Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012

Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012 Enhance Windows 10 security and management with ConfigMgr, Intune, and new cloud services Jason Githens Principal Group PM Manager Jan Kalis Senior Product Marketing Manager Avi Sagiv Principal Program Manager Rama Shastri Principal Program Manager Lead Brian McNeill Principal PM Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Session overview Microsoft’s management solutions are deeply cloud connected, offering extensive value-add through cloud services Windows 10 services, Configuration Manager, and Intune provide an in-depth, deeply connected set of solutions for securing and managing Windows 10 A detailed look into each of the services, the value they provide, and the integration points into management solutions of ConfigMgr and Intune

Microsoft Azure Office 365 Windows Upgrade Analytics Windows as a Service Microsoft Intune Windows Store for Business Windows Update for Business Windows Defender Advanced Threat Protection Health Attestation Configuration Manager Operations Management Suite (OMS) Azure Active Directory Microsoft Cloud Services

Optimized on Azure

Microsoft Azure and ConfigMgr and Intune
IaaS hosting of Configuration Manager on Azure Internet-based client management through Configuration Manager cloud-based management service Connected Intune and ConfigMgr configuration Azure hosted Intune = Deep EMS integration through Azure Portal, Scale, and API exposure through Microsoft Graph

Azure-hosted Configuration Manager
Definition: Part or all of the ConfigMgr environment hosted on virtual machines on Azure It is an Infrastructure as a Service (IaaS) solution Can be an extension of OR even a replacement of your datacenter It is an officially supported scenario with Current Branch of ConfigMgr 500+ customers have site roles deployed in Azure Why? Main reason is to reduce your Capex and Opex costs

Cloud-based management service
Manage traditional clients that roam on the Internet Without additional infrastructure Without exposing infrastructure to the Internet Easily configured through the Configuration Manager console Key features continue to work on the device when not on the corporate network Settings Software updates Applications Hardware and software inventory Endpoint protection

Cloud-based management service architecture
Windows Update Firewall DMZ HTTPS Mutual SSL MP AD CA SSL Cert Azure Root Cert Site Server Proxy Connector Point HTTPS Mutual SSL DP SSL Cert HTTPS Root Cert Proxy Service Cloud DP SSL Cert Client Cert Root Cert Root Cert HTTPS Mutual SSL SUP HTTPS Mutual SSL SSL Cert Root Cert Client Cert Root Cert

Office 365 Deliver Office 365 client updates as software updates
Dedicated dashboard to deliver and monitor deployments of Office Click to Run applications

Office 365 Integrated

Controlling access to data
User Group memberships Auth strength (MFA) Risky behavior Device Managed (Intune or CM) Compliant Risky behavior App Mobile app is managed Mobile app reputation SaaS app sensitivity Conditional access with EMS Other Network location Breach detected On-premise data

Windows Services Windows Store for Business
Windows Defender Advanced Threat Protection Health Attestation Windows Upgrade Analytics Windows as a Service Windows Update for Business

Windows Store for Business
Find, acquire, manage, and distribute apps on Windows 10

Windows Store for Business
One place for you To find, acquire, manage, and distribute apps on Windows 10 Designed for organizations Curated for business or for education Apps owned and managed by your organization Volume acquisition and distribution Acquire Store apps and Line-of-Business apps Flexible deployment to meet your needs Easy and familiar for your users Simple discovery and installation of apps Automatic app updates by default For more information you can visit Ignite session BRK3238 Dive deeper into Windows Store for Business, or go to microsoft.com/business-store

DEMO Windows Store for Business
Find, acquire, manage, distribute and install apps

App distribution options
Assign app licenses directly to users Option 2 Use a private store page Option 3 Integrate with management tools For organizations and departments that do not want to use app management tools Simple invitation model targeting specific users Users receive an or can go to My Library in Windows Store to install and launch organizational apps Provides users flexibility to choose organization apps to install Admin chooses apps to appear in company tab in the Windows Store; users self-discover For organizations that want to leverage existing app management tools Supports complex management options including dynamic groups, update management, push installation, etc. Users can find and use Windows Store for Business apps pushed to their device(s) or on a company-approved portal

