18 Sep.
0

Microsoft 365 Business Part 1 – Windows 10 Business

As I’m currently preparing some session content for Ignite 2017, I thought I would share some of the pieces I’ll be going through, starting with Windows 10 Business. This raises the question – what is Windows 10 Business, is it another Windows SKU? Rather than think of it as another SKU, the best way to think about it is that it’s Windows 10 Pro when it’s being managed by Microsoft 365 Business. If that’s not clear, think of it as Windows 10 Pro, plus the cloud based management capabilities that Azure Active Directory and Intune provide, including the choice of MAM or MDM based management options. You get to take advantage of MDM auto-enrolment, Windows Autopilot and other capabilities on offer when you start combining these technologies.

At the bottom of the graphic above you’ll see Windows Business listed. What you need to understand here is that this is an upgrade license for PCs that have licensed Windows Pro editions of Windows 7/Windows 8/Windows 8.1 that they haven’t upgraded already. If you had to sit on the sidelines during the Windows 10 upgrade offer and miss out, this is a way of getting the Windows Pro based devices up to date, assuming you didn’t upgrade due to hardware and software compatibility issues that haven’t been resolved.

The online activation via the users Azure Active Directory details is something that also needs to be taken into account. There are no product keys provided for this upgrade, which means the target PC is one that needs to be Azure Active Directory Joined as opposed to traditional on-premises deployment with Windows Server’s Active Directory Domain Services.

From the Microsoft 365 Admin Center you have the links above,

Install upgrade – this takes you to the Download Windows 10 page – https://www.microsoft.com/en-au/software-download/windows10

Share the download link
This creates an email message with the following text…
Create installation media – this also takes you to the Download Windows 10 page – https://www.microsoft.com/en-au/software-download/windows10
Troubleshoot installation – as per the link name, this takes you out to Windows 10 Help.
How do you tell if you running Windows 10 Business? Settings -> System -> About will show you the following.

As a comparison, here’s what it looks like after I enrol a Windows 10 S device in the same tenant, via the same process.

As you can see, because it’s not the Windows 10 Pro SKU, it doesn’t show as Windows 10 Business. I thought I’d throw this in as an introduction to what the Windows 10 Business inclusion isn’t – it’s not a Windows 10 Home or Windows 10 S path to Windows 10 Pro, only the older versions of Windows Pro mentioned earlier in the post. One of the topics I’ll cover in an upcoming post is Upgrade Readiness Solution in OMS, which can help to identify potential issues that previous operating systems and installed applications might have during or after the upgrade process.

 

 

^ Scroll to Top
 7 Aug.
0

Updates to WSUS/WU Dual Scan on Windows 10 1607

One of the scenarios I’m often asked about at the events I’m involved with is “why are my Windows 10 clients going to Windows Update instead of WSUS?”, and previously I’ve pointed people to the Demystifying “Dual Scan” post from the WSUS Product Team Blog. They’ve just put up a new post Improving Dual Scan on 1607 which is being released as part of the August cumulative update.

This update is also being rolled into 1703, and is already part of 1709.  Right now the support is for Group Policy, with MDM support coming later this year.  Jump to their blog post to get the full details of this update, but here’s their description of how dual scan works with this policy…

In order for Dual Scan to be enabled, the Windows Update client now also requires that the “Do not allow update deferral policies to cause scans against Windows Update” is not configured. In other words, if this policy is enabled, then changing the deferral policies in a WSUS environment will not cause Dual-Scan behavior. This allows enterprise administrators to mark their machines as “Current Branch for Business,” and to specify that feature updates should not be delivered before a certain amount of days, without worrying that their clients will start scanning Windows update unbidden. This means that usage of deferral policies is now supported in the on-premises environment. While the new policy (dubbed “Disable Dual Scan”) is enabled, any deferral policies configured for that client will apply only to ad hoc scans against Windows Update, which are triggered by clicking “Check online for updates from Microsoft Update”

They then go on to discuss five of the common update management scenarios, and how they should be updated for use with this policy…

Windows updates from WU, non-Windows content from WSUS

Windows updates from WSUS, blocking WU access entirely

Windows updates from WU, not using WSUS at all

Windows updates from WSUS, supplemental updates from WU

Windows updates from Configuration Manager, supplemental updates from WU

 

^ Scroll to Top
 3 Aug.
0

Updated Windows 10 Deployment and Management Lab Kit available

One of my favourite download recommendations for those looking into Windows 10 deployment and management scenarios is the Windows 10 Deployment and Management Lab Kit. This set of downloadable virtual machines comes in at just under 32GB, and this update includes some major updates to the included components and scenarios for testing.

