecycle On-premises applications and file sharing Access controls contained within organizational Deep corporate management controls and policies Malware as vandalism and criminal activity Network perimeter as a viable defense boundary Vertically-integrated devices for task workers Mobile-first, Device-first 24x7x365 blur of work & personal activity Laptops, tablets, phones anywhere (on any network) Corporate and BYOD, business & personal apps/data Heterogeneous ecosystems (Windows, iOS, Android, Chrome) A faster upgrade cadence; shorter device lifecycle SaaS applications and file sharing services Access controls span organizations, apps, individuals Lighter cloud-based management with fewer controls Malware as espionage and weaponry Must operate under assumed breach of network Dynamically adapting devices for task workers So what do we mean when we say that business needs are evolving? Many things: a shift towards a mobile workplace, a realization of heterogeneous ecosystems, bring your own device (BYOD) and choose your own device (CYOD) scenarios, the cloud, and more. Most importantly, the rate of change is increasing, which is why we’re investing in new scenarios and capabilities: We want Windows to remain the best-managed platform, regardless of how you are using it. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Management Choices Works with existing infrastructure
4/16/2017 Management Choices Works with existing infrastructure Continued support for Group Policy and WMI Advanced MDM support Consistent across PC/phone 1st and 3rd party solutions At a high level, we have two main choices: Traditional management, with Group Policy, System Center, and related components; and Mobile Device Management (MDM), which we added in Windows 8.1 and continue to enhance. In Windows 10, we’ll greatly expand the MDM capabilities while shifting to a consistent implementation across phone and PC devices, and of course we’ll support both our own Intune service as well as other third-party MDM solutions. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Management Choices Available Choices Identity Management Updates
4/16/2017 Management Choices Available Choices Identity Active Directory; Azure Active Directory Management Group Policy, System Center Configuration Manager, 3rd party PC management; Intune, 3rd party MDM Updates Windows Update; Windows Server Update Services (WSUS); Intune, 3rd party MDM Infrastructure On-premises or in the cloud Ownership Corporate-owned, CYOD; BYOD But really there’s more to it than just what management tool you use. There are choices in several areas. For identity we will continue supporting Active Directory and domain-joined computers, while also directly supporting Azure Active Directory and “logon to the cloud.” From a management perspective, Group Policy and Configuration Manager (or other 3rd party PC management tools) will continue to provide the greatest functionality, while Intune and third-party MDM services will provide lightweight mechanisms for managing Windows devices in appropriate scenarios. For updating Windows systems, we’ll continue supporting Windows Update (where we automatically update devices as those updates are released) and WSUS (including with System Center Configuration Manager) where you control when updates are deployed. But we’ll also add new MDM capabilities, where Intune and third-party MDM services can also control the Windows updating process. Overall these choices reflect the type of infrastructure being used to manage the devices. Whether on- premises or in the cloud, Windows 10 will support your choices. We this this scenarios also align well with device ownership – you may choose to manage corporate-owned devices (including “choose your own device” (CYOD) scenarios) differently from “bring your own device” (BYOD) employee-owned devices. We don’t expect a one-size-fits-all solution, as you can pick the combination that makes the most sense for specific device usage scenarios. Organizations may mix and match, depending on their specific scenario © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Management Choices Basic Lightweight Full Control Exchange ActiveSync
4/16/2017 Management Choices Exchange ActiveSync Basic Windows Update BYOD (personal) devices access only Active Directory and/or Azure Active Directory Mobile Device Management Lightweight Windows Update/MDM Company-owned and BYOD devices Internet-facing or corporate network Active Directory Group Policy System Center Full Control WSUS Company-owned devices Corporate network When we look at how these technologies are typically used together, we see three groupings: Basic controls, provided through Exchange ActiveSync for the most basic needs, e.g. access; Lightweight controls, for either company-owned or personal devices where more management is needed or desired; and Full Control where Group Policy, System Center, and WSUS provide extensive capabilities that target company-owned devices (typically connected to the corporate network). © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Windows Management Features
4/16/2017 Windows Management Features Products System Center Configuration Manager Microsoft Desktop Optimization Pack (MDOP) Cloud Services Azure Active Directory Azure RMS Microsoft Intune Windows Store Windows Update Windows Server Active Directory Group Policy Windows Server Update Services (WSUS) When we look at the specific Windows features that support these management scenarios, you can see that we build many into Windows itself. We’ll continue to enhance these in Windows 10. But we also leverage features of Windows Server, System Center, and MDOP to provide complete on-premises management. With Windows 10, we’ll also fully embrace cloud services, beyond just Intune and MDM, with built-in support for Azure Active Directory, Azure RMS, and more. Windows Client Windows Management Instrumentation (WMI) Windows Remote Management (WinRM) Windows Update Group Policy Client Mobile Device Management (MDM) PowerShell AppLocker © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Windows 10 Works with Existing Infrastructure
