Manage Windows devices in the complex hybrid cloud world of today

Manage Windows devices in the complex hybrid cloud world of today
6/2/2018 3:15 AM BRK3260 Manage Windows devices in the complex hybrid cloud world of today Chris Rhodes MCTs & MVPs IT Masterclasses © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Traditional environments Legacy scenarios
6/2/2018 3:15 AM Agenda Traditional environments Legacy scenarios Exploring cloud scenarios Hybrid scenarios Takeaways © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Traditional environments
6/2/2018 3:15 AM Traditional environments © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Traditional Windows 7 environment
6/2/2018 3:15 AM Traditional Windows 7 environment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Legacy scenarios 6/2/2018 3:15 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Legacy scenarios Active Directory and Group Policy Pros Cons
6/2/2018 3:15 AM Legacy scenarios Active Directory and Group Policy Pros Cons Class leading directory Domain joined devices only Device and user authentication Not suited for devices in the field Granular policy control VPN/DirectAccess required for remote PCs 1000’s of policy settings Windows devices only © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Legacy scenarios System Center Configuration Manager Pros Cons
6/2/2018 3:15 AM Legacy scenarios System Center Configuration Manager Pros Cons Device inventory Agent required Deploy baseline configuration Requires devices to connect back OS deployment Complex to install Application management Expensive, prohibits SMEs © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Traditional decision flow

Are legacy scenarios still relevant?
6/2/2018 3:15 AM Are legacy scenarios still relevant? Cloud based apps Mobile workforce New device types to manage Computers not checking in frequently Devices behind on updates © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exploring cloud scenarios
6/2/2018 3:15 AM Exploring cloud scenarios © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud scenarios Office 365 6/2/2018 3:15 AM

Office 365 MDM MDM exists in O365 subscriptions.
6/2/2018 3:15 AM Office 365 MDM MDM exists in O365 subscriptions. Devices managed in O365 portal. If you have M365, use Intune for more features. Lacks features like MAM, VPN profiles, app deployment. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud scenarios Azure AD 6/2/2018 3:15 AM

Azure AD Join Integration with O365 SSO with Edge or office apps
6/2/2018 3:15 AM Azure AD Join Integration with O365 SSO with Edge or office apps OneDrive access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud environment – AAD Join
6/2/2018 3:15 AM Cloud environment – AAD Join © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Registered devices vs. joined devices
6/2/2018 3:15 AM Registered devices vs. joined devices Registered Device Joined Device Personal Devices Company owned device BYOD scenario CYOD scenario Local user authentication AAD user authentication MDM capable Windows, iOS, Android Windows only Windows Hello Access Windows Store for Business © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Conditional Access 6/2/2018 3:15 AM

Conditional access Policies control access to cloud applications
6/2/2018 3:15 AM Conditional access Policies control access to cloud applications Example 1: AAD joined devices only Example 2: MFA required for user authentication Example 3: MDM controlled computers only Example 4: Compliant devices only may access apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hmm, now I see…. Cloud managed devices Cloud app access can be managed
6/2/2018 3:15 AM Hmm, now I see…. Cloud managed devices Cloud app access can be managed Multi-device management © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft 365 Licences are out, subscriptions are in.
Windows 10 Office 365 EMS Microsoft 365 is the new kid on the block.

EMS – Enterprise Mobility & Security
6/2/2018 3:15 AM EMS – Enterprise Mobility & Security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Information Protection
6/2/2018 3:15 AM EMS breakdown AAD Premium Azure Information Protection Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AAD Premium security Adds MFA (multi-factor authentication)
Self-service password reset Security reports – are your users being hacked? Cloud app discovery – understand what users actually use Bitlocker recovery Auto MDM enrolment – devices are secured from day 1

Azure AD Identity Protection

6/2/2018 3:15 AM Intune Rich cloud-based management of Windows 10 (as well as iOS, Android) Extends capabilities further with Enterprise Mobility Suite (EMS) Integration with Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud scenarios Intune standalone 6/2/2018 3:15 AM

Intune Benefits: Single admin portal to manage services
6/2/2018 3:15 AM Intune Benefits: Single admin portal to manage services Same user identities (AAD) SMEs typically don’t deploy SCCM for management Field-based computers are always ‘in-touch’ © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Intune for MDM Assets can be viewed and managed in the cloud.
Better understand apps and hardware. Allows for remote reset and selective wipe. Deploy VPN and Wi-Fi profiles.

