(upbeat music)
- Hello, and welcome to Microsoft Mechanics Live!
Coming up, we're gonna go through your options
for Windows deployment; my favorite topic, personally.
If you haven't migrated your desktop in awhile,
we're gonna walk you through
how to shift to the modern desk top with Microsoft 365,
with a focus on your deployment options.
And we're gonna talk about things like what you can do
with your existing processes and tools,
and harness the Cloud
with System Center Configuration Manager;
using co-management with Intune,
and also next-generation provision approaches,
with updates, using not only ConfigMgr,
but also Windows Autopilot,
and how those approaches help you stay current
and up to date with Windows and Office as a service,
as well as new updates there as well.
So today I'm joined by Rob York,
from the System Center Configuration Manager team.
Welcome.
- Thanks Jeremy.
- Give him a big hand. (audience applause)
- Hi, everyone.
- Alright, so today we're talking
about Operated System Deployment.
You're the guy to talk about, I've heard, on all of this.
So a lot of people are,
maybe haven't touched OS Deployment in a while.
They've been, their last major
deployment might have been Windows 7.
What are some of the new options
in terms of OS deployment these days?
- Well, we're reinventing the wheel, the MDT wheel that is,
to help walk through the main task of a desktop deployment.
For a lot of people this will be their existing processes
incorporated into the wheel but also some new tools and
guidance to help them make it easier to shift.
And as you follow the steps, once you've enventured your
device, and app readiness and you've prepped your
infrastructure, and you've packaged your apps and you've
figured out what you need to do, then you're ready to look
at your User State and then you're ready to start deploying
your new version of Windows.
We have options that span your existing tools and processes,
but the old adage of "If you want to go fast with Windows,
you've gotta go fast with ConfigMgr,"
that remains true today.
You've got to be on Current Branch and really you
need to be on the latest version of Current Branch
in order to benefit from the changes that we're shipping.
- And it's also important for your Windows 7
to Windows 10 migrations,
so there's a lot of new options there as well, right?
- Yeah, absolutely.
Likewise, you can attach ConfigMgr to Azure
and benefit from the Cloud to augment your
existing OM-Prem capabilities with all of the security
and value that the Cloud can bring.
- All right, so how should people then be thinking
about their desktop deployments?
- Any windows environment are gonna have machines
that fall into three categories;
same categories that they've always really fallen into.
You have PC Refresh, and here the user
typically keeps the same machine and you either wipe or you
upgrade the machine, but they keep their data in their
applications in that case.
We also have New PC, slightly more straight forward.
It's a brand new PC.
There's often less to worry about,
especially, for new users coming into the organization,
there's no data to move in that instance.
And then finally, PC replacement.
You're either reassigning existing hardware
to a new user or you're giving an existing user a new PC,
maybe because it was lost or stolen,
so again, data may not be a consideration in that case.
- And so today we are gonna cover all three
of those scenarios: PC Refresh, new PC, and PC Replacement
but these are all really common to really any environment.
What's new across these options and why don't we start
with PC Refresh.
What's new there?
- So currently if you're using ConfigMgr, you're
probably a task sequence and hopefully
an in-place upgrade task sequence
that preserves user files and settings.
Of course we have tasks that are built in
to capture and restore User State
but increasingly we're seeing users opt for that
in-place upgrade, especially in the Windows 10 to Windows 10
scenario, that's really being made
seamless by the Windows guys.
- Right, so here you've got a task sequence open.
Looks like you're ready to edit and show something here.
- Absolutely.
So we've added a task sequence template into
ConfigMgr based on feedback from our MVP's,
the Microsoft field, and customers that are deploying
at scale, to look at what they're doing to make the
in-place upgrades work for them and we've built out this
template that any IT admin can go
and flesh out and provide feedback.
- This is kind of important because we're gonna do some
things like pre-flight checks,
we're gonna do some post upgrade tasks as well.
These are all really common things if you wanna print out
or do, ten thousand or a hundred thousand deployments
this is probably what you are gonna do for the upgrades,
whether you're going from seven to 10 or 10 to 10.
- [Rob] Absolutely.
So here you talked about the prepare for upgrade,
the pre-flight checks, so we have the check ready
for this upgrade but here I've added a compatibility scan.
