Windows 10 Enterprise

Michael Kirst-Neshva

Raphael Köllner

MVP Office Servers and Services

Windows 10 Enterprise

2016

Michael Kirst-Neshva

ANK Business Services GmbH

Senior IT-Infrastructure Architect

Microsoft MVP Office 365

Communities: Office 365 Community Deutschland (Lead)UserGroup Office 365 Deutschland (Lead)Azure Community Deutschland (Mitglied)Verband „Voice of Information“ (Mitglied) http://www.voi.deCompetence Center „SharePoint Major League“http://www.mlsharepoint.dehttp://www.ankbs.deE-Mail: [email protected]: [email protected]: @ankbs

Blog | http://blog.ugoffice365.ms

http://www.voi.de/

http://www.mlsharepoint.de/

http://www.ankbs.de/

mailto:[email protected]

mailto:[email protected]

http://blog.ugoffice365.ms/

2016

Raphael Köllner

Bechtle IT-Systemhaus Köln & CBH Rechtsanwälte

IT-System Engineer & WissMit

2016

Agenda.

21.09.2016

1. Einführung in Windows 10

2. Demo

3. Q&A 1

4. Unterschiede Windows 7 zu Windows 10 (Pro vs. Enterprise)

5. Updates/Upgrades

6. Migration Windows 7 zu Windows 10

7. Windows 10 Security

8. Q&A 2

20165

Updating WindowsYour PC will restart several times.

0 %

Copying files 0% Installing featurs and drivers Configuring settings

2016

T H E W O R L D H A S C H A N G E D

2016

2016

Take your teamwork to the next level anywhere, anytime with Office 365 and Windows 10.

2016

One Windows Platform

9

Over 200 million activatedevices 4.01.2016

2016

Universal Windows Platform

21.09.2016Windows 10 Enterprise 10

2016

Windows 10 Enterprise system requirements

21.09.2016Windows 10 Enterprise11

• Processor: 1 GHz or faster or SoC

• RAM: 1 GB (32-bit) or 2 GB (64-bit)

• Free hard disk space: 16 GB (32-bit) or 20 GB (64-bit)

• Graphics card: DirectX 9 or later with WDDM 1.0 driver

• Display: 800x600

2016

Windows Lifecycle


http://windows.microsoft.com/de-de/windows/lifecycle

Support bis Internet Explorer 8:ENDE 12.01.2016

Supportende für CPUs Windows 7, Windows 8

neuere Prozessorenz.B. ab Intel CPU 6. Gen Skylake

2016

Windows as a Service (WaaS)

13

• Release Build PC 10240

• Aktuelle Build 10586.63

• Insider Build 21.01.2016 11102

• Änderung in der Entwicklung von Windows

• Feedback System (z.B. Insider Programm)

201614

15 Internal Use Only

21.09.2016Dies ist ein Platzhaltertext für Ihre Fußzeile15

DEMOYour PC will restart several times.

23%




Q&A 1Your PC will restart several times.

55 %




Windows FeaturesYour PC will restart several times.

55 %


2016

Windows Business App Store


Voraussetzungen:

• Windows 10, ab Version 1511

• Microsoft Azure Active Directory (AD)-Konten für Mitarbeiter und Administratoren

• Proxykonfiguration

• Optional: Verwaltungstool zum verteilen und verwalten von Apps

• Apps: Universal Windows (auch HoloLens, Xbox, iOT)

• Lizensierung - Online

1. Mitarbeitern Apps zuweisen

2. Apps in privaten Store hinzufügen

3. Verteilung über ein Verwaltungstool

https://www.microsoft.com/de-de/business-store

Lizensierung - Offline

1. App im Geräteimage

2. Verteilen über ein Verwaltungstool

2016

Updates

19

Windows Business Updates ab Version 1511

Unterstützt Updates und Upgrades (z.B. Version 1511 auf 11102)

Windows Service Model -> Neue Versionen 2-3 pro Jahr

Updates kommen generell jeden zweiten Dienstag im Monat

Feature Updates und Servicing Updates (Security fix, wichtige Updates)

WICHTIG: Alle kommenden Updates sind kumulativ! Daraus folgt, dass alle vorherigen Updates zwingend installiert werden müssen.

2016

Windows Service Options

2016

Windows 10 Updates- Empfehlungen


Windows Server Update Services (WSUS)

• Neu:

Geräte können so konfiguriert werden, dass sie Updates automatisch erhalten (maximal 4 Monate später)

Microsoft veröffentlicht neue Installationsdatenträger mit der neuen Version

Microsoft schickt die neuen Versionen, so dass diese an die zuvor konfigurierte Geräte verschickt werden können.

Via MDM Policy oder Group Policy


• Kontrolle

• Datum, Zeit und Häufigkeitder Updates und Reboots

• Kleine Gruppen von Geräten, nur Prüfung des Rollouts

• Roll-Out in Wellen möglich

• Wellen können frei definiert werden

• Anhalten und Roll-Back von Updates, die Probleme z.B. mit Treibern verursachen

2016

Windows 7 vs. Windows 10


2016

Windows 10 Enterprise Features


Direct Access

Windows to Go Creator

AppLocker

BranchCache

StartScreen Control with Group Policy

Telemetry Control with Group Policy

Long Term Servicing Branch

Better MDM/ EMS Management

Device Guard

Crdential Guard

eigener App Business Store



SecurityYour PC will restart several times.

80 %

Copying files 100% Installing featurs and drivers 80% Configuring settings

2016THE MOST TRUSTED PL ATFORM

Windows Hello

Microsoft Passport

Companion Device Framework

Credential Guard

Replace passwords, protect

identities

Strengthen auth. with biometrics and hardware-based

multi-factor

Secure Boot

Device Guard

Windows Defender

Only run software you trust

Eliminate Malware on corporate devices

Enterprise Data Protection

Protect sensitive corporate

data

Automatic encryption with persistent protection

Project “Barcelona” *

Browse securelyand with

confidence

Move browser sessions to an isolated micro-virtualized

environment

Windows Defender Advanced Threat

Protection

Detect compromised

devices quickly

Use behavioral detection, cloud, and human threat intelligence to

quickly identify compromised devices

2016WINDOWS DEFENDER ADVANCED THREAT PROTECTION

DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES

Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles1st and 3rd party threat intelligence data.

Rich timeline for investigationEasily understand scope of breach. Data pivoting across endpoints. Deep file and URL analysis.

Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries. Real-time and historical data.

Built in to WindowsNo additional deployment & infrastructure. Continuously up-to-date, lower costs.

2016

Windows Trusted Boot

Windows Hello

Credential Guard

Device Guard


Windows Defender ATP

NEW CHALLENGES REQUIRE A NEW PLATFORM

WINDOWS 7 WINDOWS 10

2016

Security & Windows 10


Verschlüsselungen bei Windows10(in der Regel symmetrische Verschlüsselungsverfahren)

Unified Extensible Firmware Interface (UEFI)

Trusted Platform Module (TPM) (Chipsatz)

Bitlocker Drive Encryption (Software & AES 128 or256 – optional mit Diffuser)

Smart Card Logon (z.B. Identifikation)

Encryption File System (EFS/einzelne Dateien, NTFS)

2016

Bitlocker


• AES 128 or 256 von Festplatten und mobilen Laufwerken

• Wiederherstellungsschlüssel ist länger als der Schlüssel (symmetrisches Verfahren)

• Option PKI mit Smart Card oder Data Recovery Agent (DRA) (bitte kein Wiederherstellungspasswort)

• Zentrale Lösung über die Gruppenrichtlinie / AD-> Wiederherstellungsschlüssel erlaubt Admin die Wiederherstellung

2016

Windows 10 Security Features


• Microsoft Hello(Gesichts- und Fingerabdruckerkennung)

• Microsoft Passwort (strikte zweistufige Authentifizierung (2FA))

• Singel-Sign-On

• Azure AD

• Geräteverwaltung (MDM/EMS)

• Multifaktor-Auth. pro Office Anwendung (mit O365)

Credential Guard

Device Guard

Device management


Neue APIs und SDKs(für Entwickler)



MigrationYour PC will restart several times.

90 %

Copying files 100% Installing featurs and drivers 100% Configuring settings 50%

Home Pro EnterpriseProductivity & user experience | Familiar and productive user experience

Windows Ink1

Start Menu and Live Tiles

Tablet mode

Continuum for phones2

Voice, pen, touch, and gesture3

Cortana4

Microsoft Edge

Management and deployment | Enhanced management features to empower device and app management and deployment

Group Policy

Mobile Device Management5

DirectAccess

AppLocker

Enterprise State Roaming with Azure Active Directory6

Windows Store for Business7

Assigned Access

Managed User Experience

Dynamic Provisioning

Microsoft Application Virtualization (App-V)8

Microsoft User Environment Virtualization (UE-V)

Windows Update

Windows Update for Business

Shared PC configuration

Security | Delivers critical security capabilities, system and app updates, and the compatibility you need to help secure your devices and infrastructure from modern threats

Windows Hello9

Windows Hello Companion Devices10

Windows Information Protection11

Device encryption12

BitLocker13 and BitLocker to Go

Credential Guard14

Device Guard

Trusted Boot

Windows Device Health Attestation service15

Windows fundamentals | Core features included in Windows

Domain Join

Azure Active Directory Domain Join, with single sign-on to cloud-hosted apps16

Enterprise Mode Internet Explorer (EMIE)

Remote Desktop

Client Hyper-V

Windows to Go

BranchCache

Win

do

ws

10

ed

itio

n

co

mp

ari

son

Reflects Anniversary

Update features

Windows 10 Commercial Storybook | Anniversary Update 38

Edition Audience Benefits

1. Requires Software Assurance

Windows 10 Pro

Small, lower mid-

size businesses

•

•

•

•

Windows 10 Enterprise

Mid-size and large

enterprises; select

SMB

•

•

•

•

Windows 10 Education

Educational

institutions, students,

teachers, and

administrators

•

•

Available through

E3 and E5 plans

Most common

scenario:

OEM pre-install

Mail to [email protected] for an GWAVACon special price W10 E3 5,50 EUR/month/user

New Per User Licensing Model:• Simple and consistent license management based on users,

eliminating the need for device counting

• Easier to stay compliant

• Re-assign licenses as needed

• Align the management of your device licenses with other cloud-

based services, such as Office 365

Windows Enterprise with Software Assurance

x86 PC/Mac

Per Device (Traditional Model)Deployed on the desktop

Windows 10 Enterprise E3

x86 PC/Tablet PC/Mac Tablet/Phone/Chromebook(RT/WinPhone/iOS/Android)

Per User (New Model)Deployed in the cloud Per-User Pricing for Windows 10 Enterprise E3:

ANK Business Services GmbH special offer:

• GWAVACON 2016 Special: 5,50 EUR / Month / User

• Plus EMS: 5,50 EUR / Month / User

• Optional Cloud based Backup 29,- EUR per Client Device / year

plus Storage costs (Azure EU or Azure DE)

Preise in EURO zzgl. gesetzl. MwSt. – gültig bis 30.10.2016



Windows 10 Enterprise Willkommen!

100 %

Copying files 100% Installing featurs and drivers 100% Configuring settings 100%


Gibt es noch Fragen?

Raphael KöllnerEmail: [email protected]: ra_koellner

Blog: www.rakoellner.de EN: www.rakoellner.com

Michael Kirst-NeshvaeMail: [email protected]: @ankbs

Blog: blog.ugoffice365.ms

2016THE MOST VERSITILE DEVICES

2016

2016

Warum?

2016

1.2 billion worldwide users2

300+ million users per month5

48 million members in 57 countries4

57% of Fortune 5004

10,000 new subscribers per week2

3.5 million active users4

Online

5.5+ billion worldwide queries

each month3

450+ million unique users each month6

200+ Cloud Services,

1+ million Servers,

$15B+ Infrastruktur

Investment

1 billion Kunden,

90 countries worldwide

91. - UK South (London)- UK West (Cardiff, Wales)

2016

TITLEHEREDie Deutsche Trusted Cloud

#GWAVACon

Kundendaten verbleiben in Deutschland

Der deutsche Datentreuhänder

kontrolliert den gesamtenZugriff und überwacht und

prüft jeden gewährtenZugriff

Microsoft kann nurvom deutschen

Datentreuhänderoder mit Erlaubnisdes Kunden Zugriff

erhalten

2016

Lizenzen und Übergänge in die DE Cloud

Live Demo

2016

Raphael Köllner Michael Kirst -Neshva

MVP Office 365

Thank You! & Q & A

Technology

Windows 10 Enterprise