Post on 21-May-2020
transcript
MICROSOFT 365
Implement Modern
Management as like
brewing a beer
Mirko Colemberg
MICROSOFT 365
About me…
• Mirko ColembergWorkplace Sommelier, baseVISION AG
• Windows Insider MVP / Enterprise Mobility MVP
• Contact MeTwitter:https://twitter.com/mirkocolembergBlog: http://blog.Colemberg.chMail: mirko.colemberg@basevision.chPhone: +41 79 410 48 22
MICROSOFT 365
MICROSOFT 365
How to go Modern
1. Statistics
2. Process
3. AD vs. AAD
4. Autopilot
5. Intune
6. App and Application Management
7. Using Modern Windows (OMA)
8. Update and Patching
How to Brew beer
1. Equipment
2. Homebrew vs. Brewery
3. Water
4. Cereals / Hops
5. Mashing / Boiling
6. Fermentation
7. Maturation
8. Packaging
MICROSOFT 365
MICROSOFT 365
MICROSOFT 365
Statistics Equipment
Reference: http://brewersofeurope.org/
MICROSOFT 365
Statistics Equipment
Reference: http://brewersofeurope.org/
MICROSOFT 365
Statistics Equipment
Reference: http://brewersofeurope.org/
MICROSOFT 365
Statistics Equipment
1. App testing 2. 3.
Start Using Windows Insider Builds for testing
MICROSOFT 365
Process Homebrew vs. Brewery
MICROSOFT 365
MICROSOFT 365
On-premises /Private cloud
MICROSOFT 365
MICROSOFT 365
S E T T I N G S P O L I C I E S
O F F I C E &A P P S D R I V E R S
Build a custom image, gathering everything else
that’s necessary to deploy
Deploy image to a new computer, overwriting
what was originally on it
Time
Money
+ =
Traditional PC provisioning
Every 3-4 Year a big Project to change to next
Windows Version
MICROSOFT 365
AD vs. AAD Water
• If you go Modern, you go to Azure Active Directory!
• AAD-Connect -> Sync the Users and Groups -> PW-Hash
• Use AAD
• Naming of Groups
• Dynamic Groups
• Office Groups
MICROSOFT 365
Autopilot Cereals / Hops
• Autopilot with the OEM
• Autopilot with the Script
• Auto Re-Enrollment
• Co-Management with Config Manager and Modern
MICROSOFT 365
MICROSOFT 365
AVAILABLE in 1809AVAILABLE in 1809AVAILABLE in 1809AVAILABLE in 1809AVAILABLEAVAILABLE
Windows Autopilot scenarios today
User-driven mode
Windows 10 1703 and
above
Join device to AAD,
enroll in Intune/MDM
Autopilot for
existing devices
Windows 10 1809 and
above
Windows 7 to
Windows 10
ConfigMgr task
sequence, followed
by Windows
Autopilot user-driven
mode
Self-deploying
mode
Windows 10 1809 and
above
No need to provide
credentials,
automatically joins
AAD
Hybrid Azure AD
Join
Windows 10 1809 and
above
Join device to AD,
enroll in Intune/MDM
Windows Autopilot
reset - local
Windows 10 1709 and
above
Join device to AAD,
enroll in Intune/MDM
Windows Autopilot
reset - remote
Windows 10 1809 and
above
Execute a device reset
via Intune and
maintain AAD join
and MDM enrollment
MICROSOFT 365
Windows Autopilot overview
Configure
Windows
Autopilot profileSelf-se
rvice
dep
loy
Device IDs
Hardware Vendor
IT Admin
Ship
Deliver direct to EmployeeEmployee unboxes
device, self-deploys
IntuneWindows Autopilot
Device sync
Autopilot profile sync
MICROSOFT 365
Hybrid Azure AD Join through
Windows Autopilot
IT Admin
Offline Domain Join Connector
Windows Autopilot
Deployment Service
Employee unboxes
device, self-deploys
DC
Intune
Complete Join over corp net
Receive GPOs over corp net
Receive ODJMDM
enrollment
Autopilot
profile
Hardware
ID
MICROSOFT 365
White Glove concept
MICROSOFT 365
What’s new
• Bootstrap page w/ option to hold user logon
• AAD group targeting for AutoPilot profiles (enables default profiles)
• Add/Remove AutoPilot devices via Intune
• Set Auto-Redeployment in Intune
MICROSOFT 365
If you have existing Windows 10 devices:
• Enable new Autopilot profile setting for all targeted devices
• Ensure the Autopilot profile is assigned to a group containing the
existing Windows 10 devices
If your existing Windows 10 devices are not yet Intune-
managed:
