Spark the future.

May 4 – 8, 2015Chicago, IL

Preparing Your Infrastructure for Windows 10Samesh Singh

BRK3325

Session Outline

Devices and DeploymentManagement & SecurityIdentityCloud

“Preparing for Windows 10 Deployment: Application Compatibility and Planning” by Michael Niehaus

The End State Determines the Journey

Corporate Device (N-1)

Corporate Device

(N)

New Features

Continuous Innovation

Corporate Device Today

New Features

Corporate Device or xYOD

on Windows 10

New Features

New Features

Management

Deconstructing a Device

Device

Windows 10

My Personal Applications

My CorporateApplications

My Personal Settings

My CorporateSettings

My Personal Data

My CorporateData

My Personal Identity

My Corporat

e Identity

Devices & Deployment

Devices

Standard Deployment Windows 10 Features

BitLocker WDDM 1.1

BitLocker Passport Virtual Secure Mode Secure Boot Device Guard WDDM 2.0

BIOS / UEFI TPM 1.2

UEFI Trusted Platform Module

Wipe or Upgrade?

Windows 7 Windows 8 Windows 8.1 Windows 8.1 Update

Complexity User Experience Helpdesk Setup IR

Custom Solution MDT Upgrade Update

80% FTE 1 Year 95% FTE 8 Months 95% FTE 3 Months 95% FTE 5 Weeks

Considering an In-Place Upgrade

In-Place UpgradeAppsOperating

SystemDevice

“Deploying Windows 10: Back to Basics” by Tim Mintner

Consider Wipe ‘n Load when…

Operating SystemDevice Apps In-Place

Upgrade

BIOS UEFI Disk layout Custom WinPE New device

Architecture Base language Domain Change Local Admins Configuration

drift <Windows 7 RTM Custom image

Bulk app change

Refresh

Preparing Imaging Processes for Windows 10

Windows Imaging &

Configuration Designer

Deployment & Image Servicing &

Management

Microsoft Deployment Toolkit

System Center Configuration

Manager

User State Migration Tool

Recovery Image

“What’s new with OSD in System Center Configuration Manager and the Microsoft Deployment Toolkit ” by Aaron Czechowski

User State Migration Tool

/Drivers /PPKG

Migrating Device Drivers

Provisioning

Take off-the-shelf hardware

Apply a provisioning package

Device is ready for productive use

“Provisioning Windows 10 Devices with New Tools” by Vladimir Holostov

Man

ag

em

en

t

Ru

nti

me P

rovis

ion

ing

Deploy TimeProvisioning Package

My Personal Applications

My CorporateApplications

My Personal Settings

My CorporateSettings

My Personal Data

My CorporateData

My Personal Identity

My Corporate Identity

Provisioning

Device

Operating System Image

Out Of Box Experience

RuntimeProvisioning

Out of Box Provisioning

Preparing for Windows 10 Provisioning

Bootstrapping MDM Enrollment

Non-Domain, Non-MDM Windows 10

Out of box compliance

Configuration Service Providers

Review Your Image

Cloud Services

Azure Active Directory

Azure RMSMicrosoft Intune

Windows Store

Windows Management

Server Software System Center Configuration Manager

Microsoft Desktop Optimization Pack (MDOP)

Windows Server Active DirectoryGroup PolicyWindows Server Update Services (WSUS)

Windows Client

Windows Management Instrumentation (WMI)

Windows Remote Management (WinRM)Windows UpdateGroup Policy Client Mobile Device Management (MDM) Agent

PowerShellAppLocker

Local Management

MDM Client

Common Device Configurator

WMI providers

Provisioning Engine

MDM Configuration Service Providers (CSP’s)

EAS Client WMI Bridge

DEVICE/OS

SERVICE/SERVER

EASProvisioningMDM (Intune) ConfigMgr

Common component PC component

“Windows 10 Mobile Device Management in Depth” by Janani Vasudevan

Domain Impact

ActivationGroup Policy

WMI Filters

Windows Server Update Services

Active Directory

Active Directory Changes for…

Microsoft Passport

Enterprise Data

Protection

“Protecting your data with containers without boxing yourself in” by Yogesh Mehta

Configuration Manager

Product Supports Windows 10 Management?