So we've added the capability to not need to download the
package payload to do the compatibility scan.
We can do that by connecting to the content on a share.
We then move in to the next phases
of the prepare-for-upgrade and I know that my application,
my Contoso line of business application,
that's not gonna work on my new version
of Windows so we go ahead and uninstall that.
Once we've passed all of those pre-flight checks,
we go and do the upgrade, the fairly straight forward bit,
and then we have our post-processing.
So we can do some specific config
for our new version of Windows.
We can even then reinstall the new, shiny
version of the application that we just installed
that we do know works on the new version of Windows,
and then we can also install Office 365.
- And some of the cool things here,
some of the things to really note,
first off, pre-flight wise,
things to pay attention to, hard disc encryption.
Is your hard disc encryption gonna work?
Can you pause it, I guess,
coming from say a Windows 7 machine
that's got third party disc encryption
and what's it gonna look like
when you come out of that in Windows 10?
Are there apps that you have to replace, then,
as part of the task sequence.
How does that work?
And then finally, if you got things like VPN or AV software,
what do those look like on the Windows 7 side
into the Windows 10 side, and sometimes even the
10 to 10 side depending on the vendors
of the VPN or the AV products.
And then one of the cool things I think with upgrade
that wasn't really possible in the past because you
would've normally paved the drive or replaced a lot of
files, is that you can actually roll back,
- Absolutely. - and upgrade.
- So that's where we are now.
If the worst happens, we have the ability to intelligently
realize in the task sequence and pick up on that failure.
So first of all, we can go ahead and reinstall that previous
version of Contoso line of business apps so that the user
gets the application back that we removed,
but then also to help you with your troubleshooting.
So we're gonna go and collect the logs.
I've added some steps to specify the
username and password that is specific to my environment.
Capture the logs, store them off to a server share in a
particular location and then finally we can run set up diag.
We've worked with the set up diag team to make sure that
that runs natively and works
and is supported within the task sequence,
again, to simplify your troubleshooting
when the worst happens.
- And one thing I want to point out here as well that we're
gonna see it in a bit, is the Office customization tool
now has an option that lets you basically remove
the MSI versions of Office.
So, let's say you've got a Windows 7 machine
with Office 2010 installed, if you use the remove
MSI versions of Office as the default setting,
literally in the OCT that we'll see in a minute,
that's actually gonna remove,
it's gonna run effectively what you may have run in the past
with things like Offscrub,
then install the click-to-run build of Office
so then you're up and running
with the new version of Windows, with the newest version
of Office and ready to go.
- Absolutely, and that runs
as part of my post-customization.
So office 365 is installed and the setting specified in the
Office customization tool mean that we'll go and remove
Office 2010, if it's there.
- So what are the, what kind of upgrade packages do we then
use when, we're gonna actually do an upgrade
because it is different than an installed .wim
or something you might have customized.
How does that work?
- [Rob] Absolutely.
So in the upgrade operating system stack,
we're actually using what we call
an Operating System Upgrade Package.
If people are familiar with 2007 it's the same as
what we used to call operating systems in-store packages.
It's an extract of the ISO, so it contains all the source
media for the new version of Windows.
We support you injecting updates
and customizing via DISM, the .wim file,
but it's not supported to make custom customizations that
require you to recapture the image.
So don't think that you can layer in applications
as part of that in-place upgrade.
- Alright, so you've see the whole process, we've
talked about the package type for the upgrade.
Now we're ready to actually move on to the next step
and we've seen that, the logs as well.
So the other things that you can do
after the ConfigMgr part's over,
you can use it for a normal
replacement task sequence as well,
and that's just what you would
normally do, not using the upgrade task sequence
if you do wanna replace what was on the drive.
And the nice thing with the templates,
in this case, because it is a template,
some of these folders might be empty to start with
but at least we're giving a nice, kind of,
trail of clues, effectively, as to what you would
put in there and suggestions, effectively,
as to what you'd put in those templates.
And these are all things that we've heard
from UserVoice, from the ConfigMgr sites,
so thank you if you're part of UserVoice and giving us that
feedback because a lot of the stuff Rob, Erin from the team
have actually built into the product.