4/16/2017 Windows 10 Works with Existing Infrastructure Product Supports Windows 10 Management Supports Windows 10 Deployment System Center 2012 R2 Configuration Manager System Center 2012 Configuration Manager System Center Configuration Manager 2007 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 Microsoft Deployment Toolkit 2013 In the case of on-premises infrastructure, we want to ensure that your existing infrastructure doesn’t require any major upgrades in order to support Windows 10. To support that, existing System Center and Windows Server versions will fully support the management and deployment of Windows 10. There may be some updates required to add this support, but we’ll be sure to make those available at or before the Windows 10 release. (We’ll also update MDT 2013, our free deployment tool, to support Windows 10 deployment.) We’re also working on a new version of System Center Configuration Manager, as well as a new version of Windows Server. These new versions, which will be available after the Windows 10 release, will offer some new capabilities related to new Windows 10 features, but these aren’t mandatory for the Windows functionality you use today. Updates will be required. New OS features may require newer versions for full support. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Mobile Device Management
4/16/2017 Mobile Device Management Significant investments in added functionality for both mobile and desktop devices Fully managed corporate device Device Lockdown We introduced mobile device management (MDM) capabilities in Windows 8.1 and Windows Phone For PCs, these capabilities focused on BYOD scenarios, such as ensuring the devices met the your security requirements before they could access corporate and resources. For Windows Phone 8.1, these capabilities went a little further, enabling more “device lockdown” capabilities for configuring special-purpose devices for running specific line-of-business apps. As we move to Windows 10, we’ll greatly expand these capabilities to provide much more robust capabilities. It’s important to note that we’re not just going to recreate the 3,600 group policy settings that Windows has today. Instead, we’ll provide an appropriate set of high-level capabilities. We would encourage you to check out the full list of settings as we get closer to the Windows 10 release and let us know what additional settings might be required for your organization. BYOD: simple security settings Phone Desktop Phone Desktop © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 APPLICATION MANAGEMENT DEVICE CONFIGURATION AND SECURITY
4/16/2017 MDM in Windows 10 ENROLLMENT INVENTORY APPLICATION MANAGEMENT DEVICE CONFIGURATION AND SECURITY REMOTE ASSISTANCE UNENROLLMENT Unenrollment with alerts Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP) Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration One consistent set of MDM capabilities across Mobile, Desktop, and IoT Full device wipe Remote Lock, PIN reset, Ring, & Find Enhanced inventory for compliance decisions Additional device inventory Curated Windows Store Business Store app deployment; license reclaim Enterprise App management Simplified LOB app management Win32 (MSI) app management App inventory (LOB/store apps) App allow/deny lists via Applocker Enterprise data protection The MDM capabilities provided in Windows cover the complete lifecycle of the device. In Windows 10, these will be enhanced with additional capabilities in each phase of that lifecycle. While the complete list of new functionality is still being defined, here are some examples of new MDM capabilities that we expect to deliver. We’ll provide easy enrollment capabilities to automate the MDM enrollment of the device as part of the Azure Active Directory join process. We’ll provide new controls for configuring and managing the Start menu. We’ll enable new controls over Windows updates, allowing you to control when specific Windows updates are deployed to MDM-managed devices (think “WSUS from the cloud”). We’ll provide new AppLocker and Enterprise Data Protection configuration settings. We’ll enable integration with the Windows Store and the Business Store to enable automated app management. We’ll provide full device wipe capabilities, even for PCs. These capabilities will be supported on all types of devices, including Windows phone devices, PCs and tablets, and Internet-of-Things (IoT) devices. Extended set of policies Client certificate management Enterprise Wi-Fi VPN management provisioning MDM Push Device Update control Kiosk, Start screen, Start menu configuration and control © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 4/16/2017 3:59 PM For More Information Windows 10 Mobile Device Management (MDM) in Depth Janani Vasudevan Senior Program Manager, Microsoft Many customers identify web application compatibility as a significant cost to upgrading, as web apps may need to be tested and upgraded before adopting a new browser. Enterprise Mode for Internet Explorer 11 provides improved Internet Explorer 8 compatibility for all SKUs of Windows 7 and Windows 8.1, and can be helpful for customers who want to upgrade to the latest version of Internet Explorer but have experienced compatibility issues. Enterprise Mode is available as an update to all Internet Explorer 11 customers, but is turned off by default. Consumers and commercial customers won’t see Enterprise Mode unless it is turned on via Group Policy or registry keys. In helping customers upgrade to the latest version of Internet