Windows 10 for Enterprise: Deployment Achieve more and transform your business with the most secure Windows ever.
Safer and More productive More personal Powerful, more secure modern devices Unmatched flexibility and control, depending on needs
Windows Insider Preview Branch Current Branch Current Branch for Business Long Term Servicing Branch
Specific feature and performance feedback Deploy to appropriate audiences Application compatibility Test and prepare for broad validation deployment Information workers Specialized systems General population
Early adopters, initial pilots, Deploy for mission critical systems IT devices Benefits from new features Test machines, small pilots No need for frequent new Begins broad deployment features (or any sort of change) Too expensive for
general population NUMBER OF DEVICES OF NUMBER
STAGE Release Agenda
Application Compatibility Windows Deployment Methods Windows as a Service Additional Resources
Compatibility in Windows 10
• Compatibility of Windows 7, Windows 8 and Windows 10 desktop apps is a top Microsoft goal. • Most existing Win32 and Win64 applications run reliably on Windows 10 without any changes. • Strong compatibility and support for Web apps and devices.
Desktop apps Modern apps Web sites Hardware Overview
Challenges
Overview Approach Prepare Win32 / UWP Applications Web Applications
Discover What applications does my company rely on? What web applications does my company rely on?
Rationalize What should I test What should I test
Prioritize When and how should I test When and how should I test
Test Validate application Validate web application
Remediate Determine remediation approach Determine site/ browser configuration required for remediation
Deploy Deploy application in production Deploy site or browser configuration in production
Overview Approach Prepare Win32 / UWP Applications Web Applications
System Center WMI Microsoft Assessment & Planning Toolkit Discover Enterprise Site Discovery Configuration Manager Query 3rd Party Tools
Rationalize Upgrade Analytics Prioritize
User and/or Administrator Test Windows 10 Setup Compatibility Scan Service Provider 3rd Party Tools IE 11 F12 Developer Enterprise Tools Dedicated Resource Mode Remediate Application Compatibility Toolkit 3rd Party Tools ISV
Group Enterprise See Windows 10 Deployment Workshop Deploy Policy Site List
Overview Approach Prepare Discover
Test
Remediate
Overview Approach Prepare Prepare Your Resolve Issues Deploy 1 Environment 2 3
▪ Upgrade overview ▪ Review applications with ▪ Deploy Windows to those known issues devices that have had ▪ Run a pilot compatibility issues resolved ▪ Review applications with no ▪ Prioritize your applications known issues ▪ Review Drivers with known issues
Overview Approach Prepare Microsoft cloud service that allows enterprise IT to quickly identify and focus on the critical issues impeding upgrades; provides data driven tools to plan and manage the upgrade process end to end
▪ Leverages Windows telemetry for rapid data collection Discover & Rationalize ▪ Applications, usage, device and device driver inventory ▪ Data-driven rationalization based on install base and usage
▪ Integration with Microsoft compatibility data to determine compatibility Resolve Issues & ▪ As Microsoft publishes compatibility information based on investigations and ISV information, Assess Apps Upgrade Analytics has access to the data ▪ Issue resolution guidance where available
▪ Identify computers eligible for deployment Deploy ▪ Report on overall deployment progress
Overview Approach Prepare ▪ Azure Operations Management Suite (OMS) provides a reporting interface Cloud ▪ OMS account may be created using a Microsoft Account or Azure Active Directory account Service ▪ OMS dynamically generates a COMMERCIAL ID that is unique to your organization ▪ Data sent to Microsoft will be tagged with the commercial ID to present only your information in OMS
▪ Reg key configuration to send data to Microsoft for analysis ▪ Proxy/firewall configuration may be required to allow data to flow to Microsoft Client Configuration ▪ Microsoft Privacy Statement - https://privacy.microsoft.com/en-us/privacystatement ▪ Management/GPO may be used to configure CEIP and set commercial ID on participating systems ▪ Install client compatibility analysis tools/KBs and restart
