Windows 10 for Enterprise: Deployment Achieve More and Transform Your Business with the Most Secure Windows Ever

Windows 10 for Enterprise: Deployment Achieve more and transform your business with the most secure Windows ever.

Safer and More productive More personal Powerful, more secure modern devices Unmatched flexibility and control, depending on needs

Windows Insider Preview Branch Current Branch Current Branch for Business Long Term Servicing Branch

Specific feature and performance feedback Deploy to appropriate audiences Application compatibility Test and prepare for broad validation deployment Information workers Specialized systems General population

Early adopters, initial pilots, Deploy for mission critical systems IT devices Benefits from new features Test machines, small pilots No need for frequent new Begins broad deployment features (or any sort of change) Too expensive for

general population NUMBER OF DEVICES OF NUMBER

STAGE Release Agenda

Application Compatibility Windows Deployment Methods Windows as a Service Additional Resources

Compatibility in Windows 10

• Compatibility of Windows 7, Windows 8 and Windows 10 desktop apps is a top Microsoft goal. • Most existing Win32 and Win64 applications run reliably on Windows 10 without any changes. • Strong compatibility and support for Web apps and devices.

Desktop apps Modern apps Web sites Hardware Overview

Challenges

Overview Approach Prepare Win32 / UWP Applications Web Applications

Discover What applications does my company rely on? What web applications does my company rely on?

Rationalize What should I test What should I test

Prioritize When and how should I test When and how should I test

Test Validate application Validate web application

Remediate Determine remediation approach Determine site/ browser configuration required for remediation

Deploy Deploy application in production Deploy site or browser configuration in production

Overview Approach Prepare Win32 / UWP Applications Web Applications

System Center WMI Microsoft Assessment & Planning Toolkit Discover Enterprise Site Discovery Configuration Manager Query 3rd Party Tools

Rationalize Upgrade Analytics Prioritize

User and/or Administrator Test Windows 10 Setup Compatibility Scan Service Provider 3rd Party Tools IE 11 F12 Developer Enterprise Tools Dedicated Resource Mode Remediate Application Compatibility Toolkit 3rd Party Tools ISV

Group Enterprise See Windows 10 Deployment Workshop Deploy Policy Site List

Overview Approach Prepare Discover

Test

Remediate

Overview Approach Prepare Prepare Your Resolve Issues Deploy 1 Environment 2 3

▪ Upgrade overview ▪ Review applications with ▪ Deploy Windows to those known issues devices that have had ▪ Run a pilot compatibility issues resolved ▪ Review applications with no ▪ Prioritize your applications known issues ▪ Review Drivers with known issues

Overview Approach Prepare Microsoft cloud service that allows enterprise IT to quickly identify and focus on the critical issues impeding upgrades; provides data driven tools to plan and manage the upgrade process end to end

▪ Leverages Windows telemetry for rapid data collection Discover & Rationalize ▪ Applications, usage, device and device driver inventory ▪ Data-driven rationalization based on install base and usage

▪ Integration with Microsoft compatibility data to determine compatibility Resolve Issues & ▪ As Microsoft publishes compatibility information based on investigations and ISV information, Assess Apps Upgrade Analytics has access to the data ▪ Issue resolution guidance where available

▪ Identify computers eligible for deployment Deploy ▪ Report on overall deployment progress

Overview Approach Prepare ▪ Azure Operations Management Suite (OMS) provides a reporting interface Cloud ▪ OMS account may be created using a Microsoft Account or Azure Active Directory account Service ▪ OMS dynamically generates a COMMERCIAL ID that is unique to your organization ▪ Data sent to Microsoft will be tagged with the commercial ID to present only your information in OMS

▪ Reg key configuration to send data to Microsoft for analysis ▪ Proxy/firewall configuration may be required to allow data to flow to Microsoft Client Configuration ▪ Microsoft Privacy Statement - https://privacy.microsoft.com/en-us/privacystatement ▪ Management/GPO may be used to configure CEIP and set commercial ID on participating systems ▪ Install client compatibility analysis tools/KBs and restart