Supports Windows 10 Deployment?

System Center Configuration Manager 2007

System Center 2012 Configuration Manager

System Center 2012 R2 Configuration Manager

System Center Configuration Manager v.Next

• Support for the new ADK for Windows 10 (2012 and above)• Upgrade task sequence (v.Next)

Configuration Manager

System Center Configuration Manager Technical Preview

Currently w/c 11 May Q4 CY 2015 In-Place Upgrade

vNext Technical Preview

All current System Center 2012 Configuration Manager R2 functionality for Windows 10

vNext System Center

Configuration Manager 2007 compatibility pack (no OSD or client deployment)

“Managing Windows 10 with Intune and System Center Configuration Manager” by Jason Githens & Mark Florida

Azure Active Directory

Cloud Identity

Independent cloud identity

Synchronized Identity 

Single identity, enabling a same sign-on experience with password hash sync

Federated Identity

Single federated identity, enabling single sign-on in some scenarios and additional flexibility

Microsoft IntuneConfiguration Service ProviderA CSP is an interface to read, set, modify, or delete configuration settings on the device

SyncMLFile with all information to configure CSP

Sample SyncML - MinDevicePasswordLength<SyncML xmlns='SYNCML:SYNCML1.2'>

<SyncHdr> <VerDTD>1.2</VerDTD> <VerProto>DM/1.2</VerProto> <SessionID>1</SessionID> <MsgID>1</MsgID> <Target>

<LocURI>{unique device ID}</LocURI> </Target> <Source>

<LocURI>https://www.contoso.com/mgmt-server</LocURI> </Source> </SyncHdr> <SyncBody> <!-- update device setting --> <Replace>

<CmdID>2</CmdID> <Item>

<Target> <LocURI>./Vendor/MSFT/PolicyManager/My/DeviceLock/MinDevicePasswordLength</LocURI>

</Target> <Meta>

<Type xmlns="syncml:metinf">text/plain</Type> <Format xmlns="syncml:metinf">int</Format>

</Meta> <Data>6</Data> </Item>

</Replace> <Final /> </SyncBody> </SyncML>

OMA-URIOpen Mobile Alliance

Uniform Resource Uniform Resource

Identifier

Syn

cM

L

Syn

cH

ead

er

Syn

cB

od

y

Value

Device

Cloud Domain Join &Enrollment

How to Get Ready for Mobile Solutions

Common Identity(Active Directory + Azure Active Directory)

Device

Mobile Device Management

Data Protection & Access

Server Software Microsoft Desktop Optimization PackDaRT

System Center 2012 R2 Configuration Manager*

Upgrade possible Update to support

upgrade, deploy, manage

Windows Server Active Directory 2008 or later

Group PolicyADMX Update

Windows Server Update Services

Windows Update Activation

Windows Update

Windows Image In-Place Upgrade*

Windows 10 Image

MDT UpdateArchitectureConfiguration

DeviceFirmwareDisk Layout

Modernizing with Windows 10 – Heat Map

Extending with Windows 10 – Heat MapDeploymentProvisioning

New Windows ADKWICDMDM service

ManagementCM vNextMDM

New feature management and configuration

IdentityMicrosoft PassportWindows Hello

Azure ADAzure AD ConnectPKISchema/DCs

SecurityVirtualization-based security

Device GuardEnterprise Data Protection

Secure BootTrusted Boot

DeviceUEFI 2.3.1 or laterTPM 1.2 or laterVirtualization ExtensionsBiometric Reader

Quality-Based Releases

Enterprise-ready

CurrentBranch forBusiness

Long TermServicingBranchC

urr

en

t B

ran

ch

Hundredsof millions

Bro

ad

Exte

rnal

Flig

hts

Several million

Lim

ited

Exte

rnal

Flig

hts

100’s ofthousands

Bro

ad

In

tern

al

Valid

ati

on

10’s of thousands

En

gin

eeri

ng

B

uild

s

# Users

Time

Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.

Please evaluate this sessionYour feedback is important to us!

© 2015 Microsoft Corporation. All rights reserved.