Operating System Required KB Windows 7 RTM KB2977759 Required KBs Windows 7 SP1 KB2952664 Windows 8 RTM KB2976978 Windows 8.1 KB2976978
Overview Approach Prepare
1 Network 2 OMS Setup 3 Solution Config 4 System Config
▪ Device telemetry must be ▪ Signup at: ▪ From the Solutions Gallery, ▪ MDM/GPO may be used to able to leave the system aka.ms/omsregister add the Upgrade Analytics configure Windows client and the network solution to the workspace systems that will participate in ▪ Data is transmitted to ▪ Microsoft Account or ▪ In Settings, select Connected telemetry Microsoft servers Azure AD Credentials Sources. Find the Windows ▪ Applies the Commercial ID Key ▪ Telemetry is sent as Local may be used Telemetry panel to the registry System – ensure that ▪ If required, create your ▪ Generate a Commercial ID ▪ Data sent by the system proxy servers allow this own workspace Key. This is the key that is contains the commercial ID to method of internet used to identify all data from allow your data to be accessible access your organization by the Upgrade Analytics Solution
Overview Approach Prepare Discover Test Remediate Deploy
▪ Select target groups / ▪ Use Setup compat ▪ Determine ▪ Deploy Windows 10 users scan on Windows remediation with confidence 7/8.1 device with approach for each ▪ Collect information managed/supported application ▪ Develop a strategy to ahead of project applications installed maintain application ▪ Favor long term fixes compatibility with ▪ Determine managed ▪ Select pilot groups / over band-aid Windows as a Service and supported users based on solutions applications discovery information ▪ Track and document ▪ Use Upgrade ▪ Select virtual or environment changes Analytics to obtain physical test platform to support information application ▪ Involve service desk representatives
Overview Approach Prepare Application Readiness Resources
Windows Ready For Windows Desktop Bridge WaaS Servicing Cookbook Upgrade Analytics
Join the Windows Leverage the identify critical issues Look for a list of Use the Desktop Bridge or Adopt the new Insiders Program Application impeding upgrades; compatible apps in build UWP to bring your existing desktop apps to Windows Servicing community to help Compatibility data insights to plan Microsoft’s global model for app shape the future of the Universal Windows Cookbook for and manage the Ready for Windows development and Windows, get early Platform releases and more. guidance in verifying upgrade process end Directory available for testing of internally compatibility of to end IT decision makers developed custom existing and planned around the world. apps. apps. for Windows 10.
Download Desktop Download a preview build of Download the Application Sign up for Windows Submit your compatible Application Converter to make Implement new practices in the latest Windows SDK and Compatibility Cookbook for Upgrade Analytics and begin application to the Ready for your applications available in your organization and adopt Emulator to explore what's Windows 10. evaluating your environment. Windows Directory. the Windows Store. best practices to optimize new in building apps. for app development and Windows. management costs.
Applications Browser 12 January 2016 January 12
Overview Approach Prepare Overview
Overview Approach Prepare Discover
Remediate
Deploy
Overview Approach Prepare ▪ Provides IT Pros with clearer picture about how IE is being used in their deployment based on actual Overview user data. ▪ Works with Internet Explorer 8, 9, 10 and 11
▪ Understand what web applications are being used and what websites are being accessed Purpose ▪ Determine the add-ons required for each web application and website
▪ Works with Internet Explorer 8, 9, 10 and 11 on Windows 7 or Windows 8.1 Requirements ▪ Installed via PowerShell
▪ Managed by PowerShell or Group Policy SiteScoping
Overview Approach Prepare ▪ Enterprise Mode is a compatibility mode in Internet Explorer 11 that can emulate Internet Explorer 7, Internet Explorer 8, and other Internet Explorer document modes. Overview ▪ Enterprise Mode is designed to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. ▪ In Windows 10, Enterprise Mode Site List can be set to open sites in Internet Explorer 11 if attempted to be viewed in Microsoft Edge, allowing the modern browser to be left as the default choice.
