1. Key Requirements and Changes for Servicing Window 10 System Center Configuration Manager (as-a-Service) Mark Serafine - Senior PFE

2. : Servicing Options Windows 10 Release Types and Cadences All new releases that Microsoft publishes for Windows 10 will be cumulative  Feature upgrades - Installs the latest new features, experiences, and capabilities on devices that are already running Windows 10. Contains an entire copy of Windows and can be used to install Windows 10 on existing devices running Windows 7 or 8.1, and on new devices where no operating system is installed. Expected to be published an average of 2-3 times a year. Since the servicing lifetime of a feature upgrade typically ends when the servicing lifetime of the subsequent feature upgrade begins, the length of servicing lifetimes will also vary.  Servicing updates - Installs security fixes and other important updates. Published as needed for any feature upgrades that are still supported, and on Update (Patch) Tuesday. Additional servicing updates for Windows 10 may be published outside of this monthly cycle when required. Servicing OptionNew Feature Upgrade Availability Minimum Length of Servicing Time Key BenefitsSupported Win10 Editions Current Branch (CB)Immediately after first published by Microsoft Approx. 4 monthsNew features are available to users as soon as possible Home, Pro, Edu, Ent. Current Branch for Business (CBB) Approx. 4 months after first published by Microsoft Approx. 8 monthsAdditional time to test new feature upgrades prior to deployment Pro, Edu, Ent Long-Term Servicing Branch (LTSB) Immediately after published by Microsoft 10 yearsEnables long-term deployment of selected Win10 releases in low-change configurations Enterprise LTSB Windows-as-a-Service (WaaS)

3. : Feature Upgrade Release Process  A servicing branch (Servicing Branch #1) is created for every release to produce new releases for approx. one year. Lifetime depends on when subsequent feature upgrades are published. Approx. 4 months after publishing feature upgrade, Servicing Branch #1 is used again to republish updated installation media for Windows 10 Pro, Education, and Enterprise editions. Updated media contains the exact same feature upgrade as the original media as well as all the servicing updates published since the feature upgrade was first made available.  A second servicing branch (Servicing Branch #2) is created for producing servicing update releases up to 10 years if the feature upgrade will receive LTSB support. The time between these releases will vary between 1-3 years, and is strongly influenced by input from customers regarding the readiness of the release for long-term enterprise deployment. This media is never published to Windows Update for deployment. Installations of the Enterprise LTSB edition must be performed another way.  Servicing updates are published in a way that determines the Windows 10 editions on which they can be installed. i.e., servicing updates produced from a given servicing branch can only be installed on devices running a Windows 10 edition produced from the same servicing branch.

4. : Current Branch (CB) Servicing Devices serviced from CBs must install two to three feature upgrades per year to remain current and continue to receive servicing updates.  Feature upgrades are received immediately after they are made publicly available. Windows 10 Home supports Windows Update for release deployment. Window 10 Pro, Education, and Enterprise editions support Windows Update, WSUS, Configuration Manager, and other configuration management systems: Windows Update: Devices configured for immediate installation will receive new feature upgrades and servicing updates and targeted as soon as they are published in the Windows Update service. WSUS: The same workflows as with Windows Update except releases must be approved before installations begin. Configuration Manager: Installation media can be obtained from Microsoft to deploy new feature upgrades using standard change control processes. All applicable servicing updates must be obtained and deployed as well.

5. : Current Branch for Business (CBB) Servicing  Feature upgrades are deferred for a period of approx. four months after publishing to allow for testing and additional time-in-market to mature. CBBs will receive servicing updates for approximately twice as many months as CBs, enabling two CBBs to receive servicing support at the same time.  Servicing updates for a feature upgrade after its corresponding CBB reaches the end of its servicing lifetime will not be produced. Feature upgrade deployments cannot be extended indefinitely. Newer feature upgrades must be deployed before CBBs end.  Supported by Windows 10 Pro, Education, and Enterprise editions through Windows Update, WSUS, Configuration Manager, and other configuration management systems: Windows Update: Devices will receive new feature upgrades and servicing updates as soon as they are published in the Windows Update service, targeted to devices configured for deferred installation. All servicing updates that are applicable to the feature upgrade running on a device will be installed immediately after being published in the Windows Update service. WSUS: The same workflows as with Windows Update except releases must be approved before installations begin. Configuration Manager: Installation media can be obtained from Microsoft to deploy new feature upgrades using standard change control processes. All applicable servicing updates must be obtained and deployed as well.

