1. Architect a modern and secure desktop for your organization
BRK2043
Architect a modern and secure desktop for your organization
Brian Canady
Daniel Schmidt
Architects
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Agenda Common customer feedback What is modern desktop management
9/18/ :50 AM
Agenda
Common customer feedback
What is modern desktop management
Recommended deployment scenarios
Windows 10 and Office 365 ProPlus servicing model alignment
Application Compatibility Resources to aid you
Security Features overview
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Common customer feedback
Maintenance is very costly
IT needs to be involved in a lot of commodity tasks
The employee experience is not modern
Phones are so much easier. Why?
Mobile employees have disadvantages
Version upgrades are complex
Windows and Office version upgrades need dedicated projects to be successful
Our Endpoint Security needs to be improved
Our security posture is not ready for the mobile-first, cloud- first world

4. Modern Desktop Management
9/18/ :50 AM
Modern Desktop Management
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. Microsoft 365 powered device
Microsoft Inspire
9/18/ :50 AM
Microsoft 365 powered device
Easy to deploy and manage
Always up to date
Proactive insights
Intelligent security, built-in
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Similarities with Classic and Modern Models
9/18/ :50 AM
Similarities with Classic and Modern Models
Administrative Activities
Classic
Modern
Local installation source
Yes
Network installation point
Group Policy computer startup script
System Center Configuration Manager
Microsoft Intune
Remote Desktop Services
Microsoft Deployment Toolkit (MDT)
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. New administrative capabilities with Modern IT
9/18/ :50 AM
New administrative capabilities with Modern IT
Administrative Activities
Classic
Modern
Local installation source
Yes
Network installation point
Group Policy computer startup script
System Center Configuration Manager
Microsoft Intune
Remote Desktop Services
Microsoft Deployment Toolkit (MDT)
Cloud managed licensing & reporting No
Yes
Cloud based installation
Cloud managed servicing
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Recommended Deployment Scenarios
9/18/ :50 AM
Recommended Deployment Scenarios
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Recommended Deployment Scenarios
Microsoft Tech Summit FY17
9/18/ :50 AM
Recommended Deployment Scenarios
Scenario 1: Cloud Deployment
Scenario 2: Configuration Manager Deployment
Cloud Managed
Enterprise Managed
Management tool
Cloud
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10. Recommended Deployment Scenarios
9/18/ :50 AM
Recommended Deployment Scenarios
Cloud Managed
Enterprise Managed
The Cloud Managed scenario:
Office:
Leverages Office CDN for distribution, installation, and update of Office 365 ProPlus
Utilize Internet connections and limit on-premises infrastructure needs by using Office CDN
Windows:
Leverages Windows AutoPilot to provision machines without IT intervention
Provides Device Management capabilities from Microsoft Intune
The Enterprise Managed scenario:
Leverages existing software distribution tool and processes for distribution, installation, and update of Office 365 ProPlus
Allow software distribution tool to manage source file replications and limit impacts on network
Classic deployment or provisioning Windows AutoPilot with Co-Management
Provides Device Management capabilities from Configuration Manager
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. Solution Scenario 1: Cloud Deployment & Update
9/18/ :50 AM
Solution Scenario 1: Cloud Deployment & Update
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. Cloud managed deployment
Microsoft Ignite 2016
9/18/ :50 AM
Cloud managed deployment
Windows 10 2
The new client device is pre-installed with Windows 10, version 1703 or later.
Admin adds device information and an AutoPilot deployment profile that defines how to configure Windows 10 on the device.
The client device downloads and applies the AutoPilot profile. 1
Admin
Microsoft Store for Business 3 2 1 3
Client devices
Office Pro Plus
Admin sends configuration settings for Office to client devices using the Office 2016 Deployment Tool.
