Name: Modern Windows 10 management strategies, using Configuration Manager and Microsoft Intune
Uploaded: 2017-11-15T03:05:33.000Z
Duration: 15 min 13 s
Description: Thousands of YouTube videos with English-Chinese subtitles! Now you can learn to understand native speakers, expand your vocabulary, and improve your pronunciation...

Coming up, we take a look at your  options for managing Windows 10 devices

with configuration manager and cloud base modern management with Microsoft Intune.

We'll explore the end-to-end lifecycle from new ways

to deploy Windows PCs without  having to create your own images.

To new options for keeping your  users productive while configuring

and securing your companies Windows 10 devices.

an expert in traditional Windows management configuration manager

and model management with Microsoft Intune.

To start off with the release of Windows 10,

there have been lots of enhancements  that expand what's possible

in terms of the management of both the  main joint PC's with configuration manager.

And with Azure Active Directory  joint PCs with Microsoft Intune.

Can you bring us up-to-date on what's  been happening in this space?

So last December we released a new  version of configuration manager,

It aligns with the windows 10 servicing model.

Let me show you what that kind of  looks like here in the demo.

As you can see we've implemented some  new features aligned with Windows 10,

such as the ability to measure your health  state of your Windows 10 devices.

So we're basically kind of keeping up and lighting up new features that come here with Windows 10.

The other thing that we've been working  on is making it much easier to upgrade.

This new release of configuration manager

has been one of our fastest updating releases ever.

We already have it installed on over 44 million clients

With windows 10 and the enhancements  that have been made in the inbox MDM agent,

we've also enhanced Intune to better  leverage those capabilities.

Let me show you what that looks like here.

What we've done is modified Intune to  incorporate many of the new policies that

So what you see right here is an ability  to configure these new policies,

which is super critical for customers who need to move from a lower-end sku to a much higher-end sku.

You can set up additional policies here like a VPN profile

In this last piece here there are very significant changes around Windows information protection.

Windows information protection  really affords a customer

the ability to protect their corporate information

to ensure that it doesn't move out of their environment without their knowledge or control.

I know a lot of poeple watching this are actually considering that longer term management structure.

Some folks may be looking to shift some of that management capability to the cloud

Other folks might be more comfortable with sticking to traditional configuration manager.

How should people be weighing up all the different management options?

Sure, you know whether  you choose traditional or modern,

for us it's really about lowering the overall cost of managing your windows devices.

I think what customers will find is that,

given their environment they can likely  apply both in different situations.

So Mark, can you give us some examples of what those decision points really are?

The first being your imaging and  how you get Windows 10 deployed.

The second being applications and identity  and the third is software updates.

What about the first of those provisioning?

Yeah, so if i look at a typical imaging model today

You have to get a machine in and  you have to re-image it.

You have apply all your new drivers and it takes hours and usually requires a lot of manpower.

is we now allow you to get devices  deployed much more quickly,

and much easier for the end user to  be able to work off those devices.

Let me show you what this looks like in a demo.

So what you're seeing here on the screen  is just a device that comes right out of box.

And what you'll notice is a real key change here,

is I have an option to join this  device to Azure Active Directory

which is new because most people  are joining into local Active directory.

So, the first thing I'm going to do is  enter in my credentials.

These are the same credentials I would use  for accessing corporate email.

So the end user is very familiar with having to do this.

Now behind-the-scenes what's going on is this device is joining to Azure Active Directory.

And as part of that we're going to start to now get management policies coming down.

The very first policy that you see here  is a multi-factor authentication.

This is a good way to validate that my identity is who I am when I'm trying to log into this device.

I'll enter that code there to attest  that this is truly myself.

And this next piece that you're seeing  here is where Intune comes into play.

So this pin isn't part of the regular  out-of-box experience?

This is actually Intune policy telling  Windows to require a pin.

Oh yeah, absolutely that's kind of the beauty of it.

To the end-user they don't know that they're going through a real disjointed experience at all.

But, it's getting the device prepped and  ready for them with the right policy

so that the IT administrator can feel  secure that the device is protected.

Now I'm going to show you a few other cool things.

First, you'll notice a substantial change here.

which is when a typical system comes back up,

you'll notice that it's being managed  through local active directory.

Not the case here, this is now being  managed through Azure Active Directory.

So what you notice here is this device also has the configuration manager agent installed on it.

So what we've done is we've really integrated the management experience for a customer,

so that they can use Intune to help provision this device.

They can use Azure Active Directory to  help get this device registered and managed.