The Windows 10 Deployment and Management Lab Kit provides you with a hands-on lab environment for evaluating the latest Microsoft products and tools available for managing your Windows 10 deployment. The kit includes:

Lab environment

The lab includes the latest evaluation versions of:

  • Windows 10 Enterprise, Version 1703 (Creators Update)
  • System Center Configuration Manager, version 1702
  • Windows Assessment and Deployment Kit for Windows 10, version 1703
  • Microsoft Deployment Toolkit (8443)
  • Microsoft Application Virtualization 5.1
  • Microsoft BitLocker Administration and Monitoring 2.5 SP1
  • Windows Server 2016
  • Microsoft SQL Server 2014

Step-by-step lab guides

Illustrated lab guides take you through multiple deployment and management scenarios:

Deployment and Management

  • In-Place Upgrade
  • Image Creation
  • Lite-Touch Deployment
  • Zero-Touch Deployment
  • BIOS to UEFI Conversion
  • Enterprise State Roaming
  • Enterprise Client Management
  • User Experience Virtualization
  • Managing Windows 10 with Configuration Manager
  • Windows 10 Provisioning
  • Microsoft Store for Business
  • Device Onboarding

Compatibility

  • Windows App Certification Kit
  • Windows Analytics – Upgrade Readiness
  • Browser Compatibility
  • Application Virtualization
  • Desktop Bridges

Security

  • Microsoft BitLocker Administration and Monitoring
  • Secure Host
  • Credential Guard
  • Device Guard: User Mode Code Integrity
  • Windows Information Protection
  • Windows Defender Advanced Threat Protection
  • Remote Access (VPN)

Languages

English (United States)

File

The lab kit consists of two self-extracting zip files: the lab environment and the lab guides.

Carefully read the information below before you continue with the download.

Windows 10 Deployment and Management Lab Kit system requirements

The lab supports the 64-bit editions of Windows 10 and Windows Server 2016. It must be imported to set up a lab once Hyper-V is installed.

The Hyper-V Host on which the Windows 10 PoC Lab needs to be imported must meet the following minimum specifications:

  • Hyper-V role installed
  • Administrative rights on the device
  • 300 gigabytes of free disk space
  • High-throughput disk subsystem
  • 32 gigabytes of available memory
  • High-end processor for faster processing
  • An External virtual switch in Hyper-V connecting to the external adapter of the host machine for internet connectivity named External 2
  • A Private virtual switch in Hyper-V for private connectivity between the virtual machines named HYD-Corpnet

The required hardware will vary based on the scale of the provisioned lab and the physical resources assigned to each virtual machine.

Lab expires September 14, 2017. A new version will be published prior to expiration.

Things to Know

This lab kit contains evaluation software that is designed for IT professionals interested in evaluating Windows 10 deployment and management products and tools on behalf of their organization. We do not recommend that you install this evaluation if you are not an IT professional or are not professionally managing corporate networks or devices. Additionally, the lab environment is intended for evaluation purposes only. It is a standalone virtual environment and should not be used or connected to your production environment.

^ Scroll to Top
 20 Jul.
0

Inspire 2017 Windows 10 And Devices Session Recordings

Following up from the last post on Inspire’s EMS session recordings, this post includes the links to the recorded sessions for Windows 10 as well as some of the devices sessions.

ODR07p-R Reduce customer TCO and stay profitable with Windows

With pressure to reduce costs, customers are increasingly looking to optimize and reduce spend in hardware and line items around deployment, management, and support. Join us to hear how Windows 10 enables customers to cut costs without putting your profitability at risk.

Watch Video

ODR04p-R How to accelerate your device sales with intelligent investments

Come hear partner success stories for maximizing investments, and learn how to utilize key levers to help grow your business, such as the new ProWins incentives, Device Deployment, Device Days, benefits of shifting to Electronic Software Distribution (ESD), digital marketing resources, and more!

Watch Video

WIND03 Building better business opportunities with Microsoft Devices Partner Programs

In working with partners to land the premium position and value of Microsoft devices, we have captured the key learnings that are working in market to build into new and existing devices partner programs and resources to enable partners to capitalize on customer opportunities in the year ahead.

Watch Video

WIN04p Windows 10 S for commercial customers: Start focused and expand in the future

We just announced Windows 10 S and even though its initial focus is for the education sector there are scenarios in commercial customers where it provides great value, and these scenarios will only increase in the future.

Watch Video

WIN08 Detect and respond to advanced and targeted attacks with Windows Defender ATP

Windows Defender Advanced Threat Protection (WD ATP) enables enterprises to detect, investigate and respond to attacks on their networks. Organizations can address post-breach situations to determine the scope of breach and bring the organization back to a pre-breach state using threat intelligence.