• Enable co-management with ConfigMgr via the “Automatic
enrollment into Intune” setting. (See https://docs.microsoft.com/en-
us/sccm/core/clients/manage/co-management-overview#enable-co-management)
• Ensure all new Intune-enrolled Windows 10 devices are part of a
group with an assigned Autopilot profile
Registering existing devicesAutomatically for all Intune-managed Windows 10 devices
MICROSOFT 365
To register existing devices:
• Use the PowerShell script available at
https://www.powershellgallery.com/packages/Get-
WindowsAutoPilotInfo
• Run for each device (requires Windows 10 1703 or higher)
• Upload resulting CSV file via Intune portal
• See https://docs.microsoft.com/en-
us/windows/deployment/windows-autopilot/add-
devices#collecting-the-hardware-id-from-existing-devices-
using-powershell for more information
Great for testing and validation with existing devices and
virtual machines
Registering existing devicesManually for existing devices
MICROSOFT 365Intune Mashing / Boiling
MICROSOFT 365
Intune Mashing / Boiling
MICROSOFT 365
• Intune Enrollment Status Page (preview)
Intune Mashing / Boiling
MICROSOFT 365
• Get the Device Info in Intune from SCCM 1802
Intune Mashing / Boiling
MICROSOFT 365
• Get the Device Info on Existing Devices with Powershell
Intune Mashing / Boiling
MICROSOFT 365
Autopilot during TS with JSON
Create JSON
Copy during TS
MICROSOFT 365
• DEMO Autopilot
MICROSOFT 365
App and Application Management Fermentation
MICROSOFT 365
App and Application Management Fermentation
MICROSOFT 365
• 3rd party utilities
• Syntaro (http://www.syntaro.com/module/appmanager/)
• RuckZuck (http://ruckzuck.tools)
• chocolatey.org
• Azure storage
• WSfB
• Company Portal
• LOB / App-V
• Appx / MSIX
• Run PowerShell
App and Application Management / Fermentation
MICROSOFT 365
Other options for creating APPX → MSIX
• Advanced Installer Express Edition• https://www.advancedinstaller.com/express-edition.html
• GUI based free utility
• Basic instructions
• Visual Studio
• Cloudhouse Compatibility Containers
• FireGiant
• InstallAware
• InstallShield
• PACE Suite
MICROSOFT 365
1. Install base image and reboot:
desktopappconverter.exe -setup -baseimage 'C:\Base\Windows_InsiderPreview_DAC_16299.wim‘
Current OS must match the base image version!
2. Create .appx file:
desktopappconverter -installer 'C:\apps\setup.exe' -InstallerArguments "/s" -Destination c:\appx\
-PackageName “App.UWP" -Publisher "CN=ProTrainITDemo, O=ProTrainIT, C=FI" -Version 1.0.0.0 –
MakeAppx
Package name: 3-50 chars, alpha-numeric, period, and dash characters.
3. Sign appx
SignTool sign /fd sha256 /a /f c:\softat\cert.pfx /p Password1 c:\softat\SoftaUWP.appx
Publisher must match the identity of the certificate!
MICROSOFT 365
MSIX
MICROSOFT 365
MSIX
MICROSOFT 365
Assigning LOB software
• Available/Required/Uninstall
• Targeted user group/device group
• State-based installation
• 7 day interval for re-installation
Note: Available for dynamic groups
MICROSOFT 365
Win32 Bit legacy application
integration
MICROSOFT 365
• DEMO Applications in Intune
MICROSOFT 365
Using Modern WindowsMaturation
OMA-DMOpen Mobile Alliance – Device Mgmt
OMA-Uri
MICROSOFT 365
Using Modern Windows Maturationhttps://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference
MICROSOFT 365
Update and Patching Packaging
• Update and Patching of windows and Feature Editions:
MICROSOFT 365
EDUCATE YOUR EMPLOEES!!!
Otherwise, they Do it wrong!
MICROSOFT 365
Thank you and have FUN
• Thanks to:
• brewersofeurope.org (Pics)
Do not forget Delivery
Optimization,
it helps ;-)
MICROSOFT 365
MICROSOFT 365
MICROSOFT 365MICROSOFT 365
MICROSOFT 365 http://feedback.expertslive.nl/
• Share your voice / ideas!
■http://microsoftintune.uservoice.com/
■http://configurationmanager.uservoice.com/
MICROSOFT 365