Operating System Required KB Windows 7 RTM KB2977759 Required KBs Windows 7 SP1 KB2952664 Windows 8 RTM KB2976978 Windows 8.1 KB2976978

Overview Approach Prepare

1 Network 2 OMS Setup 3 Solution Config 4 System Config

▪ Device telemetry must be ▪ Signup at: ▪ From the Solutions Gallery, ▪ MDM/GPO may be used to able to leave the system aka.ms/omsregister add the Upgrade Analytics configure Windows client and the network solution to the workspace systems that will participate in ▪ Data is transmitted to ▪ Microsoft Account or ▪ In Settings, select Connected telemetry Microsoft servers Azure AD Credentials Sources. Find the Windows ▪ Applies the Commercial ID Key ▪ Telemetry is sent as Local may be used Telemetry panel to the registry System – ensure that ▪ If required, create your ▪ Generate a Commercial ID ▪ Data sent by the system proxy servers allow this own workspace Key. This is the key that is contains the commercial ID to method of internet used to identify all data from allow your data to be accessible access your organization by the Upgrade Analytics Solution

Overview Approach Prepare Discover Test Remediate Deploy

▪ Select target groups / ▪ Use Setup compat ▪ Determine ▪ Deploy Windows 10 users scan on Windows remediation with confidence 7/8.1 device with approach for each ▪ Collect information managed/supported application ▪ Develop a strategy to ahead of project applications installed maintain application ▪ Favor long term fixes compatibility with ▪ Determine managed ▪ Select pilot groups / over band-aid Windows as a Service and supported users based on solutions applications discovery information ▪ Track and document ▪ Use Upgrade ▪ Select virtual or environment changes Analytics to obtain physical test platform to support information application ▪ Involve service desk representatives

Overview Approach Prepare Application Readiness Resources

Windows Ready For Windows Desktop Bridge WaaS Servicing Cookbook Upgrade Analytics

Join the Windows Leverage the identify critical issues Look for a list of Use the Desktop Bridge or Adopt the new Insiders Program Application impeding upgrades; compatible apps in build UWP to bring your existing desktop apps to Windows Servicing community to help Compatibility data insights to plan Microsoft’s global model for app shape the future of the Universal Windows Cookbook for and manage the Ready for Windows development and Windows, get early Platform releases and more. guidance in verifying upgrade process end Directory available for testing of internally compatibility of to end IT decision makers developed custom existing and planned around the world. apps. apps. for Windows 10.

Download Desktop Download a preview build of Download the Application Sign up for Windows Submit your compatible Application Converter to make Implement new practices in the latest Windows SDK and Compatibility Cookbook for Upgrade Analytics and begin application to the Ready for your applications available in your organization and adopt Emulator to explore what's Windows 10. evaluating your environment. Windows Directory. the Windows Store. best practices to optimize new in building apps. for app development and Windows. management costs.

Applications Browser 12 January 2016 January 12

Overview Approach Prepare Overview

Overview Approach Prepare Discover

Remediate

Deploy

Overview Approach Prepare ▪ Provides IT Pros with clearer picture about how IE is being used in their deployment based on actual Overview user data. ▪ Works with Internet Explorer 8, 9, 10 and 11

▪ Understand what web applications are being used and what websites are being accessed Purpose ▪ Determine the add-ons required for each web application and website

▪ Works with Internet Explorer 8, 9, 10 and 11 on Windows 7 or Windows 8.1 Requirements ▪ Installed via PowerShell

▪ Managed by PowerShell or Group Policy SiteScoping

Overview Approach Prepare ▪ Enterprise Mode is a compatibility mode in Internet Explorer 11 that can emulate Internet Explorer 7, Internet Explorer 8, and other Internet Explorer document modes. Overview ▪ Enterprise Mode is designed to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. ▪ In Windows 10, Enterprise Mode Site List can be set to open sites in Internet Explorer 11 if attempted to be viewed in Microsoft Edge, allowing the modern browser to be left as the default choice.

