How different is your migration to Windows 10? David Biot Xylos - - PowerPoint PPT Presentation

David Biot Xylos

How different is your migration to Windows 10?

It’s really happening

From DIGITAL at the SIDELINE To DIGITAL in the CORE

The Solutions

CHANGE

Digital coaching ICT Training E-Learning

SOCIAL

Collaboration Information Management / Business intelligence Unified Communications Apps

DIGITAL WORKPLACE

Identity Application delivery Mobile Management

INTELLIGENT CLOUD

Composable infrastructure Hybrid Cloud Networking/Security Automation Internet of things Analytics Mixed reality

The Recipe

Who am I?

David Biot Competence Center Lead IT Lifecycle Management >8 years of experience with Client and Datacenter Management Tools

David.Biot@xylos.com @davidbiot www.linkedin.com/in/davidbiot

• Why is a migration to Windows 10 different than previous Windows migrations

9th of March 2017

• Windows 10 and security: a scenario-based approach

16th of March 2017

• Managing Windows 10 from the cloud

23rd of March 2017

• Onboarding your Windows 10 users with Oase

30th of March 2017

Windows 10: What it’s all about

One Converged Windows Platform

Sources: Gartner, Ponemon Institute, IdeaPaint, MIT Center for IS Research

200+ Days

Median # of days attackers are present before detection

$3.5M

Average cost of data breach (15% YoY increase)

I’m worried about security threats and managing the risk to my business. Decade-old PC tech, infrastructure, and processes drive up IT costs and slow business agility. $146-$188 per device

Cost of keeping user devices up to date and secure

$1,930 per PC

Cost of upgrading Windows XP to Windows 7

My employees need to be productive on every device they use. 80% of workers

spend a portion of their time working outside the office

38% of Millennials

feel outdated collaboration tools hinder innovation

We need to capitalize on new business opportunities quickly. 41% of CEOs

expect digital revenue to double

• ver the next 5 years

47% of existing revenue

considered to be under threat in the next 5 years

Windows 10 Enterprise

Always up to date More productive Powerful, modern devices More personal Safer and more secure

Windows Information Protection Windows Hello Credential Guard Device Guard AppLocker Windows Defender Advanced Threat Protection Azure Active Directory Join Mobile Device Management Application Virtualization (App-V) Windows Ink Windows Store for Business Cortana Management Managed User Experience User Experience Virtualization (UX-V) Windows 10 for Industry Devices Innovative designs New experiences Best in class performance

The most trusted platform The most versatile devices

Home Pro Enterprise

Productivity & user experience | Familiar and productive user experience Windows Ink1 Start Menu and Live Tiles Tablet mode Continuum for phones2 Voice, pen, touch, and gesture3 Cortana4 Microsoft Edge Management and deployment | Enhanced management features to empower device and app management and deployment Group Policy Mobile Device Management5 DirectAccess AppLocker Enterprise State Roaming with Azure Active Directory6 Windows Store for Business7 Assigned Access Managed User Experience Dynamic Provisioning Microsoft Application Virtualization (App-V)8 Microsoft User Environment Virtualization (UE-V) Windows Update Windows Update for Business Shared PC configuration Security | Delivers critical security capabilities, system and app updates, and the compatibility you need to help secure your devices and infrastructure from modern threats Windows Hello9 Windows Hello Companion Devices10 Windows Information Protection11 Device encryption12 BitLocker13 and BitLocker to Go Credential Guard14 Device Guard Trusted Boot Windows Device Health Attestation service15 Windows fundamentals | Core features included in Windows Domain Join Azure Active Directory Domain Join, with single sign-on to cloud-hosted apps16 Enterprise Mode Internet Explorer (EMIE) Remote Desktop Client Hyper-V Windows to Go BranchCache

Windows 10 edition comparison

Reflects Anniversary Update features

What’s next?

Windows Creators Update

https://www.microsoft.com/en-us/windows/upcoming-features

https://www.howtogeek.com/278132/whats-new-in-windows-10s-creators-update/

Windows Business Roadmap

https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap

Windows 10 is on a roll!

Microsoft by the numbers

Windows 10 Security

MODERN SECURITY THREATS

“THERE ARE TWO KINDS OF BIG COMPANIES, THOSE WHO’VE BEEN HACKED, AND THOSE WHO DON’T KNOW THEY’VE BEEN HACKED.”

JAMES COMEY, FBI DIR EC TO R

“CYBER SECURITY IS A CEO ISSUE.”

