Migrating to Windows 10TOM KNOCKAERT

Introduction + Keynote

Windows 10 Deployment & Update

Licensing

Microsoft Azure RemoteApp

Windows Security: identity & protection

Windows Security: client infrastructure

Realdolmen Offering

TOMORROW ON WHEELS

Windows 10 Roadshow KeynoteHELLO, MY NAME IS STIJN VANNUT

Technology is fast reshaping our world and has the potential to change everything –people, businesses, communities and nations.”

“- BT CIO report 2016

Employees work on nearly 2x the number of teams than they did

five years ago

41% employees say mobile business apps are changing the way they work

160M customer records leaked

229 days to detect security infiltration

ALLOCATIONCIO BUDGET

Source: Deloitte CIO Survey 2014

Percent of budget spent on business as usual

55%71%Say their top priority

is supporting new business needs

WHAT WE HEAR FROM YOU

Sources: Gartner, Ponemon Institute, IdeaPaint, MIT Center for IS Research

200+ DaysMedian # of days attackers are present before detection

$3.5MAverage cost of data breach (15% YoY increase)

I’m worried about security threats and managing the risk to my business.

Decade-old PC tech, infrastructure, and

processes drive up IT costs and slow

business agility.

$146-$188 per deviceCost of keeping user devices up to date and secure

$1,930 per PCCost of upgrading Windows XP to Windows 7

My employees need to be productive on every

device they use.

80% of workersspend a portion of their time working outside the office

38% of Millennials feel outdated collaboration tools hinder innovation

We need to capitalize on new business opportunities quickly.

41% of CEOsExpect digital revenue to double over the next 5 years

47% of existing revenueconsidered to be under threat in the next 5 years

Achieve more and transform your business with the most secure Windows ever.

Safer and more secure

Powerful, modern devices

More personalMore productive

“THERE ARE TWO KINDS OF BIG COMPANIES, THOSE WHO’VE BEEN HACKED, AND THOSE

WHO DON’T KNOW THEY’VE BEEN HACKED.”

J A M E S C O M E Y , D I R E C T O R F B I

MODERN SECURITY THREATS

SAFER , MORE SECURE

SAFER AND MORE SECURE

Windows HelloWindows Hello for

BusinessCompanion Device

FrameworkCredential Guard

Replace passwords, protect

identities

Strengthen auth. with biometrics and hardware-

based multi-factor

Secure BootDevice Guard

Windows Defender

Only run software you trust

Eliminate Malware on corporate devices

Windows Information Protection

Protect sensitive corporate

data

Automatic encryption with persistent protection

Windows Defender Advanced Threat

Protection

Detect compromised

devices quickly

Use behavioral detection, cloud, and human threat

intelligence to quickly identify compromised devices

WINDOWS DEFENDER ADVANCED THREAT PROTECTION

DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES

Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles1st and 3rd party threat intelligence data.

Rich timeline for investigationEasily understand scope of breach. Data pivoting across endpoints. Deep file and URL analysis.

Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries. Real-time and historical data.

Built in to WindowsNo additional deployment & infrastructure. Continuously up-to-date, lower costs.

Windows Trusted Boot

Windows Hello

Credential Guard

Device Guard

Enterprise Data Protection

Windows Defender ATP

NEW CHALLENGES REQUIRE A NEW PLATFORM

WINDOWS 7 WINDOWS 10

MORE PRODUCTIVE

MORE PRODUCTIVE

Cross device MDM supportAzure Active Directory

Windows Store for BusinessUpgrade Analytics

Use the cloud to drive IT

transformation

Streamline IT process by harnessing the power of the

cloud on your terms

Dynamic provisioningIn-place upgrades

Application compatibilityWindows as a Service

Reduce disruptive deployments

End wipe-and-reload deployments, enable

managed, phased rollouts

Azure AD user state roaming OneDrive for Business and

Office 365

Always have what you need

Access your apps and data from any Windows device

FOR IT FOR END USERS

Windows Ink

Interact the way you want

Do more with digital ink

MANAGING INNOVATION

Not all users and devices are the same. Some need

to be current and up to date, others need to stay

static, sometimes for years.

