Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Manage Windows 10 Devices in Cloud-only Environment

Published byOscar Wood Modified over 6 years ago

Similar presentations

Presentation on theme: "How to Manage Windows 10 Devices in Cloud-only Environment"— Presentation transcript:

1 How to Manage Windows 10 Devices in Cloud-only Environment
Panu Saukko Trainer/Consultant MVP – Enterprise Mobility ProTrainIT Oy

2 Panu SAUKKO Since 1995 Enterprise Mobility, since 2005
Training & consulting @panusaukko

3 Typical on-prem Infra ConfigMgr Inventory SW deployment Patch mgmt.
OSD Scripts AD GPO + other Win32 software Shared printers? Shared folders? ConfigMg client

4 Key components of cloud management
Microsoft Store for Business Intune Office 365 OMS1 Azure AD Graph API Autopilot SaaS apps Fast internet connection MDM client 1 Operations Management Suite

5 Why cloud-only management?
Would you create a traditional on-prem environment if you started a new company now? Should you think about cloud-based environment option when facing major re-structures (e.g. mergers/break-ups/spin-offs)? Think about the quickness of O365 adaptation

6 Cloud-based management
It is not just technology Management strategy needs to be changed Control everything  Control what is needed Self-service Lower TCO

7 vs. & Modern IT by microsoft Classic IT Modern IT Single Device
Business Owned Corporate Network & Legacy Apps Manual Reactive High-touch Multiple Devices User and Business Owned Cloud Managed & SaaS Apps Automated Proactive Self-Service vs. &

8 Simpler More secure Lower TCO Better experience Modern IT by microsoft
Multiple Devices User and Business Owned Cloud Managed & SaaS Apps Automated Proactive Self-Service

9 Transition to modern IT
9/11/2018 4:07 AM Transition to modern IT A new organization starting with modern workplace Cloud-first Many workloads need to be modernized at the same time Big Switch Transition Doesn't address the needs of the full organization Group by Group Transition Iteratively move workloads to modern Iterative (Co-management) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Licenses needed Azure AD Premium

11 Implementing cloud based management

12 Azure AD join Add your Windows device to Azure AD
Logon to the device using AAD credentials Single sign-on to cloud resources Microsoft apps: Office 365, Microsoft Store for Business Other apps Can be done during OOBE or after the installation

13 Azure AD bulk join Add device to Azure AD with a provision package
Requires Win or later

14 Automatic enrollment to intune
The device is automatically added to Intune after AAD join Requires AAD Premium Device will be Corporate owned

15 Operating system deployment in cloud management
No custom OS image? Reasons for OSD have been diminished: Windows 10 new releases Cumulative updates Remember: Windows 10 Signature Edition Standard Windows 10 without “any pre-installed OEM junk” Options: Autopilot Provision packages Custom boot media How about Windows 10 Consumer Experience junk?

16 Windows autopilot New deployment type for new computers
Simplified OOBE process for the user Windows AutoPilot Deployment Service Upload Device IDs Configure Profile Existing Devices Harvest Device IDs Device IDs Hardware Vendor Ship Deliver direct to Employee IT Admin S

17 Windows autopilot Part of Microsoft Store for Business/Education
Or Microsoft Partner portal Requires Windows or later Computer manufacturer provides info about the new computers

18 Add devices to windows autopilot
Computer manufacturer/reseller provides info about new computers Microsoft supports now HP/Lenovo/Fujitsu/Toshiba/Panasonic early 2018 Admin can add devices Needs device serial number, Windows Product ID, hardware hash Script to use with test devices: WindowsAutoPilotInfo/1.1/DisplayScript

19 New features coming to Autopilot
Progress display: See the progress of device configuration process Bypass EULA: new setting to skip the EULA screen

20 Upcoming autopilot features
“Ideally at the end of 18 months all of the deployment requirements should be met by cloud based tools” Support for Active Directory –joined devices VPN connection to on-prem AD Assign devices to users Additional options Device name Disable consumer experience MFA for device setup Completely automated device setup Sidd Mantri, Microsoft @ Ignite 2017

21 Other options Classic Task Sequence with Azure AD Bulk join
Stand-alone media Requires some infra/knowledge Provision packages During OOBE, after installation PowerShell: Install-ProvisionPackage Manually enroll to Azure AD/Intune

22 ? OSD In a) 2 years b) 5 years c) 10 years d) never

23 Automatic redeployment
New feature in Windows Move a PC to another person/re-deploy OS after some issues Users’ data/software is removed & OS is re-installed, but following settings remain: Computer name, language/wifi settings Azure AD/MDM join Provision packages Disabled by default

24 Enabling automatic redeployment
./Vendor/MSFT/Policy/Config/CredentialProviders/ DisableAutomaticReDeploymentCredentials

25 Basic management

26 Intune client SW vs MDM Feature Intune/Client Intune/MDM Inventory
Limited Settings management All MDM settings Software distribution to computers EXE/MSI with multiple files Only single MSI Software distribution to users OSD No Software Updates Yes Limited to Win10 updates Remote Assistance Yes, TeamViewer Conditional access Easy enrollment Run PowerShell scripts New features coming No? Yes!