Cyber threats are a material risk to your business

200+DAYS

Median number of days attackers are present on a victims network before detection

$3 TRILLION

Impact of lost productivity and growth Average cost of a data breach (15% YoY increase)

$3.5 MILLION

Attacks are fast, efficient, and easier than you think

46%

• f compromised systems had

no malware on them

23%

• f recipients opened

phishing messages

50%

• f those who open,

click attachments within the first hour

SAFER AND MORE SECURE

Windows Hello Windows Hello for Business Companion Device Framework Credential Guard

Replace passwords, protect identities

Strengthen auth. with biometrics and hardware-based multi-factor Secure Boot Device Guard Windows Defender

Only run software you trust

Eliminate Malware on corporate devices Windows Information Protection

Protect sensitive corporate data

Automatic encryption with persistent protection Windows Defender Advanced Threat Protection

Detect compromised devices quickly

Use behavioral detection, cloud, and human threat intelligence to quickly identify compromised devices

Windows Trusted Boot Windows Hello Credential Guard Device Guard Enterprise Data Protection Windows Defender ATP

WINDOWS 7 WINDOWS 10

Pentagon orders Windows 10 to be installed on all 4 million of its PCs System Update: Pentagon Upgrading 4 Million Devices to Windows 10 Pentagon to move fast in shift to Windows 10

US DEPARTMENT OF DEFENSE

Microsoft Receives The Ultimate Windows 10 Security Proof Point… Microsoft landed a huge deal to bring Windows 10 to 4 million Defense Department employees Microsoft Sells U.S. Defense Department on Windows 10

Windows As A Service

Introducing Windows as a Service

Deploying Windows 10

Deployment Strategies

Let Windows do the work

• 1. Preserve data, settings, apps,

drivers

• 2. Install (standard) OS image
• 3. Restore everything

In-Place Upgrade

New capability for new devices Transform into an enterprise device Remove existing items Add organizational apps Add organizational configuration

Provisioning

Familiar enterprise process for all scenarios

• 1. Capture Data / Settings
• 2. Deploy (custom) OS image
• 3. Inject Drivers
• 4. Install Apps
• 5. Restore Data / Settings

Wipe & Load

• Architecture (x86  x64)
• Base OS language
• Domain
• Local Administrators
• Configuration drift
• Moving from XP or Vista
• Custom base image
• BIOS  UEFI
• Disk partitioning
• WinPE Offline Operation
• 3rd party anti-virus
• 3rd party disk encryption*
• Bulk app change

New Device Existing Device

Deployment Strategies – In Place or Wipe & Reload?

• Architecture (x86  x64)
• Base OS language
• Domain
• Local Administrators
• Configuration drift
• Moving from XP or Vista
• Custom base image
• BIOS  UEFI
• Disk partitioning
• WinPE Offline Operation
• 3rd party anti-Virus
• 3rd party disk encryption*
• Bulk app change

New Device Existing Device

Deployment Strategies – In Place or Wipe & Reload?

Might change with Creators Update: MBR2GPT /ReflectDrivers

Management Choices

Basic Traditional Mobile Device Management Lightweight Full Control Update Approach

Windows 10 Servicing

Windows as a service: Servicing Windows

With Windows 10 servicing, consistency and simplicity are paramount

Threat protection over time

Attackers take advantage of periods between releases

W I N D O W S R E L E A S E T H R E A T S O P H I S T I C A T I O N

T I M E C A P A B I L I T Y

Game change with Windows as a Service

Disrupt and out innovate our adversaries by design

What needs to change

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

Traditional deployment (every 3 - 5 years)

Apps Infra Imaging Deploy 2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028

Windows as a service (twice per year)

Apps Infra Imaging Deploy

Windows as a service: Building Windows

Microsoft Insider Preview Branch Broad Microsoft internal validation Engineering builds

Users 10’s of thousands Millions Time

~6 months

Microsoft Insider Preview Branch Broad Microsoft internal validation

Engineering builds

CB (Release Ready) Pilot CBB (Business Ready) Broad Deployment

*Conceptual illustration only

Time

~6 months

Broad Deployment Ring I Broad Deployment Ring II Broad Deployment Ring III Broad Deployment Ring IV Pilot Ring IT Pilot Ring QA Pilot Ring Early Adopters

16 + months

Users 10’s of thousands Several Million

Hundreds

• f millions

Windows as a service: Deploying Windows

Windows as a service: timelines

Windows Insider Preview Branch

Specific feature and performance feedback Application compatibility validation Deploy to all audiences, in waves to reduce risk Deploy to pilot audiences Validate and prepare for broad deployment

Deploy / Use

6+ months of active development ~4 months 12+ months 16+ months to validate, deploy, and use each release

Grace

New Windows 10 Release

Evaluate Pilot Deploy / Use

The process repeats… 60 days

July July 2016 Jan July 2017 Jan 2018 Jan

Example 2017 Release

Hypothetical date

Feedback Pilot Production

November Update

November 2015

Feedback Pilot Production

Windows 10

July 2015

Feedback Pilot Production

Anniversary Update

August 2016

Feedback Pilot Production

Tw o r e l e a s e s s u p p o r t e d i n m a r ke t https://technet.microsoft.com/en-us/windows/release-info.aspx