Historically, technology adoption is dragged down

by compatibility, complexity and cost.

Addressing modern security threats requires

rapidly deploying updates and new functionality.

Managing the tension between staying up to date and the historic complexity

of migration.

S P E E D O F C H A N G E D R I V E S N E E D F O R I N C R E A S E D A G I L I T Y

R E D U C I N G F R A G M E N T A T I O N

WINDOWS AS A SERVICE

60 days4 months 12 – 22 months4 - 8 months

Feedback Pilot Production

RELEASE LIFECYCLE

RELEASE

WINDOWS AS A SERVICE CADENCE

July July2016Jan July

2017Jan

2018Jan

Creators UpdateHypothetical date

Feedback Pilot Production

November Update November 2015

Feedback Pilot Production

Windows 10 July 2015

Feedback Pilot Production

Anniversary UpdateAugust 2016

Feedback Pilot Production

T W O R E L E A S E S S U P P O RT E D I N M A R K E T

MORE PRODUCTIVE FOR IT

BEFORE AFTERWINDOWS 10

Deployment Time 4 Y E A R S 2 YEARS

Deployment IT Resources 1 5 F T E 5 FTE

Installation IT Time 6 0 M I N . 5 MIN

DESKTOPMGMTTIME SAVINGS 15%

C O M P A R E D W I T H P R E V I O U S W I N D O W S V E R S I O N S , T H E [ C O M P O S I T E ] O R G A N I Z A T I O N E S T I M A T E S I T H A S R E D U C E D D E S K T O P M A N A G E M E N T R E S O U R C E T I M E B Y 1 5 % F O R D E V I C E S T H A T H A V E B E E N U P G R A D E D T O W I N D O W S 1 0 . ”

“

Source: “The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.

MORE PERSONAL

MORE PERSONAL

ContinuumContinuum for Phone

Universal Windows Apps

Get the best experience

The best screen is always the one you’re on

Cortana, with Azure ADCortana Analytics and

Power BI

Put your digital assistant to work

Get proactive help and business intelligence from a

true assistant

POWERFUL, MODERN DEVICES

POWERFUL, MODERN DEVICES

In-place upgradeHardware compatibility

Bring innovation to your current PCs

Windows 10 works great on Windows 7 PCs

SurfaceWindows Phone3rd party devices

Achieve more with modern devices

Get the best experience with Windows 10 on modern hardware with a range of

innovative devices across 2-in-1s, tablets, and phones

Windows 10 IoTManaged user

experienceVertical specific devices

Vertical industry and IoT solutions

Find the right device for your Line of Business and

IoT scenarios

Surface HubHoloLens

Devices that redefine

productivity

Revolutionary new devices

Safer and more secure

Powerful, modern devices

More personalMore productive

Achieve more and transform your business with the most secure Windows ever.

Source: “The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.

TOTAL ECONOMIC IMPACT OF WINDOWS 10

T H E

W I N D O W S 1 0 E N A B L E S P R O D U C T I V I T Y A N D I N C R E A S E D B U S I N E S S P E R F O R M A N C E . ”

“

FINANCIAL BENEFITS

13P A Y B A C KMONTHS188% R O I

N P V3 YEAR

DESKTOP MGMT

TIME SAVINGS

15%

SECURITY BENEFITS

33%REDUCTION IN SECURITY ISSUES & TIME TO RESOLVE

SECURITY ISSUEREMEIDIATION SAVINGS

710K$PER YEAR

[New features] help Windows 10 to be probably the most secure out-of-the-box Windows Platform”

“IT MANAGER, US PROFESSIONAL AUTO RACING TEAM

DEPLOYMENT IS EASIERB E F O R E AFTER WINDOWS 10

Deployment Time 4 Y E A R S 2 YEARS

Deployment IT Resources 1 5 F T E 5 FTE

Installation IT Time 6 0 M I N . 5 MIN

Office 365

Enterprise Mobility + Security

Windows 10 Enterprise

Delivered through enterprise cloud services

Always up to date

More productive Powerful, modern devicesMore personalSafer and more secure

Windows Information Protection

Windows Hello

Credential Guard

Device Guard

AppLocker

Windows Defender Advanced Threat Protection

Azure Active Directory Join

Mobile Device Management

Application Virtualization

(App-V)