So what are some of the other updates that we can do
from a ConfigMgr aspect to help with PC Refresh?
- Network optimizations are a big one that improve
OSD and all the other features.
ConfigMgr peer cache, we've added native
peer-to-peer capabilities so that you can
share content between clients
on the same subnet in a branch office location
and to serve that content to one another without
the need for a local distribution point.
This also works within Windows PE,
so once the client's got, once the first client
in the subnet's got the content, it will then become
the peer of the clients that are being built alongside it.
And then, recently, we've added support
for Windows Server 2016 LEDBAT,
and if you've not looked into LEDBAT,
this is a true network optimization that
uses the most of the available bandwidth
without impacting foreground traffic and
affecting your user and their line of business activities.
- So the nice thing here, as well, is basically what's
happening with LEDBAT, it's one of my favorite things.
It's actually yielding to all foreground traffic,
it's letting, basically, ConfigMgr use the
background traffic, as much of the
the network bandwidth as possible,
not quite a 100% but almost there,
and then basically it will yield to any foreground tasks.
There's even, it's even really easy to actually get that
configured in Configuration Manager.
It's just part of the general tab,
if you're using a new build of Current Branch,
part of the reason why you're gonna wanna go to
Current Branch builds of Config Manger.
But, I know there are other options
in terms of connecting SCCM and ConfigMgr
or ConfigMgr to Azure services.
So what are some of the options there?
- Absolutely.
We want to allow customers to bring the value of the Cloud
to their OM-PREM existing SCCM environment,
and traditionally ConfigMgr was limited
to the local network,
maybe to the VPN to give you management of your
clients as they are on the internet,
but now, with Azure Cloud services and SCCM,
you can manage those clients wherever they are in the world.
As long as they have an internet connection
we're able to manage them through Cloud Management Gateway
and Cloud Distribution Point.
One of the big changes that Cloud Distribution Point
represents for customers is a move from a fixed-price model
of buying a server and putting it on a network location
to having this pay-as-you-go Cloud service
where you're paying for the content
that you're delivering to your clients.
But with the customers that I've spoken to,
the risk of sticker shock hasn't translated
to actual sticker shock.
Really it's the fear of the unknown.
So look at the pricing for Azure and you'll see that
data is very, very cheap and actually
it works out very cost efficient for customers
to manage those internet facing clients.
- And the nice thing is here, as you can see here with the
Cloud Manager Gateway, basically, you can use this to
actually configure the Cloud DP as well in one, in one,
module here that we see.
If you've got the CMG running, that's gonna proxy
into your on-premises policies
and Cloud DP obviously lets you use, basically,
Azure as a distribution point
to be able to deliver packages to any client,
however they're connected to the Internet, effectively.
- Absolutely.
In 1806, we've merged the two roles so you can
have a Cloud Management gateway and a Cloud Distribution
point in the same Azure role.
It reduces the complexity,
it reduces the number of certificates that you need.
Just makes it easier for you to deploy one thing,
have internet-based client management
and the other cool thing is that the
content is coming from Azure block storage.
So it makes the Cloud DP very, very scalable.
It's not being delivered via the VM that sits
at the front of the Cloud Management Gateway.
The clients are being redirected to Azure block storage.
It's really, really fast and really, really efficient.
- And remember, most of these updates, you're gonna need
ConfigMgr Current Branch.
Is everybody in here on Current Branch right now?
Pretty much?
So if you're not on Current Branch
this is where some of this new stuff lights up.
Stuff like LEDBAT, that's the update tier
to Cloud Management Gateway and those configurations.
So, let's move on, though,
to another common Windows deployment scenario.
We've just talked about PC Refresh.
That gonna be it for a lot of people,
maybe 80% of their estate as they move to Windows 10.
What about new PC?
This is usually when you purchase a new PC,
the user might not have User State or might not wanna keep
or retain that User State.
What do we do there in terms of new PC scenarios?
- So customers can continue to use SCCM,
an operating system deployment,
as they've been used to for probably the past decade.
That's not going anywhere.
But what this often has meant is that IT admins
are spending a lot of time, money, and expense,
creating, maintaining and just generally looking after the
images that they need to roll out into their environment.