Watch Video

WIN09 Windows in CSP: What’s new, what’s coming, and why you should include Windows in your managed service offerings

An overview of the current and upcoming Windows in CSP offerings plus best practices for delivering Windows as a partner managed service.

Watch Video

WIN11p Selling the value of Windows Enterprise 10 to commercial customers

Windows 10 Enterprise will continue to be an important part of how we go to market with Secure Productive Enterprise. There are several new and updated tools available to partners to support the sales of Windows 10 and Secure Productive Enterprise. These are presented during the session.

Watch Video

WIN13 Accelerate Windows Pro devices sales

In this session, hear the latest program information, along with changes to the ProWins Program starting in FY18.

Watch Video

WIN14p What’s new in Windows 10 security: Raising the bar of security once again with the Creators Update

Disrupting the current generation of cyber-threats requires a platform with revolutionary security capabilities and the Windows 10 Creators Update rises to the occasion. We also cover how Windows 10 security capabilities join those in Office 365, our Server & Tools products, and Microsoft Azure.

Watch Video

WIN08 Detect and respond to advanced and targeted attacks with Windows Defender ATP

Windows Defender Advanced Threat Protection (WD ATP) enables enterprises to detect, investigate and respond to attacks on their networks. Organizations can address post-breach situations to determine the scope of breach and bring the organization back to a pre-breach state using threat intelligence.

Watch Video

WIN09 Windows in CSP: What’s new, what’s coming, and why you should include Windows in your managed service offerings

An overview of the current and upcoming Windows in CSP offerings plus best practices for delivering Windows as a partner managed service.

Watch Video

WIN15 Reinventing services around the modern desktop with Windows Analytics

GSI and partners are looking for potential opportunities to collaborate with Microsoft and Windows 10 as part of the big deployment process happening worldwide. Learn about the AppCompat readiness process to create transformational consulting services and business applications for Windows 10.

Watch video

^ Scroll to Top
 19 Jul.
0

Inspire 2017 Enterprise Mobility + Security Session Recordings

Following up from the last post on Inspire’s Microsoft 365 session recordings, this post includes the links to the recorded sessions for Enterprise Mobility + Security as well as some of the standalone components.  I had a chance to see a couple of these in person, including the sessions by @vladpetrosyan and @markmorow and had a chance to catch up with some of the other presenters in the expo hall between sessions.

CE400 How to take your security practice to the next level: Partner programs and resources

Join our Mobility + Security team to hear best practices adopted for using the Microsoft Secure message to get buy-in from senior decision makers, options for landing the value propositions for EMS, accelerate security sales and generating revenue during each stage of this process.

Watch Video

CE411p Identity-driven security through conditional access

Conditional access provides the control and protection needed to keep corporate data secure, while giving teams an experience that allows them to do their best work from any device. Allow or block access or challenge users with multi-factor authentication, device enrollment, or password change.

Watch Video

CE412p Secure your complete data lifecycle using Azure Information Protection

Data is traveling to more locations than ever. It’s hard to identify sensitive data and protect it against accidental or malicious breaches. Learn how classifying, labeling and protecting data using Azure Information Protection can help you secure data throughout its complete lifecycle.

Watch Video

CE413p Protect your network from malicious attacks with Microsoft Advanced Threat Analytics

Inside-out security is necessary with our current mobile and connected workforce, and having eyes and ears on your network will help your customers be prepared. Microsoft Advanced Threat Analytics uses behavioural analytics, machine learning, and deterministic detections to detect advanced threats.

Watch Video

CE414 Identity-driven security

As organizations adopt cloud and mobile technology, identity is more critical to cybersecurity than ever before. In this session, we look at how Microsoft identity-based security solutions work together for a holistic approach to protection.

Watch Video

CE415 Managed mobile productivity

Protecting corporate data is one of IT’s biggest challenges. Enterprise Mobility + Security (EMS) helps to overcome your data protection challenge, access resources on any device, anywhere and simplify management of your enterprise mobility management needs.

Watch Video

^ Scroll to Top
 19 Jul.
0

Inspire 2017 Microsoft 365 Session Recordings Available Now

Last week at Inspire 2017 Microsoft announced the Microsoft 365 suite offerings. For those of you who weren’t at the event, or were at the event but missed some of the sessions, many of the session recordings are available for watching now.

