Windows 10 - Insights for the Enterprise (October)
October 24, 2018
Rex McMillan | Principal Product Manager | Ivanti
Adam Smith | Senior Product Marketing Manager | Ivanti
New bi-monthly webinar series offering updates from Windows experts from Ivanti, professional service providers, and your peers from companies like yours. This webinar will feature short, helpful sections including:
- Insider Preview - What features and changes are brewing at Microsoft and what it means for you when they become a part of your enterprise Windows 10 channel
- Outside Insights - Key understandings from customers, channel partners, or industry experts
- Migration Magic - Latest tips for improving the move to Windows 10
- Best Practices - A tip or two to help you improve your processes for managing Windows as a service
- Just Ask Rex - throw your questions at one of our leading experts on Windows 10! Let's see how he handles them
Adam: Welcome, everyone, to this Windows 10 insights for the Enterprise webinar series. October 24th, 2018. I think that's the date..?
Man: I think that's the date.
Adam: Okay. Very good. Let's go to the...yeah. Ryan's driving. So, anyway, we've got the agenda here. We want to do intros and goals. We always kind of go over that, because this is a webinar series. So if anybody's new to this webinar series, they can understand what we're trying to do here. We often like to get an outside viewpoint, and today we have RennerBrown, who's a channel partner of ours, and we've recorded a short interview with them. So we'll be going over that.
We also have...because this webinar follows Microsoft Ignite, we're gonna talk to our panel of distinguished guests here, and talk to them about what they learned at Microsoft Ignite. Then we often do what's called the Conversation Cafe, where we just kind of talk about some things that are in the news, or things that are going on. Finally, we like to go down to the Windows 10 features and find out what those features do, or their impact on the Enterprise. Then at the end we like Q&A, and that reminds me that during this period of time, any time during the thing, you can ask questions. We may not get to it until the end, but we'll be kind of watching it and seeing if we can weave it into the webinar.
Very good. So let's look at our distinguished panel of guests. We have kind of some regulars here, really. So we have Rex McMillan, and he's the manager of product management for UEM, and really kind of working on a lot of the Cloud stuff.
I'm Adam Smith. I'm senior product marketing manager over at the UEM products, and then we also have Ryan Whorlton [SP], who's a senior product manager over at UEM. So you can see where we're coming from. Windows 10 falls right within our wheelhouse.
So let's go over the goals. We've kind of shortened these a little to make them a little more brief, but the first is to create conversation about Windows 10, and to make them short segments. So nothing really lasting too long and getting bogged down. We also have a section about migrate and manage. This is about helping our people and participants understand how to migrate and manage to Windows 10. Then we'd also like to do multiple perspectives. So in case it's not just us in product management, we also bring in, like, for instance, RennerBrown this time.
Finally, we want you to get the most out of Windows 10. If there were a fifth one, it would be to just have fun. So we're gonna have some fun. So insights from our partner, RennerBrown. Again, we recorded this a few weeks ago and presented it as part of a webinar, but there was a section section we wanted to take out. So this is only a subsection of that. So with that, let me go ahead and start.
I've got Mike Meltz and Kevin Burs [SP], and they're going to take us through a little bit of information about how to get going with Windows 10. What are some of the things that you need to look at when you're planning for Windows 10, and how to execute that. So I'm gonna turn a little time over to them to introduce themselves.
Mike: Thanks a lot. We are happy to be here today. Again, my name is Mike Meltz. I'm the director of professional services for RennerBrown. I've spent a lot of time using Windows 10 along the way as a customer and as a consultant. We're really excited to be here today to talk about some of the challenges that we see working with our other customers, and we hope the discussion today will really help you in your journey to Windows 10.
Kevin: Absolutely. So, yep. I'm a senior solutions architect. I've been with RennerBrown for about six years now, and I spent a lot of time with our customers. We have a very varied customer base, so we get to see a lot of different scenarios and a lot of different challenges and stuff that are gonna take some creative solutions. Mainly what my role is helping customers align their needs with the solutions and processes that we can provide. I tend to be hands on, very hands on, with our larger customers.
Adam: Can you give some examples of challenges that people have faced in migrating to or maintaining Windows 10? What you see...because you're helping multiple customers out there. What challenges can they expect to face?
Kevin: So the biggest challenge that we find is people being a little bit unprepared for it. You know, like I said, it's starting to become rare - or, not rare - but it's starting to become less likely that you're gonna find new, good hardware that supports Windows 10 if you're out shopping for new laptops and that stuff, and organizations where, you know, they're saying, "Oh, we'll get this in 2019," and now all of a sudden they can't order new laptops for new hires.
Or that there is a three month wait for it. What ends up happening is these things start finding their way out to the wild in an unprepared fashion, and they have to be revisited. They have to be roped back in. As they start working on their Windows 10 processes, they realize that it just doesn't even work with what they've already put out there, and they need to revisit then.
The other item that we're seeing a lot of challenges with is on the software side. So if you're doing a rebuild, for instance, making sure you've got everything packaged, making sure that you've got a way of [inaudible 00:05:57] and transferring those applications from machine A to machine B...is something that a lot of organizations are a little bit unprepared for, you know? We have an application that hasn't been packaged. You know, it's not used a lot in our environment, so we never felt the need to package it. But it turns out they've got 30 or 40 machines actually running that, because just over the years, that's what's been installed. That's a big follow-up [inaudible 00:06:20] if you're gonna do a wipe and replace on those machines.
Even if you're not gonna do a wipe and replace on those machines, you need to prepare it in case that thing fails, [inaudible 00:06:29] so it's kind of opening a lot of eyes. You know, people are starting off on this without really thinking it through all the way. The planning is key. Being able to come into it prepared, with a good understanding, which sometimes is challenging. Microsoft likes to change things on us every few months, but a good understanding of the direction you want to take is really what's gonna help you out on this path.
Adam: That's great, that's great. You've gotta have a plan right? If you don't have a plan, you get surprised, and then you're working with your hair on fire, and that's never a good thing. So first of all, let me ask you the question, as a company gets started on that journey towards Windows 10, where should they really start?
Kevin: So I'll start off with that one. Getting an understanding of your environment is probably the most important part of process in the beginning here. So you need to have a good understanding of what you have out there in terms of hardware, and what will and won't support Windows 10. You also now need to start having a vision as to what your supply chain looks like for new hardware coming in, because we're finding that more and more equipment is not supporting Windows 7. So you may be forced to [inaudible 00:07:43] 10 a lot earlier than you had originally expected.
On the software side, same thing. You've got to understand what is going to be comparable, what isn't going to be compatible. You may be making decisions about how you're gonna handle Office, for instance. Is this a time where you want to move to 365 or not? Then you also need to understand, if there are [inaudible 00:08:04] in your environment where 10 is just not gonna be a [inaudible 00:08:06] so if you need to consider, for instance, the long term [inaudible 00:08:07] channel.
Licensing is important. That's, you know, migration paths that you have [inaudible 00:08:17] and it may also affect, again, on the software side, what software is gonna be available to you and changes you may need to make there.
Adam: Wonderful. All right. So as you get started, make people think about the technical things that you need to do to get ready for Windows 10, or to tackle when you're moving to Windows 10, but what are some of the nontechnical things that your company should do or be thinking about as they plan their Windows 10 migration?
Kevin: Sure. So a good thing about Microsoft kind of forcing 10 on people the past couple of years means your users are probably a lot more familiar with it than we'd like to give them credit for, and a lot of them are probably wondering why they're not on Windows 10 today. But it doesn't mean everybody is. So you do need to make sure that a soft documentation you have, any business processes you have, are reviewed and aligned with how things work in 10. You can start taking advantage of this when you roll it out by targeting your primary people first with this that have a good understanding of what those processes are to help you find those road gaps.
Adam: Very good. So part of that nontechnical thing will probably be some of the communications for your communications plans that you have to talk to your end users, and maybe some of the training that's involved. Ca you describe some of that? You guys..?
Kevin: Sure. So a migration is gonna be a little bit disruptive to people. So you sort of have to sell it to them, to some degree. You know, even if there's a best plan and the smoothest migration...does mean that things change for your users. They have a job that they want to do, and anything that kind of rocks the boat a little bit with that could, you know, be viewed negatively towards you.
So prepare users well in advance, setting your reasons as to why you're going to move to Windows 10, and also highlighting some of the advantages that you can now take advantage of once you move to Windows 10, are a great way to position and prepare users for them, and maybe get them a little bit excited. The more engaged people are with that, the better and the smoother the early part of that process will go when you'll be getting your piloting and your testing, your early adopters.
Mike: Let me jump in there. We're really understanding that Windows 10 is not just an IT project. It's really a business project, and having your company understand what's going on, a lot of players involved, make sure you have stakeholders...it will really make the project more successful. Sometimes customers will just jump in, the IT team will start testing Windows 10, and the company's really not ready. So having the business engaged and everybody on the same page, I think, will be extremely helpful.
Adam: Yeah. That makes a lot of sense. So let's say we move onto the technical planning session. When you're involved in that, what are some of the things that you need to test, or would come up in some of those planning sessions?
Kevin: Sure. So probably the most important aspect of this migration is your application stacks. Now, this isn't like it was when it was XP and 7, and we had a much greater challenge with compatibility between versions. 7 to 10 does fair a lot better. So you'll find that a lot of your applications that exist today, you know, are perfectly compatible with 10. There are some great tools out there to help you identify that. The Microsoft Upgrade Analytics component is very helpful in that. If you're running something like endpoint manager, and you have a good software library already defined within there, that can help you track down what may be problem points.
But it's also a time to kind of review what you're using and how you're using it. So this may be a time where you're thinking about changing what your standard browser is, right? Maybe you want people using Chrome, or maybe you want to take advantage of Edge, or maybe you have...needs to remain on Legacy AI [SP]. All these are decisions that are gonna impact your build, and they're going to impact any of your planning, your communication and your training. So you do need to review very deeply what you have in your environment, what your applications look like, and then how you're gonna manage those machines.
This is a great time to take advantage of things like group policies, things like environment manager, and start defining standard processes and standard policies across your environment. 10, even at the Enterprise level, requires a good deal of customization for most people out of the box, and even though [inaudible 00:12:45] just through registry hacks and, you know, scripts that someone put together. You want to take advantage of tools meant to do that in a good and coordinated and managed fashion.
Adam: Very good. So these IT teams have a lot of decisions to make, and when they're planning their rollout, can you talk about some of the pros and cons of some of the ways that you can migrate, such as in place versus doing a clean install, or some others that are out there?
Kevin: Sure. So generally we find that most environments, there is a mix of how you're gonna go about deploying this. You may have old hardware that needs to be replaced, so you're gonna have some type of full migration almost always in your environment, i.e. if you choose to do it in places, because you have equipment that simply can't support it. So you've gotta be prepared to approach this from multiple ways,
The in place upgrade has got some great advantages to it. It's less of a concern [inaudible 00:13:44] user data. It's less a concern of potentially one off apps that you have settings for, or that you have saved data for that you may not catch in a migration script. But it's got its downfall too. You're gonna bring along some old baggage from that machine, potentially. You're not gonna get a true standardization in your environment, and it's not going to be able to migrate everything.
You know, we find that it won't even migrate some applications consistently. 90% of the time, one particular app will come over just fine, 10%, it won't. You still need to revisit that machine and retouch that application. So, again, going back to that planning and having a great understanding of your environment is gonna help you choose what's gonna work. That's freedom.
If you're doing a complete rebuild of your environment, so we're doing an actual migration of the data off, capture of applications and redeploying of applications, we've gotta make sure we've got the tools that are gonna help us do that by, again, a great capability end point manager to do that.
Another big advantage that we see that a lot of people like to do that rebuild for is, it's a great time to move the UP [SP] for your bios if you're not already doing that today. A lot of people that are wanting their Windows 7, you know, images in a legacy fashion for years, and they've never really made that jump...not that you can't convert that, you know, on [inaudible 00:15:05] scenario, but it's certainly much easier, much more reliable to do that on a clean build. So having that direction, or having that understanding of what your environment is and what you want it to look like at the end of the project is really gonna help you define which path you take on here.
But as I said, most places, it's a combination of all three.
Adam: Very good. I want to thank Mike Meltz and Kevin Burs from RennerBrown for that interview. If you want to hear the entire interview, it was in a webinar in our IT Leadership Summit that was done at the end of the last month. So, anyway, that's something you can check out on our website.
Let's shift gears and talk about Microsoft Ignite. So you too went to Microsoft Ignite, and probably divided and conquered and went to different things. So I'm curious, what are some of the things that you learned about?
Rex: So Microsoft Ignite was a great show. We had a lot of fun, and it was interesting to see some of the technologies. You know, there was a lot of interest, and they showed a lot of their innovation around AI, around data, Office. So there was so much content, we tried to pick just a couple of things that we could dive into and kind of talk through.
So the first one I thought was really interesting is Microsoft Virtual Desktop. So VDI machines, they've been out there for a long time. There's lots of ways of deploying them. Microsoft came out with the virtual desktop, and there's a few things that are interesting about this.
One, it's on Azure. They have a different billing model. So you just pay for the amount of CPU and usage that you're really suing. So this is a significant difference in how they're delivering it. Two, they manage it for you. You don't have to worry about scalability. You kind of spec out what performance is, what the machine type is, and they take care of all of that dynamic scaling for you. So this is a really big change. Now, the extra little thing...I'm sitting there, they're explaining all this cool stuff about virtual desktop, it's on Azure, it's scalable, it just becomes part of your IT environment, and then the guy says the magic words. "And if you really need to run Windows 7 and you don't want to pay for long term patching for the extended patching for Windows 7, if you buy Windows Virtual Desktop, you can run Windows 7 boxes for the next three years without paying for the extended patch quality.
So you really have to have Windows 7 boxes. You don't want to pay for the extended support. If you go to the Microsoft Windows Virtual Desktop on Azure, they provide all of that for you. So very compelling offering. It was very interesting to watch how Microsoft has gone and taken the best of their Azure platform and VDI. Now the guy, the trainer, he right out said, "We made changes to Windows 10 to run well in this situation." So they tuned the OS, as well as Azure, to be able to provide a good customer experience.
So, architecturally, managed by Microsoft, it's got all the load balancing...you do have to use Azure AD. You can deploy an addendum. You can connect to write your own premise. It can be an extension. So very compelling offer around virtual desktops.
Ryan: One of the things [inaudible 00:18:45] you know, that stuck out to me, and we can't share everything that happened there, but one of the big things that we've seen change is really the patching strategy for Microsoft and how they've really released their updates. You know, they increased this frequency. You know, they've done everything from cumulative updates only...they realized that was just getting gigantic...I think we had updates [crosstalk 00:19:05]
Rex: Lots of pain.
Ryan: Lots of pain.
Rex: 600 meg.
Ryan: 600 meg.
Rex: 800 meg update.
Ryan: I think we even got up over a gig, right?
Ryan: So as you start to see the impact that has on networks and even on devices as they get that big update, to decompress that and get [crosstalk 00:19:18] is big, and then time to get it installed. So it became more and more disruptive to enterprises. Microsoft realized they had to make a change. They kind of came out first with express updates, but if you can kind of see the impact the express updates had on distribution points and infrastructure needs, they said, "Well, that's not quite gonna work."
On the desktop, as you can see, express updates was great. Nice and small and tiny, but they needed something better to handle...really hear what the enterprises need. So they're coming out with one called quality updates, and those will hit for 18 09 [SP]. So that's one benefit we can see, is going 18 09. We're gonna hit on a couple of things that, if you've been watching the news around 18 09, we're gonna talk about a little bit here later, but...
Rex: I think the other thing that was really interesting about this was that, in the past, I didn't' realize it, but inside each of those full updates was multiple patches. Depending on the point you were at, it had logic in it, and it picked what's patched to install. With the new model, this is an entirely new way of them installing updates.
Ryan: That's right. They just had to start from scratch, come out with something better, and hopefully this is gonna be something that we see going forward.
Adam: So technically, under the covers, did they give you any feedback of how they made that patch so small?
Ryan: Not that I found. Did you hear anything?
Rex: Well, the guy made a comment, and I had to go ask him specifically. [crosstalk 00:20:50]
Ryan: Okay, all right. all right.
Rex: I did a little digging.
Ryan: [inaudible 00:20:51]
Rex: So every quality update uninstalls the previous one, and then installs the new one? So I'm always coming from a known state. So it's a lot faster. They can uninstall, reinstall. If you have issues, they can roll you back and you can install the last one from there. So there's a lot more power and flexibility with some of these new...
Ryan: More recovery.
Rex: ...more recovery. Some of those challenges that we've known about. Even though this package is smaller, very powerful.
Ryan: Because Microsoft never blue screened a device with an update, have they?
Man: Only yours, not mine.
Ryan: Mine went green when I went on [inaudible 00:21:31], it's awesome. Okay. So the next thing we're talking about here that we changed, and this really has to be around going from branch update to branch update...you know, if I'm an international company, I recognize this challenge. If we've got a lot of folks that are in North America and they're all running English, you probably haven't run into this as much. Really, the challenge they've had internationally is if I'm on, let's say, a German OS, and I like to speak German, and so I installed the German language pack when I installed my operating system.
Everything's great and wonderful. I go to roll-up to the next latest and greatest operating system on Windows 10, maybe [inaudible 00:22:12] 18 09, or something of that nature. As soon as I'm done applying that branch update, a lot of times my OS language reverts back to English. Then I'm left trying to then reinstall the language pack, and I've got to kind of build out. If I'm IT, I've got to make sure I'm conscious of that and build out this whole manual process to make sure that I account for that.
Microsoft announced during Ignite that they're going to give us a nice and easy way addressing that, both for the speakers that install...so that was the other thing I didn't mention. A lot of times, in the same process, I will lose the features on demand that I can install, such as, like, maybe a double [inaudible 00:22:45] for a developer, or I've got a special font that I want to have installed. Both things can get lost in the translation as I jump from branch to branch. So Microsoft has really come out with a new way that is allowing us to, you know, quickly just...I think it's a new command line switch that says install language packs, or something of that nature.
As long as I've got files in the right place and I'm using a media install, that's gonna come across quite well. So pretty exciting change there. It should be pretty welcome for most of our international companies. Anybody that's doing more than just North American IT support.
All right. Anything there we want to add, Rex?
Rex: No, no. That's a great thing, because you know, there was that point where those guys with the OS, I'm in German and I'm in English, I'm back to German.
Man: That doesn't make people happy.
Man: Not a great user experience. [crosstalk 00:23:39]
Man: Not a great user experience.
Adam: Okay. Let's go to the Conversation Cafe. Now, again, we like to pick things from the news. In this case, the ramifications of Microsoft polling an update. A major update, by the way. So let's just talk about some of the pros and cons, and maybe you guys can argue back and forth why this is a good thing or a bad thing. I thought it was a bad thing as soon as I saw it. I thought, oh man.
Rex: This is great. This is phenomenal. Microsoft is actually using analytics. They're watching the OS. When they have problems, they pulled it. This is something they've never been able to do in a previous delivery model. If they had shipped that on CDs, there would be no way to stop that deployment.
Adam: Now, you're not always a glass half full type of guy?
Ryan: No. He always is. What are you talking about? He's always glass half full. Myself, I kind of had to take a pause and wonder, Microsoft's gotta change from this, right? They've gotta learn. You kind of read the news that there was an early adopter that raised his hand and said, "Hey, [inaudible 00:24:24] down this issue," and that was well before the release, the wide release of 18 09.
I mean, come on. They've gotta make some changes that [inaudible 00:24:51] this stuff earlier. So late last night, I did some digging just to see if there was any more news about it, and any idea how many people were really impacted by this?
Adam: I guess I've not seen those reports, no.
Man: [inaudible 00:25:06] the number [crosstalk 00:25:08]
Man: Less than 1%.
Man: [inaudible 00:25:10] midnight last night, company posted a company.
Man: So 1500. That's it. 1500 users is the number they figure has been impacted with it. Now, that's me quoting somebody...
Man: ...From the computer world.
Man: Let's report what the issue was, though. I mean, [crosstalk 00:25:29 - 00:25:30]
Man: It is significant, serious, that you lost your data.
Man: You lost data from desktop [crosstalk 00:25:35]
Man: That's a pretty big deal.
Rex: That is a huge one, and actually they've now determined that the issue is bigger because zip files are being deleted as well. Okay, so here we are. If you say, "We know they have more than 1500 insiders. We know the number that's out there is very large."
Man: Oh, yeah.
Rex: So I agree. It's huge. It's impactful. They're going to have to dial down their analytics of when they determine an issue is large. 1500 isn't a very big number when I think about the number of people running Insider and Windows Preview. Maybe they should have, you know, on Insider, maybe if they saw that there was 100, they should have had it flagged. So I'm sure they're internally reviewing and saying, "Hey, when do we determine something critical?"
Ryan: Yeah, and I suspect that we will see some change just because of the PR. Maybe it was only, okay, 1500, but from a PR perspective...I'm an IT guy. I hear that people are losing files on this thing. It's kind of giving me a little pause to make sure that I have the right process.
Man: So [crosstalk 00:25:44] the lottery. [crosstalk 00:26:47]
Man: Did somebody finally win?
Man: Yeah. Somebody won last night. One person.
Rex: All right.
But what hasn't been catching as much news is there's a CPU issue, there's a task manager issue, where it doesn't report your CPU issues correctly. If I go in and look at my box, all the time it's telling me I'm at 99% CPU. I go add up the numbers, and it says I'm at 30%. My fan's running, my machine thinks it's under a heavy load and I have, like, three Chrome tabs open.
So I've been going through this, like, why is my machine thinking it's overtaxed? Why are things slow? So there's a CPU issue. There's a task manager issue, as well as losing files. So this is not just a OE issue thing that everybody wants to talk about. This issue, this release, has actually got some challenges. Now, we live in the software development world...
Rex: ...and we're always trying to say, "Hey, you know, I mean..." Ryan, when are you gonna release that next version?
Ryan: We always release perfect code, Rex. What are you talking about?
Rex: Well, it's not that.
Ryan: I'm just kidding.
Rex: It's, you find that thing right at the last minute. You want to make sure that you're never strapped. You know, we always...everybody that does software is trying to make sure they got a buffer in, and you've got a test period, and you've got this period. Microsoft is just putting that very visible today.
So we're gonna have to adjust as IT and as people of deciding what's really bad and what's really not bad. IS this a bad thing? Well, I'm sure they're getting some negative PR. But at the same point in time, I am super proud of them for doing what's right. They've pulled the release, they've been upfront, they've told us what it is. They've even come out and said, "Hey, there's zip files and there's these four things," and they didn't rush to fix it.
I’m sure it's been all hands on deck. I'm sure there's been, you know...as one of my developers says, there's a bunch of guys on the pop tart and coffee diet while they figure out what to fix. But I'm super happy that Microsoft is so transparent, so visible, and allowing the insiders and the public to help...
Rex: ...this testing model is very much a DevOps methodology of, we go out, we get feedback, we learn from it, we go back and we learn and we re-release, and we come around. So.
Man: And lots of good.
Man: Yeah, there's a lot of good to [inaudible 00:29:25]
Rex: ...catch it early, obviously. [inaudible 00:29:30]
Ryan: 1500 is a lot of pain. [crosstalk 00:29:33] I'm not kidding.
Man: Especially if the 1500 included some C-level executives from some [inaudible 00:29:36] companies. I'm sure they could probably be a little upset.
I know those numbers are as being reported by "Computer World", which, I don't know where they got it. But--
Rex: So here we just have a note of the process that they go through to release, right? Battle tested, ready to go, question mark..?
I thought by today we'd have an 18 09 that was released, and I got a new inside preview a day or so ago. So they are going back through, and I don't know what their release criteria really are. But they didn't just fix that one bug and say, "Okay, we're good to go." They've gone back, and are coming back through the insider methodology again.
Ryan: Yeah, and I think it's growing pains. I mean, I think through any major change and process of getting better, you're gonna see some of these failures. It's good, like Rex said, to see the reaction to it. I really do think that even though it's some pain and PR, they're still moving in the right direction, right?
Rex: And if they open this up, it's great.
Adam: Very good. Well, that was a good Conversation Cafe for sure. So let's delve into some of the things we also like to do with Windows 10, and that's the digital transformation. How is it transforming the way you do things in the Enterprise? We're gonna talk about, I think, security, right?
Rex: Yeah. Microsoft made a heck of a statement at Ignite. We didn't share this as part of the Ignite section, but it was such a major change in Microsoft stance on security. They've never before come out with their number one security before, which is, like, eye opening right? I mean--
Rex: Oh, yeah. It was not just a one time statement. It was a many time statement. They came out and said, you know, "Microsoft 3645, we are the most effective phishing and malware detection software out there." We are 100% committed to it. We are putting our reputation on it. We are going to be the best, and I think all of us took that with a...prove me, prove it to me.
Man: We're kind of used to Windows Defender kind of being the, all right, if you have nothing else, use Windows Defender.
Rex: And if you said, "Hey, I'm gonna use exchange malware and phishing detection," like, well can you not afford somebody else?
Rex: So it's a major change. You know, as I went back and looked at it, Microsoft has really come out and said, "They’re gonna have a billion devices running Windows 10. It's gonna be the most secure operating system on the planet," and we saw them lay the chips down that they're there.
Ryan: Yeah, and--
Man: Go ahead.
Man: ...they're gonna commit a billion dollars, wasn't it?
[inaudible 00:32:23 - 00:23:25]
Man: They are committing substantial resources in this.
Man: And that's not purchasing other companies or anything. That is [crosstalk 00:32:32]
Rex: So they came out and said they're the most efficient in malware. OS we just took some stuff right from Ignite, thought this was really interesting to talk about. So when you do phishing and malware detection, and when you're trying to determine, hey, how are you doing it, there's, like, 10 or 12 ways that you can do it. You start to go in and you evaluate the vendors.
So Microsoft came out and said, "Hey, everybody in this room, how many of you have done an evaluation of malware and phishing detection software?" Almost every hand goes up. They're, like, "Okay, so every one of these boxes, red, blue and white, are items that you test. Unfortunately, your testing is flawed. It's flawed." It's just flawed.
Rex: It's wrong.
Rex: So [inaudible 00:33:20] is, like, everybody in the room is just, like, uh..? Like, take [inaudible 00:33:25] they're, like, "Okay, everything in red right here, edge filtering, header MLs, anti-spoof...those type of things all require real email, a real sender. Everything in blue, anti-impersonation, ZAP, safe links...if that doesn't have a real recipient, you really can't test it. Everything in white you can test really well.
So as you're doing evaluations, you're gonna do really good on the things in white. The things in red and blue you're gonna struggle with.
Rex: So this was really nice, because before, people have not been really as open of, like, hey, here's the challenge and limitations of evaluation. So next they said they were honest. This was what I expected. They came out and said, "Hey, Office 365, phishing and malware detection in 2017."
Man: These are the misses, right?
Rex: This is the misses that they've figured out they've missed. As you can see, they missed the most.
Ryan: Yeah, they missed the most in November.
Rex: They came out and said, "Hey, we have taken our Ai solution and we've scanned emails, and we've learned and we have done..." And you can go and study what they've talked about, but we'll look and see, this is how they claim they stack up today. So, by September, you can see that little orange line at the bottom, that flat line.
Ryan: Yeah. They're hovering right around zero misses.
Rex: Now, I'm sure, and my skeptical side says we only know what we know. I agree. When they presented this data, one of the key factors that stood out to me was that, look, we have Office 365. We have better visibility than any other vendor.
Rex: We all kind of have the same AI abilities. I mean...
Man: They just have such a breadth, that their visibility is so large.
Rex: Yeah. Their visibility is so great that they have, dare I say it, an unfair advantage. But--
Man: Yeah, I don't want to call it an unfair advantage, but they are definitely learning from everyone. They confessed. They have taken their stuff, and they scanned all email that goes through Office 365. That's how they know the [inaudible 00:35:50]
So they know which vendors was handling which...
Man: Oh, they're using that visibility to say, “Yeah.”
Rex: And they're learning. They're, like, "Hey, we see that there's so much stuff in this area. Are we missing?" So they're using that analytics and predictions across each of the items. So very bold statement. Microsoft definitely determined, and bound and determined, to take Office 365 exchange up to a new level of anti-malware and phishing. So it's super exciting in the industry. I mean, I love seeing people that can make these type of changes. You know, percentage and those miss rates...it doesn't take a lot to really make a big impact.
Rex: So super exciting to see their level of commitment to really still get back to that primarily goal that they told us.
Rex: We are going to put a billion devices on the planet, and be the most secure OS. We definitely...here is one of the major changes that [crosstalk 00:36:58]
Adam: Absolutely. Well, let's transition to modern management, and one of the things we need to understand a little bit more about is Microsoft Autopilot.
Ryan: Yeah. You know, pretty exciting change from Microsoft coming out with Autopilot. That's another subject from Ignite. You know, I talked a lot about Autopilot and the impact that's gonna have. You know, as I was talking to people around the show, we had our own booth...[inaudible 00:37:25] people would come by, and we'd ask questions about Autopilot. What does it really take? What does it mean? You know, I get that I've got the ability to now send a PC director from the OEM to one of my customers and have it fully managed by my company, but how do I get there? What does that look like?
Rex: ...infrastructure look like, yeah. Autopilot is probably one of the exciting pieces that's the most misunderstood...
Rex: ...what that really looks like. So first off, I've gotta have what's not listed here on the slide. I've gotta have a vendor that supports it. Now, the vender [crosstalk 00:38:01 - 00:38:04] yeah, and I have to pay them to make sure that the device is enrolled in Autopilot if I want to drop ship. So I say, "Yes, I want an Autopilot enabled device. This is who I am, and I wanted it sent to Adam. Adam's gonna get this new box. We're gonna send it to his house. All that works good."
Now let's talk about the Autopilot features. So first off, I have to be in Azure AD. Azure AD is a requirement. I have to have an MDM server.
Man: [inaudible 00:38:37] has to be in tune?
Rex: It does not have to be in tune. It just has to have an MDM server that supports Autopilot. There's a lot of them out there. Almost all of the MDM systems support it.
Rex: Now sometimes we'll hear Autopilot, into an Autopilot...it's really an MDM functionality. So if you support MDM, most likely you're gonna find that Autopilot is a supported feature. So you've gotta have an MDM sever. Your MDM server has to link up to Azure AD. So Azure AD makes it so that when an employee pulls it out, they put in their domain credentials, it hooks to Azure AD. Azure AD says, "Hey, I'm gonna talk to your MDM server." So I have the link. Azure AD and MDM both directions...and now it says, "Hey, I'm gonna get a policy."; What's that policy look like? Now it's gonna install policy. It's going to put all of your policies on that device. It's gonna do MDM enforcement, and it's gonna be able to install co-management type of agents.
So it can install your SCCM agent, your Ivanti agent. Whatever agent you're running for client management to do co-management, that's what you will install with this. So fully loaded from ship to delivery, to getting to a good, solid co-management. Now, if you're running Ivanti software, that's a single system, if you want to piecemeal together. But the big thing here is to know the OEMs came out. They now support it. MDM, it's a basic piece of MDM.
Man: You said piecemeal together. You're talking about other..?
Rex: Yeah. I could run [crosstalk 00:40:24] one MDM and I could run a different client management.
Rex: These don't have to be...
Man: And you could only have one MDM. [crosstalk 00:40;34]
Rex: A device can only be managed by one MDM. Now you can have a couple of MDM systems, and one for each different business unit. That's fine. But your device can only be managed by one. So Autopilot is just a function of Azure AD and MDM.
Man: Yeah. Very cool, very cool.
Man: Windows 10 features. So, again, we'd like to bring a handful of these features to you and talk about the impact that they have. You might have heard that they're coming, but you may not have weighed the impact on your business.
Man: So there's three folders that have been really successful. My desktop, my documents and my pictures.
Man: [inaudible 00:41:15] why we're talking about that this time, right?
Man: I don't know. [inaudible 00:41:20] documents.
Man: ...and they disappear with 18 09. They may have.
Man: They may have with some people. But you know, like, at home, my wife believes that documents have to be saved in my documents. I tried really hard a few years ago to convince her to save them under some place else, and it just didn't work.
Man: It's like telling her not to follow the rules.
Man: I know, yep. She definitely follows the rules. So it just became this thing, and finally one day I sat down and I wrote some code, and I hard link my documents and my pictures, and they copy off to Dropbox and she doesn't even know, and it works great for me. That was years ago. Well, I've always been battling with these folders. They're well known folders. All our users want to use them. OneDrive now has this new extension. You can go in and check the box that says move my important folders. They're still gonna look there. Your users are gonna see northing different, but they're totally synched to one draft.
Man: Yeah, totally on one draft. No longer really only on a machine.
It's a perfect backup strategy, I mean, in a lot of ways.
Man: Actually, they even did a demo of ransomware.
Man: That's true.
Man: They put ransomware. They broke all the rules. A guy pulls the thumb drive out, hands it to a guy and says, "Here, run this on your box," and we watched it encrypt the device. As the C directory is getting encrypted, they're, like "Okay, stop." Pull it out, kills it. Then they of course know exactly which ransomware it is, and they say, "Hang on. Here, let me recover my files." Deletes the fields out, pulls them back out, OneDrive, the machine’s right back. So it is a good backup solution.
The great part is, it's totally integrated, one checkbox, you can go in and turn on [inaudible 00:43:10] folders. Now you have versions.
Man: So your wife was right all the time.
Man: My wife was right all the time. Thanks, Adam.
Man: We won't tell her.
Man: Okay. She already knows, I'm sure.
Man: So another timely conversation. As you can see there, my boxes are running at 82% CPU. You can't really see anything that's using CPU. [inaudible 00:43:40] probably sorted on that column, but I was taking a snip and there was about nothing else running. So what's interesting here is the new columns. First off, there's GPU, what my GUPU is, and I do run out of GPU. I didn't think I did, but my box runs out of GPU. But the one that's really interesting to me is power usage and power usage trend.
So, you know--
Man: Again, another thing that kind of comes in from the mobile world, because we're so concerned about battery life on our mobile devices, we kind of had to see that with Android and IOS, that you gotta tell me what's eating my stupid battery, right?
Man: I was gonna say, I was gonna ask you if you would tell us what your biggest battery life consumer is.
Man: Not gonna happen?
Man: Not gonna happen.
Man: Mine's my screen. But it's interesting. As you start to watch this, I now know which applications are battery hubs, which ones and why they're doing that, and what their trend is. Now as we start to gather this across, it's very powerful for us to make changes in the industry of, hey, if you're gonna run these applications, I need to buy you the extended batteries. So there is a lot of really great things that we're gonna see out of being able to get this level of detail.
Man: Absolutely. Pretty exciting stuff.
Man: Okay. So Adam asked me why I cared about this last night.
Adam: Yeah. I did. I was, like, so what?
Man: So what? I said, "Well, you know what? I log into CNN, and instantly all of those videos start playing."
Man: And your boss thinks you're not working.
Man: Right in the meeting, and they play music? Okay, no. That never happens.
Man: That may or may not have happened to Rex here.
Man: Or during a webinar.
Man: [inaudible 00:45:28] during a webinar.
Man: So it's actually not even that. It's really about bandwidth. So if I am on my LTE, if I am hot-spotting, the last thing I want to do is hit a page and have videos start streaming down and consuming it. That's, you know, really one of the most valuable reasons. So autoplay now has three functions. Block, limit and allow. So you can leave it. By default it's on allow, to be there. But we can see that Microsoft is pushing Edge and adding the functionalities, and even ahead of some of the functionalities we're seeing on other browsers.
So lot of new functionalities on Edge, and some of the configurations around that.
Man: What are you sending?
Man: What are you sending? You know, I kind of like this feature a little bit. It's just Microsoft becoming a little bit more open, maybe, but still trying to gain some trust. It's definitely a trust. Now, part of me was, like, trying to figure out why they put it in the store. So you have to go to the store, and you can download--
Man: It's an app.
Man: It is not part of the base OS. So not al of your end users have this. If you don't know to go dig it up, you will not find it. But it's called Microsoft Diagnostic Data Viewer, and if you go get Microsoft Diagnostic Data Viewer...that's really hard [crosstalk 00:46:52]
Man: It is hard to say.
Man: Now I can open it up, and I can see all of the telemetry data and all of the usage data that my device is sending up to Microsoft.
Man: Which is interesting when you go look at it, because first it kind of, you know, it helps me with my legal team.
Man: It helps me to be able to go meet those types of obligations. It also tells, allows me, as an IT guy, to look at data that's important. Microsoft has done a good job of putting telemetry in the right spots. So if I'm having an issue, this is one of those spots that I can...if I want to be able to troubleshoot [inaudible 00:47:30] my coworkers know how to do, I can pull up Data Viewer and I can go dig in quickly, see kind of telemetry and see what's going on, and I don't have to ask as many questions. Very powerful tool.
Man: That was one of the biggest issues when Windows 10 first came out. They were sending data and people were really worried about what kind of data they were gathering.
Man: So now they're being a little bit more visible [crosstalk 00:47:55]
Man: ...trying to gain more trust.
Man: And recognizing that, as a community, we want them to get the right data. We want them to have the right data to do the right telemetry. We don't want you to lose your files. So we want them to get the right stuff. Now we want to make sure that they don't get PII. We want to make sure we don't get...do anything wrong. So Data Viewer is a great tool.
Man: Now are these features part of 18 09? Are we showing those? Are they..?
Man: These are 18 09 features.
Man: Diagnostic Data Viewer I do believe works on 18 03 as well.
Man: That's correct.
Adam: All right. We're to that spot where we call just as Rex, or a nicer way of saying stump the chump. So we're gonna be looking at the question and answer, and see if anyone's submitting those things. Then we also have...Eric [SP] can jump on if she wants, and see if there's any messages she's been receiving.
We've got one here. Can you show the OneDrive setting to move important folders to OneDrive?
Rex: So if you go to your OneDrive icon, go down to your systray, go down to the little...down by the clock. Open it up. You'll find OneDrive. Click on OneDrive. Click on settings, and when it comes up, there will be a...second tab over. When you get to the second tab, it will say, "Do you want to move one lone [SP] folders?" Select that option. It will walk you through.
You can actually pick, if you want, to just move documents, not move pictures. You can make some options, save that, and you're good to go. Now, it can be controlled also with some [inaudible 00:49:48] or with some MDM policies. So there are also ways to script that. As a user, you can go click through it. That's one way to do it.
Adam: All right. We've got a few others here. Let's see. Which one do you want to take..? Their community landing page that contained the information provided through these webinar and a place to share additional information on webinar Windows 10..?
Absolutely. Well, sure. No, and it's absolutely correct. There's some feedback here of, like, you know, it's not important if you lose your documents. One PC, If it's my virtual test PC, is not a big deal. But if it's my CEO, it could cost me millions, and that's absolutely correct. That's why 1500, the number's not huge, but 1500 of the wrong people could affect our gross domestic profit.
I mean, I'm totally aware of that. That's why, you know, I think it's a good thing. I think Microsoft has done the right things. That does not remove the responsibility from us as IT to make sure that those critical devices have...are well managed, they're backed up, that we have contingency plans. I strongly recommend you be using some tools of personalization management and file director management, and ensure that you have continuity plans that you're not relying on a laptop drive.
Man: Absolutely. That's just gonna be the world we live in in the future. You know, I like the question we had here, thoughts on MDT, Microsoft Deployment Toolkit versus Autopilot. Really, it is gonna be a shift in change. You know, we talked about this in previous webinars that we've done about Microsoft's change to become more mobile, right? They're calling it modern, but really the shift to be more like my mobile device, where I can bake in the OS into, what do they call it, secure image?
Man: Yeah. Secure image. Yeah.
Man: Secure image and, you know, be able to wipe and restore back to a base state. I think Autopilot is part of that methodology of, your customization anymore are not gonna be part of the install. They're gonna be after the install, right?
Man: Right. Yeah.
Man: Be it, you know, Microsoft SCEs and things of that nature.
Man: The big thing I think we're going to see over time is the ability to get an OS from the OEM that has no bloatware.
Man: That is the biggest change. I agree.
Man: And Microsoft giving you the ability to say, "Buy it from the OEM, the OS is there, it has no bloatware, it is a good image, it's on the chip, it's a secure image." Now, you can't buy those devices today. But the conversations are there, they're occurring, and that's what Macbook's already done. I can buy the new Macbook. I can't change that image out. It's there, it's part of the machine, just like my phone is part of the machine. I can flash it, but that's way beyond just an imaging process.
Man: So that's where we see the industry heading. MDT, it's a powerful tool. It's a provisioning tool. It's about booting into an environment, laying image down, this is [crosstalk 00:53:13]
Man: Right. I think it's the old guard versus the new guard. I think that we're still gonna use MDT for a long time. [crosstalk 00:53:18] process, we’re not done, we're not saying that. We're just saying that you're gonna start to slowly start to do a little bit of both, and I think over time, five years, [crosstalk 00:53:28] I don't know [crosstalk 00:53:29 - 00:53:32]
Man: ...this is part of co-management, yeah. This is one more arrow in your quiver. To take a phrase from Adam, it's not the new only, this is how you're gonna do it. You're still gonna do provisioning. You're still gonna do imaging. They're still that way. We don't have Windows devices out that have secure chips on them. The discussions are occurring, and that's where we're at.
Adam: All right. let's see here. Did I miss...I think I missed one here in the chat. The chat. Here we go. Question from Greg. Some have updated their Win 10 from 8.2. How do you do a fresh update with a clean Win 10, or does it not matter?
Ryan: Doing an upgrade from Windows 8, I'm not sure I would be that brave. Rex, what are your thoughts?
Rex: I did it. Okay.
Man: Would you do it again?
Rex: I've been that way since Windows 10. I had an 8.1. I went under the insider [SP], and I was, like, I"ll do this. I'm gonna run like this for a few months, and then I'll gonna image my box. I've never got around to imaging my box. Now, I run on inside previewing, fast stream. So I definitely take my lumps. Now I have the magic box that has never had many issues.
Man: I was gonna say [crosstalk 00:55:03]
Man: Which is super awesome.
Man: You know, we both went on fast [inaudible 00:55:05] I ended up doing blue screens like crazy, and you've been okay. You know, I think--
Man: Is that a hardware thing?
Man: I'm gonna take the other side. Going from 8.2 to Windows 10, I think that's always a, you know, [crosstalk 00:55:18]
Rex: What I do believe is it's a great time to go put proper management around it. It's a great time to go put proper management around it, and I think it's a good time to do some application cleanup. I think there's some really valuable things that you can get by doing a proper change at that point. Now, it might just be too expensive to do. So both ways will work. That's where, you know, like Mike from RennerBrown was saying, let's sit down, let's evaluate what your goals are and make sure we can meet it. Both ways have their pros and cons.
Man: Yeah. Okay. That looks like that's all the questioning we have, Adam.
Adam: Wonderful. Well, this has been a great session. I know that there are some other webinars ahead of us. This is part of the series. We tried to do a bimonthly. We're not quite sure whether we will do it right in December, or maybe just carry it over a little bit into January.
Man: Probably the first of the year.
Adam: Yeah. Probably.
Man: We'll see. You guys might get generous and want me to do this for Christmas.
Adam: Yeah. A gift to the world. So, anyway, here are just some other topics. We'd love to hear from you if you've got other topics as well. So, and please go out and register for the next one as it's posted. So we want to thank you guys again for sitting down and talking Windows 10. I know you guys run fast and furious on it, and I know that you live and breathe it. We hope that this has been helpful for all of you, so we thank you, and have a great day.
Man: Thank you.
Man: Yeah, thank you.