Windows as a service

Windows as a ServiceMichael Niehaus@mniehausblogs.technet.com/mniehaus

#MMSMOA@mniehausDirector of Product Marketinghttp://blogs.technet.com/mniehaus20 years with SMS/ConfigMgr12 years with Microsoft3 years with Windows product management

Redmond, WA, USAMichael Niehaus

Windows as a ServiceWhat is it?

What customers are telling usPasswords are no longer sufficientWe need to be adopting new technologies as fast as our customersMy users need access to their apps and data anywhere, anytimeToo many tools and too much fragmentationNo more big deploymentsWe want more transparency and an open dialogue with MicrosoftIT Budgets are under pressure. Show us how we can cut IT costsHow do I protect my corporate dataSecurity of our mobile devices is a top concernWe want to talk to you about how you can take advantage of these trends AND be ready for the challenges.

Security comes as a top concern Were hearing from customers that:

- Passwords are no longer sufficient- And they need to protect their corporate data in the cloud first, mobile first worldWe are also hearing:

Handling complexity with multiple tools and solutions they have and fragmented environments Adopting new technology as fast as their customers and their users Supporting their mobile users, ensuring their have access to their apps and data everywhere, to stay productive Cutting costs; driving efficiency with their IT investmentsAt the same time -- Customers are also telling us they do not want big complex deployments and that ongoing dialog with Microsoft and transparency on our future roadmap is essentialThe promise of Windows 10 is addressing these concerns of today while bringing our customers forward to a compelling future the future of More Personal Computing

11/9/2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION4TENSIONDVDParallelAgili

AGILITYAccess to new technologyMicrosoft to quickly implement your feedbackTransparency on the roadmap Enterprise-grade capabilities to help you address the latest trends in the marketFlexibility for mixed environments PCMCIACONTROLStabilityFewer upgrades Long support lifecycleAmple time to test and certify PredictabilityISVs statement of Support

Your adoption needs 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/9/2015 11:42 AM5

Consumer devicesUpdates installed via Windows Update as they arriveKeeping hundreds of millions of consumers up to date Large and diverse user base helps drive quality of the OS updates

No new functionality on long term servicing branch Regular security updates Control with WSUS

Special systemsExamples: Air Traffic Control, Emergency RoomsCaught in the middle?

Business usersDelivering Windows as a serviceMany consumers today expect their devices to receive ongoing feature updates without having to take an action. However, we understand that businesses require more control in how updates are delivered, and at what pace.

For example, systems powering hospital emergency rooms, air traffic control towers, financial trading systems, factory floors, just to name a few, may need very strict change management policies, for prolonged periods of time. To support Windows 10 devices in these mission critical customer environments we will provide Long Term Servicing branches at the appropriate time intervals. On these branches, customer devices will receive the level of enterprise support expected for the mission critical systems, keeping systems more secure with the latest security and critical updates, while minimizing change by not delivering new features for the duration of mainstream (five years) and extended support (five years). On Long Term Servicing branches, customers will have the flexibility to deliver security updates and fixes via Windows Server Update Services (WSUS) which allows full control over the internal distribution of updates using existing management solutions such as System Center Configuration Manager or to receive these updates automatically via Windows Update.

We also learned from customers that while having control of mission critical environments is important; they also have many end user devices that are not necessarily mission-critical. Managing those devices as mission critical systems results in significant, unnecessary costs and complexity, while additionally depriving business users of access to the latest functionality. Many IT organizations have told us they would like to get out of the business of managing end-user devices. They are looking for ways to keep devices up to-date with more discretion than simply treating them the same way they treat consumer devices.

11/9/2015 11:42 AM 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.6*Conceptual illustration onlyCurrent Branch for BusinessCurrent BranchMicrosoftInsider Preview BranchBroad Microsoft internal validationEngineering buildsUsers10s of thousandsSeveral MillionHundredsof millions Time4 to 6 months4 months8 monthsCustomer Internal Ring ICustomer Internal Ring IICustomer Internal Ring IIICustomer Internal Ring IVMarket driven quality: external and internalSlide 8 - before we get into Current Branch, it would be great to indicate that the sections before that are when the product is in pre-release phase - we can do with a divider or a different color for the blocks.