▪ Windows 10 Requirements ▪ Windows 8.1 ▪ Windows 7 Service Pack 1

▪ Improved web app and website compatibility ▪ Tool-based management for website lists Features ▪ Centralized control ▪ Integrated browsing ▪ Data gathering ▪ Supported until Jan 14 2020

Overview Approach Prepare ▪ Microsoft Edge and Internet Explorer 11 are designed to operate in conjunction to give the best experience Overview for web browsing in Windows 10. ▪ Administrators can define interoperability between browsers for managed devices

Option User Experience Administrative Effort ▪ All websites open in Microsoft ▪ Users needs to manually open ▪ Nil – default configuration Edge (Default) Internet Explorer 11 if a site fails to ▪ Critical intranet sites to be tested on operate correctly. Microsoft Edge to confirm operability

▪ Websites open in Microsoft Edge ▪ No user interaction required to ▪ Moderate - List creation and unless Internet Explorer 11 is switch to Internet Explorer 11 for management overhead defined by an administrator sites with known issues ▪ Users can provide feedback using (Recommended) . ▪ Interstitial page will be removed by Enterprise Site Discovery tool to default in Windows 10 1607 reduce administrative effort ▪ All websites open in Internet ▪ Single browser for all sites ▪ Low – Setting implemented via Explorer 11. (Not Recommended) ▪ Sites may not display correctly Group Policy

Overview Approach Prepare Discover Test Remediate Deploy

▪ Use the Enterprise ▪ Use IE11 on Windows ▪ Determine ▪ Deploy IE 11 with Site Discovery Toolkit 7 / 8.1 / to test critical compatibility for each confidence to on IE8/9/10 (11 if LoB web applications web application using Windows 7/8.1 needed) assessment ▪ Select pilot groups / information / F12 ▪ Deploy Windows 10 ▪ Select target groups / users Developer tool with confidence users ▪ Test using Enterprise ▪ Create & configure ▪ Develop a strategy to ▪ Collect information Mode Enterprise Mode site move web monthly lists applications away ▪ Confirm add-on ▪ Modify websites from Enterprise Mode ▪ Determine critical LoB compatibility where required reliance applications

Overview Approach Prepare

Overview

Choices Tools

Recommendations Deployment Choices

Wipe-and-Load In-Place Provisioning Traditional process Let Windows do the work Configure new devices • Capture data and settings • Preserve all data, settings, • Transform into an Enterprise • Deploy (custom) OS image apps, drivers device • Inject drivers • Install (standard) OS image • Remove extra items, add • Install apps • Restore everything organizational apps and config • Restore data and settings

Still an option for all scenarios Recommended for existing New capability for new devices devices (Windows 7/8/8.1) Windows 10 Wipe & Load / Device Refresh

In-Place Upgrade Windows 10 Device Guard

Windows Hello

WIP Windows 7 Credential Guard Credential Guard

UI UWP UI UWP Edge Cortana Edge Cortana Store Performance Store Performance

Overview Image Wipe & load In-place upgrade Refresh Replace Upgrade ▪ Assessing systems requires time Pre-Reqs ▪ Extent of assessment depends on approach ▪ Upgrade required infrastructure to support Windows 10 ▪ Image must be designed ▪ Image must be designed ▪ No image or data migration solution ▪ Finalized when compat information is ▪ Finalized when compat information is required Engineer known known ▪ Remote data migration solution ▪ Image is typically larger than Microsoft ▪ Image is typically larger than ▪ Smallest media is from Microsoft Deploy media Microsoft media