6. : Long-Term Servicing Branch (LTSB)  Only servicing updates for the duration of their deployment will be received in order to reduce the number of non-essential changes made to the targeted devices.  Begins when a feature upgrade with long-term support is published and ends after 10 years.  Only the Enterprise LTSB edition supports long-term servicing, which has important differences from other Win10 editions regarding upgradability and feature set. Reconfiguring an Enterprise LTSB device to run other editions of Windows 10 may require the restoration of data and/or reinstallation of applications after the other edition has been installed. Enterprise LTSB does not include the following system and universal apps because new releases of these apps are unlikely to remain compatible with a feature upgrade of Enterprise LTSB for the duration of its servicing lifetime: Microsoft Edge, Windows Store Client, Cortana (limited search remains available), Outlook Mail & Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music and Clock.  Enterprise LTSB supports release deployment using Windows Update, WSUS, Configuration Manager and other configuration management systems: Windows Update: Windows Update will install only servicing updates, and do so as soon as they are published in the Windows Update service. Windows Update does not install feature upgrades on devices configured for long-term servicing. WSUS: The same workflows as with Windows Update except releases must be approved before installations begin. Configuration Manager: Servicing updates should be obtained from Microsoft and deployed as soon as possible.

7. Configuration Manager 2012 and 2007: Servicing Support Configuration Manager – Release Versions and Support Limitations Summary of Windows 10 servicing support in Configuration Manager 2007 and Configuration Manager 2012: Product VersionRelease VehicleWindows 10 Features SupportedWindows Servicing Support System Center 2007 Configuration ManagerCompatibility PackExisting feature included in latest Windows LTSB at point of release (management only, no OSD). Newer features will not be supported. Windows 10 July 2015 LTSB System Center 2012 Configuration Manager SP2 CU1 AND System Center 2012 R2 Configuration Manager SP1 CU1 Service Packs and Cumulative Updates Support for existing features included in latest Windows LTSB at point of release. Newer features will not be supported. Windows 10 LTSB 2015, and Windows 10 CB/CBB through February(ish) 2016.  Windows 10 Current Branch/CBB deployments: Upgrading to System Center Configuration Manager will be required to continue deployments of 2016 releases. If upgrading to System Center Configuration Manager isn’t possible prior to the release of builds after the FEB 2016 (1602) CBB revision of NOV 2015’s CB release (1511), Windows 10 Enterprise LTSB 2015 with ConfigMgr 2012 will be required to remain in a supported configuration going forward. Subsequent releases of the Windows 10 Current Branch in 2016 and beyond will not be supported with ConfigMgr 2012. Summary of Configuration Manager “vNext” options: Product VersionRelease AvailabilityWindows Servicing Support System Center Configuration Manager (Current Branch) - CB 4QTR CY2015Windows 10 CB/CBB/LTSB System Center 2016 Configuration Manager (Long-Term Servicing Branch) - LTSB 1QTR CY2016 – Inline with other System Center 2016 Products Windows 10 LTSB

8. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – New Feature Summary  Calendar years will no longer be included in the name since the new System Center Configuration Manager will be updated frequently. As updates are released, they will be denoted with a year and a month (YYMM) format. (i.e., 1512 = December 2015)  In-place upgrade from Configuration Manager 2012 to the new Configuration Manager Migration is required from Configuration Manager 2007. (in-place upgrade is not supported)  Frequent, incremental updates will be released for Configuration Manager. As upgrades for Windows 10 are released, updates for Configuration Manager in support of these upgrades will also be released. This is done to provide full support of every edition and servicing configuration of Windows 10. Each version/update will be supported for 12 months before customers are required to upgrade to the latest version for continued support.  Service Connection Point: New site system role to Configuration Manager Used by the site to check for and download updates to ConfigMgr. Updates are automatically downloaded. Replaces the Microsoft Intune connector. Used for submitting usage and diagnostic (telemetry) data from Configuration Manager. (details on next slide)  Service Connection Tool: An offline tool for use with sites on disconnected networks. (details on slide 16)  Software Center and Application Catalog combined into a single application.

9. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Summary  Data retention period is for one year.  Used for ensuring future releases of ConfigMgr will be a higher quality, and at a faster cadence, by enabling Microsoft to engineer and test configurations that are in production. Example: If current telemetry shows that few customers use Server 2008 or Server 2008 R2 on their site servers, and that German language packs are the most widely used, the focus of additional test efforts can be performed for the server versions and language packs that customers are actually using.  Configuration Manager telemetry data from each hierarchy (closed networks as well) will need to be uploaded in order to receive the Feature Upgrades & Servicing updates available for both Windows 10 (CB/CBB) and Configuration Manager. NOTE: CB can still be “serviced” (aka Release Ready) w/o using uploaded telemetry data; however, it is not recommended as this will not provide the capability for updates (including security) to maintain Windows 10 CB configurations in this scenario.  The three levels of data collection by Configuration Manager are Basic, Enhanced (default) and Full. (Explained in further detail on the next six slides) NOTE: Data such as site codes/names, IP addresses, user/computer names, physical addresses or email addresses are not collected at the Basic or Enhanced levels. Collection of data of this nature at the Full level (while unintentional) is possible as it might be included in the advanced diagnostic information (logs, memory snapshots) that are collected at this level.  The exact data sent to Microsoft is stored in the TelemetryResults table, and can be viewed using the following SQL command: SELECT * FROM TelemetryResults To ensure that any custom table names are not visible, a one-way hash (using SHA-256 algorithm) is used to store the collected data, and mask any sensitive data that may have been collected. The same hash can then be performed by Microsoft of the default tables that are shipped with the product to determine the deviation of the database schema from default. I.e. if the hashes are the same, the table is considered a known, default table. If the hashes don’t match, the table is considered a custom table created by the customer or third-party product.  Organizations that are currently unable to commit to the telemetry data upload requirement of the CB/CBB configurations should continue to use Win10 LTSB with ConfigMgr 2012 for the time-being. More details on future releases will be made available, as well as the future flexibility to in-place upgrade both ConfigMgr and Win10 LTSB to later versions (and current branches of both if desired).

10. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Basic Level Required to help improve installation/upgrade experience, and determine which ConfigMgr updates are applicable to the hierarchy.  Setup (build, install type, language packs, features you enabled, update pack deployment status and errors)  ConfigMgr DB performance metrics (replication processing information, top SQL Server stored procedures by processor and disk usage)  Basic DB configuration (processors, cluster configuration, configuration of distributed views)  Database schema (hash of all object definitions)  Count of ConfigMgr client versions and operating system versions  Count and OS of devices managed and policies set by the Exchange Connector  Count of client languages and locale  Count of Windows 10 devices by branch and build  Basic site hierarchy data (site list, type, version, status, client count, and time zone)  Basic site system server information (site system roles used, Internet and SSL status, operating system, processors, physical or virtual machine)  Basic user discovery statistics (user discovery count, minimum/maximum/average group sizes)  Basic endpoint protection information (antimalware client versions)  Basic application and deployment type counts (total apps, total apps with multiple deployment types, total apps with dependencies, total superseded apps, count of deployment technologies in use)  Basic OSD counts (images)  DP and MP types w/basic config information (protected, pre-staged, PXE, multicast, SSL state, pull/peer distribution points, MDM-enabled, SSL-enabled, etc.)  Telemetry stats (when run, runtime, errors)

11. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Enhanced Level Default level following setup, and includes data collected in the Basic level as well as the following:  Feature-specific data ( frequency/duration of use)  Configuration Manager client settings ( component name, state, and certain settings like polling intervals)  Basic software update information  Does not collect object names (sites, users, computer, or objects), details of security related objects, or vulnerabilities like counts of systems requiring software updates.  Application management Basic usage/targeting information for deployment types (user vs. device targeted, required vs. available) Application deployment information (install/uninstall, requires approval, user interaction enabled/disabled) Available application request statistics Count of packages by type Count of application applicability by OS Count of package/program deployments Count of App-V environments and deployment properties Count of Windows 10 licensed application licenses Minimum/maximum/average number of application deployments per user/device Maintenance window type and duration  Client List/count of enabled client agents Count of client installations from each source location type Count of client installation failures (continued on next slide)

12. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Enhanced Level (Cont.)  Compliance settings Count of configuration items by type of basic configuration baseline information Count, number of deployments, and number of references Count of deployments referencing built-in settings Value of setting is not captured Count of rules and deployments created for custom settings o Count of Simple Certificate Enrollment Protocol templates deployed  Content Count of boundaries by type Boundary group information Count of boundaries and site systems assigned to each boundary group Distribution point group information Count of packages and distribution points assigned to each distribution point group Distribution point configuration information including use of branch cache, distribution point monitoring Distribution Manager configuration information Threads, retry delay, number of retries, pull distribution point settings  Endpoint Protection Endpoint protection antimalware and Windows Firewall policy usage: Number of unique policies assigned to group. Does not include any information about the settings included in the policy Endpoint protection deployment errors Count of endpoint protection policy deployment error codes Count of collections selected to appear in endpoint protection dashboard Count of alerts configured for endpoint protection feature (continued on next slide)

13. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Enhanced Level (Cont.)  Mobile application management (MAM) Count of MAM-enabled Office and line of business applications and policy by operating system Count of MAM application/policy deployments Count of rules created per MAM setting  Mobile device management (MDM) Count of mobile device actions (lock, pin rest, wipe, and retire) commands issued Count of mobile devices managed by Configuration Manager and Microsoft Intune and how they were enrolled (bulk, user-based) Mobile device polling schedule and statistics mobile device check in duration Count of mobile device policies Count of users with multiple enrolled mobile devices  Microsoft Intune troubleshooting Count and size of state, status, inventory, RDR, DDR, UDX, Tenant state, POL, LOG, Cert, CRP, Resync, CFD, RDO, BEX, ISM, and compliance messages downloaded from Intune Count and size of device actions (wipe, retire, lock), telemetry, and data messages replicated to Microsoft Intune Full and delta user synchronization statistics for Microsoft Intune  On-premises mobile device management (MDM) Deployment success/failure statistics for on-premises MDM application deployments Count of Windows 10 bulk enrollment packages and profiles  Operating System Deployment Count of boot images, drivers, driver packages, multicast-enabled distribution points, PXE-enabled distribution points, and task sequences  Software Updates Total/average number of collections that have software update deployments and the maximum/average number of updates deployed (continued on next slide)

14. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Enhanced Level (Cont.)  Software Updates (Cont.) Number of automatic deployment rules tied to synchronization Number of automatic deployment rules that create new or add updates to an existing group Available and deadline deltas used in automatic deployment rules Average and maximum number of assignments per update Count of updates created and deployed with System Center Update Publisher Count of update groups and assignments Count of update packages and the maximum/minimum/average number of distribution points targeted with packages Number of update groups and minimum/maximum/average number of updates per group Number of updates and percentage of updates deployed, expired, superseded, downloaded, and containing EULAs Update scan error codes and machine count Client update evaluation and scan schedules Software update point synchronization schedule Number of automatic deployment rules with multiple deployments Configurations used for active Windows 10 servicing plans o Windows 10 dashboard content versions Count of Windows 10 clients that are using Windows Update for Business Cluster patching statistics Count of deployed Office 365 updates  SQL/performance data: Count of largest database tables SQL Always-On replica information Count of collections by type

15. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Telemetry Data Collection - Full Level Includes all data in Basic and Enhanced levels as well as the following: NOTE: Data collected at this level could potentially include PII that existed in the server’s memory or logs at the time advanced diagnostic information (system files and memory snapshots) were captured.  Additional information about Endpoint Protection, update compliance percentages, and software update information.  Collection evaluation and refresh statistics  Endpoint Protection health summary Including count of protected, at risk, unknown, and unsupported clients)  Endpoint Protection policy configuration  Software update deployment information Percentage of deployments targeted with client vs. UTC time, required vs. optional vs. silent, reboot suppression  Overall compliance of software update deployments  Automatic deployment rule evaluation schedule information  Number of clients with network access protection policy  Software update deployment error codes and counts  Minimum/maximum/average number of inactive clients in software update deployment collections  Count of groups with expired software updates  Minimum/maximum/average number of software updates per package  Software update scan success percentages  Minimum/maximum/average number of hours since last software update scan

16. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – Service Connection Tool  Required for keeping offline/disconnected sites up-to-date. This process also requires the upload of usage data to Microsoft. Also required for downloading the Servicing Dashboard UI that is required for CBB and its associated servicing plans. (screenshots on next slide)  For disconnected networks, the hashed telemetry data is exported into a CSV file (example below) by the Service Connection Tool. This file is then uploaded to the Microsoft service in the cloud (from a connected network) to begin the feature upgrade and servicing update downloads.  Command Line Switches -prepare: Prepares the site by gathering user data and creating a.cab file Admins can choose the name and location of the.cab -connect: Connects to the Microsoft service in the cloud, uploads the.cab file and downloads: All available ConfigMgr updates Windows servicing related downloads (feature upgrades and service updates) -import: Imports to the console -export (optional): Exports the current usage data to a.csv file.

17. Configuration Manager: New Features and Requirements Configuration Manager (as-a-Service) – CBB Servicing Dashboard UI  The Servicing Dashboard UI is required for creating/maintaining CBB servicing plans.  The dashboard is downloaded for sites on connected networks through the Service Connection Point site system role, and through the Service Connection Tool for sites on disconnected networks.

18.  TechNet: Windows 10 Servicing Options for Updates and Upgrades https://technet.microsoft.com/en-us/library/mt598226(v=vs.85).aspx  ConfigMgr Team Blog (Aaron Czechowski): System Center Configuration Manager: Support for Windows 10 and Microsoft Intune http://blogs.technet.com/b/configmgrteam/archive/2015/10/27/system-center-configmgr-support-for-win-10-and-intune.aspx  In the Cloud Blog (Brad Anderson): The Future of Configuration Manager http://blogs.technet.com/b/in_the_cloud/archive/2015/10/27/the-future-of-configuration-manager.aspx  In the Cloud Blog (Brad Anderson): The Incredible Past, Remarkable Present, and Extraordinary Future of ConfigMgr http://blogs.technet.com/b/in_the_cloud/archive/2015/11/05/the-incredible-past-remarkable-present-and-extraordinary-future-of-configmgr.aspx  TechNet: Microsoft System Center Configuration Manager Technical Preview – New Capabilities in Tech Preview 3 (Usage Data) https://technet.microsoft.com/en-us/library/dn965439.aspx#BKMK_UsageData  TechNet: Diagnostics and usage data for System Center Configuration Manager https://technet.microsoft.com/en-us/library/mt613113.aspx References

19.  Aaron Czechowski – Sr. PgM - ECM  Kerim Hanif – Sr. PgM - ECM  Mark Serafine – Sr. PFE – NSG  John Rayborn – Sr. PFE – DISA & CoCOMs Contributors / Reviewers