Explorer, we are also helping to unlock the power of Windows 8.1, services like Office 365, and Windows tablets like the Surface Pro 2. Moving to IE11 on Windows 7 helps eliminate web app compatibility issues that may otherwise block upgrades to the latest technologies. [ Note: Additional information on Enterprise Mode is available at ] Thursday, May 7 1:30 PM - 2:45 PM N426 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 4/16/2017 Identity Choices Active Directory provides key business identity and security capabilities Azure Active Directory takes this to the cloud Both work together Windows 10 fully leverages both Let’s talk more about the choices in Identity. Of course we need to start by talking about Active Directory, which is used by almost all businesses today to provide identity, security, and more. We’ll continue to fully support all the Active Directory capabilities in Windows 10 – no surprise there. (We also have Microsoft accounts, which are effectively a consumer identity system. These can still be used with Windows 10 as well.) The biggest change related to identity in Windows 10 is the full support of Azure Active Directory. This means that Windows 10 is fully aware of Azure Active Directory accounts and services, and can leverage these in several ways that we’ll talk about it a little while. It’s important to understand that this doesn’t mean choosing one or the other. For organizations with existing Active Directory domains, you’ll use these together to provide additional capabilities. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Windows 10 Identity Choices
4/16/2017 Windows 10 Identity Choices Organization Owned Personally Owned (BYOD) Active Directory Azure Active Directory Computer joins AD to establish trust User signs on using AD account Group Policy + System Center Computer joins Azure AD to establish trust User signs on using Azure AD account Intune/MDM Settings roaming Computer registers with AD or Azure AD via Device Registration to establish trust for remote resource access User signs in with a Microsoft account, associates an Azure AD account Intune/MDM As we previously mentioned, we can support management of both organization-owned devices and personally-owned (BYOD) devices. When talking about identity, this is of course also true. For organization-owned devices, you can join these into an Active Directory domain in order to establish trust, then sign on with an Active Directory account. Management is provided via Group Policy and System Center, working together. (Note that this isn’t supported by Windows phone devices; Azure Active Directory is supported though.) Or you can join them into an Azure Active Directory tenant, and then sign on using an Azure Active Directory account, with full support for roaming of app settings and data through Azure storage (still a work-in- progress). In this case, you would typically manage the device using Intune or a third-party MDM service. But the real value comes when you combine the two: After synchronizing your Active Directory domain with Azure Active Directory, there are additional single sign-on benefits. We automatically recognize the association between the AD and Azure AD accounts, which enables Active Directory users to seamlessly access cloud-based services without having to provide their credentials again. And Azure AD users can access on- premises services without needing to do anything else. When we’re talking about cloud-based services, we don’t just mean the Microsoft-provided ones – you would expect seamless access to the Windows Store, Intune, Office 365, and other services built around Azure AD. But we’ll also provide single sign-on to hundreds of additional SaaS (software as a service) offerings from many different providers. All you need to do is define the connection between Azure AD and these services (normally a simple wizard-driven process) and you’re all set. For personally-owned devices, we’ll support “device registration” (formerly called “Workplace Join”) to register a personal device. Once registered, you can be assured of an additional level of trust: Having the user’s credentials by themselves might not be good enough (because someone might have been able to obtain their password), but if they are using a trusted device, then access would be allowed. We’ll continue to build on these “conditional access” capabilities. These personally-owned devices can also be managed using Intune or an MDM service too. Single sign-on to enterprise + cloud-based services © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Azure Active Directory
4/16/2017 Azure Active Directory Simple connection Self-service Single sign on ••••••••••• Username Other Directories Windows Server Active Directory On-premises Cloud SaaS Azure Office 365 Intune Microsoft Azure Active Directory To use Azure Active Directory, you first need to set up an Azure Active Directory tenant for your organizations. (If you are already using Intune or Office 365, you already have one. If not, it’s easy to set up a new one, typically for free.) Once you have set up the Azure AD tenant, you can set up synchronization between your existing Active Directory domain and Azure Active Directory through a free synchronization utility (Azure AD Sync now, Azure AD Connect coming soon) which is quickly configured via a wizard and then runs periodically to keep Azure AD up to date. PCs and devices can join Azure Active Directory, or they can just leverage Azure AD accounts. Either way, they then have single sign-on access to cloud-based services and get automatic roaming of app settings and data between all types of Windows devices. (Settings related to these organization accounts is kept separate from Microsoft accounts personal settings.) © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Demo Azure Active Directory