▪ All app installers must be compatible ▪ All app installers must be compatible ▪ Only apps determined to require re- Post- with Windows 10 for re-install with Windows 10 for re-install installation must have compatible ▪ User data must be restored from installers Install remote repository ▪ Compatible/non-blocking apps are migrated ▪ No rollback ▪ Revert to old machine ▪ Built-in rollback for ~ 1 month Rollback ▪ Re-deploy old OS and re-configure ▪ Data on old system becomes ▪ Data on old system becomes system increasing stale increasing stale Duration ▪ Fast ▪ Slow ▪ Faster

Overview Image Wipe & load In-place upgrade New Device

Existing Device

▪ BIOS  UEFI ▪ Architecture (x86  x64) ▪ Bulk app change ▪ Disk partitioning ▪ Base OS language ▪ WinPE Offline Operation ▪ Domain ▪ 3rd party disk ▪ Local Administrators encryption* ▪ Configuration drift ▪ Moving from XP or Vista ▪ Custom base image

Overview Image Wipe & load In-place upgrade Overview

Microsoft System Center 2012 System Center Capability Deployment Toolkit Configuration Manager Configuration Manager (R2 SP1, SP2) (Current Branch 1606) Windows 10 Version Support 1507, 1511, 1607 1507, 1511 1507, 1511, 1607 Deploy UEFI/BIOS Platforms X X X Deploy applications during Task X X X Sequence Supports Image Creation X X X Lite Touch Deployment X X X Zero Touch Deployment X X Manage a wide range of platforms X X Increased Scalability (PXE, etc.) X X Offline Image Servicing X X Deploy Windows-to-Go X X In-Place Upgrade Task Sequence Servicing

Overview Image Wipe & load In-place upgrade Image

Architecture Edition

Strategy Branding Security Advantages Disadvantages

64-bit Operating System (Recommended)

32-bit Operating System

Overview Image Wipe & load In-place upgrade Image Strategy Thin Image Hybrid Image Thick Image Windows Updates X X X Windows Features X X X Common Frameworks X X X Common Productivity Apps X X LOB used by Every Employee X X Frequently Updated Frameworks X LOB Applications X

Considerations

Overview Image Wipe & load In-place upgrade ▪ Group Policy Objects are commonly used to manage connected machines in a Active Directory Domain Services environment Overview ▪ A similar object called a Local Group Policy object can be used to “stamp” the image with settings

Local Group Policy Objects should be used in the following scenarios: Use Cases ▪ When a machine does not join an active directory domain ▪ When security settings are required by the business to be implemented ahead of a domain join

The settings that are configured in Local Policy Objects will need to be countermanded in Group Disadvantages Policy should they need to be supersede. This can cause a complicated Administrative scenario, leading to unnecessary GPO’s, and the possibility for misconfigured systems

Apply policies using group policy (where possible) to reduce the number of changes required Recommendation to the core image

Overview Image Wipe & load In-place upgrade Wipe & Load

User State Overview Methods Migration

Platform Driver Configuration Management Recommendations ▪ Familiar with enterprises ▪ Out of the box support with Windows 7, Windows 8, and Windows 8.1 Minimal changes to ▪ Customized approach required to move from Windows XP/Vista to Windows 10 existing process ▪ Use System Center Configuration Manager or MDT for managing the process – requires update ▪ Administrator to configure preservation of existing apps, settings, and drivers

Wipe & Load (Refresh) Process

Capture Remove Install Restore Start Install Windows 7 data and existing new OS data and Finish Windows 8 apps Windows 10 Windows 8.1 settings OS image settings

Overview Image Wipe & load In-place upgrade Deployment Tools Advantages Scenarios

Offline Deployment

Lite touch Toolkit Deployment

(LTI) Microsoft Deployment

Zero Touch Deployment

(ZTI) System Center Configuration Center Configuration Manager System

Overview Image Wipe & load In-place upgrade Overview

Supported Versions

Windows Vista Windows 7 Windows 8 Windows 8.1 Windows 10 Windows Vista 4.0 4.0, 5.0 5.0 Windows 7 4.0, 5.0, 6.3 5.0, 6.3 6.3 Supported Windows 8 5.0, 6.3 6.3 Supported Windows 8.1 6.3 Supported Windows 10 Supported Supported

