TOM KNOCKAERT Migrating toWindows 10 - … · ... “The Total Economic Impact ... a commissioned...
Transcript of TOM KNOCKAERT Migrating toWindows 10 - … · ... “The Total Economic Impact ... a commissioned...
Migrating to Windows 10TOM KNOCKAERT
Introduction + Keynote
Windows 10 Deployment & Update
Licensing
Microsoft Azure RemoteApp
Windows Security: identity & protection
Windows Security: client infrastructure
Realdolmen Offering
Technology is fast reshaping our world and has the potential to change everything –people, businesses, communities and nations.”
“- BT CIO report 2016
Employees work on nearly 2x the number of teams than they did
five years ago
41% employees say mobile business apps are changing the way they work
160M customer records leaked
229 days to detect security infiltration
ALLOCATIONCIO BUDGET
Source: Deloitte CIO Survey 2014
Percent of budget spent on business as usual
55%71%Say their top priority
is supporting new business needs
WHAT WE HEAR FROM YOU
Sources: Gartner, Ponemon Institute, IdeaPaint, MIT Center for IS Research
200+ DaysMedian # of days attackers are present before detection
$3.5MAverage cost of data breach (15% YoY increase)
I’m worried about security threats and managing the risk to my business.
Decade-old PC tech, infrastructure, and
processes drive up IT costs and slow
business agility.
$146-$188 per deviceCost of keeping user devices up to date and secure
$1,930 per PCCost of upgrading Windows XP to Windows 7
My employees need to be productive on every
device they use.
80% of workersspend a portion of their time working outside the office
38% of Millennials feel outdated collaboration tools hinder innovation
We need to capitalize on new business opportunities quickly.
41% of CEOsExpect digital revenue to double over the next 5 years
47% of existing revenueconsidered to be under threat in the next 5 years
Achieve more and transform your business with the most secure Windows ever.
Safer and more secure
Powerful, modern devices
More personalMore productive
“THERE ARE TWO KINDS OF BIG COMPANIES, THOSE WHO’VE BEEN HACKED, AND THOSE
WHO DON’T KNOW THEY’VE BEEN HACKED.”
J A M E S C O M E Y , D I R E C T O R F B I
MODERN SECURITY THREATS
SAFER AND MORE SECURE
Windows HelloWindows Hello for
BusinessCompanion Device
FrameworkCredential Guard
Replace passwords, protect
identities
Strengthen auth. with biometrics and hardware-
based multi-factor
Secure BootDevice Guard
Windows Defender
Only run software you trust
Eliminate Malware on corporate devices
Windows Information Protection
Protect sensitive corporate
data
Automatic encryption with persistent protection
Windows Defender Advanced Threat
Protection
Detect compromised
devices quickly
Use behavioral detection, cloud, and human threat
intelligence to quickly identify compromised devices
WINDOWS DEFENDER ADVANCED THREAT PROTECTION
DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES
Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles1st and 3rd party threat intelligence data.
Rich timeline for investigationEasily understand scope of breach. Data pivoting across endpoints. Deep file and URL analysis.
Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries. Real-time and historical data.
Built in to WindowsNo additional deployment & infrastructure. Continuously up-to-date, lower costs.
Windows Trusted Boot
Windows Hello
Credential Guard
Device Guard
Enterprise Data Protection
Windows Defender ATP
NEW CHALLENGES REQUIRE A NEW PLATFORM
WINDOWS 7 WINDOWS 10
MORE PRODUCTIVE
Cross device MDM supportAzure Active Directory
Windows Store for BusinessUpgrade Analytics
Use the cloud to drive IT
transformation
Streamline IT process by harnessing the power of the
cloud on your terms
Dynamic provisioningIn-place upgrades
Application compatibilityWindows as a Service
Reduce disruptive deployments
End wipe-and-reload deployments, enable
managed, phased rollouts
Azure AD user state roaming OneDrive for Business and
Office 365
Always have what you need
Access your apps and data from any Windows device
FOR IT FOR END USERS
Windows Ink
Interact the way you want
Do more with digital ink
MANAGING INNOVATION
Not all users and devices are the same. Some need
to be current and up to date, others need to stay
static, sometimes for years.
Historically, technology adoption is dragged down
by compatibility, complexity and cost.
Addressing modern security threats requires
rapidly deploying updates and new functionality.
Managing the tension between staying up to date and the historic complexity
of migration.