Windows as a service CADENCE

Windows as a service: Deploying Windows

Current Branch for Business (Business Ready)

Benefits from new features Begins broad deployment

Information workers General population Long Term Servicing Branch

Deploy for mission critical systems No need for frequent new features (or any sort of change) Too expensive for general population

Specialized systems

Specific feature and performance feedback Application compatibility validation

Windows Insider Preview Branch Test machines, small pilots Current Branch (Release Ready)

Deploy to appropriate audiences Test and prepare for broad deployment

Early adopters, initial pilots, IT devices STAGE NUMBER OF DEVICES Release

Differentiator Current Branch Current Branch for Business Long Term Servicing Branch Primary purpose Pilot Deployments Broad Deployment Special Devices Deployment timeline Soon after release About 4 months (or more) after release Any time during lifecycle Release frequency About every six months Approximately every 2-3 years Updates All security fixes, moderate bar for other fixes All security fixes, high bar for other fixes Apps All in-box apps No in-box apps (except system apps) Browser Edge and Internet Explorer 11 Internet Explorer 11 Windows features All Excludes Cortana, Windows Store Platform features Win32, Universal Windows Platform Win32, Universal Windows Platform

Understand the differences with Windows 10 LTSB

Microsoft Windows 10 Enterprise

(Current Branch, Current Branch for Business)

Microsoft Windows 10 Enterprise 2015 LTSB

Compatibility in Windows 10

Outstanding compatibility means a smooth migration from Windows 7 or Windows 8.1

How to validate applications

TELEMETRY-BASED INSIGHTS TO REDUCE COSTS AND INCREASE PRODUCTIVITY

Upgrade Analytics Plan upgrades by identifying devices that are ready, and top app/driver compatibility blockers for the rest (Available now) Health Analytics Reduce support costs by pro-actively identifying and remediating top end- user impacting issues (Future) Update Analytics Ensure update and antimalware compliance with timely reports for all your devices (even those on the road) (Coming Soon)

Windows Analytics

Windows as a service: Servicing Windows

With Windows 10 servicing, consistency and simplicity are paramount

Windows as a service: Servicing Windows

With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality

Typical Windows 7 PC: Selectively Patched Windows 7 Test Lab PC: Fully Patched What customers are running What Microsoft is testing

WSUS Server

KB1001 KB1002

October November

KB1003

December

KB1004

January

KB1005

February

Older deltas

New deltas

Older deltas

New deltas

Older deltas

New deltas

Older deltas

New deltas

Older deltas

New deltas New deltas New deltas New deltas New deltas New deltas

Express Updates Illustrated

Updating Tools

Express packages Peer-to-peer Throttling Scheduled distribution Advanced capabilities

Closing

Secure Productive Enterprise Plan Overview

Secure Productive Enterprise Plans E3 E5

Authoring

Word, Excel, PowerPoint, OneNote

X X

Sites & Content management

SharePoint, OneDrive

X X

Mail And Social

Outlook, Exchange, Yammer

X X

Meetings & Voice

Skype for Business, Skype Teams PSTN Conferencing, Cloud PBX

X X X

Apps & Device Management

Microsoft Intune, Azure Active Directory Premium P1 Windows Store for Business, Microsoft Desktop Optimization Package, VDA

X X X X

Analytics

Power BI, Delve Analytics, Personal and Org Analytics

X

Security & Compliance

Office 365: Encryption, Data Loss Protection, Rights Management Windows: Enterprise Data Protection, Windows Hello, Credential Guard, Device Guard, App Locker EMS: Microsoft Advanced Threat Analytics, Azure Information Protection P1 Office 365: Advanced Threat Protection, Advanced Security Management, Customer Lockbox, Advanced eDiscovery Windows: Windows Defender Advanced Threat Protection EMS: Azure Active Directory Premium P2, Microsoft Cloud App Security, Azure Information Protection P2

X X X X X X X X X Enterprise Plan Add-ons

PSTN Calling** Skype for Business

• Why is a migration to Windows 10 different than previous Windows migrations

9th of March 2017

• Windows 10 and security: a scenario-based approach

16th of March 2017

• Managing Windows 10 from the cloud

23rd of March 2017

• Onboarding your Windows 10 users with Oase

30th of March 2017

www.xylos.com/windows10

What can Xylos do for YOU?

Workshop/POC Windows 10 Workplace design Build Image Distribute image Manage Windows & Applications User adoption

Consultant Profiles

• Workplace Architects
• Deployment experts
• Packagers
• Project Leaders
• Learning department
• Communication experts
• …