So, we developed Windows Autopilot to help you get
out of that business of developing and maintaining
your images, and this allows you to work with your OEMs to
ship the device directly to the user, with that signature
image, so that they can have a device provisioned straight
into a secure and productive state without the need to go
through that time and expense of creating, shipping, and
maintaining those images.
- Right, and the nice thing is,
you also get Azure AD Join as part of this.
So the great thing is, once these PCs are in, then basically
as they're kinda reassigned to other people,
they will have the benefit of basically having a build
that's going to be compliant to your policies.
The Autopilot service will then see them, configure them,
and make them business ready as it would normally do
as part of the new PC scenario,
even as you reassign those to other users.
So, now I wanna show you how this is all set up
actually on the Intune side.
So here in my PC, I've actually got,
I've got the device management portal open.
By the way, if you're not using the device management portal
it's devicemanagement.azure.portal.com--portal.azure.com,
sorry device.management.portal.azure.com
So this will actually give you all of the device
management and kind of the client OS and Ops management,
set up tasks up there in the left hand column.
The nice things is, so let's go through Autopilot.
It's part of the Windows enrollment process
and here you can see we've got Windows enrollment selected.
I'm just gonna click into deployment profile
and show you how the process works in general,
as to how we would basically create an Autopilot profile.
Here, I've got one already created, but just to show you
some of the properties and settings that we have here.
What I wanna be able to do in the Autopilot case is really
streamline the user experience.
So this basically says I'm gonna hide,
I'm gonna hide, in this case, the EULA so that the users
don't see end-user licensing agreement.
I can hide the privacy settings,
I can make sure that, that I can get rid
of any of the account options.
In this case we wanna, maybe we wanna
go to standard users for every user that actually gets
an Autopilot provisioned PC.
And the nice thing is usually on a Windows machine,
as you guys probably all know,
the first user who initiates the install's gonna be
a local Admin on that box.
Now with Autopilot we have the ability to make sure that
that first user is a standard user.
So once they connect to the internet,
once we see that that device has been
basically attached to our tenant, our Azure AD Tenant,
then we'll say okay let's customize the install process,
let's customize OOBE, and now it's gonna apply
all these setting to that machine.
The user goes through a customized experience,
Intune sees it, enrolls the device,
does all the rest of the policy management,
the app provisioning, all of those things
until it's business ready.
So, the other cool thing with this is we've got,
we've got a lot of great partners on board.
Right now we got Surface on board doing this right now
from Microsoft, as well as Lenovo and Dell, that are,
that are ready with more coming.
So the second step is part of the deployment profile.
We just announced there's a way to do dynamic device
assignment as well with this.
So let's say, for example, you have an order ID,
you might be a big company that's got
lots of different departments ordering hardware,
and you want the finance team to be part
of a certain group of machines,
you can have them get a certain
set of images that are different
than maybe the engineering team or human resources team.
So there's a lot of great capabilities there; a lot
of great ways to kind of customize that experience.
- There's also a really great immediate value you can get
form enabling co-management in ConfigMgr because in a
co-manage state the device is enrolled into Intune.
You can use Intune to automatically apply
an Autopilot profile to your
existing non-Autopiloted devices.
Intune can automatically register them with Autopilot
so if that device does needs to get re-provisioned
or it gets reset for whatever reason,
the user presses it and they don't realize
what they're doing, it's gonna take them
through the Autopilot experience.
So it give you a great way of mirroring
the experience that you've deployed for your new devices,
in Autopilot, for your existing devices
that have been around for six months, 12 months,
however long they've been around.
So it's really great immediate value
you can get from co-management.
- Let's show what that looks like here.
So, here, we have a way to actually use ConfigMgr
in the task sequence to do something called
Autopilot for existing devices.
The nice thing is we can actually have ConfigMgr
run the entire task sequence.
It's effectively, as I was mentioning,
dropping in, in fact, a small JSON file here that does all
the things it needs to get the Autopilot
bits and configuration on that machine.
That will then enroll it, it will again make it
attached to part of Azure active directory.
And then, again, upon reassignment just like in Autopilot,
if you buy a new PC, even though this is an existing PC
in your environment, it's gonna have consistent
user experience, and then it's gonna be able
to be reassigned to subsequent users
and be enrolled and known to your
organization effectively after that.