S P E E D O F C H A N G E D R I V E S N E E D F O R I N C R E A S E D A G I L I T Y
R E D U C I N G F R A G M E N T A T I O N
WINDOWS AS A SERVICE
60 days4 months 12 – 22 months4 - 8 months
Feedback Pilot Production
RELEASE LIFECYCLE
RELEASE
WINDOWS AS A SERVICE CADENCE
July July2016Jan July
2017Jan
2018Jan
Creators UpdateHypothetical date
Feedback Pilot Production
November Update November 2015
Feedback Pilot Production
Windows 10 July 2015
Feedback Pilot Production
Anniversary UpdateAugust 2016
Feedback Pilot Production
T W O R E L E A S E S S U P P O RT E D I N M A R K E T
MORE PRODUCTIVE FOR IT
BEFORE AFTERWINDOWS 10
Deployment Time 4 Y E A R S 2 YEARS
Deployment IT Resources 1 5 F T E 5 FTE
Installation IT Time 6 0 M I N . 5 MIN
DESKTOPMGMTTIME SAVINGS 15%
C O M P A R E D W I T H P R E V I O U S W I N D O W S V E R S I O N S , T H E [ C O M P O S I T E ] O R G A N I Z A T I O N E S T I M A T E S I T H A S R E D U C E D D E S K T O P M A N A G E M E N T R E S O U R C E T I M E B Y 1 5 % F O R D E V I C E S T H A T H A V E B E E N U P G R A D E D T O W I N D O W S 1 0 . ”
“
Source: “The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.
MORE PERSONAL
ContinuumContinuum for Phone
Universal Windows Apps
Get the best experience
The best screen is always the one you’re on
Cortana, with Azure ADCortana Analytics and
Power BI
Put your digital assistant to work
Get proactive help and business intelligence from a
true assistant
POWERFUL, MODERN DEVICES
In-place upgradeHardware compatibility
Bring innovation to your current PCs
Windows 10 works great on Windows 7 PCs
SurfaceWindows Phone3rd party devices
Achieve more with modern devices
Get the best experience with Windows 10 on modern hardware with a range of
innovative devices across 2-in-1s, tablets, and phones
Windows 10 IoTManaged user
experienceVertical specific devices
Vertical industry and IoT solutions
Find the right device for your Line of Business and
IoT scenarios
Surface HubHoloLens
Devices that redefine
productivity
Revolutionary new devices
Safer and more secure
Powerful, modern devices
More personalMore productive
Achieve more and transform your business with the most secure Windows ever.
Source: “The Total Economic Impact(TM) Of Windows 10, a commissioned study conducted by Forrester Consulting on behalf of Microsoft, June 2016. Results are for a risk adjusted composite organization based on customer interviews.
TOTAL ECONOMIC IMPACT OF WINDOWS 10
T H E
W I N D O W S 1 0 E N A B L E S P R O D U C T I V I T Y A N D I N C R E A S E D B U S I N E S S P E R F O R M A N C E . ”
“
FINANCIAL BENEFITS
13P A Y B A C KMONTHS188% R O I
N P V3 YEAR
DESKTOP MGMT
TIME SAVINGS
15%
SECURITY BENEFITS
33%REDUCTION IN SECURITY ISSUES & TIME TO RESOLVE
SECURITY ISSUEREMEIDIATION SAVINGS
710K$PER YEAR
[New features] help Windows 10 to be probably the most secure out-of-the-box Windows Platform”
“IT MANAGER, US PROFESSIONAL AUTO RACING TEAM
DEPLOYMENT IS EASIERB E F O R E AFTER WINDOWS 10
Deployment Time 4 Y E A R S 2 YEARS
Deployment IT Resources 1 5 F T E 5 FTE
Installation IT Time 6 0 M I N . 5 MIN
Office 365
Enterprise Mobility + Security
Windows 10 Enterprise
Delivered through enterprise cloud services
Always up to date
More productive Powerful, modern devicesMore personalSafer and more secure
Windows Information Protection
Windows Hello
Credential Guard
Device Guard
AppLocker
Windows Defender Advanced Threat Protection
Azure Active Directory Join
Mobile Device Management
Application Virtualization
(App-V)
Windows Ink
Windows Store for Business
Cortana Management
Managed User Experience
User Experience Virtualization (UE-V)
Windows 10 for Industry Devices
Innovative designs
New experiences
Best in class performance
The most trusted platform The most versatile devices
Get links to Windows 10 ISV support statements
http://www.readyforwindows.com
We are actively engaged with ISVs, to ensure full support for Windows as a service
Track upgrade readinessLeverage telemetry to see what’s happening in your organization
Identify app and driver issuesSee app and device details, known issues
RemediateImplement suggestions to resolve issues
Drive deployment
http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics
How to deploy Windows 10
From Windows 7, 8, 8.1
In-Place Upgrade
Traditional Deployment
New Devices
Provisioning Traditional Deployment
Windows 10: Stay Current
In-Place Upgrade
Data Center Server
RouterSwitches
Wireless Access Point
Data Center Server
RouterSwitches
Wireless Access Point
Without peer-to-peer With peer-to-peer
Upgrade process: Preflight
http://blogs.technet.com/b/mniehaus/archive/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe.aspx
Take off-the-shelf hardware
Transform with little or no user interaction
Device is ready for productive use
Provisioning, Not Reimaging
• Company-owned devices:Azure AD join, either during OOBE or after from Settings
• BYOD devices:“Add a work account” for device registration
• Automatic MDM enrollment as part of both• MDM policies pushed down:
• Change the Windows SKU• Apply settings• Install apps
• Create provisioning package using Windows Imaging and Configuration Designer with needed settings:
• Change Windows SKU• Apply settings• Install apps and updates• Enroll a device for ongoing management (just
enough to bootstrap)• Deploy manually, add to images
User-driven, from the cloud IT-driven, using new tools
Microsoft Deployment Toolkit
MDT 8443 version 1607
Configuration Manager
https://blogs.technet.microsoft.com/enterprisemobility/2016/06/24/faq-system-center-configuration-manager-current-branch/
https://technet.microsoft.com/en-us/library/mt732696.aspx
What customers are telling usPasswords
are no longer
sufficient We need to be adopting new technologies as fast as our
customers
My users need access to their apps
and data anywhere, anytime
Too many tools and too much
fragmentation
No more big deployments
We want more transparency and an open
dialogue with Microsoft
IT Budgets are under pressure.