Windows Ink

Windows Store for Business

Cortana Management

Managed User Experience

User Experience Virtualization (UE-V)

Windows 10 for Industry Devices

Innovative designs

New experiences

Best in class performance

The most trusted platform The most versatile devices

Windows 10HELLO, MY NAME IS MIKE VAN ERMEN

Outstanding compatibility means a smooth migration from Windows 7 or Windows 8.1

Get links to Windows 10 ISV support statements

http://www.readyforwindows.com

We are actively engaged with ISVs, to ensure full support for Windows as a service

Track upgrade readinessLeverage telemetry to see what’s happening in your organization

Identify app and driver issuesSee app and device details, known issues

RemediateImplement suggestions to resolve issues

Drive deployment

http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics

36

Report: Devices

Ready To Pilot And

Deploy

Full App Inventory

App Usage Information

Allows Targeted

Validation

App And Driver

Issues And Mitigations Known To Microsoft

Workflow To Track

Validation Progress

And Decisions

Powerful Device

LevelSearch

And Drill-Downs

How to deploy Windows 10

From Windows 7, 8, 8.1

In-Place Upgrade

Traditional Deployment

New Devices

Provisioning Traditional Deployment

Windows 10: Stay Current

In-Place Upgrade

In-Place Upgrade: When not to use

Upgrade process: Size

Data Center Server

RouterSwitches

Wireless Access Point

Data Center Server

RouterSwitches

Wireless Access Point

Without peer-to-peer With peer-to-peer

Upgrade process: Settings Migration

Upgrade process: Preflight

http://blogs.technet.com/b/mniehaus/archive/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe.aspx

Take off-the-shelf hardware

Transform with little or no user interaction

Device is ready for productive use

Provisioning, Not Reimaging

• Company-owned devices:Azure AD join, either during OOBE or after from Settings

• BYOD devices:“Add a work account” for device registration

• Automatic MDM enrollment as part of both• MDM policies pushed down:

• Change the Windows SKU• Apply settings• Install apps

• Create provisioning package using Windows Imaging and Configuration Designer with needed settings:

• Change Windows SKU• Apply settings• Install apps and updates• Enroll a device for ongoing management (just

enough to bootstrap)• Deploy manually, add to images

User-driven, from the cloud IT-driven, using new tools

Assessment and Deployment Kit

Microsoft Deployment Toolkit

MDT 8443 version 1607

Configuration Manager

https://blogs.technet.microsoft.com/enterprisemobility/2016/06/24/faq-system-center-configuration-manager-current-branch/

https://technet.microsoft.com/en-us/library/mt732696.aspx

What customers are telling usPasswords

are no longer

sufficient We need to be adopting new technologies as fast as our

customers

My users need access to their apps

and data anywhere, anytime

Too many tools and too much

fragmentation

No more big deployments

We want more transparency and an open

dialogue with Microsoft

IT Budgets are under pressure.

Show us how we can cut

IT costs

How do I protect my corporate

data

Security of our mobile devices is a top concern

A brand new way of building, deploying, and servicing Windows

Unmatched flexibility and control, depending on needs Current Branch for Business

Benefits from new featuresBegins broad deployment

Information workersGeneral population

Long Term Servicing Branch

Deploy for mission critical systems

No need for frequent new features (or any sort of change)