▪ Windows 10 Requirements ▪ Windows 8.1 ▪ Windows 7 Service Pack 1
▪ Improved web app and website compatibility ▪ Tool-based management for website lists Features ▪ Centralized control ▪ Integrated browsing ▪ Data gathering ▪ Supported until Jan 14 2020
Overview Approach Prepare ▪ Microsoft Edge and Internet Explorer 11 are designed to operate in conjunction to give the best experience Overview for web browsing in Windows 10. ▪ Administrators can define interoperability between browsers for managed devices
Option User Experience Administrative Effort ▪ All websites open in Microsoft ▪ Users needs to manually open ▪ Nil – default configuration Edge (Default) Internet Explorer 11 if a site fails to ▪ Critical intranet sites to be tested on operate correctly. Microsoft Edge to confirm operability
▪ Websites open in Microsoft Edge ▪ No user interaction required to ▪ Moderate - List creation and unless Internet Explorer 11 is switch to Internet Explorer 11 for management overhead defined by an administrator sites with known issues ▪ Users can provide feedback using (Recommended) . ▪ Interstitial page will be removed by Enterprise Site Discovery tool to default in Windows 10 1607 reduce administrative effort ▪ All websites open in Internet ▪ Single browser for all sites ▪ Low – Setting implemented via Explorer 11. (Not Recommended) ▪ Sites may not display correctly Group Policy
Overview Approach Prepare Discover Test Remediate Deploy
▪ Use the Enterprise ▪ Use IE11 on Windows ▪ Determine ▪ Deploy IE 11 with Site Discovery Toolkit 7 / 8.1 / to test critical compatibility for each confidence to on IE8/9/10 (11 if LoB web applications web application using Windows 7/8.1 needed) assessment ▪ Select pilot groups / information / F12 ▪ Deploy Windows 10 ▪ Select target groups / users Developer tool with confidence users ▪ Test using Enterprise ▪ Create & configure ▪ Develop a strategy to ▪ Collect information Mode Enterprise Mode site move web monthly lists applications away ▪ Confirm add-on ▪ Modify websites from Enterprise Mode ▪ Determine critical LoB compatibility where required reliance applications
Overview Approach Prepare
Overview
Choices Tools
Recommendations Deployment Choices
Wipe-and-Load In-Place Provisioning Traditional process Let Windows do the work Configure new devices • Capture data and settings • Preserve all data, settings, • Transform into an Enterprise • Deploy (custom) OS image apps, drivers device • Inject drivers • Install (standard) OS image • Remove extra items, add • Install apps • Restore everything organizational apps and config • Restore data and settings
Still an option for all scenarios Recommended for existing New capability for new devices devices (Windows 7/8/8.1) Windows 10 Wipe & Load / Device Refresh
In-Place Upgrade Windows 10 Device Guard
Windows Hello
WIP Windows 7 Credential Guard Credential Guard
UI UWP UI UWP Edge Cortana Edge Cortana Store Performance Store Performance
Overview Image Wipe & load In-place upgrade Refresh Replace Upgrade ▪ Assessing systems requires time Pre-Reqs ▪ Extent of assessment depends on approach ▪ Upgrade required infrastructure to support Windows 10 ▪ Image must be designed ▪ Image must be designed ▪ No image or data migration solution ▪ Finalized when compat information is ▪ Finalized when compat information is required Engineer known known ▪ Remote data migration solution ▪ Image is typically larger than Microsoft ▪ Image is typically larger than ▪ Smallest media is from Microsoft Deploy media Microsoft media
▪ All app installers must be compatible ▪ All app installers must be compatible ▪ Only apps determined to require re- Post- with Windows 10 for re-install with Windows 10 for re-install installation must have compatible ▪ User data must be restored from installers Install remote repository ▪ Compatible/non-blocking apps are migrated ▪ No rollback ▪ Revert to old machine ▪ Built-in rollback for ~ 1 month Rollback ▪ Re-deploy old OS and re-configure ▪ Data on old system becomes ▪ Data on old system becomes system increasing stale increasing stale Duration ▪ Fast ▪ Slow ▪ Faster
Overview Image Wipe & load In-place upgrade New Device
