WelcomeEWUG 1701 - Modern Device Management

Per LarsenSolution Architect, Technical Lead Microsoft Enterprise Mobility Suite (EMS) and Microsoft Partner Technology Solutions Professional (P-TSP)Co-Owner of Everything Windows User Group Denmark

e: per.larsen@atea.dk | m: +45 3078 1828 | t: @PerLarsen1975in: www.linkedin.com/in/perlarsen1975 | Blog: osddeployment.dk

#UpgradeYourWorld

#UpgradeYourWorld

The Windows 10 eco-system

Devices | Windows 10 | Cloud

One Windows across all devices

Modern Management

Windows 10 is born for Modern Management

Microsoft Surface Hub – Windows 10 Teams

Let’s have a closer lookSurface Hub management…

Let’s have a closer lookMicrosoft Intune – Ibiza Portal

Microsoft Intune in Azure – Ibiza portal

Microsoft Azure Active Directory

Microsoft Azure Active Directory (AAD)

Bringing the cloud to Windows desktops• Windows 10 is build for Microsoft Azure• It's not a strong relationship yet, more of a fling…• But it's worth looking at now, as it's going to be a big growth area• Windows 10 can join Azure AD instead of a on premise AD

If you have Office 365, you already have an Azure AD domain

Microsoft Azure Active Directory (AAD)

Microsoft Azure Active Directory (AAD)

Windows 10 will be powered by Azure AD, giving you options for:• Self-provisioning of corporate owned devices• Use existing organizational accounts• Single Sign-On

• Automatic MDM enrollment• Enterprise-ready Windows Store• Enterprise State Roaming• Store BitLocker Keys in Azure AD• New Azure AD portal

Let’s have a closer lookWhat's new…

Upgrade AnalyticsData is used to identify compatibility issues.

Upgrade Analytics

• Operations Management Suite - OMS• Requires Azure Subscriptions

• Windows 10 Readyness• Office Add-ins• Site Discovery

Let’s have a closer lookUpgrade Analytics

Windows Defender Advanced Threat ProtectionWDATP

Windows Defender Advanced Threat Protection

• Built into Windows, cloud powered• No additional deployment & Infrastructure. Continuously up to date;

lower costs.• Behavioral-based, post-breach detection

• Actionable, correlated alerts for known and unknown adversaries. Real-time and historical data.

• Rich timeline for investigation• Easily understand scope of breach. Data pivoting across endpoints.

Deep files and URLs analysis.• Unique threat intelligence knowledge base

• Unparalleled threat optics provides detailed actor profiles. First- and third-party threat intelligence data.

Let’s have a closer lookWindows Defender Advanced Threat Protection

Windows Store for BusinessThe one stop Store for Windows 10 Devices

Windows Store for Business

Find and acquire Manage Distribute

Designed for organizations

Personalized for your organization

Windows Store for Business

• The Business Store Portal (BSP) and Store recognize two identities for you• Log on with Azure AD, you get the corporate options (and you

don't need a credit card)… leave the organization, you lose the apps• Log on with your MSA (as in today), you pay with credit card and

any apps you buy travel with you• Organizations can buy apps in bulk• Organizations can use purchase order, credit cards.

You can get the Appx packages to put in your store when you purchase them through the BSP, and even preinstall Appx packages in your image

Let’s have a closer lookWindows Store for Business

Mobile device Management (MDM) in Windows 10Troubleshooting

How to troubleshout from the client side

• Getting Resultant Settings • MDM – Export Result• GPO – Result /H %TEMP%\gpo.html

• Event logging • MDM - Microsoft-Windows-DeviceManagement-Enterprise-

Diagnostics-Provider• GPO - Microsoft-Windows-GroupPolicy/Operational

Settings Synchronization interval

• MDM - Every 3 minutes for 30 minutes after enrollment, and then every 8 hours • Can be customized - DMClient CSP• Provider/ProviderID/Poll• Device Management Log XML to HTML Converter

• GPO - A default value of 90 minutes with a 30 minute random offset

DMClient CSP

Provider/ProviderID/Poll

Windows UpdateWindows Update for Business

What are the options ??

• Windows Update• WSUS• SCCM• Intune

Windows Update for Business – Deployment rings

Deployment ring Servicing branchTotal weeks after Current Branch (CB) or Current Branch for Business (CBB) release

Preview Windows Insider Pre-CB

Ring 1 Pilot IT CB CB + 0 weeks

Ring 2 Pilot business users CB CB + 4 weeks

Ring 3 Broad IT CB CB + 6 weeks

Ring 4 Broad business users CBB CBB + 0 weeks

Ring 5 Broad business users #2 CBB CBB + 2 weeks as required by capacity or other constraints

Category Maximum deferral Deferral increments Example Classification GUID

Feature Updates 180 days DaysFrom Windows 10, version 1511 to version 1607

3689BDC8-B205-4AF4-8D4A-A63924C5E9D5

Quality Updates 30 days Days

Security updates0FA1201D-4330-4FA8-8AE9-B877473B6441

Drivers (optional)EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0

Non-security updates

CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83

Microsoft updates (Office, Visual Studio, etc.)

varies

Non-deferrable No deferral No deferral Definition updatesE0789628-CE08-4437-BE74-2495B842F43B

Capability Windows 10, version 1511 Windows 10, version 1607

Select Servicing Options: CB or CBBNot available. To defer updates, all systems must be on the Current Branch for Business (CBB)

Ability to set systems on the Current Branch (CB) or Current Branch for Business (CBB).

Quality UpdatesAble to defer receiving Quality Updates:•Up to 4 weeks•In weekly increments

Able to defer receiving Quality Updates:•Up to 30 days•In daily increments

Feature UpdatesAble to defer receiving Feature Updates:•Up to 8 months•In monthly increments

Able to defer receiving Feature Updates:•Up to 180 days•In daily increments

Pause updates•Feature Updates and Quality Updates paused together•Maximum of 35 days

Features and Quality Updates can be paused separately.•Feature Updates: maximum 60 days•Quality Updates: maximum 35 days

Drivers No driver-specific controls Drivers can be selectively excluded from Windows Update for Business.

Let’s have a closer lookWindows Update for Business

Thank you