+110 MILLION +12 MILLION FOR WINDOWS 10, MICROSOFT WENT ALL-OUT TO TURN AROUND PERCEPTIONS AMONG CORPORATE CUSTOMERS S H I R A O V I D E W S J THE BOTTOM LINE? MICROSOFT IS GOING TO BEND OVER BACKWARDS TO MAKE THE BUSINESS TRANSITION TO WINDOWS 10 AS EASY AS POSSIBLE. M A R K H A R T M A N P C W O R L D WINDOWS AS A SERVICE MAKES WINDOWS 10 THE MOST ATTRACTIVE DEVELOPMENT PLATFORM EVER. PAUL THURROT T THURROT T. COM Windows 10 on Surface 3 provides the security and management I we need in a highly regulated environment. We made the decision early to use Windows 10 and deploy it immediately. Today, it is the most secure platform from Microsoft and we didn t see a need to wait. - Jim Jensen, VP Information Services
Partner Momentum
Gartner Advocates for Windows 10 "By 2018, 80% of enterprises will run Windows 10. A year ahead of Windows 7" "Windows 10 is an inevitable migration for organizations running Windows PCs poised to become the most widely installed version of Windows ever To a large extent, Windows 10 is a cloudcentric operating system Windows 10 Investments for business Protection against modern security threats Managed for continuous innovation Be more productive Innovative devices for your business Require Device security Identity protection Data protection Threat resistance
Protection against modern security threats Replace passwords Protect corporate identities Only run software you trust Protect sensitive corporate data Biometrics Hardware-based multi-factor Hardware-based credential isolation Eliminate Malware on corporate devices Automatic encryption Persistent protection Data Separation Windows Hello Microsoft Passport Credential Guard Trusted Boot Device Guard Enterprise Data Protection (coming later) Shared secrets shhh! Easily mishandled or lost (Hint: The user is the problem) Microsoft Passport and Windows Hello Easy to deploy two-factor password alternative Breach, theft, and phish resistant credentials Single sign-on experience Convenient enterprise grade security for both enterprises and consumers Supports PIN and biometric sign-in using Windows Hello
Hello Chris WINDOWS HELLO Fingerprint Iris Facial FIDO ALLIANCE Example Board level members Credential Guard Pass the Hash (PtH) attacks are the #1 go-to tool for hackers Used in nearly every major breach and APT type of attack Credential Guard uses VBS to isolate Windows authentication services and derived credentials Fundamentally breaks delivered credential theft using MimiKatz, etc
Azure Active Directory Use Azure AD to sign-into devices and the Windows store, no Microsoft Account needed Azure AD is a comprehensive identity and access management solution for the cloud Supports the use of Microsoft Passport and Windows Hello to access 1000 s of SaS apps Device Guard Provides next generation app control and kernel mode protection Uses signed policies to help prevent users and malware with elevated privilege from changing IT s app control policies Protects kernel mode processes and drivers from zero days and vulnerabilities using hardware enforced vulnerability mitigations BitLocker data protection Protects data when a device is lost or stolen using full disk encryption Provides single sign on and protection from cold boot attacks Easy to deploy and manageable (via MBAM) at scale Excellent integration, performance, and reliability Submitted for Common Criteria and FIPS 140-2 certification. Will be supported for HIPPA, PCI DSS, etc scenarios
Enterprise data protection Delivers user friendly corporate/personal data separation and containment Ensures only trusted apps can access business data Helps prevent accidental data leakage through copy and paste scenarios Integrates with Microsoft Azure Right Management for secure roaming and sharing Available on mobile and the desktop Managed for continuous innovation End wipe-andreplace deployment Simplify device management Embrace mobile-first, cloud-first Eliminate the heavy lifting and inefficiency Move to a single MDM platform for all Windows 10 devices Enterprise-class cloud, universal app model, and store for business In-place upgrades Dynamic Provisioning App compat WINDOWS AS A SERVICE Mobile Device Management Azure AD Join Universal Apps for Windows Windows Store for Business Be more productive Get the best experience Interact the way you want Always have what you need Intelligent assistants You screen adapts to your device and task Every user is a first class citizen Access your apps and data from any Windows device Get proactive and personalized help from a true assistant Continuum Continuum for Phone Mouse and keyboard Touch, Pen and Ink Voice Universal Windows Apps User state roaming with Azure AD Join Cortana
Innovative devices for your business Bring innovation to your current PCs Industry strength solutions Chose devices that are right for you Redefine productivity Windows 10 works great Windows 7 PCs Support your Line of Business scenarios Range of innovative devices across 2-1s, tablets, phones Revolutionary new devices In place upgrade Hardware Compatibility Windows 10 IoT Granular UX control Ruggedized devices Surface Pro 4 Surface Book Lumia 950, 950 XL 3 rd party devices Surface Hub HoloLens Empower your customers with the Microsoft enterprise cloud Seamless user access to apps and data from any Windows 10 device, with Azure AD Join in Windows 10 Reduced deployment complexity with dynamic provisioning delivered via Azure AD Join and automatic MDM enrollment Extended protection for your corporate data with Enterprise Data Protection and Azure Rights Management (coming later) Enterprise Data Protection and Azure Rights Management enablement in Office (coming later); Exchange Advance Threat Protection Windows 10 November update Ready for business The first major upgrade as we deliver Windows as a Service Broad enterprise pilots and evals underway Evaluate, pilot and start Windows 10 deployment today
