W8 & Deploy
Craig Forster
Windows 8.1 for the IT Pro
Senior Premier Field EngineerMicrosoft Danmark
Windows 8.1 is FREE
to upgrade from Windows 8
Support ends atthe same time as
Windows 8Standard support ends in Jan 2018Extended support ends in Jan 2023
VL/TechNet/MSDN ISOs out 17 Sept
Agenda
Windows 8.1 for IT Pros
• Start Menu and Search• Connectivity changes and
features• Security features
Where to next?
• Windows To Go• Management and
Sideloading• Remote Desktop Services
Start Menu and Search
The start button is back
You can chooseto boot to the desktop
Start menu and Search
• Make “All Apps” view the default…and set Windows Store apps to:• appear first,• or appear last
• Control Start menu layout
• Assigned Access• Windows key + X• Bing integrated Search• Controlled by GPOs
Demo1. Customising the start screen2. Enforced Start screen layout3. Assigned Access4. Windows + X
Enforcing the Start Layout
Connectivity changesand features
Connectivity changes and features
• Native 3G/4G supportwith tethering
• 3rd party VPN support in-box
• Windows Store apps can auto-start VPN connections
• Workplace Join• Web Application Proxy
• Work Folders• Selective Wipe over EAS or
EAS+OMA-DM
Native 3rd partyVPN clients
Windows Store Apps can launch VPNs
Add-VpnConnectionTriggerApplication -ConnectionName “Contoso VPN Connection“ -ApplicationID
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe","Microsoft.RemoteDesktop_Contoso0987"
Non-domain-joined machines only
Workplace Join&
Web Application Proxy
Registering and Enrolling Devices
Work Folders
Security features
Security features
• Native biometrics
• Virtual Smart Cards
• TPM Key Attestation
• Can sign-in with fingerprint, natively
• Touch, not swipe devices
• Part of "Convenience Logon" settings within EAS
• Modern apps use fingerprint:• Confirming purchase, profile change, in-app
experiences• Helps control and personalize device
experience• Highly desired as a means to control high-
value transactions, e.g. purchases
• Can benefit “cloaking” apps, access to an app, release credentials…
Virtual Smart Cards
TPMnon-
exportabilityisolated cryptoanti-hammering
• 2FA for local and remote access• Client authentication/mutual
auth SSL• VSC redirection for remote
connections• S/MIME email encryption• BitLocker keys for data volumes
• Removable drives can only be used on the original machine
VSC at MSIT
• 10,000 people are enrolled on Surfaces, 81K on x86 machines
• VSC on Surfaces enables VPN and Remote Apps access
• MS Policy requires users to: • request Manager Approval or• use Physical Smart Card to
provide the same level of assurance as Physical Smart Card
TPM Key Attestation
Windows To Go
Windows To Go
• Built for high random read / write speeds • Support thousands of random access I/O
per second• Provide wear-leveling features improving
drive longevity• 2-year minimum warranty• Tuned to ensure they boot and run on
hardware certified for use with either Windows 7 or Windows 8
Windows To Go
• Windows Store is enabled by default• Enterprise sideloading of Windows Store
apps continues to work• Can boot on both UEFI and Legacy BIOS • Both sets of boot components are placed on a
system partition
Users can self-provision WTG drives
Guided by a UI in the Application Catalog
Managementand Sideloading
Management and Sideloading
Management
• Windows Embedded• Auto-updating of Modern Apps• User Experience Virtualisation
(UE-V 2)
Sideloading
• SCCM Application Catalog• Company Portal• Windows InTune• Mobile Device Management
(MDM)
Thin ClientDigital
Signage
POS
Manufacturing
Medical Devices
Kiosk
ATM Industry Tablet
Windows Embedded
Auto-Updating of Windows Store Apps
User Experience Virtualisation v2
1) Added support for Windows Store
Apps2) Added periodic background refresh and refresh during loss-of-focus
3) Removed requirement for Offline
Files
Sideloading
Windows Modern AppsEnterprise
Sideloading requirements
• Windows 8 Enterprise, domain joined or with a separate Sideloading product key.
• Windows 8 Pro or Windows RT, with a separate Sideloading product key.
Sideloading Requirements
Register Apps for the user
Always in per-user context
Does not require administrative rights
Sideloading or from the Windows StoreInstallation
Register application on the computer
Installs automatically for each user
Requires administrative rights
Only Sideloading, no Windows StoreProvisioning
Delivering Windows 8 Apps
Management Infrastructure CloudSelf-Service
Portal (SSP)
Sideloading from Your Infrastructure
Windows RT Devices
Windows 8 (x86)
Download from Windows Store
Public Apps Custom LOB Apps
SCCM Application Catalog
Company Portal
Windows InTune
SCCM
Mobile Device Management (MDM)
Remote Desktop Services
Remote Desktop Services
• Pluggable Authentication (2FA) in Gateway
• Shadowing is BACK, adds:• VDI• Multi-mon and RemoteApp
sessions• Mstsc.exe integration• Server Manager integration
• SOFS Deduplication for VDI
• Storage Tiering in CSVs
Quick Reconne
ct
Improved RemoteAp
p behaviour
Dynamically Add/Remove
monitors
DX11.1 support and H.264
performance
Related Sessions
WC305 Enhance users mobile productivity with Windows 8.1
DA305 Ekstern adgang i Windows Server 2012 R2 – nye muligheder for BYOD med WAP, Workplace Join og Work Folders
WC301 How Microsoft IT Deployed Windows 8 and Windows 8.1 Preview to the Enterprise
WC309 Microsoft VDI in 2013: VDI quantum leap with Windows 8.1 and Windows Server 2012 R2!
DE301 What’s new in Windows 8.1 for developers
WC302 Application Management using System Center Configuration Manager 2012 SP1/R2
Very Bad Bad Neutral Good Very Good
1 2 3 4 5
WC303
SessionCode
1-5Craig's
Performance
1-5Relevan
ce
1-5Match
of Technical Level
OptionalCommen
t
Text to 1919
Thank you!
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.