#IoTinActionMS
KoldingJune 12, 2018
Windows 10 for IoT solutions
Dmitry TeterukCloud Solution Architect
Need a cohesive
computing
environment
Security is a major
concern
Devices need versatile
connectivity
EDGE AND CLOUD COMPUTING DRIVE IOT
“ T H E R E I S A S H I F T I N G B A L A N C E B E T W E E N E D G E C O M P U T I N G
A N D C L O U D C O M P U T I N G ” - A B I R E S E A R C H
SUCCESSFUL IOT SOLUTIONS DEMAND
ROBUST EDGE COMPUTING CAPABILITIES
Microsoft Windows 10 IoT Enterprise
One platform optimized for all IoT devices
Leading user experiences and connectivity
to empower business scenarios
Streamlined manageability including
lockdown and bulk provisioning to
help enable industry-specific scenarios
Enterprise-grade security specifically
designed for enterprise devices
WINDOWS 10 IoT EDITIONS
Windows Server 2016 for Embedded Systems (for IoT)
Advanced multi-layer security
Cloud-ready application platform
IoT Server Appliances
Windows 10 IoT Core
Smaller OS footprint; low level bus and hardware access support
Headless/Headed; UWP 512MB RAM, 2GB storage* | X86, X64, or ARM
Smart Devices
Windows 10 IoT Enterprise
Rich user experience
Windows 32 and UWP apps 2GB RAM, 16GB Storage | X86 or X64
Powerful Industry Devices
Windows 10 IoT Mobile
Lockdown, multi-user support and cellular
Modern Shell and UWP apps 1GB RAM, 8GB storage | ARM
Ruggedized Handheld Devices
*For details see: https://msdn.microsoft.com/en-us/library/windows/hardware/dn915086%28v=vs.85%29.aspx
IoT Gateways
Industry Tablets
ATMsDigital Signs
Handheld Terminals
Thin Clients
POS Terminals
Medical Devices
Industry Robotics
Seamless connectivity to Microsoft Azure
Interoperability across devices
Easy incorporation of sensors and
peripherals
Feature Highlights for Windows 10 IoT Enterprise Feature Benefit
Mobile Device Management (MDM) Consistent management framework across devices (1st or 3rd party)
Granular UX Control and Lockdown Provide a predictable and consistent device experience
Machine login with Azure AD Join and
Azure State Simplify device access to cloud resources
Device Guard*Protect operating system from running unwanted apps and increase
security on mission critical devices.
Credential Guard* Protect device credentials from pass the hash attacks
Custom Branding (logon and boot) Helps create a custom device experience
AppLocker Prevent users from installing and using unauthorized applications.
Next Generation CredentialsReducing reliance on passwords, increasing resistance to theft and
phishing
HORM Boot fast to a known state on the device
Image Configuration Designer (ICD) Easily customize the device experience/image
* Requires UEFI 2.3.1 or greater; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; TPM 2.0; BIOS Lockdown;
Windows Universal App Platform
• Converged APIs: write ONE Universal App and target all Windows 10 editions.
• Reuse existing development skills.
Languages
• C++ /CX
• C#, VB
• JS
• Python
• Node.js
APIs
• WinRT
• Win32
• .NET
• Wiring
Deployment and
Execution
• APPX
• XCopy
• App Isolation
UI Frameworks
• HTML
• Xaml
• DirectX
Tools
• Visual Studio
• PowerShell
Universal Windows Platform
Common & Consistent APIs
Windows Universal Driver Platform
WDFAudio
BluetoothBuses (USB, SPB)
HID (Retail), ButtonsCamera
Graphics & Display
LocationNetworking - WiredNetworking - WLANSecurity - Biometrics
Security - CryptoSecurity - Smartcard
Security - TPM
NFCSensorsThermal
TouchUEFI
Video
• Write ONE Universal Driver and target all Windows 10 editions – converged device areas/APIs
• We scanned over 100k drivers to create a universal driver API set for you.
If you are using Actions to take Why
Inbox/Class drivers • It just works! Core device-types
(storage, mouse, keyboard, touch,
video, etc.…)
Your device automatically
leverages a large ecosystem
of peripherals
Kernel Mode drivers • High backwards-compatibility for
converged device areas
• Make minimal changes and test
Your driver runs on more
editions
User Mode drivers and
services
• Know that Windows Universal
Platform Win32 API surface is smaller
than desktop Windows
• Use replacement APIs where
available
• Re-design/re-implementation if APIs
are not available and test
Your driver runs on more
editions
Why move to Universal Driver?
Choose the peripherals that are right for you
MagStripe Reader
Barcode Scanner
Receipt Printer Cash Drawer
New New
Application developers can build Classic Desktop applications
using a UnifiedPOS implementation to integrate retail peripherals
into solutions.