So, pretty cool stuff there as well.
- And for those of you that want to have
a co-managed state at the end of that,
you can have Intune push the ConfigMgr agent
over the Cloud Management Gateway
that I was talking about before
and that will result in an Autopilot
through to the co-managed scenario.
- All right, so let's take this one step further though.
Now, we've talked about all the things that
you would do for a new PC,
oh sorry, PC Replacement is one of those things
where it's like a new PC effectively
but you've got users' state that you wanna move,
maybe, from the old PC into the new PC.
How does that work and what are the options there?
- So traditionally, customers have used USMT to manage their
User State of applications and data.
Now one thing that you can consider and attach to the Cloud
is use OneDrive and specifically OneDrive known folder move
and you can push a group policy to your devices
that allows you to sync the devices into,
sync the data, sorry, into OneDrive
for business, which means that the data is already
in the Cloud for the user so that when
they get the new PC, the data comes down
and you don't have to think about data migration
as specific stages of the deployment,
that data just in the Cloud, ready for them to consume.
- And can everybody saw here, it's capturing
the desktop folder, the pictures folder,
and the documents folder.
It's not migrating the rest of the User State
that USMT would have migrated in terms of application
and Windows settings, but, it's really getting the data
that, hopefully, people want to take
from their old PC into new PCs.
The nice thing is you can do this earlier
than your deployment, before you start
pushing down Windows images, making sure that
everything has had time to migrate,
then you can start rolling out upgrades.
The other side benefit here is the files are
synced to OneDrive, they're protected,
and you can always do things like file restore,
for example, if you need to
or get to them from other devices
like mobile, whether it's an IOS, or an Android,
or another Windows device in a secure way.
Now, there's something else I think that's one of the
biggest updates that we've had, it's around the servicing.
So let's, we've talked about now all the three different
update or upgrade types and the OS deployment types,
Refresh, new PC and Replacement.
Let's talk about the servicing options
that we've got as well with Windows 10.
Can you show, can you explain, kind of, what's up there?
What's new?
- [Rob] As you've probably seen, we recently announced
that all feature updates of Windows 10
enterprise and education, that's the crucial bit,
starting with version 1607, will now be supported
for 30 months from their original release date.
And going forward, all future, feature updates starting
with 1809 and the target of September release, will be also
supported for 30 months from their release date.
Future, feature updates that start with 1903,
targeting a March release, will be continued
to be supported for 18 months.
That's that split mechanism of 18 and 30,
depending on when they're released.
- And that's also the same with Office 365 Pro Plus.
So lots of really good updates here
in terms of the feature updates and the model there
in terms of having more months of support per build,
you can now skip a year, sometimes two years between major
OS releases so we've, we've covered all the different
deployment options today.
Thank you, thank you for joining us.
Hopefully this is enlightening for a lot of
people that are looking at their migration.
Of course you can catch more
on the Desktop Deployment Center,
something that's brand new,
where you can learn about all the
steps that we talked about today.
We just released this onto GitHub
and onto docs.microsoft.com.
One other thing I wanna talk about is the
brand new Desktop Deployment Essentials series
that we also launched with Brett Anderson and me
presenting all the steps that you just saw
on the Desktop Deployment Wheel.
So all these things are available now that you can
start looking at, you can start reading and doing,
doing all the research for your deployment.
Hopefully, this will help you in terms of your journey
to get to Windows 10 and staying current
in Office 365 Pro Plus.
And these are all things that we've built for you,
for the IT admins out there that are getting
modernized on, on the desktop infrastructure.
So hopefully this helps you out in terms of your journey
into Windows 10 and Office 365 Pro Plus.
That's all the time we have for today's mechanic show.
Thank you Rob for joining us today.
- Thank you for having me. - We'll see you next time.
- Thanks everyone.
(audience applause) (music with heavy beat)
For more infomation >> How To Implement Video Marketing For Business - Duration: 22:07. 
For more infomation >> How to create front elevation from a plan in Autocad? - Duration: 22:37. 
For more infomation >> Rory Feek On How He's Keeping Wife Joey's Memory Alive | TODAY - Duration: 5:25. 
Không có nhận xét nào:
Đăng nhận xét