Overview Image Wipe & load In-place upgrade Device Examples

▪ Flexible Deployment Media Support BIOS ▪ All legacy deployment methods still apply ▪ Maintain a single boot image

▪ Allows firmware to implement security policy Firmware ▪ Secure boot UEFI (Recommended) ▪ Faster boot times ▪ Latest UEFI Version required for compliance with Windows 10 Baseline and some features

Moving between UEFI and BIOS configurations is not currently supported through refresh Consideration scenario. The only supported way to move from UEFI to BIOS is through a BARE METAL (new device) deployment scenario, using PXE to boot into the device.

Overview Image Wipe & load In-place upgrade Option Benefits Limitations

Overview Image Wipe & load In-place upgrade Configuration Drift / Fundamental Change Custom Requirements Change

▪ Domain membership ▪ Moving from Windows ▪ WinPE offline operation ▪ Local Administrators XP or Windows Vista ▪ Custom base image ▪ Bulk application swap ▪ Disk partitioning ▪ 3rd party disk encryption ▪ BIOS -> UEFI ▪ x86 -> x64 ▪ Base OS language

Overview Image Wipe & load In-place upgrade In-Place Upgrade Overview Upgrade Process

Upgrade vs Recovery & Refresh Troubleshooting Prepare ▪ Supported with Windows 7, Windows 8, and Windows 8.1 ▪ Supported to upgrade Windows 10 1507 to 1511 and beyond ▪ Consumers use Windows Update, but enterprises want more control Preferred Option for Enterprises ▪ Use System Center Configuration Manager or MDT for managing the process ▪ Uses the standard Windows 10 image ▪ Automatically preserves existing apps, settings, and drivers ▪ Proven process - popular for Windows 8 to Windows 8.1 upgrade

Start Capture Remove Install Restore In-Place Upgrade Windows 7 data and existing new OS data and Finish Process Windows 8 Windows 10 Windows 8.1 settings OS image settings

Overview Image Wipe & load In-place upgrade The Four Primary Phases

1 Down-level 2 Windows PE 3 1st boot to new OS 4 2nd boot to new OS

Running Windows 7, 8, Minimalist OS Binding the new yoke Finalize Upgrade 8.1, 10 Both new & old are offline Specialize to the machine Welcome the user back Check the system Backup down-level OS Install drivers OOBE (skip if Win10 to another) Inventory Applications Lay down new OS Migrate Apps Inventory Drivers Prepare new OS More Migration Assess compatibility Inject drivers Prepare WinRE Some Migration

Ready Set Go Welcome to Windows

Overview Image Wipe & load In-place upgrade ▪ Preserve applications, drivers, user data and settings - Reduce upfront testing and deployment preparation ▪ Compared to refresh, upgrade is… ▪ Faster – 30 to 60 minutes, on average, to upgrade Why Upgrade? ▪ Smaller – file size is just the default OS media, no applications ▪ More robust – “bulletproof” rollback on failure to functional down level system ▪ Zero ADK dependencies ▪ Use it to supplement existing deployment scenarios - Refresh, replace, and bare metal

▪ Compatibility with 3rd Party Disk Encryption tools (BitLocker supported) – Improved support for 3rd Party Disk Encryption with Windows 10 1607 Considerations ▪ Upgrade process can be tested with pre-validation checks ▪ Trial run can be performed with Windows 10 Media using “/Compat ScanOnly” switch

Overview Image Wipe & load In-place upgrade Perform a Pre- Disk Encryption Plan for Content Plan Pilot Approach Validation Check Compatibility Distribution

Use Windows 10 media Check disk encryption Define success criteria Windows 10 Upgrade to assess system technology support (if ▪ Critical LoB and Web package size readiness required) apps tested approximately 3.8Gb ▪ User Experience Understand 3rd party ISV ▪ Group Policy / Plan for content delivery plans to support In- management to large, medium and Place Upgrade approach configuration branch sites updates required Work with Microsoft to Utilize content caching address blockers technologies where required