Existing Device
▪ BIOS UEFI ▪ Architecture (x86 x64) ▪ Bulk app change ▪ Disk partitioning ▪ Base OS language ▪ WinPE Offline Operation ▪ Domain ▪ 3rd party disk ▪ Local Administrators encryption* ▪ Configuration drift ▪ Moving from XP or Vista ▪ Custom base image
Overview Image Wipe & load In-place upgrade Overview
Microsoft System Center 2012 System Center Capability Deployment Toolkit Configuration Manager Configuration Manager (R2 SP1, SP2) (Current Branch 1606) Windows 10 Version Support 1507, 1511, 1607 1507, 1511 1507, 1511, 1607 Deploy UEFI/BIOS Platforms X X X Deploy applications during Task X X X Sequence Supports Image Creation X X X Lite Touch Deployment X X X Zero Touch Deployment X X Manage a wide range of platforms X X Increased Scalability (PXE, etc.) X X Offline Image Servicing X X Deploy Windows-to-Go X X In-Place Upgrade Task Sequence Servicing
Overview Image Wipe & load In-place upgrade Image
Architecture Edition
Strategy Branding Security Advantages Disadvantages
64-bit Operating System (Recommended)
32-bit Operating System
Overview Image Wipe & load In-place upgrade Image Strategy Thin Image Hybrid Image Thick Image Windows Updates X X X Windows Features X X X Common Frameworks X X X Common Productivity Apps X X LOB used by Every Employee X X Frequently Updated Frameworks X LOB Applications X
Considerations
Overview Image Wipe & load In-place upgrade ▪ Group Policy Objects are commonly used to manage connected machines in a Active Directory Domain Services environment Overview ▪ A similar object called a Local Group Policy object can be used to “stamp” the image with settings
Local Group Policy Objects should be used in the following scenarios: Use Cases ▪ When a machine does not join an active directory domain ▪ When security settings are required by the business to be implemented ahead of a domain join
The settings that are configured in Local Policy Objects will need to be countermanded in Group Disadvantages Policy should they need to be supersede. This can cause a complicated Administrative scenario, leading to unnecessary GPO’s, and the possibility for misconfigured systems
Apply policies using group policy (where possible) to reduce the number of changes required Recommendation to the core image
Overview Image Wipe & load In-place upgrade Wipe & Load
User State Overview Methods Migration
Platform Driver Configuration Management Recommendations ▪ Familiar with enterprises ▪ Out of the box support with Windows 7, Windows 8, and Windows 8.1 Minimal changes to ▪ Customized approach required to move from Windows XP/Vista to Windows 10 existing process ▪ Use System Center Configuration Manager or MDT for managing the process – requires update ▪ Administrator to configure preservation of existing apps, settings, and drivers
Wipe & Load (Refresh) Process
Capture Remove Install Restore Start Install Windows 7 data and existing new OS data and Finish Windows 8 apps Windows 10 Windows 8.1 settings OS image settings
Overview Image Wipe & load In-place upgrade Deployment Tools Advantages Scenarios
Offline Deployment
Lite touch Toolkit Deployment
(LTI) Microsoft Deployment
Zero Touch Deployment
(ZTI) System Center Configuration Center Configuration Manager System
Overview Image Wipe & load In-place upgrade Overview
Supported Versions
Windows Vista Windows 7 Windows 8 Windows 8.1 Windows 10 Windows Vista 4.0 4.0, 5.0 5.0 Windows 7 4.0, 5.0, 6.3 5.0, 6.3 6.3 Supported Windows 8 5.0, 6.3 6.3 Supported Windows 8.1 6.3 Supported Windows 10 Supported Supported
Overview Image Wipe & load In-place upgrade Device Examples
▪ Flexible Deployment Media Support BIOS ▪ All legacy deployment methods still apply ▪ Maintain a single boot image
▪ Allows firmware to implement security policy Firmware ▪ Secure boot UEFI (Recommended) ▪ Faster boot times ▪ Latest UEFI Version required for compliance with Windows 10 Baseline and some features
Moving between UEFI and BIOS configurations is not currently supported through refresh Consideration scenario. The only supported way to move from UEFI to BIOS is through a BARE METAL (new device) deployment scenario, using PXE to boot into the device.