Windows 10 November update Enhancements to Azure AD Join Enhancements to Microsoft Passport Windows Store for Business Windows Update for Business MDM support for BYOD Enhancements to Telemetry Control User Experience Enhancements Seamless, secured, roaming of user settings across Windows 10 deices, via your Azure cloud. Utilize Microsoft Passport for your domain accounts on the corporate network. (AD/AAD Hybrid mode) Iris support (Beta) Centrally acquire, manage and distribute Windows Store apps in your organization. Create your own private store with your corporate LOB apps and curated free apps. Manage deployment to internal groups (rings) in your enterprise for controlled rollout of Current Branch for Business (CBB) updates. Manage updates to align with your business rhythm (maintenance no-update windows). MDM support for Windows 10 Home for most MDM settings. GP/ MDM Controls enabling enterprises to fully turn telemetry off. Enhancements to Cortana, Edge, Continuum, Support for Continuum for Phone on select Phone devices. Windows Update for Business Policy setting example in Windows Update for Business Keeping devices secure and up-to-date Reducing device management costs Quick access to latest security updates Capabilities Time to test and validate feature updates Summer 15 Peer to peer delivery to optimize for bandwidth Summer 15 Ability to create internal deployment groups Fall 15 Integration with your existing tools like System Center Coming later Maintenance windows to align with business rhythm Fall 15 Access to Current branch and Current branch for Business Summer 15 Windows Store for Business Centrally acquire, manage and distribute Windows Store apps in your organization. Create your own private store with your corporate LOB apps and curated free apps. Sign-up with your organizational account at http://www.microsoft.com/busi ness-store
Enterprise data protection Currently tested with select enterprise TAP customers Will become available via Insider Preview soon Planned release later in 2016 Deployment Approach with Windows as a Service?
What to deploy Ongoing engineering development Windows Insider Preview Branch Current Branch Current Branch For Business Long Term Servicing Branch* Feedback and asks Specific feature and performance feedback Application compatibility validation Deploy to appropriate audiences via WUB Test and prepare for broad deployment Stage broad deployment via WU for Business Deploy for mission critical systems via WSUS Lab machines Early adopters Initial pilots IT devices Information workers General population Specialized systems Factory floor, point-of-sale, etc. When to deploy Windows Insider Preview Branch Current Branch Current Branch For Business Specific feature and performance feedback Application compatibility validation Deploy to appropriate audiences via WUB Test and prepare for broad deployment Stage broad deployment via WU for Business Evaluate Pilot Deploy 4-8 months of active development 4 months 8 months 12 month to test and deploy Evaluate upcoming features Pilot Get going with Windows 10 Evaluate Windows 10 November Update Start Windows 10 Pilot in your organization Join Windows Insider Preview for early access to the upcoming capabilities Migrate to Internet Browser 11 Talk to your account team about Accelerate Program Prepare to testing and adopt Windows 10 Mobile on phones
Appendix Windows 10 Investments for Business Protect your company against modern security threats Enable continuous innovation with the platform that keeps your company up to date Deliver experience your users will love, make them more productive Innovative devices for your business Replace passwords with more secure options, such as biometrics and hardware- based multi factor credentials (Windows Hello and Microsoft Passport) Protect your corporate identity with hardware-based credential isolation (Credential Guard) Protect your corporate data, no matter where that data is, with the automatic encryption (Enterprise Data Protection coming later) Eliminate malware on your corporate devices by ensuring that only the software you trust can run (Trusted Boot, Device Guard) End wipe and replace deployments of the past with in-place upgrades (app compatibility). Simplify device management by moving to a single mobile device management platform across all Windows 10 devices, from phones to laptops to Internet-of- Things devices; and from personal BYO devices to corporate systems. Power your business with the enterpriseclass strength of the Azure cloud and Universal Windows Apps. (Azure AD Join, Windows Store for Business, Private Catalog) Move to the platform that keeps your company up to date, so that you can adopt latest technologies and continuously innovate. (Windows Update for Business, Windows as a service) Get he best experience no matter what screen you re using by running in desktop or tablet mode, using typing or touch inputs, or use your phone like a desktop so the best screen is always the one your are on. (Start Menu, Continuum, Continuum for Phones) Windows 10 is familiar, and every user is a first class citizen whether using mouse and keyboard, touch, pen & ink or voice Anywhere, anytime access to users apps and data from any Windows device (Universal Windows Apps, user state roaming w/azure AD Join) Proactive and personalized help from Cortana, who can integrate with company s LOB systems. Bring Windows 10 innovation to your existing PC fleet. (hardware compatibly) Bring industry-strength Windows 10 IoT solutions to support your Line of Business scenarios (Granular UX control) Choose devices that are best for your business and your people, from the broad range of innovative Windows devices across 2-in-1s, tablets, laptops and phones. (Surface Pro 4, Surface Book, Lumia 950, 950XL) Redefine productivity with revolutionary new windows devices, such as Surface Hub and HoloLens. Windows 10 November update: MDM support for BYOD
Windows 10 has been the easiest Windows upgrade. Our plan was to finish by the end of December, but the ease of upgrade let us complete it in only two months - three months ahead of schedule! Christopher Rhoda Thomas College Vice President for Information Services and CIO Surface Empower your customers with the Microsoft
Enterprise Cloud Suite EMS Windows 10 Office 365 Azure Active Directory RMS Intune