Overview Image Wipe & load In-place upgrade Provisioning Provisioning Overview Take off-the-shelf hardware Device is ready for use

Transform with little or no user interaction Provisioning Approach

Flexible Methods

Transform a Device

Remove Enable Add Add Start Enterprise corporate Finish Provisioning Provisioning Windows 10 existing corporate Windows 10 Package Process items SKU apps config

Overview

Why Windows as a Service (WaaS)? Introducing WaaS Overview Branches Operate Integrate Plan Customer Complexity & Cost ▪ Individual servicing patches ▪ Expensive deployment & auditing Ecosystem ▪ Platform fragmentation ▪ Inconsistent approach to patching Reduced Quality ▪ Not running what Microsoft tested ▪ No consistency in the ecosystem

Overview Branches Operate Integrate Plan What customers What Microsoft are running is testing

Typical Windows 7 PC: Windows 7 Test Lab PC: Selectively Patched Fully Patched

Overview Branches Operate Integrate Plan ▪ Monthly update release ▪ Selective deployment ▪ Accepted short-term (“Patch Tuesday”) of updates risk increase ▪ Innovation delivered at ▪ Selectivity justified by ▪ Insidious long-term risk Service Pack AppCompat, ▪ App portfolio ages ▪ Long service pack bandwidth, others ▪ Out-dated system release cycle ▪ App remediation baselines ▪ Long vNext cycle typically “shelved” and ▪ Costly to operate non- updates never applied homogenous estate ▪ Hidden remediation cost - “remediate” before an upgrade

Overview Branches Operate Integrate Plan Consumer devices Business users Specialized systems

Up to date with feature Faster access to new Enterprise class support and security updates as technology with time for your mission critical they arrive to test and deploy in a systems keeping you business environment in control

Overview Branches Operate Integrate Plan Quality Updates Feature Updates

Overview Branches Operate Integrate Plan Windows Insider Branches Preview Overview Branch

Current Branch for Current Branch Business

Long-Term Servicing Branch Broad Microsoft Engineering Microsoft Insider Preview Current Branch Current Branch for Business builds internal Branch validation

Users 10’s of Customer Internal Ring Customer thousands I Internal Ring Customer Several Million II Internal Ring Customer III Internal Ring Hundreds IV of millions

*Conceptual illustration only

Overview Branches Operate Integrate Plan Overview Pre-release Windows 10 builds and features

▪ Deployment is managed by Microsoft through Windows Update ▪ Offers Slow or Fast adoption cadence: ▪ Fast ▪ Slow Requirements ▪ Release Preview ▪ Available only through the Windows Insider Program. ▪ Individuals should use a Microsoft Account to enroll in the program ▪ Updated Preview ISOs will be released to coincide with the Slow release

▪ Early access to new releases ▪ Preview developer tools for applications ▪ Evaluate new features as they are being developed Benefits ▪ Incubate the future of Windows in your organization ▪ Help shape the future of Windows, participating in the Windows Insider community

▪ Non-Production (lab) environment ▪ Second Device ▪ Technically adept users Recommended ▪ Test new features Usage ▪ Performance testing ▪ Developer enhancements ▪ Developer tool enhancements ▪ Forward planning Overview Branches Operate Integrate Plan ▪ Public release of new features ▪ Release cadence is slower than the Preview Branch Overview ▪ Validation by millions of Windows Insider Program users prior to release ▪ Feature set is considered ready by Microsoft for broad adoption

▪ Existing Windows 10 systems on the Current Branch Requirements ▪ In-place upgrade supported for down-level Windows Operating Systems ▪ Release performs an upgrade of the existing Windows 10 installation

▪ Latest innovation for Windows coming as feature updates Benefits ▪ Release cadence is expected to be 2 times per year ▪ Monthly updates will be released as cumulative packages