Overview Image Wipe & load In-place upgrade Option Benefits Limitations
Overview Image Wipe & load In-place upgrade Configuration Drift / Fundamental Change Custom Requirements Change
▪ Domain membership ▪ Moving from Windows ▪ WinPE offline operation ▪ Local Administrators XP or Windows Vista ▪ Custom base image ▪ Bulk application swap ▪ Disk partitioning ▪ 3rd party disk encryption ▪ BIOS -> UEFI ▪ x86 -> x64 ▪ Base OS language
Overview Image Wipe & load In-place upgrade In-Place Upgrade Overview Upgrade Process
Upgrade vs Recovery & Refresh Troubleshooting Prepare ▪ Supported with Windows 7, Windows 8, and Windows 8.1 ▪ Supported to upgrade Windows 10 1507 to 1511 and beyond ▪ Consumers use Windows Update, but enterprises want more control Preferred Option for Enterprises ▪ Use System Center Configuration Manager or MDT for managing the process ▪ Uses the standard Windows 10 image ▪ Automatically preserves existing apps, settings, and drivers ▪ Proven process - popular for Windows 8 to Windows 8.1 upgrade
Start Capture Remove Install Restore In-Place Upgrade Windows 7 data and existing new OS data and Finish Process Windows 8 Windows 10 Windows 8.1 settings OS image settings
Overview Image Wipe & load In-place upgrade The Four Primary Phases
1 Down-level 2 Windows PE 3 1st boot to new OS 4 2nd boot to new OS
Running Windows 7, 8, Minimalist OS Binding the new yoke Finalize Upgrade 8.1, 10 Both new & old are offline Specialize to the machine Welcome the user back Check the system Backup down-level OS Install drivers OOBE (skip if Win10 to another) Inventory Applications Lay down new OS Migrate Apps Inventory Drivers Prepare new OS More Migration Assess compatibility Inject drivers Prepare WinRE Some Migration
Ready Set Go Welcome to Windows
Overview Image Wipe & load In-place upgrade ▪ Preserve applications, drivers, user data and settings - Reduce upfront testing and deployment preparation ▪ Compared to refresh, upgrade is… ▪ Faster – 30 to 60 minutes, on average, to upgrade Why Upgrade? ▪ Smaller – file size is just the default OS media, no applications ▪ More robust – “bulletproof” rollback on failure to functional down level system ▪ Zero ADK dependencies ▪ Use it to supplement existing deployment scenarios - Refresh, replace, and bare metal
▪ Compatibility with 3rd Party Disk Encryption tools (BitLocker supported) – Improved support for 3rd Party Disk Encryption with Windows 10 1607 Considerations ▪ Upgrade process can be tested with pre-validation checks ▪ Trial run can be performed with Windows 10 Media using “/Compat ScanOnly” switch
Overview Image Wipe & load In-place upgrade Perform a Pre- Disk Encryption Plan for Content Plan Pilot Approach Validation Check Compatibility Distribution
Use Windows 10 media Check disk encryption Define success criteria Windows 10 Upgrade to assess system technology support (if ▪ Critical LoB and Web package size readiness required) apps tested approximately 3.8Gb ▪ User Experience Understand 3rd party ISV ▪ Group Policy / Plan for content delivery plans to support In- management to large, medium and Place Upgrade approach configuration branch sites updates required Work with Microsoft to Utilize content caching address blockers technologies where required
Overview Image Wipe & load In-place upgrade Provisioning Provisioning Overview Take off-the-shelf hardware Device is ready for use
Transform with little or no user interaction Provisioning Approach
Flexible Methods
Transform a Device
Remove Enable Add Add Start Enterprise corporate Finish Provisioning Provisioning Windows 10 existing corporate Windows 10 Package Process items SKU apps config
Overview
