modernize your windows management with microsoft intune - brainstorm 2018.pdf · paths to modern...

Modernize your Windows Management with Microsoft IntunePresented by Max Fritz & Doug Wilson

Systems Consultants, Now Micro

Now Micro is a Consulting & Device Life Cycle Management company

Now Micro’s Consulting Practice focuses on helping organization deliver the best end user experience by designing and

implementing the most robust Systems Management, Cloud Productivity, and Identity Management solutions available.

Office 365 Windows 10Enterprise Mobility

+ Security

Vision: Unified management across users, devices, apps and services.

Lig

ht B

lue

R0 G

188 B

242

Gre

en

R16 G

124 B

16

Red

R232 G

17 B

35

Mag

en

taR

180 G

0 B

158

Pu

rple

R92 G

45 B

145

Blu

eR

0 G

120 B

215

Teal

R0 G

130 B

114

Yello

wR

255 G

185 B

0

Ora

ng

eR

216 G

59 B

1

Lig

ht Y

ello

wR

255 G

241 B

0Lig

ht O

ran

ge

R255 G

140 B

0Lig

ht M

ag

en

taR

227 G

0 B

140

Lig

ht P

urp

leR

180 G

160 B

255

Lig

ht T

eal

R0 G

178 B

148

Lig

ht G

reen

R186 G

216 B

10

Dark

Red

R168 G

0 B

0D

ark

Mag

en

ta

R92 G

0 B

92

Dark

Pu

rple

R50 G

20 B

90

Mid

Blu

eR

0 G

24 B

143

Dark

Teal

R0 G

75 B

80

Dark

Gre

en

R0 G

75 B

28

Dark

Blu

eR

0 G

32 B

80

Mid

Gra

yR

115 G

115 B

115

Dark

Gra

yR

80 G

80 B

80

Ric

h B

lack

R0 G

0 B

0

Wh

iteR

255 G

255 B

255

Gra

yR

210 G

210 B

210

Lig

ht G

ray

R230 G

230 B

230

Microsoft EducationEmpowering students today to create the world of tomorrow

Bridging the Classic & Modern Workplaces

Modern Workplace- Work from anywhere

- Choose the device you want or bring your own

- Quick, friendly out-of-box experience

- Self-service

- Integrated and cloud-based security

- Simpler application delivery through Store/SaaS

- Data intelligence for better business insights

- Minimize on-preminfrastructure costs

- Unified identity, device and app management

- Self-service deployment without imaging

Users Apps

Microsoft Intune Learn more at microsoft.com/intune

Simplify Windows 10 management and lower TCO with EMS

Self-service deploymentMake any new PC enterprise-ready via

a simple self-service experience.

Automatically configure devices when yourusers login with their company credentials.

Use cloud intelligence

to upgrade Windows 10

and Office 365 ProPlus

with confidence.

Simplified management & securityEmbrace cloud-based management and transition at

your pace while staying in control.

Always up to dateDeliver the latest features and

security.

Control what

updates are

deployed, to

whom and

when.

Proactive insightsGet ongoing proactive insights to

diagnose and fix issues before they

happen.

Cloud updates mean youdon’t need to have on-premise update servers.Microsoft 365

EMS

Windows 10

Contoso Sign in

Corp. Username

Password

Certificate

Agentless Unified identity,

device and O365

ProPlus mgmt.

Integrateddata protection

Enterprise Mobility + Security Learn more at microsoft.com/ems

Sign in with contoso.microsoft.com

[email protected]

Next

Office 365ProPlus MGMT

Paths to Modern Management

Co-Management Architecture With ConfigMgr and Intune

Windows 7/8.x

Windows 10AD Domain-joined &

AAD Joined

Mobile devices Intune

ConfigMgr console

Azure portal

ConfigMgrSite Servers

ConfigMgr agent

AD Domain Joined

ConfigMgr agent

AD Domain Joined

AAD Joined

ConfigMgr agent

Intune MDM

AD Domain Joined

AAD Joined

AutoPilot

Intune MDM

AD Domain Joined

AAD Joined

ConfigMgr agent

Intune MDM

AD Domain Joined

AAD Joined

Existing ConfigMgr managed devices

New devices

AD/AAD

connect

Adopt Windows 10

Adopt Office 365/ProPlus

Imaging to Signature Image

1/2020

GPO to MDM Policy

Kerberos to Modern Auth

Win32 to Modern Apps

ConfigMgr Content Delivery to Cloud Content Delivery

Today

WSUS to WUfB

Adopt & Connect Transition to Modern

Modernizing with a co-management bridge

- Users see settings and data

across devices (Enterprise

Roaming of Settings)

- IT can control access via

Azure AD device-based

conditional access.