WIN01 Grow your business with Modern IT

As businesses seek to transform their products, tools, and operations, they need a world class platform built for the digital economy. Windows 10, Office 365, and Microsoft Enterprise Mobility + Security enable IT to deliver cloud-powered modern IT, advanced security, and more productive experiences

Watch Video

WIN05p New, integrated Office 365 and Windows solution for small and midsize businesses delivers more value, and streamlines CSP managed service offerings

Microsoft innovation delivers new value for your small and midsize business customers and fresh opportunities to expand your CSP practice. Learn about the new, comprehensive offering that enables you to help organizations be more productive and less vulnerable to security threats.

Watch Video

WIN16 New, integrated Office 365 and Windows solution for small and midsize businesses delivers more value, and streamlines CSP managed service offerings

Microsoft innovation delivers new value for your small and midsize business customers and fresh opportunities to expand your CSP practice. Learn about the new, comprehensive offering that enables you to help organizations be more productive and less vulnerable to security threats.

Watch Video

OFC01 Extend your portfolio and profit potential with Microsoft 365 Business: a new, integrated solution for small and midsize businesses

Get ready to deliver Microsoft 365 Business for your small and midsize business customers. This offering harnesses the leading capabilities of flagship products in a single solution that enables customers to be more productive while protecting their data on virtually any device.

Watch Video

OFC02 Microsoft 365 Enterprise: a single, trusted solution to grow your managed services practice

Enterprise Mobility + Security—you can deliver one solution that empowers staff productivity while enabling organizations to meet security and compliance mandates. Understand the value and opportunities for your valued-added services.

Watch Video

OFC03 Microsoft 365 Business for small and midsize businesses delivers more value, streamlines CSP managed service offerings

Microsoft innovation delivers new value for your small and midsize business customers and fresh opportunities to expand your CSP practice. Learn about the new, comprehensive offering that enables you to help organizations be more productive and less vulnerable to security threats.

Watch Video

OFC06 Microsoft Workplace Analytics: Deepen engagement, improve productivity, win deals

Office 365 Workplace Analytics transforms digital exhaust into actionable insights that enable managers to maximize their organizations’ time and resources. Discover how Workplace Analytics enhances businesses and helps partners win deals by enhancing their existing solution sets.

Watch Video

^ Scroll to Top
 17 Jul.
0

New Office 365 Desktop Application Deployment Capabilities In Microsoft Intune

Over the last couple of months we’ve seen different ways of deploying Microsoft Office 365 Pro Plus to Windows 10 PCs, first up we saw the option inside of Intune for Education, and then last week at Inspire we saw how this works from the Office 365 portal in Microsoft 365 Business. For those who aren’t using either of those options, but still want an incredibly easy way to deploy Office 365 Pro Plus and Office 365 Business.

First of all, in the Azure Portal, open the Intune blade and click on Mobile apps.

Once in Mobile apps, you can see more options for app management, and we start by clicking on the Apps link.

I’ve already synchronised this account with Windows Store for Business, so you can see some of the default apps that it adds to the app list. From here we click Add.

 

From the drop down we choose Office 365 Pro Plus Suite (Windows 10), which as you will see also works for those of you with Office 365 Business or Office 365 Business Plans.

Starting with Configure App Suite, it’s not very likely that you will need to select all of the options, but in this case I’ve just done it to make sure I get all of the application icons exposed.

Next up is App Suite Information, all we really need to do here is populate the Suite Name and Suite Description fields, the others are either pre-populated or not required.

App Suite Settings gives the chance to select 32 or 64 bit, Update Channel, EULA and shared computer activation, along with additional languages.

Once configured we Add the app.

The blue notification bar advises that we need to Assign application to at least one user group, ‘Click Assignments’.

I’ve already got a group set up for deployment, so I can Select that group.

Next I will make the app Required to kick start the installation process on the client.

 

Switching over the Intune MDM enrolled Windows 10 client, you can see that the Click-To-Run installer pieces are running, as displayed in Task Manager.

As this is going to be over 1GB in size, it might take a while to download, depending on your connection speed.

Once the installation is complete you we can see the Office Pro Plus applications on the Start menu.

Here’s where the Pro Plus versus Business conversation starts. As you can see, the expected version of Office is installed. However, it hasn’t automatically activated because this user doesn’t have  Pro Plus/E3/E5 license assigned, they only have Office 365 Business.

If I close Word and then reopen it, you can see that the edition has changed from Pro Plus to Business, no additional configuration required.

And finally, once Office has been reconfigured itself as office 365 Business, everything is ready to go.