27 Windows 10 client interface (< 1709)

28 Windows 10 client interface 1709

29 Company portal

30 Inventory Intune provides very basic inventory from Windows 10 devices
Software inventory shows only info about universal apps

31 Intune data warehouse Analyze Intune information with PowerBI
Includes history information & deleted devices

32 MDM settings Settings are managed by MDM (Mobile Modern Device Management) interface Built-in management agent in Windows 10 Provides a lot of different settings Each Windows 10 version adds more Windows ’s new options

33 Settings management Intune displays only a subset of possible settings in UI New settings added every month With custom settings you can deploy all possible settings Using OMA-URI

34 ADMX-backed polices Group Policy settings are mirrored to MDM policies
Uses SyncML format to define settings Might be complex to set Subset of GPO settings ActiveXControls, AppVirtualization, AttachmentManager, AutoPlay, Cellular, Connectivity, CredentialsProtection, DataUsage, Desktop, DeviceInstallation, DeviceLock, ErrorReporting, EventLogService, InternetExplorer, Kerberos, Power, Printers, RemoteAssistance, RemoteDesktopServices, RemoteManagement, RemoteProcedureCall, RemoteShell, Storage, System, WindowsLogon

35 Running powershell scripts
New feature in Intune Some options: Logged on credentials/Local system Is signing required Adds Microsoft Intune Management Extension agent to the device Log files: c:\ProgramData\Microsoft\IntuneManagementExtension\Logs

36 Software deployment

37 Software deployment in cloud environment
The following apps are easy to deploy: Office 365 ProPlus Apps from Microsoft Store for Business/Public store Universal apps Web link MSI with a single file All other installation types need some work EXEs MSIs with multiple files Many different options

38 deploying software No scheduling

39 Deploying office 365 Proplus

40 microsoft store for business

41 Integrate msfb to intune

42 Desktop app converter Create .appx from Win32 application
It is like creating App-V package  App will run in its own bubble Don’t work with all apps Remember different Visual Studio runtimes

43 Other options to Software installation
Install apps with PowerShell 3rd party utilities chocolatey.org RuckZuck Syntaro (

44 Software Updates Define Windows 10 Update Rings
Cannot individually select which updates you want to install Cumulative updates anyway! Update compliance from Operations Management Suite

45 Update compliance Requires OMS  Update Analytics
Might take 24h before any data is shown Commercial Key is needed to distribute to clients ./Vendor/MSFT/DMClient/Provider/ ProviderID/CommercialID

46 device health Requires OMS  Device Health solution
Might take 24-48h before any data is shown Commercial Key is needed to distribute to clients ./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID

47 Summary Cloud-based management is not just technology
Microsoft invests heavily to Windows 10 cloud management Many current gaps will go away Co-management helps a lot Software deployment requires extra work/additional products Cloud management can be used today in many scenarios

48

Download ppt "How to Manage Windows 10 Devices in Cloud-only Environment"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
Harris Schneiderman Account Manager Kloud Solutions.

Harris Schneiderman Account Manager Kloud Solutions.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Michael Niehaus Using the Windows Store for Business: New Capabilities for Managing Apps in the Enterprise WIN335.

Michael Niehaus Using the Windows Store for Business: New Capabilities for Managing Apps in the Enterprise WIN335.
IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.

IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.
Craig Pringle & Derek Moir

Craig Pringle & Derek Moir
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
What’s New in Configuration Manager Since RTM How to stay current with the new coolness available Aaron Czechowski Senior Program Manager Microsoft Wally.

What’s New in Configuration Manager Since RTM How to stay current with the new coolness available Aaron Czechowski Senior Program Manager Microsoft Wally.
Modern Device Management; Myth vs. Reality

Modern Device Management; Myth vs. Reality
Microsoft Virtual Academy

Microsoft Virtual Academy
1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server 2016 + Azure Resource Manager © 2014 Microsoft.

1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server Azure Resource Manager © 2014 Microsoft.
Phase 4: Manage Deployment

Phase 4: Manage Deployment
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Align your Windows 10 management strategy to end-user and IT needs

Align your Windows 10 management strategy to end-user and IT needs
People-Centric Management

People-Centric Management
5/20/2018 5:45 AM BRK3057 Overview: Modern Windows 10 and Office ProPlus management with Enterprise Mobility + Security Ariel Netz Partner Group PM Manager.

5/20/2018 5:45 AM BRK3057 Overview: Modern Windows 10 and Office ProPlus management with Enterprise Mobility + Security Ariel Netz Partner Group PM Manager.
Self-service enrollment for Windows desktops

Self-service enrollment for Windows desktops
5/29/2018 9:53 AM BRK3351 Achieving a modern workplace with Windows 10, Enterprise Mobility + Security, and Office 365 Paul Huijbregts Technology Solutions.

5/29/2018 9:53 AM BRK3351 Achieving a modern workplace with Windows 10, Enterprise Mobility + Security, and Office 365 Paul Huijbregts Technology Solutions.

Similar presentations

Ads by Google