18 4/16/2017 3:59 PM For More Information Microsoft Azure Active Directory and Windows 10: Better Together for Work or School Jairo Cadena Program Manager, Microsoft Many customers identify web application compatibility as a significant cost to upgrading, as web apps may need to be tested and upgraded before adopting a new browser. Enterprise Mode for Internet Explorer 11 provides improved Internet Explorer 8 compatibility for all SKUs of Windows 7 and Windows 8.1, and can be helpful for customers who want to upgrade to the latest version of Internet Explorer but have experienced compatibility issues. Enterprise Mode is available as an update to all Internet Explorer 11 customers, but is turned off by default. Consumers and commercial customers won’t see Enterprise Mode unless it is turned on via Group Policy or registry keys. In helping customers upgrade to the latest version of Internet Explorer, we are also helping to unlock the power of Windows 8.1, services like Office 365, and Windows tablets like the Surface Pro 2. Moving to IE11 on Windows 7 helps eliminate web app compatibility issues that may otherwise block upgrades to the latest technologies. [ Note: Additional information on Enterprise Mode is available at ] Friday, May 8 12:30pm - 1:45pm S103 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 4/16/2017 Device Management Vision A “single pane of glass” for managing all of your devices Windows PCs (x86/x64, Intel SOC), Windows To Go, Windows Embedded Organization-owned, on-premises Single admin console IT Administrator Windows PCs (x86/x64, Intel SOC) Windows mobile/phone devices Organization-owned or personally-owned (BYOD), internet-connected iOS / Android Remember that we initially said that you should make choices based on scenario? That means you could have one group of devices managed using on-premises services like Active Directory Group Policy and System Center Configuration Manager, while another group of devices could be leveraging Azure Active Directory and Intune. But that doesn’t mean that you need to manage these separately. The enterprise client management team has been working for some time on ensuring that you can manage both sets of devices from a single administrative console. This means that you only need to define apps once; you only need to create one set of policies; and you get all inventory in one central place. [This vision reflects something that analysts have been saying for some time: While separate MDM vendors have sprung up to fill in the gaps caused by the creation of these new cloud-based services, eventually organizations will come to realize that having a single management solution for all devices will be advantageous – without that meaning that you have to give up existing capabilities that you use today with traditional on-premises solutions like System Center and Group Policy.) Intune © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Demo Deploying a line-of-business Windows app