Show us how we can cut
IT costs
How do I protect my corporate
data
Security of our mobile devices is a top concern
Unmatched flexibility and control, depending on needs Current Branch for Business
Benefits from new featuresBegins broad deployment
Information workersGeneral population
Long Term Servicing Branch
Deploy for mission critical systems
No need for frequent new features (or any sort of change)
Too expensive for general population
Specialized systems
Specific feature and performance feedback
Application compatibility validation
Windows Insider Preview Branch
Test machines, small pilots
Current Branch
Deploy to appropriate audiences Test and prepare for broad
deployment
Early adopters, initial pilots, IT devices
STAGE
NU
MBE
R O
F D
EVIC
ES
Release
Microsoft Insider Preview Branch
Broad Microsoft internal validation
Engineering builds
Pilot Broad Deployment
*Conceptual illustration only
Time
~6 months
Broad Deployment
Ring IBroad
Deployment Ring II
Broad Deployment
Ring IIIBroad
Deployment Ring IV
Pilot Ring IT Pilot Ring
QA Pilot RingEarly Adopters
16 + months
Users
10’s of thousands
Several Million
Hundredsof millions
With Windows 10 servicing, consistency and simplicity are paramount
Changes announced for older Windows releases as well
With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality
Typical Windows 7 PC:Selectively Patched
Windows 7 Test Lab PC:Fully Patched
What customers are running
What we are testing
Y
YY
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Traditional deployment (every 3-5 years)
Apps Infra Imaging Deploy
2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028
Windows as a service (twice per year)
Apps Infra Imaging Deploy
2009 2015
Apps Infra Imaging Deploy
Total costs over three years of WaaS needs to be the same or better than the traditional deployment project cost• Application testing and validation• Infrastructure remediation, upgrades• Deployment itself
All need to be reduced by nearly an order of magnitude
Imaging costs can be eliminated
1 Configure Insider PCs• Lab or secondary PCs• Enough to explore new features, measure compatibility
2 Identify special PCs• Deploy Windows 10 Enterprise LTSB• Limited numbers (we hope)
3 Recruit volunteers for pilots• Willing participants who will provide feedback• Cover the broadest set of apps and devices possible
4 Divide broad population of PCs• Standard deployment best practice• Focus on risk reduction, minimizing disruption
Differentiator Current BranchCurrent Branch for
BusinessLong Term Servicing
BranchPrimary purpose Pilot Deployments Broad Deployment Special Devices
Deployment timeline Soon after release About 4 months (or more) after release
Any time during lifecycle
Release frequency About every six months Approximately every 2-3 years
Updates All security fixes, moderate bar for other fixes All security fixes, high bar for other fixes
Apps All in-box apps No in-box apps (except system apps)
Browser Edge and Internet Explorer 11 Internet Explorer 11
Windows features All Excludes Cortana,Windows Store
Platform features Win32, Universal Windows Platform Win32, Universal Windows Platform
Microsoft Windows 10 Enterprise(Current Branch, Current Branch for Business)
Microsoft Windows 10 Enterprise 2016 LTSB
1 Validate critical apps and infrastructureEnsure new release works with business-critical apps, core infrastructure tools