Based on configuration settings, client device downloads appropriate Office package from the Office cloud and applies settings. 1
Office CDN 2 2 1
Admin
Client devices
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. Cloud managed updates Windows 10 & Office 365 ProPlus
Microsoft Ignite 2016
9/18/ :50 AM
Cloud managed updates
Windows 10 & Office 365 ProPlus
Windows Update
Office CDN
As part of deployment, admin configures client devices to receive updates directly from the cloud
Client devices automatically download and apply updates from Windows Update for Business and Office CDN
for Business 1 2 2 2 1 2
Admin
Client devices
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. Solution Scenario 2: Configuration Manager Deployment & Update
9/18/ :50 AM
Solution Scenario 2: Configuration Manager Deployment & Update
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. Enterprise managed deployment
Microsoft Ignite 2016
9/18/ :50 AM
Enterprise managed deployment
Windows 10 & Office Pro Plus 1
Volume Licensing Service Center
Office CDN
Configuration Manager admin console
Admin configures Windows and Office deployment packages in Configuration Manager.
Windows 10 packages are downloaded from VLSC and Office packages are downloaded from the Office CDN.
Packages are sent to Configuration Manager distribution points.
Office and Windows are installed on client devices. 1 2 3 2
Configuration manager server
Distribution points 3 4 4
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. Enterprise managed update
Microsoft Ignite 2016
9/18/ :50 AM
Enterprise managed update
Windows 10 & Office Pro Plus 1
WSUS
Office CDN
Configuration Manager admin console
Admin configures Windows and Office updates in Configuration Manager.
Windows updates are downloaded from WSUS. Although the Configuration Manager server communicates with WSUS, the Office updates are pulled directly from the Office CDN.
Updates are sent to Configuration Manager distribution points.
Updates are installed on client devices. 1 2 2 3
Configuration manager server
Distribution points 3 4 4
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17. 9/18/ :50 AM
Leveraging multiple deployment scenarios for different user populations
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18. When should you use… Cloud Managed Scenario
9/18/ :50 AM
When should you use…
Cloud Managed Scenario
Enterprise Managed Scenario
To simplify management for mobile and remote users
To simplify management of branch offices to limit infrastructure footprint requirements
To simplify servicing of Windows and Office with minimal IT involvement
To limit corporate bandwidth requirements for branch offices
To allow IT Admins to manage client updates with existing software distribution solutions
To allow IT Admins a higher level of control for client deployments and updates
To allow clients to leverage their existing software distribution locations
To allow IT Admins to easily control distribution of software based on groups
Note: It is recommended to leverage both Cloud and Enterprise Managed scenarios to meet different client needs within the organization.
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. What is the Servicing Model?
9/18/ :50 AM
What is the Servicing Model?
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20. Aligning Windows 10 and Office 365 ProPlus
Making it easier to stay current with both in lockstep
Previous Challenges
Announced Changes
Release schedules were not aligned
Windows 10 release schedule was variable
Office 365 ProPlus released every four months
Servicing timelines were different
Windows 10 releases were serviced and supported for at least 18 months
Office 365 ProPlus releases were serviced and supported for 12 months
Release schedules are aligned
Windows 10 and Office 365 ProPlus will release twice per year, targeting March and September
Servicing timelines are identical
Windows 10 and Office 365 ProPlus will be serviced and supported for 18 months from the date of release

21. Feature Servicing Models
9/18/ :50 AM
Feature Servicing Models 1
Windows Semi-Annual Channel
(supported for 18 months) 1
Feature updates are released to the Windows Semi-Annual Channel every six months, around March and September.
March
September
March
Office Monthly Channel 2
Feature updates are also released in March and September to the Office Semi-Annual Channel (Targeted). The updates include feature updates from the Monthly Channel.
Office Semi-Annual Channel (Targeted)
(supported for 6 months) 2
March
September
March 3
Office Semi-Annual Channel
(supported for 14 months) 3
Four months after the Office update is released to the Semi-Annual Channel (Targeted), it is released to the standard Semi-Annual Channel.
July
January
NOTE: In addition to feature updates, both Windows and Office release frequent quality and security updates to all channels.
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22. How do I use the servicing model in my environment?
9/18/ :50 AM
How do I use the servicing model in my environment?