MS Story 5/5/2018 3:54 PM Application Distribution via System Center Configuration Manager (CM) and/or Intune Organizational apps acquired Inventory synchronized Policies and distribution Deployed to users Windows Store for Business System Center Configuration Manager and/or Intune Windows 10 Organizations acquire apps in Windows Store for Business Includes internal line-of- business and public Store free and paid apps Paid apps are purchased in bulk during acquisition System Center Configuration Manager and/or Intune connects with Windows Store for Business APIs Apps, metadata and licensing information is synchronized Administrator defines necessary policies and distributions Distribution is performed Apps get deployed to Windows 10 users and policies enforced App updates can happen from the Store or managed with Management Tools © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Defender Advanced Threat Protection

ADVANCED THREAT PROTECTION
WINDOWS DEFENDER ADVANCED THREAT PROTECTION DETECT, INVESTIGATE AND RESPOND TO TARGETED ATTACKS Built in to Windows, cloud powered Behavior-based, breach detection Rich timeline for investigation Unique threat intelligence knowledge base © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Adding a post-breach mindset to the Windows 10 defense stack
5/5/2018 Adding a post-breach mindset to the Windows 10 defense stack PRE-BREACH POST-BREACH Device protection Device Health attestation Device Guard Device Control Security policies Device protection Device Health Attestation Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Identity protection Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello :) Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello ;) Identity protection Device protection / Drive encryption Windows Information Protection Conditional access Information protection Information protection Device protection / Drive encryption Enterprise Data Protection Conditional access Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Windows Defender ATP Breach detection investigation & response Breach detection investigation and response Windows Defender Advanced Threat Protection (ATP) © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Health Attestation

Device Health Attestation
Builds upon existing Windows security technologies: Secure Boot, Measured Boot Early Launch Anti-Malware, TPM Attestation Boot Loaders TPM UEFI Secure Boot Platform Configuration Registers (PCRs) EK Cert OS Loader TPM Boot Log AIK Cert Windows kernel and boot drivers Early launch anti-malware Enables administrators to monitor remotely and make security decisions based on TPM-protected, tamper-resistant, and tamper-evident data

Unknown PC health TODAY HEALTH IS ASSUMED 1 2
5/5/2018 Unknown PC health Important resources OneDrive File servers Network TODAY HEALTH IS ASSUMED 1 Authenticated access request 2 You’re in © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Device Health Attestation enables:
5/5/2018 Device Health Attestation enables: Windows Cloud Attestation and Intune ConfigMgr and Intune TO GATE ACCESS BASED ON DEVICE INTEGRITY AND HEALTH Attestation request 3 Attestation response 4 Important resources OneDrive File servers Network 1 Authenticated access request 2 Prove you are healthy 5 Here is the proof © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Upgrade Analytics

Windows Upgrade Analytics
MS Story 5/5/2018 3:54 PM Windows Upgrade Analytics Allows the enterprise IT to quickly identify and focus on the critical issues impeding upgrades; provides data driven insights to plan and manage the upgrade process end to end Workflow visualization from pilot to deployment Powerful upgrade readiness insights and recommendations about the computers, applications and drivers Risk based approach to app rationalization Microsoft guidance on app and driver compatibility issues Sign up via © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Upgrade Analytics Demo
Microsoft Ignite 2016 5/5/2018 3:54 PM Upgrade Analytics Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Upgrade Analytics and ConfigMgr

Windows as a Service Manage your Windows servicing updates through a dedicated console Sync and distribute update content using peer caching to reduce bandwidth impact

Windows Update for Business
Agility, Control & Simplicity

Windows Update for Business
Agility Get access to the latest technology and value sooner and easier. Quick “hands-free” deployment of the latest security updates. Control Time to plan and test updates after they have been released to the broad market. Control update rollout with custom rings based on business needs and rhythm. Simplicity Reduce infrastructure and workflow complexity. Leverage inbox update management and network optimization tools with integration into existing tools.

