Selling Windows 10 Enterprise Value Pitch Deck
+110 MILLION +12 MILLION
“FOR WINDOWS 10, MICROSOFT WENT “THE BOTTOM LINE? MICROSOFT IS “WINDOWS AS A SERVICE MAKES ALL-OUT TO TURN AROUND GOING TO BEND OVER BACKWARDS TO WINDOWS 10 THE MOST ATTRACTIVE PERCEPTIONS AMONG CORPORATE MAKE THE BUSINESS TRANSITION TO DEVELOPMENT PLATFORM EVER.” CUSTOMERS…” WINDOWS 10 AS EASY AS POSSIBLE.” PA U L T H U R R O T T S H I R A O V I D E M A R K H A R T M A N T H U R R O T T. C O M W S J P C W O R L D
“Windows 10 on Surface 3 provides the security and managementI we need in a highly regulated environment. We made the decision early to use Windows 10 and deploy it immediately. Today, it is the most secure platform from Microsoft and we didn’t see a need to wait.”
- Jim Jensen, VP Information Services Partner Momentum Gartner Advocates for Windows 10 "By 2018, 80% of enterprises will run Windows 10. A year ahead of Windows 7" "Windows 10 is an inevitable migration for organizations running Windows PCs”…poised to become “the most widely installed version of Windows ever” “To a large extent, Windows 10 is a cloud- centric operating system”
Windows 10
Investments for business
Protection against Managed for Be more productive Innovative devices modern security continuous innovation for your business threats
Require
Device security
Identity protection
Data protection
Threat resistance Protection against modern security threats
Replace passwords Protect corporate Only run software Protect sensitive identities you trust corporate data
Biometrics Hardware-based Eliminate Malware on Automatic encryption Hardware-based credential isolation corporate devices Persistent protection multi-factor Data Separation
Windows Hello Credential Guard Trusted Boot Enterprise Data Microsoft Passport Device Guard Protection (coming later)
Shared shhh! secrets
Easily mishandled or lost
(Hint: The user is the problem)
Microsoft Passport and Windows Hello
Easy to deploy two-factor password alternative Breach, theft, and phish resistant credentials Single sign-on experience Convenient enterprise grade security for both enterprises and consumers Supports PIN and biometric sign-in using Windows Hello Hello Chris WINDOWS HELLO Fingerprint Iris Facial
FIDO ALLIANCE
Example Board level members
Credential Guard
Pass the Hash (PtH) attacks are the #1 go-to tool for hackers Used in nearly every major breach and APT type of attack Credential Guard uses VBS to isolate Windows authentication services and derived credentials Fundamentally breaks delivered credential theft using MimiKatz, etc Azure Active Directory
Use Azure AD to sign-into devices and the Windows store, no Microsoft Account needed Azure AD is a comprehensive identity and access management solution for the cloud Supports the use of Microsoft Passport and Windows Hello to access 1000’s of SaS apps
Device Guard
Provides next generation app control and kernel mode protection
Uses signed policies to help prevent users and malware with elevated privilege from changing IT’s app control policies
Protects kernel mode processes and drivers from zero days and vulnerabilities using hardware enforced vulnerability mitigations
BitLocker data protection
Protects data when a device is lost or stolen using full disk encryption Provides single sign on and protection from cold boot attacks Easy to deploy and manageable (via MBAM) at scale Excellent integration, performance, and reliability Submitted for Common Criteria and FIPS 140-2 certification. Will be supported for HIPPA, PCI DSS, etc scenarios Enterprise data protection
Delivers user friendly corporate/personal data separation and containment Ensures only trusted apps can access business data Helps prevent accidental data leakage through copy and paste scenarios Integrates with Microsoft Azure Right Management for secure roaming and sharing Available on mobile and the desktop
Managed for continuous innovation
End “wipe-and- Simplify device Embrace mobile-first, replace” deployment management cloud-first
Eliminate the heavy lifting Move to a single MDM Enterprise-class cloud, and inefficiency platform for all Windows universal app model, and 10 devices store for business
In-place upgrades Mobile Device Azure AD Join Dynamic ProvisioningWINDOWSManagement AS A SERVICEUniversal Apps for Windows App compat Windows Store for Business
Be more productive
Get the best Interact the way Always have what Intelligent experience you want you need assistants
You screen adapts to Every user is a first Access your apps and Get proactive and your device and task class citizen data from any personalized help Windows device from a true assistant
Continuum Mouse and keyboard Universal Windows Apps Cortana Continuum for Touch, Pen and Ink User state roaming with Phone Voice Azure AD Join Innovative devices for your business
Bring innovation to Industry strength Chose devices that Redefine your current PCs solutions are right for you productivity
Windows 10 works Support your Line of Range of innovative Revolutionary new great Windows 7 PCs Business scenarios devices across 2-1s, devices tablets, phones
In place upgrade Windows 10 IoT Surface Pro 4 Surface Hub Hardware Granular UX control Surface Book HoloLens Compatibility Ruggedized devices Lumia 950, 950 XL 3rd party devices
Empower your customers with the Microsoft enterprise cloud
Seamless user access to Reduced deployment Extended protection for Enterprise Data Protection apps and data from any complexity with dynamic your corporate data with and Azure Rights Windows 10 device, with provisioning delivered via Enterprise Data Protection Management enablement in Azure AD Join in Windows Azure AD Join and and Azure Rights Office (coming later); 10 automatic MDM enrollment Management (coming later) Exchange Advance Threat Protection
Windows 10 November update
Æ Ready for business Æ Broad enterprise pilots and evals underway Æ The first major upgrade as we deliver Windows as a Service Æ Evaluate, pilot and start Windows 10 deployment today Windows 10 November update
Enhancements to Enhancements to Windows Store Windows Update MDM support Enhancements to User Experience Azure AD Join Microsoft Passport for Business for Business for BYOD Telemetry Control Enhancements
Seamless, secured, Utilize Microsoft Centrally acquire, Manage deployment to MDM support for GP/ MDM Controls Enhancements to roaming of user settings Passport for manage and distribute internal groups (rings) Windows 10 Home for enabling enterprises Cortana, Edge, across Windows 10 your domain accounts Windows Store apps in your enterprise for most MDM settings. to fully turn Continuum, Support for deices, via your on the in your organization. controlled rollout of telemetry off. Continuum for Phone Azure cloud. corporate network. Current Branch on select Phone devices. Create your own private for Business (AD/AAD Hybrid mode) store with your (CBB) updates. corporate LOB apps and Iris support (Beta) curated free apps. Manage updates to align with your business rhythm (maintenance “no-update” windows).
