Ease Windows 10 Migrations, Eliminate Logon Scripts, and Soothe Group Policy Pain

February 28, 2018

Simon Townsend | Chief Technologist | Ivanti

Hannah Curtis | Director, Release and Program | Ivanti

Managing and delivering desktops that meet end-user expectations and enforce policy is a 24x7 nightmare for IT. End users want a consistent, responsive, and personalized computing experience regardless of device, time of day, or location so they can be more productive. However, traditional approaches to user workspace management, like logon scripts and Group Policies, are complex and impossible to maintain.

To solve these challenges, Ivanti is introducing Environment Manager Policy - a NEW simpler, lower-cost edition of its popular Environment Manager solution. Environment Manager Policy replaces logon script tedium and Group Policy maintenance burdens with a simple but powerful console for creating advanced, multi-threaded policies that configure the desktop dynamically based on user context. It also provides an easy way to capture the user’s personality from a Windows 7, 8 or 10 desktop and transfer it smoothly to any new desktop or Windows 10 version, solving the problem of continuous migration.

In this webinar, you’ll learn how to:

  • Provide responsive, personalized, compliant and contextual desktops
  • Deliver a fast, full-featured Office 365 experience on virtual desktops
  • Eliminate slow logons
  • Eradicate complex logon scripts
  • Replace Group Policy on desktops
  • Accelerate Windows 10 migrations

Transcript:

Simon: Today's webinar, good morning, good afternoon, good evening, depending on where you are. Thank you very much for joining the Ivanti Webinar today, is hosted by myself, Simon Townsend. We are going to talk about a new edition of Environment Manager that we have recently released. It's up on our website, it's available to buy. It's called Environment Manager Policy. And I'd also like to talk to you about something called the Windows 10 Migration Accelerator.
 
We've been pretty busy at Ivanti over the last 6 to 12 months, looking at various different ways in which we can increase the number of technologies that we offer to the market, looking at different ways in which people can tune those technologies. And how we can integrate some of those technologies into other areas of our portfolio. And I just wanna give you a hint of what we're doing with some of our customers. And as I said previously if there are any questions throughout the webinar then please, please do not hesitate to put those in the chat, and I will do my very best to answer them. So without further ado, we'll get started.
 
One of the things, one of the headline topics I would like to talk to you today about is how the Ivanti technology that I'm gonna introduce to you can help reduce your user's logon times, and in fact get up to 90% faster logons. You know, through the consumerization of IT through the use of iPads the younger generation, the Mac OS in fact, Windows has at times particularly in the enterprise been left behind, particularly when it comes to allowing our users to boot a machine up, log in to their environment, and to get use of the environment and become productive. Logon times in many organizations I speak to still continue to play those users environments. Even on Windows 10, people are still complaining of very slow logon times.
 
The other thing I want to talk about is how we can you help eliminate hundreds and some in cases, thousands of group policies. Group policies again have been around for many, many years, but organizations that I speak to are burdened by their complexity and their performance, yet they're a bit like you know, the better the devil you know. You need to be able to use group policies, you need to be able to apply them to enforce security settings or particular settings within Windows. But you know, they do sometimes cause headaches.
 
The other thing I'd like to talk about is how we can start to look at reducing the number of Windows images you've got. Windows 10 is moving to things like Windows as a service, whether you deploy in a fact-cloud environment, a virtual desktop environment. Lots of organizations are looking at ways in which they can reduce the number of Windows desktop images that they have. And lastly, big topic at the moment is how Ivanti he can help organizations migrate to Windows 10 and deal with the ongoing Windows 10 as a service challenge that we'll now face.
 
So I wanna talk about how we can help migrate users profiles and data. Really what I wanna discuss with you today is three things. I wanna talk to you straight away about this new version of Ivanti Environment Manager, Environment Manager Policy. I wanna talk to you about how we're looking at integrating that with some of the other Ivanti products and portfolio. And lastly, talk to you about our Windows 10 accelerator program and how you can get hold of that to help you with Windows 10 migrations. 
 
For those of you that don't know in 2016, Ivanti acquired an organization formerly known as AppSense. Those technologies now make up an area of our business called user workspace management. The concept of managing a user independently from how you deploy and manage the operating system and the applications. So within that portfolio of user workspace management products, we have things like application control, privilege management, performance management, enterprise file, and folder synchronization tools.
 
But for the purpose of today, we have had a product within there called Environment Manager, which for many, many years now has been the market-leading profile management and desktop composition piece of technology. The ability that a single product can manage a user environment, set a user's environment app, so they can be productive day in and day out, whether that be mapping drives, mapping printers, setting group policies, or actually dealing with the user's profile. It's a single pane of glass allowing you to manage your users as they log on and log off from their Windows desktops.
 