Demo Intune management 6/2/2018 3:15 AM

Cloud scenarios SCCM (cloud) 6/2/2018 3:15 AM

SCCM cloud options Deploy SCCM site servers in Azure IaaS.
6/2/2018 3:15 AM SCCM cloud options Deploy SCCM site servers in Azure IaaS. Clients connect over the Internet. You fully manage the site servers in Azure. Offers a way for clients outside your premises to connect to your environment without VPN. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

SCCM cloud options Deploy cloud-based distribution points.
6/2/2018 3:15 AM SCCM cloud options Deploy cloud-based distribution points. Main SCCM site servers are on-premises. Cloud DPs are for remote devices. Great for software deployment of corporate applications. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios 6/2/2018 3:15 AM

Hybrid scenarios AAD registered with AD Join 6/2/2018 3:15 AM

AAD registered with AD Join
6/2/2018 3:15 AM AAD registered with AD Join Setup a Service connection point (SCP) record in Active Directory. Configure AAD Connect to sync AD with AAD. With ADFS configured, devices can be auto-registered with AAD on restart or first domain join. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios AD Join with Intune MDM 6/2/2018 3:15 AM

6/2/2018 3:15 AM AD Join with Intune MDM Clients can be joined to Active Directory and enrolled with Intune MDM authority. Devices are managed by Active Directory and Intune*. *Be aware, GPO wins over MDM policy conflicts. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios SCCM agent with AAD Join 6/2/2018 3:15 AM

SCCM agent with AAD Join
6/2/2018 3:15 AM SCCM agent with AAD Join The SCCM agent can be deployed to AAD joined devices. In actual fact no AD or AAD join is required. The agent will need manual installation or automation for install outside of GPO. Agents can communicate to on-premises or cloud based site servers. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios SCCM with Intune connected 6/2/2018 3:15 AM

SCCM with Intune connected
6/2/2018 3:15 AM SCCM with Intune connected Common deployment option today. SCCM is the backbone, with an Intune subscription connected. Management is ‘single-pane’ through the SCCM console. Typically used where SCCM services on-premises devices and Intune takes care of everything else. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios SCCM agent with Intune agent 6/2/2018 3:15 AM

Wait, what? SCCM agent installed on Windows device.
6/2/2018 3:15 AM Wait, what? SCCM agent installed on Windows device. Intune agent installed on Windows device. Nope, not gonna happen. Agents cannot co-exist on the same computer. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid scenarios Co-managment 6/2/2018 3:15 AM

“Co-management” A new flavour of hybrid.
6/2/2018 3:15 AM “Co-management” A new flavour of hybrid. Windows 10 build 1709 “Creators Fall Update” Coming soon!!! SCCM agent and Intune MDM managed device. Admins can cherry pick features. E.g. SCCM w/ WSUS for update management, along with Intune managing software. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Customer pain points Co-existence of agents meant a forced decision.
This meant sticking with SCCM for many. Intune adoption not as great. Intune cannot deploy .exe based application installs.

Solutions with Co-Management
Dual management. Off the shelf deployment of OS & apps. Device refresh/replacement scenarios. LoB apps deployed from Windows Store for Business.

Recommendations Short term: keep app deployment in SCCM (esp .exe)
Push compliance policies and update management to Intune. Joining SCCM and Intune at the client level rather than connecting the back-end is the way to go.

Recommendations Start by moving domain joined/SCCM clients to AAD joined, Intune MDM managed. SCCM client install can be triggered by Intune. Cloud management gateways connect back to corporate network.

But wait, there’s more! 6/2/2018 3:15 AM

Hybrid scenarios Autopilot 6/2/2018 3:15 AM

Microsoft 365 powered device
6/2/2018 3:15 AM Microsoft 365 powered device © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Autopilot The simplicity of moving to a new OS.
6/2/2018 3:15 AM Autopilot The simplicity of moving to a new OS. Autopilot feeds into MDM so new PC can be provisioned and managed from day 1. Imagine a computer AAD Joined, MDM controlled, Office 365 apps and LoB deployed – all remotely, all by the end user. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6/2/2018 3:15 AM Takeaways Have a plan. Some milestones may be a long way off. If you don’t put a timeline or aspiration down on paper, it’ll never happen. Identify the blockers – win32 apps, policies, skills - then work out the best approach for solving the move to modern management. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session
Tech Ready 15 6/2/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Manage Windows devices in the complex hybrid cloud world of today

Similar presentations

Presentation on theme: "Manage Windows devices in the complex hybrid cloud world of today"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Manage Windows devices in the complex hybrid cloud world of today

Similar presentations

Presentation on theme: "Manage Windows devices in the complex hybrid cloud world of today"— Presentation transcript:

Similar presentations

About project

Feedback