21 Group Policy New in Windows 10 New from Windows 7
4/16/2017 Group Policy New policies to support Windows 10 features: Start screen and start menu management “Project Spartan” settings Next-Generation Credential PIN settings Windows app management New in Windows 10 Capabilities from Windows 8.1: Policy caching IPv6 support for printers, VPN, targeting Capabilities from Windows 8: Sign-in optimization for DirectAccess clients Better use of larger registry policies (registry.pol) Remote group policy refresh (GPUpdate) More efficient background processing New from Windows 7 For those using Active Directory and Group Policy to manage organization-owned devices, we will of course provide new policies to support Windows 10 features like the new “Project Spartan” browser, Next-Generation Credentials, Start screen and start menu controls, and more. We want to ensure that it’s easy for you to drop new Windows 10 devices into your infrastructure and manage them like you do today. Since many of you are still using Windows 7, it’s important to also point out the Group Policy investments that we made in Windows 8 and Windows Many of these changes were to improve the overall performance of Group Policy, especially when devices are connected across slow network links or DirectAccess. We also improved support for larger policies and added support for other new capabilities added in those releases, such as with IPv6 and VPN. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Microsoft Desktop Optimization Pack (MDOP)
4/16/2017 Microsoft Desktop Optimization Pack (MDOP) Full support for Windows 10 at general availability, with updates for: App-V UE-V MBAM DaRT AGPM And we’ll ensure that all of these existing MDOP tools support Windows 10 when it is released. If necessary, we’ll release updates; if not, we’ll let you know that the existing releases are fully supported. Either way, we’ll make sure that App-V, UE-V, MBAM, DaRT and AGPM are all ready to go on day 1. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 An App Store That’s Open for Business
4/16/2017 3:59 PM An App Store That’s Open for Business Volume purchasing Flexible distribution License reclaim/re-use Your company store With Windows 10, we are making significant investments to ensure that the Windows Store is open for business. We will create a new volume purchasing program that enables organizations to purchase apps in bulk, deploy those apps using a variety of scenarios, and manage the licenses (reclaiming and reusing, e.g. when an employee leaves the company). You will also be able to create your own organizational store, basically a store within the public Windows Store where you can put a fully-curated list of public and line-of-business apps. Of course to make all this work, we will support using Azure Active Directory accounts for acquiring organizational apps (while still using Microsoft Accounts for personal apps). © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Windows 8.1 at a Glance Windows Store “Company Portal” Modern apps
4/16/2017 Windows 8.1 at a Glance Windows Store “Company Portal” With Windows 8.1, we provided the Windows Store for acquiring apps. To use this Windows Store, you would log in with a Microsoft account. For apps that aren’t free, they could be purchased with a credit card (or on Windows Phone, with PayPal, Alipay, and various mobile operator billing options). But having individuals pay with their own credit card, and buy apps that belong to their own Microsoft account instead of the organization, presents some challenges. Alternatively, you could build your own internally hosted and managed “Company Portal” (often referred to as an “enterprise app store”), leveraging MDM solutions like Windows Intune or agent-based managed tools like System Center Configuration Manager. In order to deploy apps this way, you need to sideload the apps, which requires the installation files for those apps. Obtaining those is usually difficult today (except for apps you write yourself). Or you could also link to apps in the Windows Store (through a process called deep linking, where you just have a URL to the store app), but that still requires a Microsoft account and potentially a credit card (for paid apps). So we recognize the challenges in today’s implementation and will address these in Windows 10. Modern apps Sign in with MSA Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators (Phone) MDM-driven Sideload line-of-business modern apps Link to apps in the Windows Store © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 One Windows Store Convergence
4/16/2017 One Windows Store Convergence WINDOWS 8.1 WINDOWS 10 WINDOWS PHONE 8.1 As we move forward to Windows 10, we will be creating a converged app store, carrying forward the best features from each of the existing stores that we currently have. At the same time, we will be adding new capabilities that will benefit all devices. We have already started down that path with Windows 8.1 and Windows Phone 8.1, with a converged developer experience and universal apps. Windows 10 will complete the unification. XBOX Converged developer portal for Windows and Windows Phone Separate user and developer capabilities Fully converged experience Best features from each New capabilities © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Introducing the Business Store
4/16/2017 Introducing the Business Store A web site for businesses, schools, or other organizations Free to use, easy to sign up Used by IT administrators, purchasers Provides key functionality for acquiring, using, and deploying apps in an organization Including line-of-business apps Complements the Windows Store and existing management solutions Flexible scenarios for any need Organizations will interact with the Windows Store through a new website called the Business Store. This site can be used by organizations of any type or size, and there is no cost to sign up. It’s not used directly by members of the organizations – only the IT administrator or other individuals responsible for acquiring apps ever need to use it. [In order to sign in, you need to use an Azure Active Directory user ID and password. If you don’t currently have an Azure Active Directory tenant for this, the sign-up process can automatically create one for you. As with the Business Store itself, there is no charge for this. Note that there are some cases where you would want to have Azure Active Directory accounts for every member of the organization; we’ll talk more about those later.] Not surprisingly, the main purpose of the Business Store is for acquiring apps for use in the enterprise. But it provides more too: It can manage licenses, make apps available in a private store within the public Windows Store, integrate with mobile device management and systems management solutions (such as Intune and System Center Configuration Manager), deploy your own line-of-business apps to members of your organization through the Windows Store infrastructure, and more. Overall, we believe that the Business Store will provide enough flexibility for any scenario. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Windows 10 at a Glance Windows Store Business Store “Company Portal”