Windows Update Policy setting example in for Business Windows Update for Business
Keeping devices secure and up-to-date Reducing device management costs Quick access to latest security updates
Capabilities
Time to test Ability to Maintenance and validate feature create internal windows to align updates deployment groups with business rhythm Summer ‘15 Fall ‘15 Fall ‘15
Peer to peer Integration with Access to Current delivery to optimize your existing tools branch and Current for bandwidth like System Center branch for Business
Summer ‘15 Coming later Summer ‘15
Windows Store for Business
Centrally acquire, manage and distribute Windows Store apps in your organization.
Create your own private store with your corporate LOB apps and curated free apps.
Sign-up with your organizational account at http://www.microsoft.com/busi ness-store Enterprise data protection
Currently tested with select enterprise TAP customers
Will become available via Insider Preview soon
Planned release later in 2016
Deployment Approach with Windows as a Service? What to deploy
Ongoing engineering Windows Insider Current Branch Current Branch Long Term Servicing development Preview Branch For Business Branch*
Feedback Specific feature and Deploy to appropriate audiences Stage broad deployment via Deploy for mission critical and asks performance feedback via WUB WU for Business systems via WSUS Application compatibility Test and prepare for broad validation deployment
Lab machines Early adopters Information workers Specialized systems Initial pilots General population Factory floor, point-of-sale, etc. IT devices
When to deploy
Windows Insider Current Branch Current Branch Preview Branch For Business
Specific feature and Deploy to appropriate Stage broad deployment performance feedback audiences via WUB via WU for Business Application compatibility Test and prepare for broad validation deployment
Evaluate Pilot Deploy
4-8 months of active 4 months 8 months development
12 month to test and deploy Evaluate upcoming Pilot features
Get going with Windows 10
Æ Evaluate Windows 10 Æ Join Windows Insider Preview for November Update early access to the upcoming capabilities Æ Start Windows 10 Pilot in your organization Æ Migrate to Internet Browser 11
Æ Talk to your account team Æ Prepare to testing and adopt about Accelerate Program Windows 10 Mobile on phones Appendix
Windows 10 Investments for Business
Enable continuous innovation with Protect your company against modern Deliver experience your users will love, the platform that keeps your Innovative devices for your business security threats make them more productive company up to date
Replace passwords with more secure End “wipe and replace” deployments of Get he best experience no matter what Bring Windows 10 innovation to your options, such as biometrics and the past with in-place upgrades (app screen you’re using by running in existing PC fleet. (hardware compatibly) hardware- based multi factor credentials compatibility). desktop or tablet mode, using typing or (Windows Hello and Microsoft touch inputs, or use your phone like a Bring industry-strength Windows 10 IoT Passport) Simplify device management by moving desktop – so the best screen is always solutions to support your Line of to a single mobile device management the one your are on. (Start Menu, Business scenarios (Granular UX control) platform across all Windows 10 devices, Protect your corporate identity with Continuum, Continuum for Phones) from phones to laptops to Internet-of- Choose devices that are best for your hardware-based credential isolation Things devices; and from personal BYO business and your people, from the (Credential Guard) devices to corporate systems. Windows 10 is familiar, and every user is broad range of innovative Windows a first class citizen –whether using devices across 2-in-1s, tablets, laptops Protect your corporate data, no matter Power your business with the enterprise- mouse and keyboard, touch, pen & ink and phones. (Surface Pro 4, Surface where that data is, with the automatic class strength of the Azure cloud and or voice Book, Lumia 950, 950XL) encryption (Enterprise Data Protection – Universal Windows Apps. (Azure AD coming later) Join, Windows Store for Business, Anywhere, anytime access to users’ apps Redefine productivity with revolutionary Private Catalog) and data from any Windows device new windows devices, such as Surface Eliminate malware on your corporate (Universal Windows Apps, user state Hub and HoloLens. devices by ensuring that only the Move to the platform that keeps your roaming w/Azure AD Join) software you trust can run (Trusted company up to date, so that you can Boot, Device Guard) adopt latest technologies and Proactive and personalized help from continuously innovate. (Windows Cortana, who can integrate with Update for Business, Windows as a company’s LOB systems. service)
Windows 10 November update: MDM support for BYOD Windows 10 has been the easiest Windows upgrade. Our plan was to finish by the end of December, but the ease of upgrade let us complete it in only two months - three months ahead of schedule!
Christopher Rhoda Thomas College Vice President for Information Services and CIO
Surface
Empower your customers with the Microsoft Enterprise EMS Windows 10 Office 365 Cloud
Suite Azure Active Directory – RMS – Intune