Introduction
Yesterday I was stuck in my hotel room with a terrible cold (flu) but I motivated myself to get out of bed and attend some sessions today, as that is what Microsoft Ignite is all about.
I just attended the following session at Ignite: “BRK3018 – Deploying Windows 10 in the enterprise using traditional and modern techniques”, and wanted to share my rough notes.
The session was led by these 2 clever guys from Microsoft.
Pre-Windows 10 servicing problems
Here John discussed the current challenges customers have with servicing Windows 7 or Windows 8, operating systems that are pre-Windows 10. Those operating systems have Individual servicing problems, expensive custom deployment and auditing. Which can result in:
Reduced quality, users not running what Microsoft have tested, no consistency in ecosystem.
Windows as a Service (WAAS)
Windows as a service, is composed of two main types of updates, quality updates (such as security updates, cumulative updates) and feature updates (whch are full blown new Windows releases that come out twice a year).
Windows 10 gets better with each release, things like WIP, AppLocker and so on
With enhanced security, more tools for IT and end user productivity features. Change management is key.
Modern Desktop Servicing Framework, this Servicing framework is the same across Office and Windows.
In-place upgrade (IPU) is the recommended method (recommended over wipe and load) of upgrading to Windows 10 (either from Windows 7, Windows 8 or Windows 10 previous versions), updating documentation with common tasks.
See the Microsoft docs about IPU here.
WDS-less PXE
- Available in SCCM 1806.
- Network booting no longer requires Windows Deployment Services (WDS)
- Windows Client SKU can now host the PXE enabled DP role
- Removes the need for unnecessary branch infrastructure.
Roadmap
Windows 10 1809 support (and that’s still not released yet on Microsoft VLSC as of 2018/9/26).
Full Cloud Management gateway support for OSD scenarios
- download on demand
- boot media
Continued Security Improvements
- Network Access Account reduction
Simplification
- Image Management
- Driver Management
- Management insights rules
A look at some new features, a lot of these features were the result of user voice items.
Offline servicing drive letter check,
This allows you to force offline servicing to take place on a specific drive, this is useful as previously it would use your temp folder based on your login profile.
The Phased deployment model
The phased deployment model can be used as a red button/green button rollout with automatic or manual control of when deployments (osd/software updates) can roll out to say pilot collections of devices, and later, to production, you gauge the percentage of what you consider a successful deployment prior to rolling it out to phase 2.
Boundary groups and content
Inherent fallback to default boundary group, can be overridden. Doesn’t fallback for say, vpn clients, can specify cloud distribution points’s as associated
Multiple peer 2 peer options
Added support for Windows LedBat, you can enable it on the Distribution point properties
Improvements to the Quality update download size, starting with baselines based on Windows 10 version 1809, no change needed in Configmgr.
Feature update delivery, large download size to the pc.
With the Unified Update Platform, get’s to the latest update in one step, in other words, you update the feature update, and instead of then updating to another new quality update, that you are patched and ready to go in one step, Microsoft will be announcing a public preview for that coming soon with Configmr and WSUS.
Windows Autopilot
Announced at Microsoft Ignite last year (2017), helps customers moving to modern management.
Windows AutoPilot Scenarios.
Hyrbid azure ad join, starting in 1809, can be hybrid azure ad joined (enrolled into Intune and device joined to on premise AD).
Also announced Windows Autopilot for existing devices…
Use Intune to create dynamic groups for those autopilot devices.
Can pre-assign users to devices, in the Intune console you find the device (in Windows Enrollment, Windows AutoPilot devices), click assign user,
When they go through autopilot they wont be prompted for the email address, instead they’ll get a custom welcome and a more personalized login.
Windows Autopilot and ConfigMgr
Autopilot task sequence, supported starting with windows 10 1809
Create a package with the JSON file which was created using the Powershell cmdlets
Then create the autopilot task sequence, add the package, provisioning the device using the task sequence
that’s it from me, until next time, adios.