What’s new in WU for Business
5/5/2018 3:54 PM What’s new in WU for Business Windows 10, version 1511 Windows 10, version 1607 Ability to defer Quality updates Deferrals in weekly increments, up to 4 weeks Increased control over Quality update deferrals Deferral periods set in days, up to 30 days Drivers can be optionally excluded quality update WU payloads Ability to defer Upgrades Deferrals in monthly increments, up to 8 months Increased control over Feature update rollout Deferral periods set in days, up to 180 days Feature updates can be paused for up to 60 days Deferrals only for systems on the CBB branch Deferrals can now be applied to both CB & CBB branches No WSUS integration WSUS, WUfB reporting and dual scan capability © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service: Deploying Windows
MS Story 5/5/2018 3:54 PM Windows as a service: Deploying Windows Unmatched flexibility and control, depending on needs Windows Insider Preview Branch Current Branch Current Branch for Business Long Term Servicing Branch Specific feature and performance feedback Application compatibility validation Deploy to appropriate audiences Test and prepare for broad deployment Information workers General population Specialized systems Early adopters, initial pilots, IT devices Deploy for mission critical systems No need for frequent new features (or any sort of change) Too expensive for general population Benefits from new features Begins broad deployment Test machines, small pilots NUMBER OF DEVICES STAGE Release © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Update for Business Workflow
5/5/2018 Windows Update for Business Workflow Create Deployment Groups Set deployment groups of Win10 devices to consume Security and Feature Updates at staggered intervals Maintain control as updates deploy Feature and Quality updates can be paused, allowing time to address any issues identified Scale with network optimizations Delivery Optimization (DO) allows for smart peer-to-peer download of updates. Dual Scan allows for integration with existing WSUS infrastructure Microsoft Confidential © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Initial Pilots No Deferral Fast Ring 5 day deferral Windows Update Slow Ring 10 Day deferral

Initial Pilots No Deferral Fast Ring 5 day deferral Slow Ring 10 Day deferral Windows Update

Addressing deployment issues
Windows Update for Business

Windows Update for Business Initial Pilots No Deferral Fast Ring 5 day deferral Slow Ring 10 Day deferral Windows Update

Windows Update for Business 5 10 Initial Pilots No Deferral Fast Ring 5 day deferral Slow Ring 10 Day deferral Windows Update

Windows Update for Business Initial Pilots No Deferral Fast Ring 5 day deferral Slow Ring 10 Day deferral Windows Update

Try it with a little help from your friends
Find out where to get information on WUFB, including white papers, etc. in an auto-response . Are there features that you need to make WUfB better? Let us know here. Not finding what you need to know? Put your question in the and we’ll help you find the answer.

Windows Update for Business, ConfigMgr and Intune
Manage updates from ConfigMgr, WUfB, or some populations of PCs with each in the same organization Manage deferrals through Intune custom policy Future: Integrated experience to support ConfigMgr Conditional Access for clients getting updates from WUfB Integrated reporting experience for aggregate WUfB and ConfigMgr update compliance (for mixed environments) Integrated WUfB compliance reporting and native admin console deferral controls with Intune

Operations Management Suite (OMS)
Synch Collections from ConfigMgr into OMS to replicate ConfiMgr grouping into your OMS environment

Check out other sessions
5/5/2018 3:54 PM Check out other sessions BRK Learn what's new with OSD in System Center Configuration Manager and Microsoft Deployment Toolkit (Tuesday 9 A.M.) BRK2138 – Intune and Configuration Manager overview (Tuesday 10:45 A.M.) BRK Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune (Tuesday 2:15 P.M.) BRK Secure Android devices and apps with Intune (Wednesday 10:45 A.M.) BRK Manage and secure iOS and Mac devices in your organization with Intune (Wednesday 2:15 P.M.) BRK Manage modern enterprise applications with Microsoft Intune & HockeyApp (Wednesday 4 P.M.) BRK Enhance Windows 10 security and management with ConfigMgr, Intune, and new cloud services (Wednesday 4 P.M.) BRK Accelerate your Microsoft Enterprise mobility and security deployment with FastTrack (Thursday 9 A.M.) BRK Conduct a successful pilot deployment of Microsoft Intune (Thursday 10:45 A.M.) BRK Learn how Intune helped Avanade’s global workforce get more productive (Thursday, 12:45 P.M.) BRK Align your Windows 10 management strategy to end-user and IT needs (Thursday 4 P.M.) BRK Deliver a BYOD program that employees and security teams will love with Intune (Friday 12:30 P.M.) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session
5/5/2018 3:54 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 5/5/2018 3:54 PM BRK3012"— Presentation transcript:

Similar presentations

About project

Feedback