2 Begin pilot deploymentsStart with IT, expand to broader volunteer audience, for app and hardware validation
3 React as needed to feedbackA few issues are expected, have a remediation plan in place.
4 Deploy to the broad populationFocus on risk reduction, minimizing disruption through scheduling, segmentation
0
200
400
600
800
1000
1200
2015-11 2015-12 2016-01 2016-02 2016-03 2016-04 2016-05 2016-06 2016-07 2016-08 2016-09 2016-10
Full Update Size (MB)
0
200
400
600
800
1000
1200
2015-11 2015-12 2016-01 2016-02 2016-03 2016-04 2016-05 2016-06 2016-07 2016-08 2016-09 2016-10
Full Update Size (MB) Express Download Size (MB)
2710
3630
1971
2540
0
1000
2000
3000
4000
x86 x64
Feature Update Size (MB)
Media Size (MB)
ESD Download Size(MB)
savings of about 35% later in 2017 2710
3630
1971
2540
0
1000
2000
3000
4000
x86 x64
Feature Update Size (MB)
Media Size (MB)
ESD Download Size(MB)
ESD Diff Download Size(est.)
PURCHASING & EDITIONS
o Win10 Proo Win10 Home
FPP (Retail)
OEM (pre-installed)
Volume Licensing (upgrade)
o Proo Enterprise (E3/E5)o Enterprise LTSBo Education (E3/E5)
o Proo Home
Mobile
o Mobileo Mobile Enterprise
OEM VS VOLUME LICENSING
OEM VolumeLicense
o License tied to deviceo Limited downgrade rightso No Software Assuranceo Editions: Home, Pro o No Enterprise featureso Licensed per device
o Upgrade license (requires qualifying OS)o License not linked to deviceo Downgrade rights*o Software Assuranceo Editions: Pro, Enterprise (E3/E5),
Enterprise LTSBo Enterprise featureso Re-imaging rightso Volume Activationo Licensing per device / per user
*hardware limits may apply
ENTERPRISE FEATURES
Windows To GoCreator
CredentialGuard
Start ScreenControl
DeviceGuard
DirectAccess
BrancheCache
AppLocker
VDIEnhancement
(not in LTSB)
ManagedUser
ExperienceApp-V
DefenderAdv.ThreatProtection
(E5/Edu E5)
SOFTWARE ASSURANCE
No SA SA Included
ProfessionalEnterprise LTSB
Enterprise E3 / E5Education E3 / E5
New Version Rights
MDOP
Windows Thin PC
Virtual Desktop Access (VDA) Rights
Windows To Go Use Rights
Licensing Per User
Per-User Add-on
Training Vouchers
SA Benefits
Planning Services
Windows 10 Mobile Enterprise
WINDOWS AND VDI
USER
OEM license Win Enterprise E3/E5
(upgrade license) per device
FAT CLIENT THIN CLIENT
Option 1: Win Enterprise E3/E5 per User
Option 2: VDA per user
No OEM = no (Enterprise) upgrade license possible
VDA license per device
LICENSING PER DEVICE VS PER USER
PERDEVICE
PERUSER
Enterprise E3/E5 per User Virtual Desktop Access (VDA)per user
Requirements Primary user’s primary device must be licensed for Win 7/8.1/10 Pro, Ent, or Edu
No device requirements; maybe assigned to any user
License model Per user; no device limits
Local install of Windows Enterprise
On any Windows 7/8.1/10 Pro, Enterprise, or Education device or Windows tablet ≤ 10.1 inches
VDI Access and Windows ToGo
Any device
WINDOWS AS A SERVICE
Level of effort needed for traditional Windows deployments versus servicing Windows 10
SERVICING BRANCHES
Timing of feature updates
Delay feature updates
Ongoing security updates
Appropriate for
Windows Insider Program
Pre-production (beforeCB) NA Yes
IT Pro’s, early adopters, testing machines
Current Branch (CB) As available 180 days (as of build1607) Yes
consumer devices, early adopters, testing machines
Current Branch forBusiness (CBB)
Ca. 4 months after theCB release
180 days (as of build1607) Yes
most business devices -information workers
Long Time ServicingBranch (LTSB)
Estimated every 2-3 years Up to 10 years yes
special "mission-critical" devices (e.g. medicaldevices, ATM's, …)
WIN10 E3/E5 PER USER IN CSP (CLOUD SOLUTION PROVIDER)
The CSP Model
Realdolmen-managed software & services (& hardware)Realdolmen support includedPay-as-you-go modelFlexible upscaling/downscalingFlexible invoicing
Win10 in CSP
OEM (on devices in Business Premium Bundle)Enterprise E3/E5 per user
CB / CBB servicing BranchesNo LTSBNo downgrade rightsMax. 5 devices per user
CSP: REALDOLMEN O365 BUSINESS PREMIUM BUNDLE
Software Services Hardware
Implementation & MigrationTrainingSupport
O365 Business PremiumOfficeExchange onlineSkype for BusinessOneDrive for Business
Surface Pro4 or HP Elite X2
Mobile Device ManagementSecurityNext business dayreplacement in case of defect
Note: contact Realdolmen for details and specific terms and conditions