Why Windows as a Service (WaaS)? Introducing WaaS Overview Branches Operate Integrate Plan Customer Complexity & Cost ▪ Individual servicing patches ▪ Expensive deployment & auditing Ecosystem ▪ Platform fragmentation ▪ Inconsistent approach to patching Reduced Quality ▪ Not running what Microsoft tested ▪ No consistency in the ecosystem
Overview Branches Operate Integrate Plan What customers What Microsoft are running is testing
Typical Windows 7 PC: Windows 7 Test Lab PC: Selectively Patched Fully Patched
Overview Branches Operate Integrate Plan ▪ Monthly update release ▪ Selective deployment ▪ Accepted short-term (“Patch Tuesday”) of updates risk increase ▪ Innovation delivered at ▪ Selectivity justified by ▪ Insidious long-term risk Service Pack AppCompat, ▪ App portfolio ages ▪ Long service pack bandwidth, others ▪ Out-dated system release cycle ▪ App remediation baselines ▪ Long vNext cycle typically “shelved” and ▪ Costly to operate non- updates never applied homogenous estate ▪ Hidden remediation cost - “remediate” before an upgrade
Overview Branches Operate Integrate Plan Consumer devices Business users Specialized systems
Up to date with feature Faster access to new Enterprise class support and security updates as technology with time for your mission critical they arrive to test and deploy in a systems keeping you business environment in control
Overview Branches Operate Integrate Plan Quality Updates Feature Updates
Overview Branches Operate Integrate Plan Windows Insider Branches Preview Overview Branch
Current Branch for Current Branch Business
Long-Term Servicing Branch Broad Microsoft Engineering Microsoft Insider Preview Current Branch Current Branch for Business builds internal Branch validation
Users 10’s of Customer Internal Ring Customer thousands I Internal Ring Customer Several Million II Internal Ring Customer III Internal Ring Hundreds IV of millions
*Conceptual illustration only
Overview Branches Operate Integrate Plan Overview Pre-release Windows 10 builds and features
▪ Deployment is managed by Microsoft through Windows Update ▪ Offers Slow or Fast adoption cadence: ▪ Fast ▪ Slow Requirements ▪ Release Preview ▪ Available only through the Windows Insider Program. ▪ Individuals should use a Microsoft Account to enroll in the program ▪ Updated Preview ISOs will be released to coincide with the Slow release
▪ Early access to new releases ▪ Preview developer tools for applications ▪ Evaluate new features as they are being developed Benefits ▪ Incubate the future of Windows in your organization ▪ Help shape the future of Windows, participating in the Windows Insider community
▪ Non-Production (lab) environment ▪ Second Device ▪ Technically adept users Recommended ▪ Test new features Usage ▪ Performance testing ▪ Developer enhancements ▪ Developer tool enhancements ▪ Forward planning Overview Branches Operate Integrate Plan ▪ Public release of new features ▪ Release cadence is slower than the Preview Branch Overview ▪ Validation by millions of Windows Insider Program users prior to release ▪ Feature set is considered ready by Microsoft for broad adoption
▪ Existing Windows 10 systems on the Current Branch Requirements ▪ In-place upgrade supported for down-level Windows Operating Systems ▪ Release performs an upgrade of the existing Windows 10 installation
▪ Latest innovation for Windows coming as feature updates Benefits ▪ Release cadence is expected to be 2 times per year ▪ Monthly updates will be released as cumulative packages
Recommended Usage
Overview Branches Operate Integrate Plan U U U
Cadence
Tools
Considerations
Overview Branches Operate Integrate Plan ▪ Deferred Current Branch Overview ▪ Current Branch is validated by millions of users prior to update release ▪ Validation by selected business systems in your organization