- Users sign-in conveniently

and securely with Windows

Hello for Business.

- Eliminate PC dependency

on domain controllers

- Better battery life and

performance of the device

- Extend your on-premises directory with Azure AD.

- Azure AD Join your AD domain-joined devices

- AD + Azure AD Join new devices through Auto Pilot

- Transition GPO to MDM

- Pilot Azure AD Join to identify AD auth dependencies

- Gradually move traditional management tools that rely on computer identity to their cloud equivalents or AAD enlightened versions (e.g. ConfigMgr with CMG, WSUS to WUfB)

- AAD Join new devices (AD Joined machines remain AD joined until retired)

AD/AAD

connect

Adopt Windows 10



1/2020

GPO to MDM Policy




Today

WSUS to WUfB



S E T T I N G S P O L I C I E S

O F F I C E &A P P S D R I V E R S

1. Build & maintain

custom image, gathering

everything else that’s

necessary to deploy

2. Wipe original OEM

Windows image and

replace with custom image

Time

Money

OEM/Reseller

Ship

Off-the-shelf and Shrink-wrapped Devices Employee unboxes device, self-deploys

Deliver direct to Employee

Employee driven Self-Deployment

• Custom imaging – expensive, limits HW choice, impairs talent

acquisition

• Windows EULA – employees not permitted to accept on org-

owned devices

• Non-trivial decision making (Personal vs Org Owned disambig,

Privacy Settings, OEM Registration) generates Helpdesk calls

• OOB account is always Admin – majority of enterprises want

standard accounts on corp-owned devices

ANNA [email protected]

Hardware Vendor

Windows AutoPilot Service

Upload

Device IDs

Configure AutoPilot Profile

Employee unboxes device, self-deploys

Ship Deliver direct to Employee

Self

Deploy

IT Admin

Device IDs

Windows AutoPilot

Microsoft 365 powered device

AADIntune

Apps

Updates Reporting

Config

Manager

Policies

AD

Co-Management using Windows AutoPilot

AD/AAD

connect

Adopt Windows 10



1/2020

GPO to MDM Policy




Today

WSUS to WUfB



2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

Traditional deployment (every 3-5 years)

Apps Infra Imaging Deploy

2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028

Windows as a service (twice per year)

Apps Infra Imaging Deploy

1 Configure Insider PCs• Lab or secondary PCs

• Enough to explore new features, measure compatibility

2 Identify special PCs• Deploy Windows 10 Enterprise LTSB

• Limited numbers (we hope)

3 Recruit volunteers for pilots• Willing participants who will provide feedback

• Cover the broadest set of apps and devices possible

4 Divide broad population of PCs• Standard deployment best practice

• Focus on risk reduction, minimizing disruption

AD/AAD

connect

Adopt Windows 10



1/2020

GPO to MDM Policy




Today

WSUS to WUfB



Check out the 1703 MDM security baselines here:

https://aka.ms/mdm1703baselines

MDM

Security Baselines

https://aka.ms/mdm1703baselines

AD/AAD

connect

Adopt Windows 10



1/2020

GPO to MDM Policy




Today

WSUS to WUfB



Traditional Application

Management

Modern Application

Management

Thank you!Come ask us questions!

Other Now Micro Sessions

Tuesday:

• Dealing with Hardware –

Overcoming Challenges with

Windows 10

• A Hitchhiker's Guide to Azure

Active Directory

• Microsoft Enterprise Mobility &

Security Suite

modernize your windows management with microsoft intune - brainstorm 2018.pdf · paths to modern...

Documents