Recommended Usage

Overview Branches Operate Integrate Plan U U U

Cadence

Tools

Considerations

Overview Branches Operate Integrate Plan ▪ Deferred Current Branch Overview ▪ Current Branch is validated by millions of users prior to update release ▪ Validation by selected business systems in your organization

▪ Deferred Current Branch installation Requirements ▪ Deployment is managed by WU, WUB, WSUS, MDM or Configuration Manager ▪ WSUS or Configuration Manager updated to support feature update deployment

▪ Ready for broad corporate adoption Benefits ▪ Businesses are able to stay up to date but at a slower pace to allow for internal validation ▪ Ability to stage internal deployment

▪ Configure systems to defer feature upgrades Recommended ▪ Systems configured to defer the installation will delay until the installation is mandatory Usage ▪ Target groups should provide feedback to Corporate IT ▪ Microsoft will release updated media periodically

Overview Branches Operate Integrate Plan ▪ There will be a specific media for Long-Term Servicing Branch Overview ▪ First Long-Term Servicing Branch aligns with the release of Windows 10 build 1507 (RTM) ▪ Second Long-Term Servicing Branch follows the release of Windows 10 build 1607 ▪ Approx. 3-6 month notification prior to releasing a Long-Term Servicing Branch

Requirements ▪ Only for Windows 10 Enterprise Edition ▪ Requires Enterprise and Software Assurance Agreements

▪ Release cadence is longer than Current Branch for Business ▪ Innovation delivered only at next Long-Term Servicing Branch release Benefits ▪ In place upgrade from one Long-Term Servicing Branch to another ▪ Ability to skip one Long-Term Servicing Branch release

New systems ▪ Create a reference system image using the Long-Term Servicing Branch media ▪ Re-install the device Existing systems ▪ In-place upgrade from supported operating systems ▪ Possible to skip 1 Long-Term Servicing Branch upgrade i.e. install alternate Long-Term Servicing Branch upgrades ▪ Deployed using WSUS or from updated media

Overview Branches Operate Integrate Plan Branch Branch Branch Branch Branch RTM Update Update Update Update Update

Cumulative Cumulative LTSBn LTSBn 5 years mainstream 5 years extended support support

LTSB2 LTSB2 5 years mainstream support 5 years extended support

▪ Mission critical systems may remain on an Long-Term Servicing Branch LTSB1 LTSB1 installation for the life of the specific Long-Term Servicing Branch 5 years mainstream support 5 years extended support ▪ Each Long-Term Servicing Branch has: ▪ 5 years of mainstream support AND ▪ 5 years of extended support ▪ After 10 years, the specific Long-Term Servicing Branch is no longer supported by Microsoft ▪ In-Place upgrade supported from one Long-Term Servicing Branch to the next ▪ Monthly security updates are available for the life of the specific Long-Term Servicing Branch ▪ Limited support for future chip sets

Overview Branches Operate Integrate Plan Operating with Windows How it works Deferring feature updates as a Service

Application compatibility impact Moving branches

Overview

Applies to

How? OMA-URI for the CSP: ./Vendor/MSFT/Update/DeferUpgrade ▪ Centrally managed for domain-joined systems with WSUS or System Center Configuration Manager

Evaluate Pilot Deploy/Use Grace

Overview Branches Operate Integrate Plan Overview

System Image Creation

. Quality-based release Considerations

Inject Obtain Update Branch monthly “Image Deploy New NEW FULL Image Update updates into Factory” Image CBB Media Store WIM

Overview Branches Operate Integrate Plan Going to Starting From

Insider Preview CB/CBB LTSB

In-Place Upgrade In-Place Upgrade Not Supported Insider Preview as new builds are released to the final CB/CBB release Need to wipe & reload

In-Place Upgrade In-Place Upgrade Not Supported CB/CBB after signing up to next CB/CBB release Need to wipe & reload