Too expensive for general population

Specialized systems

Specific feature and performance feedback

Application compatibility validation

Windows Insider Preview Branch

Test machines, small pilots

Current Branch

Deploy to appropriate audiences Test and prepare for broad

deployment

Early adopters, initial pilots, IT devices

STAGE

NU

MBE

R O

F D

EVIC

ES

Release

Microsoft Insider Preview Branch

Broad Microsoft internal validation

Engineering builds

Pilot Broad Deployment

*Conceptual illustration only

Time

~6 months

Broad Deployment

Ring IBroad

Deployment Ring II

Broad Deployment

Ring IIIBroad

Deployment Ring IV

Pilot Ring IT Pilot Ring

QA Pilot RingEarly Adopters

16 + months

Users

10’s of thousands

Several Million

Hundredsof millions

With Windows 10 servicing, consistency and simplicity are paramount

Changes announced for older Windows releases as well

With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality

Typical Windows 7 PC:Selectively Patched

Windows 7 Test Lab PC:Fully Patched

What customers are running

What we are testing

Y

YY

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

Traditional deployment (every 3-5 years)

Apps Infra Imaging Deploy

2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028

Windows as a service (twice per year)

Apps Infra Imaging Deploy

2009 2015

Apps Infra Imaging Deploy

Total costs over three years of WaaS needs to be the same or better than the traditional deployment project cost• Application testing and validation• Infrastructure remediation, upgrades• Deployment itself

All need to be reduced by nearly an order of magnitude

Imaging costs can be eliminated

1 Configure Insider PCs• Lab or secondary PCs• Enough to explore new features, measure compatibility

2 Identify special PCs• Deploy Windows 10 Enterprise LTSB• Limited numbers (we hope)

3 Recruit volunteers for pilots• Willing participants who will provide feedback• Cover the broadest set of apps and devices possible

4 Divide broad population of PCs• Standard deployment best practice• Focus on risk reduction, minimizing disruption

Differentiator Current BranchCurrent Branch for

BusinessLong Term Servicing

BranchPrimary purpose Pilot Deployments Broad Deployment Special Devices

Deployment timeline Soon after release About 4 months (or more) after release

Any time during lifecycle

Release frequency About every six months Approximately every 2-3 years

Updates All security fixes, moderate bar for other fixes All security fixes, high bar for other fixes

Apps All in-box apps No in-box apps (except system apps)

Browser Edge and Internet Explorer 11 Internet Explorer 11

Windows features All Excludes Cortana,Windows Store

Platform features Win32, Universal Windows Platform Win32, Universal Windows Platform

Current Branch / Current Branch for Business Long Term Servicing Branch

Security Non-Security

Microsoft Windows 10 Enterprise(Current Branch, Current Branch for Business)

Microsoft Windows 10 Enterprise 2016 LTSB

1 Validate critical apps and infrastructureEnsure new release works with business-critical apps, core infrastructure tools

2 Begin pilot deploymentsStart with IT, expand to broader volunteer audience, for app and hardware validation

3 React as needed to feedbackA few issues are expected, have a remediation plan in place.

4 Deploy to the broad populationFocus on risk reduction, minimizing disruption through scheduling, segmentation

0

200

400

600

800

1000

1200

2015-11 2015-12 2016-01 2016-02 2016-03 2016-04 2016-05 2016-06 2016-07 2016-08 2016-09 2016-10

Full Update Size (MB)

0

200

400

600

800

1000

1200

2015-11 2015-12 2016-01 2016-02 2016-03 2016-04 2016-05 2016-06 2016-07 2016-08 2016-09 2016-10

Full Update Size (MB) Express Download Size (MB)

2710

3630

1971

2540

0

1000

2000

3000

4000

x86 x64

Feature Update Size (MB)

Media Size (MB)

ESD Download Size(MB)

savings of about 35% later in 2017 2710

3630

1971

2540

0

1000

2000

3000

4000

x86 x64

Feature Update Size (MB)

Media Size (MB)

ESD Download Size(MB)

ESD Diff Download Size(est.)