▪ Deferred Current Branch installation Requirements ▪ Deployment is managed by WU, WUB, WSUS, MDM or Configuration Manager ▪ WSUS or Configuration Manager updated to support feature update deployment
▪ Ready for broad corporate adoption Benefits ▪ Businesses are able to stay up to date but at a slower pace to allow for internal validation ▪ Ability to stage internal deployment
▪ Configure systems to defer feature upgrades Recommended ▪ Systems configured to defer the installation will delay until the installation is mandatory Usage ▪ Target groups should provide feedback to Corporate IT ▪ Microsoft will release updated media periodically
Overview Branches Operate Integrate Plan ▪ There will be a specific media for Long-Term Servicing Branch Overview ▪ First Long-Term Servicing Branch aligns with the release of Windows 10 build 1507 (RTM) ▪ Second Long-Term Servicing Branch follows the release of Windows 10 build 1607 ▪ Approx. 3-6 month notification prior to releasing a Long-Term Servicing Branch
Requirements ▪ Only for Windows 10 Enterprise Edition ▪ Requires Enterprise and Software Assurance Agreements
▪ Release cadence is longer than Current Branch for Business ▪ Innovation delivered only at next Long-Term Servicing Branch release Benefits ▪ In place upgrade from one Long-Term Servicing Branch to another ▪ Ability to skip one Long-Term Servicing Branch release
New systems ▪ Create a reference system image using the Long-Term Servicing Branch media ▪ Re-install the device Existing systems ▪ In-place upgrade from supported operating systems ▪ Possible to skip 1 Long-Term Servicing Branch upgrade i.e. install alternate Long-Term Servicing Branch upgrades ▪ Deployed using WSUS or from updated media
Overview Branches Operate Integrate Plan Branch Branch Branch Branch Branch RTM Update Update Update Update Update
Cumulative Cumulative LTSBn LTSBn 5 years mainstream 5 years extended support support
LTSB2 LTSB2 5 years mainstream support 5 years extended support
▪ Mission critical systems may remain on an Long-Term Servicing Branch LTSB1 LTSB1 installation for the life of the specific Long-Term Servicing Branch 5 years mainstream support 5 years extended support ▪ Each Long-Term Servicing Branch has: ▪ 5 years of mainstream support AND ▪ 5 years of extended support ▪ After 10 years, the specific Long-Term Servicing Branch is no longer supported by Microsoft ▪ In-Place upgrade supported from one Long-Term Servicing Branch to the next ▪ Monthly security updates are available for the life of the specific Long-Term Servicing Branch ▪ Limited support for future chip sets
Overview Branches Operate Integrate Plan Operating with Windows How it works Deferring feature updates as a Service
Application compatibility impact Moving branches
Overview
Applies to
How? OMA-URI for the CSP: ./Vendor/MSFT/Update/DeferUpgrade ▪ Centrally managed for domain-joined systems with WSUS or System Center Configuration Manager
Evaluate Pilot Deploy/Use Grace
Overview Branches Operate Integrate Plan Overview
System Image Creation
. Quality-based release Considerations
Inject Obtain Update Branch monthly “Image Deploy New NEW FULL Image Update updates into Factory” Image CBB Media Store WIM
Overview Branches Operate Integrate Plan Going to Starting From
Insider Preview CB/CBB LTSB
In-Place Upgrade In-Place Upgrade Not Supported Insider Preview as new builds are released to the final CB/CBB release Need to wipe & reload
In-Place Upgrade In-Place Upgrade Not Supported CB/CBB after signing up to next CB/CBB release Need to wipe & reload
Not Available In-place Upgrade In-place Upgrade LTSB for LTSB installs to later CB/CBB release to later LTSB release (wait for release)
Wipe and Load – Windows 10 deployment and solution to migrate data/settings