4/16/2017 Windows 10 at a Glance Windows Store Business Store “Company Portal” Modern apps Sign in with MSA Pay with credit card, gift card, PayPal, Alipay, INICIS, mobile operators Modern apps Leverages Azure Active Directory for administration, some scenarios Private organization store for the org’s preferred or LOB apps Pay with credit card or PO/invoice Deploy modern apps offline, in images, and more Modern app license management Sideload line-of-business modern apps Deploy apps from the Windows Store (even when the Store UI is disabled) as well as uploaded LOB apps through Business Store integration using MDM So let’s look at the overall picture for Windows 10. You’ll notice that the existing Windows Store end-user (consumer) scenarios remain unchanged: You can still use a Microsoft account to acquire apps, paying with credit cards and various other means. But now we can use the Business Store to acquire apps for the organization, paid for using a purchase order, invoice, or credit card. We’ll provide license management for those apps, enabling organizations to reclaim and reuse licenses (e.g. when an employee leaves the company). We’ll even let you upload your own line-of- business apps. You will be able to deploy apps in a variety of ways. The simplest way would be to leverage the Windows Store itself: Members of your organization could access the Windows Store using an Azure Active Directory account for your organization, see all of the apps that you have made available (including line-of-business apps that you’ve uploaded), and select the ones they want; the Windows Store will take care of the installation. Or you can directly assign an app license to a specific member of your organization; they’ll be notified to “click here” to initiate an installation. [Note that both of these scenarios require each member of the organization to have their own Azure Active Directory account. Typically this is done by setting up synchronization between your existing Active Directory domain and Azure Active Directory.] You’ll also be able to download the installation files for the apps you’ve acquired and put them in your custom images or deploy them using your existing management infrastructure, just like many of you already do today for desktop (Win32) apps. This doesn’t even require an internet connection (other than for the IT administrator who needs to sign into the Business Store to download the installation files). [And these offline and imaging scenarios don’t require users to have Azure Active Directory accounts, except again for the IT administrator who needs to use the Business Store.] And you can still have a “Company Portal” provided by your MDM or systems management solution (e.g. Intune or System Center Configuration Manager). But in addition to sideloading modern apps, you’ll also be able to deploy apps acquired through the Business Store by leveraging new MDM controls. Even if you disable the Windows Store for users, MDM and systems management solutions can instruct the Windows Store to install Business Store-acquired apps on their behalf. [It’s also worth noting that you won’t be able to use as Azure Active Directory account to acquire any app from the Windows Store – you’ll only be able to acquire those specifically acquired through the Business Store. If an organization chooses to allow it, they could still allow members to use their own Microsoft account for other apps.] © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Scenarios for any need Flexible app deployment
4/16/2017 Scenarios for any need Flexible app deployment Online, offline, or included in images Through the store, via MDM, or using System Center LOB apps can be kept private Support for any organization Teacher and classroom Small businesses and other organizations Large enterprises Simplify via convergence One store, one Dev Center, one Business Store Universal apps across all device types Reconciled sideloading processes We want to provide as much flexibility as possible, as we know that organizations have a variety of different needs. We’ll ensure that we can support organizations of any size. And we’ll simplify the processes overall. [Note that today there are different processes for sideloading on Windows and Windows Phone. With Windows 10, we will be reconciling these differences, ensuring that exactly the same rules can be used, regardless of the device type. We’ll have more details to share on this later.] Let’s explore these scenarios in more detail. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Working with Store Apps Business Store Scenarios
4/16/2017 Working with Store Apps Business Store Scenarios Online Offline All org users need Azure AD accounts Installation files managed and deployed by the Windows Store Licenses tracked by the Windows Store Updates installed via Windows Update Org users do not need Azure AD accounts Installation files are downloaded and deployed using org’s infrastructure No license tracking Updates installed via Windows Update First, it’s important to make a distinction between “online” and “offline” scenarios. For “online” scenarios, the Business Store and Windows Store are actively involved in the full end-to-end process, leveraging Azure Active Directory accounts for each member of the organization to track licenses, target apps to users, etc. For “offline” scenarios, the Business Store helps with the acquisition of the apps and the installation files for those apps, but after that point, you would use your own infrastructure to deploy the apps and to track what licenses you are using. So it’s “offline” from the Windows Store perspective, as there is no communication with the Windows Store involved in these scenarios. [Because app updates are delivered via Windows Update, these “offline” apps will still get updated though, so you don’t need to worry about that.] In the “online” case, you can leverage a private organization store within the public Windows Store. Or you can leverage MDM or other systems management solutions to instruct the Windows Store to install an app (using a process similar to what you can do today with “deep links”, but without any user interaction or Microsoft account requirement). Or you can directly assign apps to specific Azure Active Directory users. For the “offline” case, you can add apps into images (sysprepped and captured). Or you can deploy them using a sideloading-like process (although it’s technically not sideloading, as it is still an official Windows Store app) where the management solution distributes the installation files and instructs Windows to install the app. Or you can even manually install the app using PowerShell or DISM commands. Let’s walk through each of those scenarios… Private Store MDM / ConfigMgr (deep links) Direct Assignment Imaging MDM / ConfigMgr (sideload) Manual © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Demo Business Store

