Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Windows 10 with Configuration Manager

Published byDelphia Dennis Modified over 6 years ago

Similar presentations

Presentation on theme: "Managing Windows 10 with Configuration Manager"— Presentation transcript:

1 Managing Windows 10 with Configuration Manager
Aaron Czechowski Senior Program Manager Microsoft Avi Prasad Program Manager Microsoft Both

2 Aaron Czechowski Avi Prasad @AaronCzechowski @TheAviPrasad
Program Manager, Configuration Manager product team Senior Program Manager, Configuration Manager product team 9 months with Microsoft and product team, adding more text to fill up space 5 years on product team, 10 years at Microsoft years working with Configuration Manager Both Dark chocolate Not dark chocolate

3 Introduction Configuration Manager is best for deep, traditional management and deployment of Windows 10 Why Windows 10? Secure Easy to update Mobility Windows 7 End of Support 14 January 2020 (971 days, ~2.6 years) Aaron

4 Windows 10 Current Branch
Aaron Support in Configuration Manager

5 Supporting Windows 10 Current Branch
SCCM current branch alignment with Windows and Office SCCM cadence continues 3x per year to better support Intune and CBB Starting in 1710 SCCM CB builds supported for 18 months SCCM supports Windows and Office 18 month lifecycles Aaron

6 Windows 10 Support Matrix
Aaron Key (Green checkmark) = Supported (Blue BC) = Backwards compatible - This means that existing client management features (hardware inventory, software inventory, software updates, etc.) should work with the new Windows 10 Current Branch build. Any known issues or caveats will be documented. This approach gives you the ability to deploy and manage new Windows 10 CB builds on day one with application compatibility support without requiring a new Configuration Manager update version. (Red X) = Not supported

7 Windows ADK for Windows 10, version 1703
Aaron Key (Green checkmark) = Supported - Windows recommends using the Windows ADK that matches the version of Windows you are deploying. For example, use the Windows ADK for Windows 10 version 1703 when deploying Windows 10 version 1703. (Blue BC) = Backward compatible - This combination is not tested but should work. Any known issues or caveats will be documented. (Red X) = Not supported

8 New Features Avi

9 Device Guard Simplify deployment of Device Guard policies to clients with its native integration in Device Guard policies will lock down clients with Code Integrity so that only trusted Binaries can be executed Wednesday 10am: Managing Windows 10 Security: The Changing of the Guard (Dune & Nash) at Nokomis BC Avi

10 Device Guard

11 Windows Store for Business
Online licensed apps can be deployed to ConfigMgr managed devices, to complete the Windows Store for Business app support 1703 TP – Windows Store for Business is onboarded via the new Azure Services Wizard Avi Matrix

12 Windows store for business Support Matrix
Full Client Hybrid Free offline licensed app 1606 User/device collections For both required and available install via Software Center Required install in 1606 Available install in 1610 via new Company Portal Free online licensed app 1702 Paid offline licensed app No Paid online licensed app 1610 Avi

13 Windows Store for Business

14 Windows Fragmentation
With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality What we are testing What customers are running Y YY Before Windows 10, servicing added complexity and increased fragmentation. Across organizations, and even across devices in a given organization, you can find different Windows updates. This is actually a slide from the Windows team. Windows engineering is testing updates on fully patched devices, which means that the actual patch status of a given device was probably never tested by Microsoft. This is the main reason why in Windows 10, as most of you already know, updates are cumulative. Windows 7 Test Lab PC: Fully Patched Typical Windows 7 PC: Selectively Patched

15 Windows as a service update types
Quality Updates Feature Updates A single cumulative update each month Security fixes, reliability fixes, bug fixes, etc. Supersedes the previous month’s update No new features Targeting twice per year with new capabilities Very reliable, with built-in rollback capabilities Simple deployment using in-place upgrade, driven by existing tools Try them out with Insider Preview

16 Express Updates Illustrated
Month n Month n+1 Month n+2 Month n+3 Month n+4 KB1001 KB1002 KB1003 KB1004 KB1005 WSUS Server Older deltas New deltas Older deltas New deltas Older deltas New deltas Older deltas New deltas Older deltas New deltas New deltas New deltas New deltas New deltas Each new quality update released contains existing fixes, as well as some new ones – each of those new ones results in new file deltas being added to the package. Each month, each client PC downloads just those new file deltas and uses them to update the OS – on average, this requires only about 100MB of network traffic for each PC each month. [CLICK THROUGH the animation until the last set of deltas is downloaded] [If asked: If a PC didn’t install a previous month’s updates, maybe because it had been shut down for a while, it may need to install a larger set of deltas to catch up.] [If asked: If for some reason the files being patched don’t match what is expected by the file deltas, the full update will be downloaded and used instead.] New deltas Client PC ~100MB ~100MB ~100MB ~100MB ~100MB

17 Express updates The size of cumulative updates keeps increasing over time. A big concern for customers. Express updates allows clients to download only the delta between the current month’s updates and the previous month’s updates on the client. Using express installation files provides for smaller downloads and faster installation times on clients The size of the Express update is multiple times larger than the cumulative updates. Lighter on clients, heavier on the Distribution point When you use a supported version of Windows 10, you can use Configuration Manager settings to download only the changes between the current month's Windows 10 Cumulative Update and the previous month's update. Without express installation files, Configuration Manager downloads the full Windows 10 Cumulative Update (including all updates from previous months) each month.

18 Windows Information Protection
Protect against corp data leakage, such as: Send from personal Copy/paste to Twitter or Facebook Saving data to public cloud storage Define and deploy WIP policies via Compliance Settings Avi WIP is about keeping honest users honest Separating work content from separate content. Obvious separation between personal and corporate data, without requiring employees to switch environments or apps. Additional data protection for existing line-of-business apps without a need to update the apps. Ability to wipe corporate data from devices while leaving personal data alone. Use of audit reports for tracking issues and remedial actions. Integration with your existing management system (Microsoft Intune, System Center Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company.

19 Windows Analytics Configure Windows 10 telemetry settings
Commercial ID Collection level Downlevel clients Underlies Windows Analytics features Upgrade Readiness Update Compliance (and more to come!) Aaron

20 Windows Analytics Client Settings

21 Windows Defender Advanced Threat Protection
Windows cloud service to help detect, investigate, and respond to advanced attacks on the network SecPro uses cloud portal to hunt threats Configuration Manager policies to onboard and monitor agent connecting with cloud IT Pro uses ConfigMgr to manage endpoints Aaron

22 WDATP Demo Aaron

23 Windows Hello for Business
Manage alternative sign-in methods for Windows 10, replacing legacy passwords or smart cards. Device must be both AD and AAD joined User gets toast notification to setup Monitor compliance like any baseline Aaron

24 Device Health Attestation
Device Health Attestation (DHA) enables enterprises to validate device health remotely based on hardware measured & attested data Builds upon: Secure Boot, Early Launch Anti-Malware and TPM Attestation 1 Authenticated Access Request 2 Prove you are Healthy 5 Here is the proof Important resources OneDrive File Servers Network Windows Cloud / OnPrem Attestation Attestation Request 3 Response 4 Aaron

25 Edition Upgrade Bit-less upgrade to higher-level edition of Windows 10
For example, Professional to Enterprise Key for desktop editions XML file for mobile editions Aaron

26 Edition Upgrade Demo

27 Logon at 2:20

28 Coming in Tech Preview 1705 for Windows 10
Windows 10 Express update improvements Further integration with Windows Update for Business Surface driver updates Internet-based Windows 10 to Configuration Manager Client installation/registration via CMG Azure AD integration/authentication (no client certificate!) Avi (1-2) & Aaron (3-4) Express Update Improvements 1. download performance - it's painfully slow 2. express file cleanup - DP can get bloated after a few patch Tuesday updates Further Integration with Windows Update for Business Will be including a Configuration Item to set up deferral policies for Quality updates and Feature updates for Windows 10 updates that are managed by Windows Update for Business

29 In the future… Aaron

30 What is Modern Management
Aaron Mobile device and mobile application management have been key to empowering user productivity while enabling a simple, light weight IT paradigm. As the world is moving to Windows as a Service, organizations are looking to apply similar management principles to PCs, significantly lowering management costs and optimizing user productivity. This is how Microsoft is thinking about Modern PC Management. There are many ways you can modernize device management starting right now. Modern management is not tied to one technology or another. It is the idea that your can simplify IT infrastructure and processes in a way that best suits your organization’s needs. Here are some key elements of modern management to consider:   Modern Procurement Customize standard gold images from any provider - eliminate the need to maintain custom corporate images and driver libraries Modern Provisioning End users can be fully provisioned just by entering credentials at startup  IT can control settings and apps, as well as SKU upgrades Modern Updates No on-prem infrastructure dependency Control deferrals and rings, let go of granular policies Applies to corporate owned as well as BYO devices Modern Management Agentless and cloud optimized  Identity based, role based Integrated data protection Challenges: Moving from traditional to modern management, lots of existing process and trained personnel Some technology gaps still to be closed

31 Summary Modern management is not about the management technology
Configuration Manager continues to be the best product for traditional management and deployment of Windows 10 Configuration Manager supports modern management of Windows 10 Aaron

32 Final Data Points ~1 million new Windows 10 devices per week
99% are managed by Configuration Manager Source? Brad Anderson Mary Jo Foley Elvis Presley

33

34

Download ppt "Managing Windows 10 with Configuration Manager"

Similar presentations

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.

Plan Build Custom Image (Drivers, Apps, Updates) New Hardware In-Place (Refresh) WipeReimage New Windows Version or Major Image Revision.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
Managing Your Datacenter with Microsoft System Center Configuration Manager Kent Agerlund, ECM MVP, Coretech.

Managing Your Datacenter with Microsoft System Center Configuration Manager Kent Agerlund, ECM MVP, Coretech.
Harris Schneiderman Account Manager Kloud Solutions.

Harris Schneiderman Account Manager Kloud Solutions.
Deploying Windows 10 in the Enterprise Introduction and Windows as a Service Michael blogs.technet.com/mniehaus.

Deploying Windows 10 in the Enterprise Introduction and Windows as a Service Michael blogs.technet.com/mniehaus.
Are you Ready for Configuration Manager vNext?

Are you Ready for Configuration Manager vNext?
IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.

IT Pro Day MDMC Daniel von Büren V-TSP / Senior Consultant / CTO, redtoo ag Modern Device Management through the Cloud.
Craig Pringle & Derek Moir

Craig Pringle & Derek Moir
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
What’s New in Configuration Manager Since RTM How to stay current with the new coolness available Aaron Czechowski Senior Program Manager Microsoft Wally.

What’s New in Configuration Manager Since RTM How to stay current with the new coolness available Aaron Czechowski Senior Program Manager Microsoft Wally.
with Configuration Manager

with Configuration Manager
Microsoft Virtual Academy

Microsoft Virtual Academy
Windows 10 in einem Bio Reservoire

Windows 10 in einem Bio Reservoire
Phase 4: Manage Deployment

Phase 4: Manage Deployment
News in ConfigMgr EWUG 1610.

News in ConfigMgr EWUG 1610.
What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.

What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.
Microsoft Ignite 2016 5/8/ :18 AM BRK3145

Microsoft Ignite /8/ :18 AM BRK3145
Align your Windows 10 management strategy to end-user and IT needs

Align your Windows 10 management strategy to end-user and IT needs

Similar presentations

Ads by Google