PLANNING A SUCCESSFUL MIGRATION FROM WINDOWS 10 TO WINDOWS 10... AGAIN AND AGAIN SPEAKERS
Jay Parekh Director/Partner Netrix LLC LEVEL SET Staying current Key things to know about Windows as a Service
2018 2019 2020
Windows 10 1709 Predictable releases, twice per year Semi-Annual Channel
Windows 10 1803
About six months between Windows 10 1809 releases
Windows 10 1903 Staying current Key things to know about Windows as a Service
2018 2019 2020 Windows 10 1709 Each serviced for 18 months From the date of release
Windows 10 1803
Windows 10 1809
Windows 10 1903
18 months for each release Staying current Key things to know about Windows as a Service
2018 2019 2020 Windows 10 1709 Aligned with Office For simpler deployment planning
Office 365 ProPlus 1708 Windows 10 1803
Office 365 ProPlus 1802 Windows 10 1809
Office 365 ProPlus 1808 Staying current Key things to know about Windows as a Service
2017 2018 2019 Windows 10 1703 Windows 10 1709 Windows 10 1803 Windows 10 1809 Supported by ConfigMgr Current Branch
ConfigMgr 1702 ConfigMgr 1802
ConfigMgr 1706 ConfigMgr 1806
ConfigMgr 1710 ConfigMgr 1810
About four months between ConfigMgr releases Staying current Key things to know about Windows as a Service
2018 2019 2020
Windows 10 1709 Start as early as possible
Windows 10 1803 Think of this as a process, not a project
Windows 10 1809
Windows 10 1903
Plan & Pilot Broad Prepare Deployment Staying secure with Windows 10
Attackers take advantage of periods between releases
Protection gap
Stay ahead of the attackers CAPABILITY with continual Windows 10 improvements
TIME
PRODUCT THREAT RELEASE SOPHISTICATION Simplifying deployment with Windows 10
No more big, disruptive deployment projects
Easy, automated deployment process
Exceptional application compatibility 2009 2017 Apps Infra Imaging Deploy Windows Analytics – Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health WDATP Automated Remediation Conditional Access based on WDATP device risk Threat Analytics Emergency Outbreak Updates Advanced hunting Windows 10 gets better with each release Cloud Credential Guard Diagnostic data viewer Windows AutoPilot enrollment status page With enhanced security, more tools for IT Windows 10 Enterprise in S mode Shared Windows Devices and end user productivity features Nearby Sharing WindowsDictation Defender Exploit Guard, System Guard, TimelineApplication Guard, Application Control Windows Defender Exploit Guard, System + Guard, Application Guard, Application Control Mobile Device Management Mobile Device Management Windows Analytics Update Compliance Windows Analytics Update Compliance Windows Analytics Device Health Windows Analytics Device Health Co-management Co-management Enterprise search in Windows Enterprise search in Windows Continue on PC Continue on PC OneDrive Files On-Demand OneDrive Files On-Demand Narrator Narrator Mixed Reality Viewer MixedWindows Reality AutoPilot Viewer Windows AutoPilot Windows AutoPilot + Windows Defender ATP Windows Defender ATP Windows Defender ATP Windows Defender Security Center Windows Defender Security Center Windows Defender Security Center Express update delivery Express update delivery Express update delivery Hyper-V Hyper-V Hyper-V Windows 10 Subscription Activation Windows 10 Subscription Activation Windows 10 Subscription Activation Windows Insider Program for Business Windows Insider Program for Business Windows Insider Program for Business Paint 3D Paint 3D Paint 3D Cortana at work Cortana at work Cortana at work Night light, mini view Night light, mini view WindowsNight light, Information mini view Protection Windows Information Protection Windows Information Protection Windows Information Protection + Windows Hello for Business Windows Hello for Business Windows Hello for Business Windows Hello for Business Windows Analytics Upgrade Readiness Windows Analytics Upgrade Readiness Windows Analytics Upgrade Readiness Windows Analytics Upgrade Readiness App-V, UE-V App-V, UE-V App-V, UE-V App-V, UE-V Hybrid Azure Active Directory Join Hybrid Azure Active Directory Join Hybrid Azure Active Directory Join Hybrid Azure Active Directory Join Windows Ink Windows Ink Windows Ink WindowsMobile Device Ink Management Mobile Device Management Mobile Device Management Mobile Device Management Mobile Device Management + AAD Join AAD Join AAD Join AAD Join AAD Join Windows Store for Business Windows Store for Business Windows Store for Business Windows Store for Business Windows Store for Business Windows Update for Business Windows Update for Business Windows Update for Business Windows Update for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Mail, Calendar, Photos, Maps, Groove, Skype Mail, Calendar, Photos, Maps, Groove, Skype Mail, Calendar, Photos, Maps, Groove, Skype Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus + Windows Defender Antivirus Windows Defender Antivirus Windows Defender Antivirus Windows Defender Antivirus Windows Defender Antivirus Windows Hello Windows Hello Windows Hello Windows Hello Windows Hello Windows Hello Microsoft Edge Microsoft Edge Microsoft Edge Microsoft Edge Microsoft Edge Microsoft Edge Device Guard Device Guard Device Guard Device Guard Device Guard Device Guard Credential Guard Credential Guard Credential Guard Credential Guard Credential Guard Credential Guard BitLocker BitLocker BitLocker BitLocker BitLocker BitLocker SmartScreen SmartScreen SmartScreen SmartScreen SmartScreen SmartScreen Windows as a service Windows as a service Windows as a service Windows as a service Windows as a service Windows as a service In-place upgrades In-place upgrades In-place upgrades In-place upgrades In-place upgrades In-place upgrades Continuum Continuum Continuum Continuum Continuum Continuum Cortana Cortana Cortana Cortana Cortana Cortana Windows 10 core Windows 10 core Windows 10 core Windows 10 core Windows 10 core Windows 10 core 1507 1511 1607 1703 1709 1803 WINDOWS AS A SERVICE MOVING FROM PROJECT TO PROCESS
Plan and prepare • Work with Insider Preview builds • Provide feedback on features and compatibility • Identify features to be implemented Targeted pilot deployments • Validate apps, devices and infrastructure to ensure compatibility with the new release • React to issues encountered • Deploy and configure new features Broad deployment • Deploy to all the devices in the organization • React to any additional issues encountered • Focus on risk reduction Application compatibility you can trust Upgrade with confidence and ensure devices and apps stay healthy
Windows Analytics Get project guidance and recommendations for device upgrades and feature updates Ensure your Windows 10 devices are properly updated and secure Identify and address issues affecting end users*
Windows Insider Program for Business Explore new features, validate apps and prepare your organization for the next version of Windows 10
Ready4Windows.com View Windows 10 ISV support statements Get usage information for every app version
*Only available with Windows 10 Enterprise edition Windows Analytics A suite of tools to reduce deployment and support costs
Upgrade ReadinessUpdate Compliance Device Health*
Plan upgrades by identifying devices Ensure update and antimalware Reduce support costs by proactively that are ready and identify and resolve compliance with timely reports for all identifying and remediating top top app/driver compatibility blockers your devices (even those on the road) end-user impacting issues
*Only available with Windows 10 Enterprise edition Windows Analytics Upgrade Readiness A free tool for guiding you through the process
Pull together key information Telemetry-based app and device inventory App and driver compatibility details App usage and support info from Ready For Windows
Establish a process Prioritize apps Identify issues Remediate using provided information
Drive deployment Identify machines that are ready to deploy Integrate with Configuration Manager and similar tools Windows as a Service Moving from project to process
Plan and Targeted Pilot Broadly Deploy Prepare Semi-Annual Channel Semi-Annual Channel Windows Insider Preview Channel
Prepare for new release by Validate apps, infrastructure, and evaluating new features hardware to prepare for broad deployment Provide feedback on changes, any issues encountered
Lab machines, IT devices, Early adopters, volunteers Information workers developers General population NUMBER OF DEVICES
TIME Release Windows as a Service Moving from project to process
Changes are required • Application validation • Infrastructure • Deployment process • Change Communication
2009 2017 Apps Infra Imaging Deploy Windows as a Service Application validation
Significant change to traditional practices • PROACTIVE: Structured testing of only the most Identify business-critical apps (automated if possible) • REACTIVE: Validate all remaining apps via targeted Prioritize pilot deployments
Structured testing • Take advantage of observed 99% app compatibility rates for critical apps • Leverage available tools like Windows Analytics and Ready for Windows to identify issues up front Validation via pilots for rest Compatibility in Windows 10
Outstanding compatibility means a smooth migration from Windows 7 or Windows 8.1, while also simplifying the process of staying current with Windows 10
Desktop appsWeb sites Modern apps Hardware
Organizations are Internet Explorer 11 High compatibility Windows 10 supports observing compatibility included (unchanged) for achieved through: all devices capable of rates above 99% backwards compatibility running Windows 7 • Validation of and above High compatibility New Microsoft Edge Windows Store apps achieved through: browser for modern • Insider feedback Identical hardware HTML5-based web sites minimum requirements • Minimal changes during development as Windows 7 to Win32 APIs Enterprise Mode features • Telemetry to ensure proper use Strong driver • Insider feedback during Significant investments, compatibility, with development enhancements in updates delivered • Telemetry each release as needed through Windows Update Web App Compatibility A dual-browser strategy
123 UseSwitch Microsoft automaticallyback to Edge Microsoft as to a Internet Edge Provides support for web apps safer,Explorerautomatically faster, 11 formore for approved all productive other sitessites defaulton the Enterprisebrowser Mode Site List designed for Internet Explorer Supported on Windows 7, Windows 8.1, Windows 10
Upgrading web apps to modern standards is the best long-term solution, but you can use Internet Explorer 11 for backward compatibility and upgrade web apps on your own schedule Windows as a Service Deployment rings
Deploy and Use
Targeted Pilot Validation Plan and Prepare
IT/Developer Canary Self Select Sample
*Conceptual illustration only Windows Update for Business
Servicing from the cloud • Built on top of Windows Update for global scale • Implemented through additional policies configurable via Group Policy, Intune (or other MDM services), Configuration Manager • Controls for deferring feature updates, quality updates • “Active Hours” to specify when users are likely away
Windows Analytics for compliance reporting System Center Configuration Manager
Windows 10 servicing • Define servicing plans to indicate the schedule for deploying to devices • Servicing plans are executed automatically for each feature update • Reduces size of updates via use of ESD files
Task sequence servicing • For additional control over the feature update deployment process Distribute content using peer-to-peer
Eliminate bottlenecks by moving traffic to the edges of the network Multiple tools available: • BranchCache (with WSUS, ConfigMgr)
• Delivery Optimization (with WU, WU Wireless Access Wireless Access for Business) Point Point • ConfigMgr Peer Caching (ConfigMgr current branch) • Third-party alternate content providers Router Router (ConfigMgr) Data Center Switches Data Center Switches Server Server 90% or more of the traffic can be shifted Without peer-to-peer With peer-to-peer Simple to implement, great for large and small offices Windows as a Service Terminology
Quality updates Feature updates
A single cumulative update each month Twice per year with new capabilities with no new features 18 months of servicing and support for each feature Security fixes, reliability fixes, bug fixes, etc. update release Supersedes the previous month’s update Very reliable, with built-in rollback capabilities Try them out with Security Update Validation Program Simple deployment using in-place upgrade, (SUVP), other driven by existing tools Try them out with Insider Preview
Changes made for older Windows releases as well, to adopt learnings from Windows 10
JAY PAREKH
• [email protected] • 708-297-2854