Modernize your Windows Management with Microsoft Intune - Brainstorm 2018.pdf · Paths to Modern...
Transcript of Modernize your Windows Management with Microsoft Intune - Brainstorm 2018.pdf · Paths to Modern...
Modernize your Windows Management with Microsoft IntunePresented by Max Fritz & Doug Wilson
Systems Consultants, Now Micro
Now Micro is a Consulting & Device Life Cycle Management company
Now Micro’s Consulting Practice focuses on helping organization deliver the best end user experience by designing and
implementing the most robust Systems Management, Cloud Productivity, and Identity Management solutions available.
Office 365 Windows 10Enterprise Mobility
+ Security
Vision: Unified management across users, devices, apps and services.
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Microsoft EducationEmpowering students today to create the world of tomorrow
Bridging the Classic & Modern Workplaces
Modern Workplace- Work from anywhere
- Choose the device you want or bring your own
- Quick, friendly out-of-box experience
- Self-service
- Integrated and cloud-based security
- Simpler application delivery through Store/SaaS
- Data intelligence for better business insights
- Minimize on-preminfrastructure costs
- Unified identity, device and app management
- Self-service deployment without imaging
Users Apps
Microsoft Intune Learn more at microsoft.com/intune
Simplify Windows 10 management and lower TCO with EMS
Self-service deploymentMake any new PC enterprise-ready via
a simple self-service experience.
Automatically configure devices when yourusers login with their company credentials.
Use cloud intelligence
to upgrade Windows 10
and Office 365 ProPlus
with confidence.
Simplified management & securityEmbrace cloud-based management and transition at
your pace while staying in control.
Always up to dateDeliver the latest features and
security.
Control what
updates are
deployed, to
whom and
when.
Proactive insightsGet ongoing proactive insights to
diagnose and fix issues before they
happen.
Cloud updates mean youdon’t need to have on-premise update servers.Microsoft 365
EMS
Windows 10
Contoso Sign in
Corp. Username
Password
Certificate
Agentless Unified identity,
device and O365
ProPlus mgmt.
Integrateddata protection
Enterprise Mobility + Security Learn more at microsoft.com/ems
Sign in with contoso.microsoft.com
Next
Office 365ProPlus MGMT
Paths to Modern Management
Co-Management Architecture With ConfigMgr and Intune
Windows 7/8.x
Windows 10AD Domain-joined &
AAD Joined
Mobile devices Intune
ConfigMgr console
Azure portal
ConfigMgrSite Servers
ConfigMgr agent
AD Domain Joined
ConfigMgr agent
AD Domain Joined
AAD Joined
ConfigMgr agent
Intune MDM
AD Domain Joined
AAD Joined
AutoPilot
Intune MDM
AD Domain Joined
AAD Joined
ConfigMgr agent
Intune MDM
AD Domain Joined
AAD Joined
Existing ConfigMgr managed devices
New devices
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
- Users see settings and data
across devices (Enterprise
Roaming of Settings)
- IT can control access via
Azure AD device-based
conditional access.
- Users sign-in conveniently
and securely with Windows
Hello for Business.
- Eliminate PC dependency
on domain controllers
- Better battery life and
performance of the device
- Extend your on-premises directory with Azure AD.
- Azure AD Join your AD domain-joined devices
- AD + Azure AD Join new devices through Auto Pilot
- Transition GPO to MDM
- Pilot Azure AD Join to identify AD auth dependencies
- Gradually move traditional management tools that rely on computer identity to their cloud equivalents or AAD enlightened versions (e.g. ConfigMgr with CMG, WSUS to WUfB)
- AAD Join new devices (AD Joined machines remain AD joined until retired)
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
S E T T I N G S P O L I C I E S
O F F I C E &A P P S D R I V E R S
1. Build & maintain
custom image, gathering
everything else that’s
necessary to deploy
2. Wipe original OEM
Windows image and
replace with custom image
Time
Money
OEM/Reseller
Ship
Off-the-shelf and Shrink-wrapped Devices Employee unboxes device, self-deploys
Deliver direct to Employee
Employee driven Self-Deployment
• Custom imaging – expensive, limits HW choice, impairs talent
acquisition
• Windows EULA – employees not permitted to accept on org-
owned devices
• Non-trivial decision making (Personal vs Org Owned disambig,
Privacy Settings, OEM Registration) generates Helpdesk calls
• OOB account is always Admin – majority of enterprises want
standard accounts on corp-owned devices
ANNA [email protected]
Hardware Vendor
Windows AutoPilot Service
Upload
Device IDs
Configure AutoPilot Profile
Employee unboxes device, self-deploys
Ship Deliver direct to Employee
Self
Deploy
IT Admin
Device IDs
Hardware Vendor
Windows AutoPilot Service
Upload
Device IDs
Configure AutoPilot Profile
Employee unboxes device, self-deploys
Ship Deliver direct to Employee
Self
Deploy
IT Admin
Device IDs
Windows AutoPilot
Microsoft 365 powered device
AADIntune
Apps
Updates Reporting
Config
Manager
Policies
AD
Co-Management using Windows AutoPilot
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Traditional deployment (every 3-5 years)
Apps Infra Imaging Deploy
2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028
Windows as a service (twice per year)
Apps Infra Imaging Deploy
1 Configure Insider PCs• Lab or secondary PCs
• Enough to explore new features, measure compatibility
2 Identify special PCs• Deploy Windows 10 Enterprise LTSB
• Limited numbers (we hope)
3 Recruit volunteers for pilots• Willing participants who will provide feedback
• Cover the broadest set of apps and devices possible
4 Divide broad population of PCs• Standard deployment best practice
• Focus on risk reduction, minimizing disruption
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
Check out the 1703 MDM security baselines here:
https://aka.ms/mdm1703baselines
MDM
Security Baselines
AD/AAD
connect
Adopt Windows 10
Adopt Office 365/ProPlus
Imaging to Signature Image
1/2020
GPO to MDM Policy
Kerberos to Modern Auth
Win32 to Modern Apps
ConfigMgr Content Delivery to Cloud Content Delivery
Today
WSUS to WUfB
Adopt & Connect Transition to Modern
Modernizing with a co-management bridge
Traditional Application
Management
Modern Application
Management
Thank you!Come ask us questions!
Other Now Micro Sessions
Tuesday:
• Dealing with Hardware –
Overcoming Challenges with
Windows 10
• A Hitchhiker's Guide to Azure
Active Directory
• Microsoft Enterprise Mobility &
Security Suite