31 For More Information Using the Business Store with Windows 10 Devices
4/16/2017 3:59 PM For More Information Using the Business Store with Windows 10 Devices Ford McKinstry Principal Program Manager Lead, Microsoft Tejas Patel Senior Program Manager, Microsoft Many customers identify web application compatibility as a significant cost to upgrading, as web apps may need to be tested and upgraded before adopting a new browser. Enterprise Mode for Internet Explorer 11 provides improved Internet Explorer 8 compatibility for all SKUs of Windows 7 and Windows 8.1, and can be helpful for customers who want to upgrade to the latest version of Internet Explorer but have experienced compatibility issues. Enterprise Mode is available as an update to all Internet Explorer 11 customers, but is turned off by default. Consumers and commercial customers won’t see Enterprise Mode unless it is turned on via Group Policy or registry keys. In helping customers upgrade to the latest version of Internet Explorer, we are also helping to unlock the power of Windows 8.1, services like Office 365, and Windows tablets like the Surface Pro 2. Moving to IE11 on Windows 7 helps eliminate web app compatibility issues that may otherwise block upgrades to the latest technologies. [ Note: Additional information on Enterprise Mode is available at ] Thursday, May 7 1:30pm - 2:45pm S503 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Key Investment Summary
4/16/2017 Key Investment Summary Business Store Allows orgs to acquire apps, manage licenses, download app files Pay using standard business methods, including purchase orders, invoices, and credit cards Private Store inside the Windows Store Fully curated list of apps from within the Windows Store Can include public apps as well as Line-of-Business apps Full management support Mobile device management (MDM) control (using services such as Intune) Control for agent-based management solutions (such as System Center Configuration Manager) To summarize, here are the key investments being made for the Windows Store to provide the features that organizations have asked for. © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Getting Ready for Windows 10
4/16/2017 Getting Ready for Windows 10 Set up Azure Active Directory Get current with System Center Configuration Manager and Windows Server Consider mobile device needs Think about scenario-based management Work with Windows apps [Call to Action] © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Please evaluate this session
4/16/2017 3:59 PM Please evaluate this session Your feedback is important to us! Visit Myignite at or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 4/16/2017 3:59 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /16/2017 3:59 PM"

Similar presentations

Speaker Name, Title Windows 8 Pro: For Small Business.

Speaker Name, Title Windows 8 Pro: For Small Business.
People Centric IT Unified Device Management with SCCM + Windows Intune

People Centric IT Unified Device Management with SCCM + Windows Intune
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Microsoft Ignite /16/2017 3:59 PM

Microsoft Ignite /16/2017 3:59 PM
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.

Desktop virtualization Access & information protection Mobile device & application management Hybrid identity Simplified device enrollment and.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.

Exchange Exchange Connecter with Configuration Manager Configuration Manager with Intune Protect and Manage Devices and Infrastructure.
Howard A. Carter III Senior Consultant Microsoft Consulting Services

Howard A. Carter III Senior Consultant Microsoft Consulting Services
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
Harris Schneiderman Account Manager Kloud Solutions.

Harris Schneiderman Account Manager Kloud Solutions.

Similar presentations

Ads by Google