Windows 10 LicensingHELLO, MY NAME IS ROEL

PURCHASING & EDITIONS

o Win10 Proo Win10 Home

FPP (Retail)

OEM (pre-installed)

Volume Licensing (upgrade)

o Proo Enterprise (E3/E5)o Enterprise LTSBo Education (E3/E5)

o Proo Home

Mobile

o Mobileo Mobile Enterprise

OEM VS VOLUME LICENSING

OEM VolumeLicense

o License tied to deviceo Limited downgrade rightso No Software Assuranceo Editions: Home, Pro o No Enterprise featureso Licensed per device

o Upgrade license (requires qualifying OS)o License not linked to deviceo Downgrade rights*o Software Assuranceo Editions: Pro, Enterprise (E3/E5),

Enterprise LTSBo Enterprise featureso Re-imaging rightso Volume Activationo Licensing per device / per user

*hardware limits may apply

CHANGES IN VOLUME LICENSING

ENTERPRISE FEATURES

Windows To GoCreator

CredentialGuard

Start ScreenControl

DeviceGuard

DirectAccess

BrancheCache

AppLocker

VDIEnhancement

(not in LTSB)

ManagedUser

ExperienceApp-V

DefenderAdv.ThreatProtection

(E5/Edu E5)

E5: WINDOWS DEFENDER ADVANCED THREAT PROTECTION

SOFTWARE ASSURANCE

No SA SA Included

ProfessionalEnterprise LTSB

Enterprise E3 / E5Education E3 / E5

New Version Rights

MDOP

Windows Thin PC

Virtual Desktop Access (VDA) Rights

Windows To Go Use Rights

Licensing Per User

Per-User Add-on

Training Vouchers

SA Benefits

Planning Services

Windows 10 Mobile Enterprise

WINDOWS AND VDI

USER

OEM license Win Enterprise E3/E5

(upgrade license) per device

FAT CLIENT THIN CLIENT

Option 1: Win Enterprise E3/E5 per User

Option 2: VDA per user

No OEM = no (Enterprise) upgrade license possible

VDA license per device

LICENSING PER DEVICE VS PER USER

PERDEVICE

PERUSER

Enterprise E3/E5 per User Virtual Desktop Access (VDA)per user

Requirements Primary user’s primary device must be licensed for Win 7/8.1/10 Pro, Ent, or Edu

No device requirements; maybe assigned to any user

License model Per user; no device limits

Local install of Windows Enterprise

On any Windows 7/8.1/10 Pro, Enterprise, or Education device or Windows tablet ≤ 10.1 inches

VDI Access and Windows ToGo

Any device

WINDOWS AS A SERVICE

Level of effort needed for traditional Windows deployments versus servicing Windows 10

SERVICING BRANCHES

Timing of feature updates

Delay feature updates

Ongoing security updates

Appropriate for

Windows Insider Program

Pre-production (beforeCB) NA Yes

IT Pro’s, early adopters, testing machines

Current Branch (CB) As available 180 days (as of build1607) Yes

consumer devices, early adopters, testing machines

Current Branch forBusiness (CBB)

Ca. 4 months after theCB release

180 days (as of build1607) Yes

most business devices -information workers

Long Time ServicingBranch (LTSB)

Estimated every 2-3 years Up to 10 years yes

special "mission-critical" devices (e.g. medicaldevices, ATM's, …)

SERVICING BRANCHES & EDITIONS

AVAILABILITY IN VOLUME

LICENSING

WIN10 E3/E5 PER USER IN CSP (CLOUD SOLUTION PROVIDER)

The CSP Model

Realdolmen-managed software & services (& hardware)Realdolmen support includedPay-as-you-go modelFlexible upscaling/downscalingFlexible invoicing

Win10 in CSP

OEM (on devices in Business Premium Bundle)Enterprise E3/E5 per user

CB / CBB servicing BranchesNo LTSBNo downgrade rightsMax. 5 devices per user

CSP: REALDOLMEN O365 BUSINESS PREMIUM BUNDLE

Software Services Hardware

Implementation & MigrationTrainingSupport

O365 Business PremiumOfficeExchange onlineSkype for BusinessOneDrive for Business

Surface Pro4 or HP Elite X2

Mobile Device ManagementSecurityNext business dayreplacement in case of defect

Note: contact Realdolmen for details and specific terms and conditions

TOMORROW ON WHEELS

THANK YOU FOR

YOUR ATTENTION