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23. Best Practice for deployment rings and channels
Pilot and Validate
Broad Deployment
Purpose
Pilot and Validate before broad deployment
Production Deployment
Release cadence
Target March and September
Target January and July
Channel
Semi-Annual Channel (Targeted)
Semi-Annual Channel
Audience
Representative sample of production devices derived from M365 Analytics
All remaining production device
PILOT &
VALIDATE
BROAD DEPLOYMENT

24. MS Story
9/18/ :50 AM
What needs to change Creating teams responsible for implementing the process
Plan and Develop Team
Working with monthly builds
Providing feedback on features and compatibility
Identifying needed feature implementation teams
Pilot, Validate and Deployment Team
Performing business-critical app validation
Conducting initial pilots for each release
Driving broad deployments of each release
Reacting to issues encountered
Feature Implementation Teams
Formed as needed to implement new features
Can be done synchronously with the deployment of a release or later
Pilot & Validate
Broad Deployment
Implement Features
Plan & Develop
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25. Application Compatibility
9/18/ :50 AM
Application Compatibility
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26. Compatibility in Windows 10
PRISM FY16
9/18/ :50 AM
Compatibility in Windows 10
Outstanding compatibility means a smooth migration from Windows 7 or Windows 8.1, while also simplifying the process of staying current with Windows 10
Desktop apps
Web sites
Modern apps
Hardware
Organizations are observing compatibility rates above 99%
High compatibility achieved through:
Minimal changes to Win32 APIs
Insider feedback during development
Telemetry
Internet Explorer 11 included (unchanged) for backwards compatibility
New Microsoft Edge browser for modern HTML5-based web sites
Enterprise Mode features to ensure proper use
High compatibility achieved through:
Validation of Windows Store apps
Insider feedback during development
Telemetry
Significant investments, enhancements in each release
Windows 10 supports all devices capable of running Windows 7 and above
Identical hardware minimum requirements as Windows 7
Strong driver compatibility, with updates delivered as needed through Windows Update
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27. MS Story
9/18/ :50 AM
Windows Analytics Upgrade Readiness A free tool for guiding you through the process
Pull together key information
Telemetry-based app and device inventory
App and driver compatibility details
App usage and support info from Ready For Windows
Establish a process
Prioritize apps
Identify issues
Remediate using provided information
Drive deployment
Identify machines that are ready to deploy
Integrate with Configuration Manager and similar tools
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28. Readiness - overview Summary at a glance
9/18/ :50 AM
Readiness - overview
Summary at a glance
Add-in summary Total, adopted, supported.
VBA summary Total files, files with macros
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29. Add-in Readiness Report Overview
9/18/ :50 AM
Readiness - Reports
Add-in Readiness Report:
Classification of adopted and supported add-ins
Report settings to choose 32/64bit etc.
Inbox add-ins not shown by default
Add-in Readiness Report Overview
VBA Readiness Report
File list – default view is to ‘used files’
File summary provides Breakdown of files with/without VBA Less than 10% of files have VBA
VBA issues provides number of files with issues to remediate (API changes) We found very low usage of deprecated or modified APIs
64-bit issues readiness Mostly usage of DLLs, most easy to remediate
Unique count that shows how many unique macros/files you have. Macros are frequently copied
VBA Readiness Report Overview
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30. 9/18/ :50 AM
Security
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31. SECURE MODERN ENTERPRISE
A secure modern enterprise is resilient to threats Aligned to business objectives and current threat environment
SECURE MODERN ENTERPRISE
Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities
Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications
Identity
Apps and Data
Infrastructure
Devices
Infrastructure  Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection
Secure Platform (secure by design)

32. Windows 10 Protection - Summary of capabilities
9/18/ :50 AM
Windows 10 Protection - Summary of capabilities
Our capabilities are recommended in two tiers — out-of-box protection and increased protection that you can turn on to strengthen your protections.
Out-of-box protection
Increased protection
Windows Defender System Guard
Windows Defender Exploit Guard
Windows Defender System Guard
(with optional features enabled)
BitLocker Encryption
Windows Defender Firewall
Windows Defender Antivirus
Windows Defender Exploit Guard
(with optional features enabled)
Windows Information Protection
Windows Defender SmartScreen
BitLocker Encryption
(Only available on InstantGo devices)
Windows Defender Application Guard
Windows Defender Advanced Threat Protection
Windows Updates
Windows Defender Application Control
Windows Defender Credential Guard
Windows Defender Device Guard
Windows Hello
Microsoft provides advanced security for protecting data, as well as the identities and devices that access your data. Windows 10 includes strong, out-of-the box baseline protections, which will meet the needs of many organizations. For organizations that need more protection than the baseline, there are the increased security features, which can be turned on alongside the out-of-box protections.