UnifiedPOS implementations for Classic Desktop include (click
links for additional information):
▪ POS for .NET
▪ OPOS
▪ JavaPOS
Building Classic Desktop apps for retail
Consistent device management for all Windows 10 IoT devices
Industry Devices
Windows 10 IoT
One Windows Platform CSP CSP CSP Custom
DM
• Converged MDM Stack• Common CSPs
3rd Party MDM
Azure IoT Hub
Device Twin
Device Twin
OMA DM
• Enterprise and
OEM/MSP device
management
• Customer can select
from both models in
one platform
MDM in Windows 10
One consistent set of MDM capabilities
across Mobile, Desktop, and IoT
• Provisioning
• Bulk enrollment
• Simple bootstrap
• Converged protocol
• Azure AD Integration
• Extended set of policiesClient certificate management
• Enterprise Wi-Fi
• VPN management
• Email provisioning
• MDM Push
• Device Update control
• Kiosk, Start screen, Start menu configuration and control
• Curated Windows Store
• Business Store Portal (BSP) app deployment; license reclaim
• Enterprise App management
• Simplified LOB app management
• Win32 (MSI) app management
• App inventory (LOB/store apps)
• App allow/deny lists via Applocker
• Enterprise data protection
• Full device wipe
• Remote Lock, PIN reset, Ring, & Find
• Enhanced inventory for compliance decisions
• Un-enrollment with alerts
• Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
• Additional device inventory
BitLocker
Device Guard
Enterprise grade security for mission critical devices
Next Generation Credentials
Windows DefenderAdvanced Threat Protection
Enterprise Data Protection
Advanced lockdown for mission critical devicesCreate a consistent and predictable device and user experience for Line of Business apps
+ +
Create consistent and predicable device experience
Protect system against write operationsEasily create read-only devices
Improve system up-time & reduce IT support
Create dedicated LoB device experiencesKeep users focused on line of business app(s) that matter
Customize the layout to meet the needs of the device and user experience.Keep users focused on line of business app(s) that matter
TargetedProvide a consistent & predictable experience
Lockdown comparisonsWindows Embedded 8.1
Industry ProWindows 10 IoT Enterprise
Lockdown Capability Feature Mapping
Protect devices physical storage media Unified Write Filter -----> Unified Write Filter
Boot fast to a known state on the device HORM -----> HORM *
Suppress Windows UI elements displayed during Windows logon and
shutdownEmbedded Logon -----> Embedded Logon
Block edge gestures Gesture Filter -----> Assigned Access
Block hotkeys and other key combinations Keyboard Filter -----> Assigned Access / Shell Launcher
Launch a desktop app on login Shell Launcher -----> Shell Launcher
Launch a Universal Windows app on login Application Launcher -----> Assigned Access
Suppress system dialogs & control processes that can run Dialog Filter -----> AppLocker & MDM policies
Suppress toast notifications Toast Filter -----> MDM & Group policies
Configure lockdown features Embedded Lockdown Manager -----> ICD / Provisioning package(s)
Restrict USB devices / peripherals on system USB Filter -----> MDM & Group policies
Launch a Universal Windows app on login plus lock access to system Assigned Access -----> Assigned Access
Custom brand a device by removing and/or replace Windows UI boot
elements
Embedded Boot Experience /
Unbranded Screens----->
Embedded Boot Experience /
Unbranded Screens
Suppress Windows UI elements displayed during logon and logoff Embedded Logon -----> Embedded Logon
* HORM capability available in Windows 10 IoT Enterprise LTSB 2016 and CBB SKUs.
Bringing it all together
The latest connectivity optionsEthernet, Mobile Broadband – MBB USB Class driver, OEM BSP support
Wi-Fi, Wi-Fi Direct, Bluetooth, BTLE
Your devices work togetherDevice interoperability with open standards
Sensor access from Universal Windows appsDirectly interact with hardware busses to build innovative IoT devices
Sensor to CloudAzure services to build IoT solutions
Activation states for Windows 10 IoT Enterprise
Windows Product Key is
injected or installed into each
device during manufacturing
Device deployment
• Device will reach AVS server for activation
• Upon successful activation access to online services
Note: Activation failure UX will be appear if activation fails
☺
• Image is fully functional
• No access to MSFT and/or 3rd party services
• No disruptive activation notifications or watermarks
☺
Has never connected to the Internet
Internet connectivity
Deferred Activation
Semi-Annual Channel vs. Long Term Servicing Channel
Semi-Annual ChannelLong Term Servicing
Channel (LTSC)
Ongoing security updates for the lifetime of the branch
1st party browsing choices
Several months to consume feature updates
Support for Cortanaand some 1st party Universal apps
No feature upgrade required to stay supported
Value of the latest features as they are released
Capabilities
Recommended IoT use scenario
Modern UWP device experiences
Traditional embedded devices with Win32
Microsoft Edge, IE 11
Support for Microsoft Store
Ability to load universal apps
IE 11
CBBCB
CBBCB – RS2
Summer Fall Spring Summer Fall Spring
CB – TH1
Semi-Annual Channel (ex-CBB) WaaS Servicing Cadence
• There are only 2 active CBBs at any given time.
• CBB is declared after ~4 months of servicing of the active CB
• CBB has ~8 months of servicing.
• First CBB occured in July 2015.
• All CBB updates contain a delta of previous updates
CB – TH2
CB – RS1
CBB
CBB
CBBWindows 10 IoT Editions
Windows 10 IoT Enterprise (CBB)
Windows 10 IoT Core
Windows 10 IoT Mobile
LTSC (ex-LTSB) WaaS Servicing
• 10 years of servicing ( 5 Main + 5 Extended )
• Security, and required reliability/performance fixes only
• No feature additions
• All updates are cumulative
• Infrequent, every 2-3 years
CB – RS1 CBB
CB – RS2 CBB
CB CBB
CB CBB
LTSB 2016 (Redstone 1)
CB CBB
CB CBB
CB CBB
CB CBB
CB CBB LTSB Future
CB CBB
CB CBB
CB CBB
CB CBB
CB CBB
CB CBB
CB –TH2
CBB
CB –TH1
CBB
Windows 10 IoT Editions
Windows 10 IoT Enterprise (LTSB)
LTSB 2015