7 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION11/9/2015Why Windows as a service?

Consumer devicesUp to date with feature and security updates as they arrive

Enterprise class support for your mission critical systems keeping you in controlSpecialized systems

Faster access to new technology with time to test and deploy in a business environmentBusiness users

Customers choose the mix of models that is right for themThey need to support three primary user scenarios so we are delivering options for each.With Windows as a service, BYOD clients will always be up to date with the latest innovations.But many enterprises have specialized, mission-critical environments -- where tight control is crucial.For example, shop floor automation or air traffic control systems.You will still have the ability to lock down these specialized systems where it is required.In the middle are the vast majority of knowledge workers.These devices no longer need to be tightly managed.With Windows as a service these users will get the latest features while at the same time, the innovation is delivered at the pace the customer prefers.

11/9/2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION8Costs for deploymentWindows as a ServiceChoices: What to DeployCurrent Branch for BusinessStage broad deployment Information workersGeneral populationLong Term Servicing BranchDeploy for mission critical systems Specialized systemsSpecific feature and performance feedbackApplication compatibility validation

Windows Insider Preview BranchTest machines, small pilotsCurrent BranchDeploy to appropriate audiences Test and prepare for broad deploymentEarly adopters, initial pilots, IT devicesSTAGENUMBER OF DEVICESReleaseThinking through deployment strategy 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/9/2015 11:42 AM11Configuring to receive feature upgrades via CBB

If you are using WSUS or ConfigMgr, the setting doesnt really matter. Affects Windows Update. Computer Configuration -> Administrative Templates -> Windows Components -> Windows UpdateSettings-> Update and Security-> Windows Update -> Advanced Options 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/9/2015 11:42 AM12

What to deploy

Microsoft Windows 10 Enterprise(Current Branch, Current Branch for Business)Microsoft Windows 10 Enterprise 2015 LTSBApp compat will work on LTSB13Servicing and Edition SummaryComparisonServicing Model for Windows 10 ReleasesCurrent BranchCurrent Branch for BusinessLong-Term Servicing BranchSupported EditionsWindows 10 HomeWindows 10 ProWindows 10 EducationWindows 10 EnterpriseWindows 10 ProWindows 10 EducationWindows 10 EnterpriseWindows 10 Enterprise LTSBRecommended ScenariosGeneral Use,Early Adopter BusinessesGeneral Business UseSpecialty UsesServiced life-span~4 months~ 8 months10 years(Servicing Updates Only)Latest Build (Including Apps) Required for Servicing UpdatesYesYesNo(Receives Up To 10 Years of Servicing Updates)Windows Update SupportYesYesYesWSUS/WUFB/SCCM SupportYes(Excludes Home)YesYesSupports Windows 32Versions of Microsoft OfficeYesYesYes1st Party Browsers IncludedMicrosoft Edge,Internet Explorer 11Microsoft Edge,Internet Explorer 11Internet Explorer 11Notable WindowsSystem Apps RemovedNoneNoneMicrosoft Edge, Windows Store Client, Cortana (Limited Search Available)Notable WindowsUniversal Apps RemovedNoneNoneOutlook Mail/Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, ClockWindows Insider Preview BranchSpecific feature and performance feedbackApplication compatibility validation

When to deployStage broad deployment via WU for BusinessCurrent Branch For BusinessDeploy to appropriate audiences via WUBTest and prepare for broad deploymentCurrent BranchEvaluatePilotDeploy4-8 months of active development

4 months (minimum)

8 months (minimum)

12 month deployment (minimum)

11/9/2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION15When to deployThere will be two supported CBB releases in the market at all timesBe prepared to jump from one release to the nextDont try to skip one, as it compresses the deployment timeline too much

EvaluatePilotDeployEvaluatePilotDeployEvaluatePilotDeploy11/9/2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION16Windows as a ServiceChoices: How to stay up to dateStaying up to date with Windows 10

Keeping devices secure and up-to-dateReducing device management costsQuick access to latest security updatesCapabilitiesTime to test and validate feature updatesAbility to create internal deployment groupsMaintenance windows to align with business rhythmPeer to peer delivery to optimize for bandwidthIntegration with your existing tools like System CenterAccess to Current Branch and Current Branch for BusinessIntroducing Windows Update for BusinessAn important feature of Windows as a service is Windows Update for Business. With Windows Update for Business, you will be able to keep your systems secure and up to date and reduce device management costs.You will have the ability to defer feature updates for up to eight months so you have time to test and validate in your environment.You can also define maintenance windows that specify when a specific device should or should not receive updates. You can control when groups within your enterprise are updated and roll things out in the way that makes the most sense for each group.

11/9/2015 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION19Configuring Windows Update for BusinessComputer Configuration -> Administrative Templates -> Windows Components -> Windows UpdateStep 1. Point all computers to Windows Update directly (no WSUS or SUP)Step 2. Create policies (GPO) or settings (MDM) to specify how long groups of machines should defer.

Step 3. Target policies or settings to different groups of PCs. 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/9/2015 11:42 AM20Win10 Clients: No DeferralsDeployment Group 1

Windows Update

Passive Update ManagementWindows Update for Business

Win10 Clients: Updates deferred 1 weekDeployment Group 2

Win10 Clients: Updates deferred 2 weeksDeployment Group 3

Win10 Clients: No DeferralsDeployment Group 1

Windows Update

Win10 Clients: Updates deferred 1 weekDeployment Group 2

Win10 Clients: Updates deferred 2 weeksDeployment Group 3

Passive Update ManagementWindows Update for BusinessWin10 Clients: No DeferralsDeployment Group 1

Windows Update

Win10 Clients: Updates deferred 1 weekDeployment Group 2

Win10 Clients: Updates deferred 2 weeksDeployment Group 3

Passive Update ManagementWindows Update for BusinessWin10 Clients: No DeferralsDeployment Group 1

Windows Update

Win10 Clients: Updates deferred 1 weekDeployment Group 2

Win10 Clients: Updates deferred 2 weeksDeployment Group 3

Passive Update ManagementWindows Update for BusinessWin10 Clients: No DeferralsDeployment Group 1

Windows Update

Win10 Clients: Updates deferred 1 weekDeployment Group 2

Win10 Clients: Updates deferred 2 weeksDeployment Group 3

Passive Update ManagementWindows Update for BusinessConfiguring WSUSStep 1. Point all computers to WSUS server (Windows Server 2012 or 2012 R2 with KB3095113). Ensure that Upgrade classifications are selected.Step 2. Create groups of computers in the WSUS console, with auto-approval for the first group. Manually place computers in groups, or use client-side targeting.Step 3. Manually approve upgrades for other computer groups when ready.

2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/9/2015 12:05 PM26Win10 Clients: Automatic approval rules setDeployment Group 1

Windows Update

Active Update ManagementWSUS

Win10 Clients: Manual administrator approvalDeployment Group 2

Win10 Clients: Manual administrator approvalDeployment Group 3

Windows Update

Active Update ManagementWSUSWin10 Clients: Automatic approval rules setDeployment Group 1Win10 Clients: Manual administrator approvalDeployment Group 2Win10 Clients: Manual administrator approvalDeployment Group 3

Windows Update

Active Update ManagementWSUSWin10 Clients: Automatic approval rules setDeployment Group 1Win10 Clients: Manual administrator approvalDeployment Group 2Win10 Clients: Manual administrator approvalDeployment Group 3

Windows Update

Active Update ManagementWSUSWin10 Clients: Automatic approval rules setDeployment Group 1Win10 Clients: Manual administrator approvalDeployment Group 2Win10 Clients: Manual administrator approvalDeployment Group 3

Windows Update

Active Update ManagementWSUS

Win10 Clients: Automatic approval rules setDeployment Group 1Win10 Clients: Manual administrator approvalDeployment Group 2Win10 Clients: Manual administrator approvalDeployment Group 3For More Information

http://blogs.technet.com/b/windowsitpro/archive/2015/09/25/windows-10-servicing-and-deployment-guidance-now-available.aspx

https://technet.microsoft.com/en-us/library/mt598226 Evaluations: Please provide session feedback by clicking the EVAL button in the scheduler app (also download slides). One lucky winner will receive a free ticket to the next MMS!Session Title: Deploying Windows 10 in the EnterpriseDiscuss

Ask your questions-real world answers!Plenty of time to engage, share knowledge.

SPONSORS