Not Available In-place Upgrade In-place Upgrade LTSB for LTSB installs to later CB/CBB release to later LTSB release (wait for release)

Wipe and Load – Windows 10 deployment and solution to migrate data/settings

Overview Branches Operate Integrate Plan Integrating Windows as a Service into the Enterprise Adoption Managing WaaS

Implementing WIP Builds Current Branch

TooReduced much time time, and money cost, and effort to reach increaseddeploy decision confidence, greater agility

Overview Branches Operate Integrate Plan Lab Systems IT Pro IT Pro IT Pro IT Dev Limited Corporate Broad Corporate IT Dev IT Dev Early Adopters Systems Systems Primary PC 2nd PC Change Agents

Windows Current Current Branch Current Branch Current Branch 100% Insider Branch for Business for Business for Business Preview Ring 0 Ring 1 Ring 2 Branch 4 Months 12 Months (minimum) (minimum) 16 month deployment (minimum) Overview Branches Operate Integrate Plan Branch Ring Onboarding Opt Out Deferral % of devices WIP N/A MSA User N/A <1 CB A Domain Join Admin Move to CBB 4 B MDM Enrollment 5 CBB 0 E.g. 2 months 45 1 E.g. 6 months 30 2 E.g. 10 months 15

100

0 1 2 3 4 5 6

Series1

Overview Branches Operate Integrate Plan Method Branch Content Content Source Configuration Method Cloud ▪ Current Branch ▪ Quality ▪ Windows Update ▪ Group Policy, MDM or User (Windows ▪ Current Branch for Updates Update for Business ▪ Feature Business) Updates* On-Premises ▪ Current Branch ▪ Quality ▪ Windows Server ▪ Group Policy ▪ Current Branch for Updates Update Services ▪ WSUS Console Business ▪ Feature (WSUS)** ▪ Long Term Updates Servicing Branch ▪ Task Sequence ▪ Microsoft Deployment Toolkit ▪ File Share ▪ System Center 2012 Configuration ▪ Distribution Manager SP2 & above*** Point

▪ Software Update ▪ System Center Configuration Point Manager***

Overview Branches Operate Integrate Plan Provides more administrative options to configure the device before and after the in-place upgrade process ▪ Apps ▪ Drivers ▪ Settings Preview Branch

Familiar process

Quality-based release Develop Current Branch for Current Branch Business Ring 2

Measurable progress Production Test

Clear signoff requirement

User Acceptance Pre-Production Testing Inherently open to future innovation Current Branch for Current Branch for Business Ring 1 Business Ring 0

Overview Branches Operate Integrate Plan Planning Windows as a Service Overview

Modern service management for Windows 10 Windows as a Service

Mobility Mobile Systems App Mgmt Virtual Windows Security as as a Data As A Mgmt as a / Compat Desktop Deployment A Service Service Service Service Testing Services

Overview Branches Operate Integrate Plan Windows as a Service ▪ Governance and Management of Windows 10 “Service” ▪ Planning and Communication of Updates ▪ Update Management ▪ Manage and Respond to Requests and Approvals ▪ Inventory Management

Mobility Mobile Systems App Mgmt Virtual Windows Security as as a Data As A Mgmt as a / Compat Desktop Deployment A Service Service Service Service Testing Services

• Deployment • Windows and • Cloud based • Management of • Efficiently • Security controls • Provision and services for in- Non-Windows Storage Configuration, streamlining and Management of place upgrades mobility • Provisioning and Deployment and application requirements Virtual Desktop from Windows 7 • Mobility Management of Monitoring Tools rationalization, • Creating an environment forward as well Management One Drive for • Health and testing and available and • Application as bare metal Services across Business or other compliance compatibility efficient client Virtualization Operating heterogeneous Mobile Storage monitoring mitigation. experience, Services System environments services to be • Integration to • Application maximizing Deployment • Device Inventory Service Desk and Management security Portal Services

Overview Branches Operate Integrate Plan Next Steps