Overview Branches Operate Integrate Plan Integrating Windows as a Service into the Enterprise Adoption Managing WaaS
Implementing WIP Builds Current Branch
TooReduced much time time, and money cost, and effort to reach increaseddeploy decision confidence, greater agility
Overview Branches Operate Integrate Plan Lab Systems IT Pro IT Pro IT Pro IT Dev Limited Corporate Broad Corporate IT Dev IT Dev Early Adopters Systems Systems Primary PC 2nd PC Change Agents
Windows Current Current Branch Current Branch Current Branch 100% Insider Branch for Business for Business for Business Preview Ring 0 Ring 1 Ring 2 Branch 4 Months 12 Months (minimum) (minimum) 16 month deployment (minimum) Overview Branches Operate Integrate Plan Branch Ring Onboarding Opt Out Deferral % of devices WIP N/A MSA User N/A <1 CB A Domain Join Admin Move to CBB 4 B MDM Enrollment 5 CBB 0 E.g. 2 months 45 1 E.g. 6 months 30 2 E.g. 10 months 15
100
80
60
40
20
0 1 2 3 4 5 6
Series1
Overview Branches Operate Integrate Plan Method Branch Content Content Source Configuration Method Cloud ▪ Current Branch ▪ Quality ▪ Windows Update ▪ Group Policy, MDM or User (Windows ▪ Current Branch for Updates Update for Business ▪ Feature Business) Updates* On-Premises ▪ Current Branch ▪ Quality ▪ Windows Server ▪ Group Policy ▪ Current Branch for Updates Update Services ▪ WSUS Console Business ▪ Feature (WSUS)** ▪ Long Term Updates Servicing Branch ▪ Task Sequence ▪ Microsoft Deployment Toolkit ▪ File Share ▪ System Center 2012 Configuration ▪ Distribution Manager SP2 & above*** Point
▪ Software Update ▪ System Center Configuration Point Manager***
Overview Branches Operate Integrate Plan Provides more administrative options to configure the device before and after the in-place upgrade process ▪ Apps ▪ Drivers ▪ Settings Preview Branch
Familiar process
Quality-based release Develop Current Branch for Current Branch Business Ring 2
Measurable progress Production Test
Clear signoff requirement
User Acceptance Pre-Production Testing Inherently open to future innovation Current Branch for Current Branch for Business Ring 1 Business Ring 0
Overview Branches Operate Integrate Plan Planning Windows as a Service Overview
Modern service management for Windows 10 Windows as a Service
Mobility Mobile Systems App Mgmt Virtual Windows Security as as a Data As A Mgmt as a / Compat Desktop Deployment A Service Service Service Service Testing Services
Overview Branches Operate Integrate Plan Windows as a Service ▪ Governance and Management of Windows 10 “Service” ▪ Planning and Communication of Updates ▪ Update Management ▪ Manage and Respond to Requests and Approvals ▪ Inventory Management
Mobility Mobile Systems App Mgmt Virtual Windows Security as as a Data As A Mgmt as a / Compat Desktop Deployment A Service Service Service Service Testing Services
• Deployment • Windows and • Cloud based • Management of • Efficiently • Security controls • Provision and services for in- Non-Windows Storage Configuration, streamlining and Management of place upgrades mobility • Provisioning and Deployment and application requirements Virtual Desktop from Windows 7 • Mobility Management of Monitoring Tools rationalization, • Creating an environment forward as well Management One Drive for • Health and testing and available and • Application as bare metal Services across Business or other compliance compatibility efficient client Virtualization Operating heterogeneous Mobile Storage monitoring mitigation. experience, Services System environments services to be • Integration to • Application maximizing Deployment • Device Inventory Service Desk and Management security Portal Services
Overview Branches Operate Integrate Plan Next Steps