^ Scroll to Top
 10 Jul.
0

Microsoft 365 Suites Announced Today

Today at Inspire 2017, the Microsoft 365 Business suites were announced, with Microsoft 365 Business offering a combination of Windows 10 Pro management enhancements, a subset of Enterprise Mobility + Security (EMS) and Office 365 Business Premium subscriptions. Also introduced was Microsoft 365 Enterprise offerings, which are also known the Secure Productive Enterprise (SPE). These include the E3 and E5 versions of Office 365, EMS and Windows 10 Enterprise, think of this is a version for smaller, more price sensitive customers delivered via an integrated Admin Console. For this post I’ll focus on Microsoft 365 Business as it is the new kid on the block.

As the announcements above  are still fresh and it will take a while to address all of the details, I’ll be watching this carefully at Inspire this week and paying attention to the questions that are asked of the presenters, and catching up with some of the members of the Windows 10 team to get further details of what they have done. With what we know already the easiest, and best known component is Office 365 Business Premium. This is available today, and like the other Office 365 Business plans allows a maximum of 300 licenses to be assigned to users. It’s usually priced somewhere around half the price off Office 365 Enterprise E3, so it’s a great option for those who don’t need some of the more advanced options of the E3 SKU.

What are some of the major differences? Instead of focusing on all of the differences between Office 365 Business Premium and E3 SKUs, instead let’s focus on the differences that are important from the BCS versus SPE conversation. One of the big ones here is that the version of the desktop Office suite included in Business doesn’t provide all of the functionality that is included in Office 365 Pro Plus, which is part of the Office 365 E3 offering. Why is this important? With SPE E5, you get the traditional rights management capabilities of Office 365, alongside the advanced labelling and data classification capabilities of Azure Information Protection. Office 365 Pro Plus includes the RMS capabilities natively, whereas the version included with Office 365 Business and Business Premium doesn’t include those capabilities. This has been an issue I’ve had to raised in the past with some customers looking to leverage the full functionality of Office 365 Business Premium alongside an EMS subscription.

The enhanced Windows 10 Pro management experience will be delivered by a subset of Intune capabilities, and we’ve already seen how Intune functionality can be exposed and simplified in different ways like they have done with Intune for Education. This customised management experience provides simplified management, including a simplified approach to deploying the Office 365 desktop apps. Based on some of the features that have been discussed, it seems that like Intune for Education it also includes at least some of the capabilities of Azure Active Directory Premium P1, so for now I’ll assume the feature set is similar until I get clarification. Some of the Intune for Education AAD capabilities include MDM auto-enrol, password write-back, dynamic group membership, Enterprise State Roaming and more than ten SaaS apps per user, so I’m hoping the list is similar for Microsoft 365 Business. So while some elements of this I’m still unsure of, I think we have a good starting point.

Obviously there are plenty of missing details from this post, but I’ll tackle them as I get more answers over the week while in Washington D.C. at Inspire.

Update

Below are some of the resources that have just gone live, I’ll be adjusting this post as I review all of the available material.:

Partner resources

Understand the value of Microsoft 365 Business to your customers and your practice.

Sales readiness

Get your team ready to sell Microsoft 365 Business.

Technical readiness

Ensure your IT and adoption experts have what they need to deploy Microsoft 365 Business and onboard customers.

^ Scroll to Top
 1 Jul.
0

Windows Autopilot Resources

Last week saw public announcements for the Windows Autopilot technologies, as well as some of the additional capabilities coming up in the Windows 10 Fall Creators Update which will be released later this year. Windows Autopilot allows OEMs, distributors and resellers to link a device to an organisation, which means that even before the user signs in for the first time the device can start receiving customisations based on group membership.

At it’s core, Windows Autopilot allows a brand new PC to be issued to users who can then use their internet connection to sign in with their Azure Active Directory credentials, which can easily be synchronised with their on-premises Active Directory with Azure Active Directory Connect. The device is automatically enrolled in the company’s MDM solution e.g. Microsoft Intune, and then the device will start receiving applications and policies based on the user and device group memberships.

 

For more information check out the following posts and articles

Modernizing Windows deployment with Windows AutoPilot

Overview of Windows AutoPilot

Delivering the Modern IT promise with Windows 10

^ Scroll to Top
 5 May.
0

Intune for Education Resources

I’m in the final stages of content preparation for the upcoming Microsoft Australia Education Partner national roadshow, and one of the key technologies I’ll be covering is Intune for Education. I covered this briefly back when it was first announced, but now it’s live and it’s time to highlight some of the resources that are available now.

Overview

Get Started Guide

What is Intune for Education?

What is Express Configuration?

After the events kick off I’ll record a few of the demonstrations and post them so that you can see what we are showing around the country.

^ Scroll to Top

%d bloggers like this: