Ignite 2016 over for this time, finally home with my lovely family again and back in business. All the swags has been looked thru and the impressions from the conference becomes clearer. Overall the conference was good and a lot of new (and old) ideas pops up, what to do, how to do, what did they really mean, what works, etc.

I will try here to gather my impressions from the conference, since there are far over 1000 sessions I tried to keep within Windows client, Configuration Manager and security track.  If you think I missed something leave a comment to share your thoughts or if you have any follow up questions.

Lets start, so the main topics here was

  • Readiness and Deployment
  • Security
  • Authentication
  • Microsoft Edge

Readiness and deployment

There are two new tools to help you with readiness and upgrade are Update Analytics and Ready for Windows.

Upgrade Analytics is a free solution offered in Microsoft Operations Management Suite (OMS). OMS has a free plan to get you started, just sign up with a AAD or a Microsoft account and you are up and running.

OMS-UpgradeAnalytics.png

Ready for Windows homepage gathers information about software and drivers and you are able to see how these software are adopted over the world.

readyforwindowspowerdvd

With Configuration Manager there will be a way to, supported, switch from BIOS to UEFI, this has already been released in ConfigMgr 1609 TP.

cm1609-ic861057-jpg

New registry values to tweak your PXE/TFTP load times from your distribution point, and some other nice deployment changes has already been released in 1606.

Fallback status point will go away and replaced with new boundary group relationships, looks really nice.

Finally a Office 365 servicing dashboard and a way to deploy Office 365 apps.

If you use Intune, the amount of devices possible to enroll per use will be increased to 15

Authentication

Windows Hello becomes a bit clearer, there will be to forms of authentication, key based and certificate based and the last one requires a PKI. As of today there are to ways of implement this Cloud only with AAD and Hybrid with AAD and Windows Server 2012 Domain Controller. In the future there will be an on-premise solution based on Windows Server 2016 Domain Controllers and Windows Server 2016 ADFS. There are now new partners, example Nymi band and Yubico, so instead of just having your finger or face to logon with you can now have a second factor with a phone (Authenticator app), NFC or a YubiKey.

nymiband-product_overview_band

Microsoft Edge

Now Edge is faster and more secure, surprised? Well now it gets really secure, Microsoft Edge will be virtualized together with Virtual Based Security/Device Guard, similar to Credential guard technology. This means in short if you have attacks coming from a webpage it will stay in a virtualized environment and will not affect the operating system, and when you close the browser everything in this environment will be cleaned up and you will stay safe. This technology is called Windows Defender Application Guard.

There will also be a synchronization between Internet Explorer favorites and Microsoft Edge Favorites! Finally!

Also some updates to Enterprise Mode, so instead of open a new Internet Explorer windows it will just open a new tab in existing Internet Explorer window. Also you can configure a behavior to switch back to Microsoft Edge if you browse an undefined URL from the Enterprise Mode list in Internet Explorer.

MBAM

So with Windows 10 1511 there came a new BitLocker encryption method, XTS. This was not fully supported in MBAM 2.5 SP1. During the conference they released a hotfix for this and some other MDOP fixes. Go look at KB3168628.

UE-V and App-V

With Windows 10 1607 App-V and UE-V from the MDOP family is included in the operating system. But only in the Enterprise SKU. This is easily enabled and configured with PowerShell commands. So no longer MDOP media required.

But remember this: From now on App-V and UE-V only works on Windows 10 1607 Enterprise, not Pro. Even if you have MDOP media

Other things

With Windows 10 1511 and earlier it was possible to restore to previous build of the operating system for 31 days, now starting with 1607 it is only 10 days.

Microsoft is considering to incorporate some kind of BIOS to UEFI switch during Windows 10 upgrade process, no more details released.

There have also been a lot of talk about Windows Express Packages, and this is only possible with Windows Update, Windows Update for Business and WSUS, this is not (yet) possible with ConfigMgr SUP)

Make sure to keep your Configuration Manager up to date, and you have full support to deploy the latest Windows 10 build. The same goes for Windows ADK, make sure this matches the operating system you deploy, but Windows ADK will support N-1 Windows build. So Windows ADK 1607 will support Windows 10 1607 and 1511 for servicing.

Make sure to update your ADMX files, this may be a hassle in the future. There are some settings that changes and only applies to one build. Example Windows update, Credential Guard etc. There are different settings available for different build, and the settings are not (always) backwards or forwards compatible.

…and remember to deploy your Windows 7 64-bit and Windows 8/8.1 computers with UEFI already today!

 

For sure I forgot or missed something, but this was on the top of my head. Please comment if there is anything you want to add

Advertisements