Some customers have a subset of users that must be protected at higher levels because they have access to sensitive data or they are greater targets for attackers. You can apply increased protection to specific users in your organization.
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33. Staying Secure with Microsoft 365
MS Story
9/18/ :50 AM
Staying Secure with Microsoft 365
Attackers take advantage of periods between releases
Stay ahead of the attackers with continual improvements
Capability
Protection Gap
Time
Product
Release
Threat sophistication
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34. Ignite 2017 Office 365 Deployment sessions
*Locations are subject to change. Please check the Ignite Scheduling Tool prior to session time.
Ignite 2017 Office 365 Deployment sessions
Code
Level
Day
Date
Time
Location
Title
Speakers
Session Type
BRK2006
200
Monday
9/25
2:15 PM – 3:30 PM
Hyatt Regency Windermere W
Moving to the Modern Office – getting your organization onto Office 365 ProPlus
Amesh Mansukhani
Breakout | 75 minutes
BRK1021
100
Tuesday
9/26
9:00 AM – 10:15 AM
OCCC W308
Redefine modern productivity with Office 365 ProPlus
Disha Rustogi
BRK2432
300
10:15 AM – 11:00 AM
OCCC W240
Deploy and manage Office on your Mac
Steven Nesbitt
Breakout | 45 minutes
THR2005
12:05 PM – 12:25 PM
OCCC South – Expo Theater #7
Deploying language packs Office 365 ProPlus: Tips & Tricks
James Hammonds
Theater | 20 minutes
THR2000
12:35 PM– 12:55 PM
OCCC South – Expo Theater #6
Aligning Office 365 ProPlus and Windows 10 Update Models
Brian Canady, Daniel Schmidt
BRK3000
3:15 PM– 4:00 PM
OCCC W314
Manage Microsoft Office apps on all your devices
Brent Whichel, James Hammonds
THR2001
5:05 PM– 5:25 PM
Managing ongoing Application Compatibility: Tips & Tricks
Terry Farrell
BRK2043
Wednesday
9/27
OCCC Valencia W415 CD
Architect a modern and secure desktop for your organization
THR2002
10:50 AM – 11:10 AM
Top 10 items to consider before deploying - focus on planning and environment prep
Jalal Babool
THR2006
Managing ongoing Office 365 ProPlus client health: Tips & Tricks
Steve Rugh
BRK3005
12:30 PM – 1:45 PM
OCCC West Hall E1
Deploying and updating Office 365 ProPlus using System Center Configuration Manager
Amesh Mansukhani, John Gruszysk
BRK2024
Learn how a leading healthcare provider switched to Office 365
Nidhish Dhru, Sutter Health
THR2003
Thursday
9/28
10:20 AM– 10:40 AM
Consider these top 10 items after you deploy Office 365 ProPlus
BRK2008
10:45 AM –12:00 PM
OCCC W307
Connect with customers who have recently switched to Office 365 ProPlus
Douglas Smith, Chevron, Intermountain Health
THR2004
2:10 PM – 2:30 PM
Managing virtualized and shared desktop using Office 365 ProPlus
Doug Davis, Ryan McDonnell
BRK3002
Friday
9/29
Virtualize Office 365 ProPlus
BRK3376
11:30 AM – 12:15 PM
Managing ongoing Microsoft Office 365 ProPlus client health and applications compatibility
Steve Rugh, Terry Farrell
HOL3000 NA
HOL: Deploying and updating Office 365 ProPlus using System Center Configuration Manager
N/A
Hands-on-lab

35. Please evaluate this session
Tech Ready 15
9/18/2018
Please evaluate this session
From your
Please expand notes window at bottom of slide and read. Then Delete this text box.
PC or tablet: visit MyIgnite
Phone: download and use the Microsoft Ignite mobile app
Your input is important!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36. 9/18/ :50 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.