The Environment Manager product, the full-blown product has been available now for many, many years, has got a number of features, and it's used by somewhere in the region of over 4,500 companies globally to manage users on top of Windows-based desktops. People use it for logon script replacement, they replace group policies with it, they can hide icons on the desktop, they can build the start bar, they can change the wallpaper, they can also use it for profile management. 
 
So it doesn't matter whether you're using a local or a roaming profile, we can personalize the environment, pack that personalization up, allow it to move freely from one environment to another. And it wraps a whole host of enterprise features around those controls as well, giving administrators the ability to trigger certain events based on not just logon and logoff, but when certain other triggers take place within the environment. 
 
So for instance, when I lock my desktop, when I move location, when I change my contexts, and some other enterprise features around that around how we back up and can roll back users profiles as an example. But the full Environment Manager product, as I said, has been around now for well over 10 years. It's mature, it's being used at scale. You know, some organizations have 500 users in size, and some organizations have over 220,000 users in size. And it's really there to manage a user's environment regardless of whether we're deploying a physical desktop, a virtual desktop, desktop as a service, or perhaps even an RDSH Citrix type of desktop or application environment. 
 
But what we are announcing today is a cutdown light version of Environment Manager, with the personalization element, the highly scalable three-tier architecture, profile management solutions as well removed from this particular version. So this is a very simple, easy to implement, easy to maintain version of Environment Manager. It's simply just an agent, a configuration and a license that goes onto a Windows desktop. And it takes care of what happens when a user logs on, what happens when a user logs off. And it takes care of configuring that environment and managing that environment so that it's tailored to that user's needs.
 
It works both online and offline and obviously, it being a cutdown version of the full Environment Manager product, it actually retails at a lower price point than the full version of Environment Manager as well. So it's exactly the same product that some of you will know and love, but it's just got that personalization element removed. And if you take a look at how those two products then compare, what you'll be able to see is that we can achieve some of the well-known features and functionality even within the EM policy addition.
 
So things like logon script replacement, group policy replacement, the ability to personalize the user's desktop and tailor it to that particular user's needs as they log on is all included in that Environment Manager Policy edition. The full-blown version of the Environment Manager really offers true cross-platform highly scalable profile management capabilities. So if there is a need for a user to go cross-platform, e.g. go from a Windows laptop to a virtual desktop, to a remote desktop or Citrix Zen App type of environment, then that full version of Environment Manager with the personalization allows that to take place.
 
And as you can see there with full Environment Manager with the personalization functionality, that's where we bring in technologies like the three-tier architecture, utilizes IAS and SQL for true scalability. It's got true online and offline support, it can go cross-platform. It doesn't matter whether it's Windows 7, Windows 10, it doesn't matter whether it's RDSH environment, or a desktop environment, it doesn't even care how you deploy the application. If you deploy the application via an MSI file or via app video, you're in a complete hybrid environment. That is the true profile management solution. 
 
Other things in there, multi-data center support, Geo sync support, Citrix cloud support. If you're moving some of your desktops or your infrastructure to the cloud, then the full version of Environment Manager offers all of those capabilities. But for some customers, they simply have a set number of desktops or laptops, and what they really wanna achieve is just a simple way to manage that user environment. They're less worried about backing the user's profile up, they're less worried about roaming profiles, perhaps everybody gets a local profile on their desktop. And hence EM policy really gives people the ability to manage that user without the overheads of personalization. 
 
So I mentioned at the start about reducing logon times. Logon times typically are affected because of two or three things. They're typically affected by logon scripts, long drawn out complex logon scripts that were created by somebody in the IT Department in 1982, and no one's touched them since. And we've built logon scripts on top of logon scripts, and they've got a lot of "if...but" statements. But those logon scripts are typically slow whether they're done in VB, whether they're done in batch files, or even whether they're done in PowerShell, they can be a pain.
 
And typically, they're running a logon, they're configuring the user's environment maybe mapping drives, mapping printers, trying to set the desktop environment up, but they're just slow in their very nature. The other thing that can slow a logon down is things like group policy objects, and as I said, we want to try and eliminate group policy objects. They've served us very well for many years but again, they are very, very complex, they've been set 10, 15 years ago. Everybody is scared to turn some of them off because they don't know why they were put in place. But more importantly, they are very, very slow in terms of how they execute. 
 
If you take a look at some of the disadvantages of logon scripts, so then you go and take a look at some of the disadvantage of group policies, they're very, very familiar things. You know, logon scripts can be complex to write and difficult to maintain, but the key thing here is that they run sequentially. You know, if we map a drive and then map a printer, the printer mapping doesn't take place until the drive mapping has taken place. They are running one after the other.
 
And hence the longer your logon script becomes, the longer your logon tends to take. And they also only apply logon and I suppose the question you have to ask yourself these days is, whoever logs on? I know I certainly don't. I lock my machine, I close the lid, I then pop it out open and I unlock. And so actually, logon scripts in group policies that only apply at logon don't typically serve their purpose in a mobile world either.
 
From a group policy point of view, again, they are running sequentially and so they are difficult to maintain, but they also perform particularly bad. And at times, people moan because they want version control, they don't know who's changing what. Put simply, Environment Manager Policy, for those of you that are not aware, replaces both of those. It replaces the need for logon script and it replaces the need to deploy group policies in the way that you've been deploying them.
 
The only other thing that can really slow a logon down or the third thing that would slow a logon down typically, would be the profile. Particularly in a roaming profile environment where the profile is being downloaded over a network, that's really the third thing that slows things down. And as you'll see, both EM policy and the full-blown version of Environmental Manager can solve that profile problem as well.
 
 
But initially, I want to just talk to you about logon scripts and group policy objects. And really, the way in which we get rid of those is we say right, we wanna give you a nice graphical user interface, we wanna give you a very powerful rules engine. So that you can do things not just based on username or group membership, but perhaps look at the date and the time, the context of the user, where the user is, which machine they're logging onto, whether they are logging onto VDI session, what published application they're using in Citrix, what Netscaler firewall or perimeter device they came through. There's a whole host of conditions that are available in there.
 
We wanna simplify all of that in a graphical user interface which then has got the ability to process things in a multi-threaded fashion, and this is very, very important. The ability that we can do multiple things simultaneously. If we can do things simultaneously, then we can obviously log the users on nice and quickly. 
 
The other thing the Environment Manager offers is a comprehensive set of triggers. We can do things, we can see when the machine boots up, we can see when the network comes available, we can see when the network's changed, we can see whether a user's logged on, whether a process has started, whether they are connected to a session, whether I've locked or unlocked a session as well.
 
So very powerful talk, but really I suppose the easiest thing to do is to show you a quick video. I'm not sure how this video is gonna play over a webinar so I apologize in advance. If you go to ivanti.com/blog, you'll see all of the information about the migration accelerator program, and contained within there is the video. And that video is also accessible on Vimeo. But what you'll see here hopefully is on the bottom left-hand side of the screen is a machine that has got Environmental Policy, and a machine on the top right which is using group policy and logon scripts.
 
Typically, a machine running Environment Manager will logon anywhere between 40 and 90% quicker than an environment that's not using it. And I have been with this business for 15 years and I have seen all sorts of logon times. One minute forty-five all the way through to 47 minutes in one case. But for the majority of environments, we can get a logon down anywhere between 9 and 19 seconds depending on the complexity of that logon.
 
And so what we're trying to do here is we're trying to give an enhanced experience, a great user experience when the users log in on. But also a contextual one, making sure that my environment can dynamically change in terms of what settings group policies and settings are applied to me when I logon. So for instance, I move from one floor to the other, I can do things like follow me based printing. I might need to hide certain icons or applications from the user's desktop environment depending on where they are.
 
I may want to lock down part of that environment using Environment Manager and some of those tools. So it's really about giving a great experience, but also giving a contextual experience. I'm hoping that video did at least prove the point.
 
Now, some of you'll be wondering, well, how does it work? This isn't necessarily a technical training course, but I will just touch on three areas of how Environment Manager does what it does. And that comes down to triggers, actions, and conditions. A trigger is typically a listener that we are looking out for. So as I said before we have the ability to sense when a machine is starting up as you can see in this particular case, when a network becomes available, when a user logs on, when a user logs off, when a process is started. That would be a trigger.
 
And a trigger then triggers Environment Manager to then do something. On the right-hand side of the console of the UI, we then have conditions and actions. And conditions are typically making a check using an enhanced rules library, and an action is actually doing something. And it's those conditions and those actions that we have the ability to run either sequentially or more importantly and commonly, in parallel. So if I have 10 actions, I can run 10 actions simultaneously as opposed to running them sequentially.
 
Typical examples of triggers are shown there on the screen, so the first thing you'll see when you open up Environment Manages, is all the triggers that are available to you. Some of those are really well suited to laptop environments like when I lock and unlock my desktop. Some of those are really well suited to virtual desktop environments. So you can trigger an environment change when someone reconnects to a virtual desktop environment, and perhaps they've moved from the office to working from home as an example. 
 
What you'll also notice is that the logon node is broken down into three subsections as well. The ability to do things pre-session, so to get into the environment very early so we can set things up like DPI settings. Pre-desktop which is typically when your legacy logon scripts should run. And then Desktop Created and that's actually when the Window shells launch and the user sees the start menu in their desktop for the first time. There's quite a lot in fact, that you can place into desktop created to give a perceived improved user experience and user logon time.
 
And once the desktop and the shell is launched and the user feels that they can then launch applications become productive, you can then start to perform some of the other tasks like drive mappings or printer mappings in the background. Process started and process stopped, are very common triggers that we use. That gives me the ability to do things when a process starts or stops. 
 
So if I've got an SAP application that needs a F drive, I can choose to map the F drive only when that particular process or applications starts. Gives me ultimate flexibility, extremely contextual. Actions, there are all sorts of actions. We can set registry keys and values, we can change them, we can set them, we can set files and folders, we can do everything that robocopy could do and more. We can do delta synchronizations to copy files to and from a network drive, we can map printers, we give printers friendly names, we can set the default printer, we can do drive mappings, we can choose to force what the drive letters are or choose to take the next available one.
 
We can import group policies, we support ADM and ADMX templates, and we can apply those very, very quickly, but using a very familiar look and feel. We make use of environment variables both inside the product and Windows environment variables. And we can set up things like ODBC connections and mapping profiles as well, and signatures, and Office 365-type of profiles as well.
 
If there's anything that's not built in, then we're normally pretty quick in turning that around as a feature, but we also support the ability to execute files, so .exes, but also the ability to embed JavaScript, VB scrip,t and PowerShell. So even if you're not able to have a native action and you wanna create a custom action, you can still use the framework and the logic of the triggers and the conditions to carry out a customizable action.
 
And those conditions are also fairly well extensive, you can see there some example. See I might log onto a laptop. What's the name of my machine? I might log on to a VDI. What operating system I log in onto? Is it Windows 10, is it Windows 10 creators update? Is it Windows 7 with a service pack, as an example? I can check to see the existence of a registry or a file, or check to see what IU a user is in. And I can put flow control and/ or arguments if then else arguments around all of that as well. So I can be very, very comprehensive with how and when I apply certain actions to certain triggers based on those conditions.
 
A lot of this is extremely intuitive, you can create a lot of these configuration yourself. Alternatively, you can go on the Ivanti marketplace, and you can download well-known configurations that least give you a great starting point. And I'm gonna come back on to that topic in the first place. But all in all, the way we use triggers, the fact that we are executing simultaneously, the way that we do our checks, the way that this piece of software that is Environmental Manager has been architectured and configured, the way that it integrates with the Windows operating system allows us to perform incredibly quickly, allows us to provide these fast logon times.
 
But also, more importantly, it allows us to be very, very powerful. And there are hundreds of case studies out there of customers that are doing this. People that have taken logon times as you can see there from eight minutes down to 35 seconds. And as I said before, numerous examples of where we've got logon times sub 20 seconds, sub 15 seconds, and in some cases sub 10 seconds. You know, ultimately we are trying to improve user experience, but also give far more contextual control to how we build and create that desktop dynamically.
 
So that is Environment Manager Policy. If there are any questions, then please feel free to fire them into that chat. If you go to our website as well and look under our product section, and you go to Environment Manager Policy you'll see a very useful chart there that shows you the key differences between the full version and the policy version as well.
 
On that note, I think I'll pause for a second and we'll just see if there are any particular questions on anything I have said there. I've got Hannah on the line with me. She is helping me out. Hannah, have we got any... I don't know whether we can hear her. Have we got any questions there?
 
Hannah: Hello there, Simon. Yeah, I've been answering some of the questions from the attendees. I've got them all covered for you, so you can move on.
 
Simon: Okay, excellent. Thank you, Hannah. That's great stuff. Right. Just before we move off Environment Manager and Environmental Manager Policy, I wanted to just touch on a couple of other areas, that don't necessarily... although they can, they don't necessarily improve logon times. But there are other features and functionality that you can read about that the product can fulfill. One of those is called Cache roaming. 
 
Cache roaming has become a popular conversation with those organizations that are looking at deploying Office 365 in a virtualized desktop environment. When you deploy Office 365 in a virtualized desktop environment, particularly a non-persistent VDI environment, it can become quite challenging to decide what you're gonna do with Outlook LST files. You can choose to put Outlook into an online mode so that your non-persistent desktop and the Outlook that was running on it communicates in live with Office 365.
 
But some as you may be aware, that has got certain performance limitations. And so what people try to do is say, "Well, I'll just enable offline mode in Outlook because that performs really well." The challenge is that the LST gets downloaded, the Outlook performs in offline mode and at the end of the day, when you log off that virtual desktop because it's non-persistent, it's thrown away and tomorrow the whole process starts again.
 
So with cache roaming, what we have the ability to do within both versions of Environment Manager, is to dynamically create and mount and manage VHDs that contain those LST files. This gives us the ability to complement and allow people to deploy Office 365 in a non-persistent VDI environment. There is a whole host of information available on our website and on Twitter, and in fact, YouTube, that sort of talks to that as well. So if you want any information on that, we can talk around that.
 
The other thing that's worth pointing out is a concept called lockdown. Lockdown gives us the ability within Environment Manager to lock down various aspects of the UI. So whether it be menu items, whether it be buttons within an application, whether it be parts of the control panel applet whether it be text boxes that users can type in to, Environment Manager lockdown gives us the ability to actually restrict and control what functions and functionality users can have access to.
 
A classic example of this would be something like Adobe Acrobat. Adobe Acrobat as an application has got a number of website links contained within its help files. Now, just because you publish Adobe Acrobat down to your users, that might not mean that you want people to click on links and then launch a Web browser or gain access to the internet. We can restrict those web links. Likewise, some organizations particularly those in education, are quite keen on controlling that users don't save things to the local C drive.
 
Again, using lockdown we can start to hide things like the C drive from view, we can hide it so when someone goes to file Save As, they can't type C code on backlash in the edit box nor can they see the C drive in the first place. So lockdown is another powerful element on Environmental Manager that I thought was worth noting. 
 
Now then, the second thing I wanna talk to you shorter section. I wanna very quickly talk about Ivanti Endpoint manager and Xtraction. Some of you on this call will know what Ivanti Endpoint Manager is, some of you will know that it was known as LANDesk Management Suite for many, many years. And some of you will know that it is the leader in the Gartner Magic Quadrant for client management tools. However, some people on this call may not be familiar with employee manager nor with our Xtraction technology. 
 
So just to bring everybody up to the same place, Ivanti Endpoint Manager is the new name for what was known as the LANDesk Management Suite. It's been around for many, many years. It's an incredibly comprehensive and mature product that allows you to manage multiple devices across your environment. It is what is regarded as a true unified endpoint management solution. 
 
It has the ability to go out and discover all of the devices on your network. It can discover Windows machines, Mac devices, IoS Android devices, printers, other types of devices on your network. And it then gives you the ability to manage those, and it can do that for very, very small environments, so customers that may have 100, 200 Windows machines need to manage from a single console can be done. Alternatively, that may be managing 150,000 devices, the majority of which are Windows and some which are Mac, and still manage IoS and Android mobile devices as well.
 
You can manage both locally and remote, and it gives us really the ability to deal with operating system deployments. It can re-image devices, it can do partitioning, it can do application deployment, it can control power settings. It can patch, it can understand what software is installed, what software is being used, and it allows you to manage all of your endpoints from a single place. Very, very powerful tool, as I said, very well-known in the market. And thanks to a load of innovation and some acquisitions over the last two years, now also supports mobile technologies use as well.
 
Ivanti Endpoint Manager is used by our customers as one example to help with the migration to Windows 10. The ability that I can manage a machine, and any point I can either push or get the user to pull and initiate a Windows migration. And Ivanti Endpoint Manager will take care of it. It will bring the new image down to my machine, it can do an in-place upgrade, it could do a reload upgrade to Windows 10. 
 
And so lots of organizations are now using something like Ivanti Endpoint Manager to do their Windows OS migration, to deal with the problem that is Windows as a service. But also to make sure that all the applications and all the drivers are getting back on to the device as well. What we're doing for our endpoint manager customers and our existing Environment Manager Policy customers is we are bringing those two technologies together and we are offering to the market a joint solution called Unified Endpoint Manager.
 
This means that if you were an existing Endpoint Manager customer former LDMS customer, you can get environment manager policy for $20. If you were an existing environment manager customer and you would like to use endpoint manager to manage the application your operating system, you can get that additional functionality for $20. We are bringing together those technologies, we're bringing together those workflows, so that from a single solution, you can effectively deploy a new operating system, deploy the applications, and then Environmental Manager Policy starts to manage things like the logon scripts, the group policies, the user's profiles etc. So it makes a lot of sense. 
 
So as well as having a reduced price point for Environment Manager Policy, those customers that are looking at purchasing Unified Endpoint Manager or who have already got Ivanti Endpoint Manager, they get it for an even lower price point. So there's a really good incentive there and it makes a lot of sense.
 
You know, Gartner this year are most likely to redefine the Unified Endpoint Management space. You know, historically they've had a client management tools, magic quadrant and an EMM Magic Quadrant for mobile technologies. They're probably gonna bring those two together, so lots of people including Gartner and ourselves are gonna be talking about Unified Endpoint Management. And this really starts to increase the amount of capabilities we can offer our customers, not just dealing with devices, operating systems, applications, but extending that out to things like group policy settings and profiles and data. 
 
The other thing that's worth noting, and again, hopefully, those on this webinar that our existing customers know about extraction. But extraction is our dashboard reporting tool, extraction doesn't collect any data itself, it feeds off other databases. So it can feed off the environment manager database, it can feed off the Endpoint Manager database. It can feed off your service management database. It doesn't matter whether you've got the Ivanti service management platform or whether you use something like B&C or service now, for instance.
 
It can feed up a SCM, it can feed up your security products, it feeds off our patch product as an example. It integrates with active directory, it allows you to produce customizable dashboards and start to collate various types of information. And if you're an endpoint manager customer or you're an environmental manager customer or both, then you're entitled to extraction for two analysts completely free of charge so you can start to produce these reports. And then additional connectors for third-party products can be purchased.
 
But extraction plays an important part in our Windows 10 migration accelerator program, which is the last and final thing I wanna talk to you about today. Lots of people are struggling with Windows 10, the're struggling to get a Windows 10, and one of the things they're struggling with is how can I deploy Windows 10 in a seamless way, so it doesn't affect my users' productivity. And also how can I get some of that data that's they've got on the endpoints? And Gartner is what places across to the Windows 10 environment. 
 
If you take a look at Windows 7 to Windows 10, you know, you gotta worry about the operating system, you gotta worry about the drivers, you gotta worry about the applications, you gotta worry about files, and you've gotta worry about the user's profile. Worry about all of that and somehow deal with that to make sure that it doesn't affect user productivity. And what we have done using the three technologies I have now introduced you, Endpoint manager, Environment Manager, and Xtraction, is we bought all of those together and said not only can you purchase those at a new discounted rate, but also let's go one step further and enable you out of the box templates and configurations based on our best practice and our experience to actually get started.
 
So the Windows 10 migration accelerator is a free kick if you like for those products, which as I've just highlighted you can get for a combined price. And it allows you to get started and start migrating people across to Windows 10 fairly easily and simply. You can go as complex and comprehensive as you like. If you're familiar with the consoles, you can dive into those consoles, you can make changes to them, you can configure both endpoint manager and environment manager to perform certain tasks or do things slightly differently. 
 
But if you just wanted to drive things in the most simplistic way, we've gone one step further here and we're actually using the APIs between the products to get extraction down. The dashboard that you see in front of you on the left hand side there, to drive what those other products are doing. So from a single dashboard, we've got the ability to go and discover all of your devices. So we can go into an environment and from that dashboard, I can discover 500 Windows machines. I can then understand how much data and what types of profiles are on those environments.
 
I can then choose to initiate the migration phase from that dashboard as well. And at that moment in time, during that migration phase, we will start backing up and copying the data and the profile from that environment. And so from that Windows 7 environment, we will copy and back it up. Once we've done that, we will then report that that migration phase is finished and then from that same console we can then execute the migration. At which point that dashboard talks to Endpoint Manager, which then goes and lays down the new image of Windows 10. It will then deal with the drivers, it will install the applications that that user initially had. And then lay back on top, use an environment manager the profile and the data on top of that.
 
So we're quite excited. You know, many customers have been doing this type of thing before. We went through this with a whole host of customers, many, many years ago when they went from Windows XP to Windows 7. I hate to admit that we're still doing that for some Windows XP customers even today. But it's just an example as well about how, as an organization, we're starting to pull some of these very powerful mature technologies together using some of our tools.
 
If you didn't hear in the last couple of weeks, Ivanti released something called the marketplace. The marketplace is the go-to place now for all additional add-ons, and tools, and configurations, and connectors that we might have for all of our products. If you do a simple search on... if you go to marketplace.avanticloud.com, you'll have a logon to that and you can very quickly find the Windows 10 accelerator configuration. You can also find all of the extraction connectors for the Ivanti products in there as well. 
 
A whole host of stuff on that marketplace, but the Windows 10 Accelerator gives you then all of the documentation you need, it gives you the content and the connectors for the dashboards, for extraction so you can import those into extraction. And you can start to not just report on what's going on, but actually start to drive things like Endpoint Manager and Environment Manager. And most importantly, it gives you the EM Environment Manager config as well. 
 
So I mean, if I dive out of my presentation quickly, I'll share with you here. I've got Environment Manager console running in my environment. Here you can see all of the triggers for both the computer and the user. Here you can see I can come into pre-desktop, I could create a node. A node is just a logical container, so let's call this U.K. Let's call this node U.S. as an example. I can come into the U.K. one if I wanted to create a subnode because I've got a London office, I might wanna do that. I can break this down into however I want to, but I can come into here, choose a condition. I can say if the user is part of a particular group called Sales. I can do that.
 
Let's just see choose one, let's just put it to users for the time being, how's that. So if the user belongs to that group called users, then I wanna carry out an action. I might wanna execute a script, execute a file, set an environment variable. In this particular case, I am going to set an ADMX template. I am going to, in this particular case, use a filter. I'm just gonna type "clock" into there. It's gonna find the group policy that says remove the clock from the notification area.
 
I'm going to double-click on it, I'm gonna choose to enable that, I'm gonna okay that, and that now is an action underneath a condition, underneath the trigger, under pre-desktop. Next time I logon, there will be a very fast check and it will say, "Is this user logging on a member of the user's group? If so, set that particular group policy." That's an example of how simple it is to configure, but as an example of the migration accelerator pack, if I go to import MSI file.
 
Here is an example of the configuration we loaded in, and what you find is a pre-built configuration that you don't need to touch, it can not all be driven from the dashboard as I said. But you can see here how we've started to automatically help you migrate a large number of applications out of the box. So you know, we will pick up all of my profile settings for WebEx, for VMware, for Link, for Autocad, for Office, for Skype, for instance. We will pick up things like the settings in the Explorer shell, my mail profile will get backed up, my security and credentials will get backed up.
 
And then when we move from the migration phase to the actual Win 10 deployment phase, all of that piece gets brought back in. So this is just an example there of the template that is available and documented on that marketplace as well. 
 
So just to sort of try and wrap things up, if you take a look at Environment Manager and this policy addition that we have now launched as well. Why do people buy? They wanna eliminate logon scripts. They're slow and painful and you know, we can't be left in a world where the person that wrote the script has left 5, 10 years ago. GPO's have been great and have served as well, but particularly in this new world, particularly people as are looking at modern device management and they still wanna apply group policies, perhaps machines aren't the doing anymore.
 
There's some customers that look in doing that, but they wanna end GPO nightmares, regardless of how they're gonna manage the environment moving forward. You wanna speed up logon time, you need to do a Windows 10 migration. Remember, we've got that cached OSVHD technology that allows you to put Office 365 on a nonpersistent VDI environment, and also reduce your image count. And not just your virtual image count, but all of your images. With something like Environment Manager, as the machine boots up, it can be configured completely differently than the machine next to it.
 
As a user logs on in a hot desk environment, for instance, the desktop the one user receives can look and feel completely differently to another. In fact, we've got some very powerful use cases now where a machine under circumstances goes into like a kiosk mode, and it's environment manager that makes that change based on a business trigger, or a user requesting it, or IT pushing it. You know, I could logon to my machine tomorrow and it's almost restricted and limited in terms of what applications I can see, what access I've got on that desktop. What ADM/ ADMX templates have been applied. I can completely change what my desktop environment looks and feels like based on who I am and the context I've got. 
 
So just to summarize everything I've said and I hope I've delivered it to the best of my ability. There is a new edition of Environment Manager. So in addition to the full-blown Environment Manager personalization, you've got EM Policy and it's available now.
 
It's ideal to replace GPOs and scripts for ultra-fast logons. You can get access to that Windows accelerator templates to help you with Windows migrations. There is a combined price and even lower price point for those existing endpoint manager customers, and EM Policy can be used either on its own, it can to be deployed by CCM, it can be deployed by a group policy, doesn't really matter. It's just an agent on the config at the end of the day.
 
It can be used stand-alone or it can be integrated as you've seen in some of those other products like Xtraction and Endpoint Manager. So with that, I will say thank you. And I will dive into the chat window. Just go back to Hannah to see whether... MCwell seems to have.
 
Hannah: Yeah, so we've got lots of questions. I'll pose a few just in case other people wanted to ask them and they have not been brave enough to put them in the chat. So is EM policy available now, Simon?
 
Simon: Yes.
 
Hannah: Totally available now. We've got some other types of questions with migration manager. Can you switch from Windows 7 to Windows 10? And that's a definite yes. We've got some credit to yourself, we've got somebody who said it's a great presentation. So well done to you, "Excellent presentation, thanks for sharing." I've also had some questions about could the Gartner report be shared. So that we take that one away and get back to the people that have requested. So if anybody else is interested is that...
 
Simon: So I can give you some information on the Garner report, so let's just be 100% clear with the Gartner report. I don't believe we can share, we don't have distribution rights over those Gartner Magic Magic Quadrant. Then maybe if you dive into the Ivanti website, you may be able to register to get access to the client management toolled one. I seem to think we were promoting that last year, so if you go to Endpoint Manager on our website, you might be able to get hold of the Gartner report that came out.
 
There's three parts for this, in fact. So first of all, the Gartner Magic Quadrant the client management tools that shows where Ivanti Endpoint managers sits is available. And that's been out for many, many years in fact. What you've then got in addition to that is Gartner themselves has got an EMM Magic Quadrant, and that would talk around all of the vendors that operate in the MDM MAM space that to do mobile device management 
 
What we anticipate, what we believe at the moment is that Gartner during of 2018 will create a third area called Unified Endpoint Management. That document is not out, that Gartner Magic Quadrant is not available yet. It is either work in progress or still to be started, but I'm fairly confident that will take place. And Unified Endpoint Management will be a look at the market and it will be looking at vendors who from one solution can manage both traditional Windows-based environments, could manage Windows and Macs in modern device manager ways, and also deal with the mobile.
 
Our Endpoint Manager product has got support for Chromebook, it's got support for Raspberry Pi. We've got Apple TV support in there as well. And so Unified Endpoint Management is quite a bugger, but there's no Gartner Magic Quadrant for it right now. That will be something that's coming.
 
Hannah: Thanks, Simon. We've got a question from Steve, and it goes back to some of the products you were talking about. Any plans to accommodate Outlook search roaming in the future?
 
Simon: Yes, so a quite a specific question there around how we do our OSTVHD cache roaming support. We're very aware of the fact that there are other aspects of the Windows desktop in the nonpersistent VDI that could be cached for benefit, so that is something we are working on. Very aware the Windows Search and Outlooks search are things that need to be addressed. Some of that is varied depending on whether it's on a remote desktop environment, whether you've got concurrent connections, or whether it's just the VDI environment. Steve, I'd be happy to talk further on that. Simon_Townsend on Twitter, feel free to reach out and we can get in contact.
 
Hannah: I think the other questions that we've had, the Q&A questions, we managed with the help of Paul, our product manager for EM, I've managed to answer, and there are a lot of questions around pricing and availability, just making sure that it's known. I've got a question from... sorry just a quick last one. A question from Matthew Clarke, does this product fill the gaps that Microsoft has created with group policy with regard to the pro-edition?
 
Simon: Yes and no, and that's a terrible thing for me to say. I'm sure I had training once that said never say "yes and no." If there is a group policy, if there is an ADM template or an ADMX template, that you want to apply to a machine regardless of its version, whether it's the pro-edition or not, then Environment Manager does the job for you. Yes, no doubt about it. 
 
I've got customers that use Environment Manager to apply group policies because they're faster. Even though the machine is domain-joined, I've got customers that use the group policies to additions that are perhaps not supported. And I've got customers that decide that they wanna use in-tune now. They wanna sign their machines up and connect them in-tune, but then they wanna apply group policies on top of that. You can use Environment Manager for that. 
 
So the answer to that is yes. Yes, we fill the gap 100%. If your question, however, is specifically more targeted to controlling things like UWP applications, Windows 10 store applications, then the product that you may want to look at is actually application control which is at the top of the screen I'm showing you right now.
 
And the reason I say that is I'm fully aware of the fact that in some versions of Windows 10, they removed the ability for you to manage Windows Store applications with group policy. And so what we have actually is a number of customers that come to us and say "Hey, I don't have enterprise, and I need to be able to block out and stop the user from going to the store or running certain store applications." Instead of using a group policy in environment manager, here I would use application control to that. Application control is an incredible product that allows you to prevent malware or ransomware from running, but also control what authorized and not-authorized executables can run.
 
And that's very, very simple to use. You can literally just say you know, I've got a rule on my laptop that says if my son logs on, he's not allowed to play any of those games, like Fruit Ninja and all of that sort of stuff. But you know, you can control Windows store applications by what publisher they came from as another example. So if that's the question, if it's that particular piece of functionality that you're interested in, then application control might be the better technology for you.
 
Hannah: So that's exactly what he was looking for, say interested in app control definitely you nailed it there [crosstalk]...
 
Simon: Again, if you wanna reach out to me on Twitter, I can give you a 15 minute... I can literally show you how I'm gonna configure on mine. Take 10, 15 minutes to give you a quick webinar and we can do that [crosstalk]...
 
Hannah: And that's given us his details so we'll get in touch with him. I've got one... You've got like 60 seconds. Have I got a chance for one more question?
 
Simon: Go for it.
 
Hannah: Powell has been asking about managing Windows 10 creator upgrade but from an OS point of view. Do we have a tool that would be able to deal with that?
 
Simon: That would be Endpoint Manager, so that would be Avanti Endpoint Manager. And that would specifically deal with any Windows upgrade. So if your challenge at the moment is how do I deal with Windows 10 as a service and the fact that Microsoft is updating the OS every six months and you've only got 18 months until it goes out of support, then Ivanti Endpoint Manager is probably the tool for you in the first instance. 
 
If getting the image down to the machine and managing when a machine upgrades for one version of Windows 10 to another version of Windows 10, then Ivanti Endpoint Manager is the product that you need to go and have a look at. You can group machines together by business unit and say, "Right, everybody in sales is gonna get Windows 10 now," you can schedule it.
 
Alternatively, because there is app store, app service catalog type front end to it, we've actually got some customers who tell their users that they can self-initiate their Windows 10 upgrade. So you can advertise the windows 10 creators upgrade within a portal, and the user can choose, "Yeah, I'm gonna do my migration now," and then goes through and does it. So delivery of the operating system image, whether it's an in-place upgrade or whether it is a wide reload, that is Avanti Endpoint Manager. 
 
If you're concerned is about how do I keep the users' wallpaper, MAPI profile, Outlook settings, signatures, and files as I rip and replace one version of Windows for another version of Windows, then that's where Environment Manager comes in. I hope that makes sense. The two things complement each other. Endpoint Manager gets me the latest version of Windows and puts all the applications on my machine, and Environment Manager makes sure that I don't lose my wallpaper with my favorite cat, or car, or whatever it is, and all of my files I've got my desktop in my documents.
 
Hannah: Thank you, Simon. I think it's a wrap.
 
Simon: Good. Listen, we had a great turnout today, so keep your eyes peeled. We're gonna continue to do loads more of these webinars across the portfolio of products. Thank you very much for dialing in and listening. Thank you to those of you who are non-British people. It's always interesting to listen to a English guy rub it on for an hour, so I appreciate that. Thanks very much. Any questions, please send them through and get in touch. Thanks, again.