Download Slides - Channel 9

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
Document related concepts

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Games for Windows – Live wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Transcript 
BRK3266
Mirko Colemberg
Principal Consultant - baseVISION
[email protected]
 Configuration Manager consultant also Azure EMS
 MVP Speaker, exam prep sessions for Windows 10, Azure,





mirkocolemberg@
and EMS
Microsoft Certified Trainer since 2010
Active in Devices and Mobility community
From Switzerland
Blog: http://configmgr.ch
Interesting Fact: I Brew Beer 
Alfred Ojukwu
Senior Consultant - Microsoft
[email protected]
 Mobility Consultant with Microsoft Consulting Services






alojukwu@
(MCS)
Certified Trainer – MCT - Mobility
20+ Years in IT Administration
WW Community Lead, Devices and Mobility
Extensive involvement with Internal and External Readiness
Blog: http://thedevicepros.com
Interesting Fact: Grew up in Hawaii
Session Objectives And Takeaways
• Manage Identity (13%)
• Plan desktop and device deployment (13%)
• Plan and implement a Microsoft Intune device management solution
•
•
•
•
•
•
(11%)
Configure networking (11%)
Configure storage (10%)
Manage data access and protection (11%)
Manage remote access (10%)
Manage apps (11%)
Manage updates and recovery (10%)
https://www.youtube.com/watch?v=8Cw9l9
8ci1w
• AD supports two categories of
known devices:
• Company-owned device
Configure device
• Domain joined
mgmt. policies
• Cloud Domain joined *
• Personal device
• Work accounts (Windows 10)
• Workplace joined (Windows 7, 8.1)
• Known devices have an
identity and are:
• represented in AD using device objects.
• issued a unique AD assigned ‘device
identifier’ & device certificate.
• authenticated by AD, when used to
access AD-secured resources.
IT Admin
Evaluate & enforce compliance with
device management policies
Users on their devices
Report device
compliance
MDM
Conditional
access control
Cloud apps
Azure AD
Configure
conditional
access policies
AD Sync
Server AD & ADFS
Conditional
access control
On-prem. apps
Add and Appx Package
Add-AppxProvisionedPackage -Online -FolderPath C:\Appx
Get all appx packages installed for all users:
Get-AppxPackage –AllUsers
Get all appx packages installed for a specific user:
Get-AppxPackage -User domain\username
Get the manifest, including the package ID of an app:
Get-AppxPackageManifest -Package Package1
Sideloading apps, there is
some new stuff in 1607
(sidenote)
Not Joined
User provided devices
are “unknown” and IT
has no control. Partial
access may be
provided to corporate
information.
Browser-session SSO
Seamless 2F Auth
Enterprise app SSO
Desktop SSO
Workplace Joined
Domain Joined
Registered devices are
“known” and device
authentication allows IT
to provide conditional
access to corporate
information
Domain joined
computers are under
the full control of IT
and can be provided
with complete access to
corporate information
tpmvscmgr.exe create /name tpmvsc /pin default /adminkey random /generate
A.
B.
C.
D.
The USMT Process
Note: User must log on and log off to save changes.
Scanstate Syntax
\\migserver\usmt\store
Loadstate Syntax
\\migserver\usmt\store
Private
Windows 10
App
Virtual
machine
Virtual
machine
App
App
Windows 10
App
Virtual
machine
App
Internal
Windows 10
App
Virtual
machine
ICS
Virtual
machine
Virtual
App
machine
App
App
External
Windows 10
- Physical network adapter
- Virtual network adapter
- Virtual switch
App
IP
No IP
Virtual
machine
App
Virtual
machine
IP
IP
App
https://technet.microsoft.com/library/dn985838.aspx
Alfred Ojukwu
•
•
•
•
•
•
Users > Policies > Administrative Templates > Windows Components > Work Folders
[email protected]
1. Client resolves a standard URL:
https://workfolders.contoso.com
1
2
4
3
6
5
2. DNS returns a server address for
discovery (Sync1)
3. Client sends discovery request to
server
4. Server retrieves user property:
MSDS-SyncServerURL (Sync3)
5. Client receives and stores its sync
server URL for use in all future sync
sessions
6. Client syncs with designated server
https://portal.manage.microsoft.com
Windows Phone
iOS
Android
Managing Clients using Intune Policies
Overview
Installation Types
Deployment
Types


Application Deployment is managed via the Microsoft Intune Software Publisher
All applications that are deployed must be packaged and uploaded to Microsoft Intune
Software Installer
External Link
Managed iOS App from App Store
Use for:
 Installation via the Company Portal
 Installation on mobile devices that
bypass the app store (sideloading)
 Applications deployed to devices
that run the Intune computer
client
Use for:
 URL’s that let users
download applications
from an online store
 Link to a web based
application that runs from
the web browser
Use to:
 Manage and deploy iOS applications
that are free of charge from the iOS app
store.
Apps are deployed to User or Device Groups as required or available:
 Required – Apps are targeted to users or devices
 Available - Available Apps are deployed to the user in the Company Portal App
Windows Phone
Company Portal
Required App
Windows Phone Company
Portal Available App

Side-loaded
app (LOB)
App appears in Apps hub in
Company Portal.

Windows Phone 8.1: App appears
in Apps hub in Company portal
(Windows Phone 8 and Windows
Phone 8.1 apps).
Windows Phone 8: Not
supported.
Windows
Company Portal
Required App
Windows
Company Portal
Available App
Pushed directly to
device.
App appears in Apps
hub in Company
Portal.
Not supported
App appears in Apps
hub in Company
Portal.
Unmanaged
App Store App
(Deep-link)
Not supported
App appears in Apps hub in
Company Portal.
Managed App
Store App
Does not apply to Windows
Phone apps.
Does not exist for Windows Phone
Apps
Doesn’t exist for
Windows apps.
Doesn’t exist for
Windows apps.
App appears in Apps hub in
Company Portal.
Shortcut to Web app
pushed directly to the
device.
App appears in Apps
hub in Company
Portal.

Web App

Windows Phone 8.1: not
supported.
Windows Phone 8: Web
app is launched within
the Company Portal
When an application wants to establish communications
with an application on a remote host, it creates a TCP or
UDP socket
TCP
IPv4
Ethernet
SNMP (161)
DNS (53)
POP3 (110)
SMTP (25)
FTP (21)
HTTPS (443)
HTTP (80)
TCP/IP Protocol Suite
UDP
IPv6
More Commands
Ping
Ipconfig /all
Tracert
Netstat
Netsh
Nslookup
Using Windows PowerShell to Manage Network Settings
PowerShell cmdlet
Command-line equivalent
Test-Connection
ping
Get-NetIPConfiguration
ipconfig
Get-NetRoute
Route print
New_SmbMapping
Net use
Get-NetTCPConnection
Netstat
New-NetFirewallRule
Netsh advfirewall
Get-NetIPAddress
Get-NetIPv4Protocol
What You Can Do:
• Connect to a wireless network
• Manage preferred wireless network
• Connect to suggested open Hotspot
• Share network settings with contacts
• Connect to paid service for Wifi
Steps to Managing a Preferred network
1. Open the Settings App.
2. Click Network & Internet, and then click Wi-Fi.
3. On the Wi-Fi page, click Manage Wi-Fi Settings.
4. At the bottom of the page, beneath Manage
Known Networks, click the network you
want to manage.
5. Click Share or Forget The Network
Key Points to Remember:
•
•
•
•
Inbound\Outbound Rules
Connection Security Rules
Monitoring Rules
Connection Security rules
are only rules.
Exam Tips
• Different Types of Wi-Fi
authentication.
advfirewall
firewall
allow
configure
enable
netshadvfirewall
__________firewall add rule name="My Application"
dir=in action=_____
______
allow program="C:\MyApp\MyApp.exe" enable
=yes
•
•
•
•
•
•
•
•
DFR-Namespaces (DFS-N)
DFR-Replication (DFS-R)
Remote Differential Compression
Link
Target
Link Referral
Root Referral
Referral Caches
Significantly overhauled with Windows Server 2012
A.
B.
C.
D.
E.
VPN Protocols
• Point to Point (PTP)
• Layer 2 Tunneling Protocol (L2TP)
• Secure Socket Tunneling Protocol (SSTP)
• Internet Key Exchange (IKEv2)
Common Authentication Protocols
• EAP-MS-CHAPv2
• PAP
• CHAP
• MS-CHAP v2
Note: Know how to create a VPN Connection
Available Power Settings
Require a password on wakeup.
Choose what the power button does.
Choose what closing the lid does.
Create a power plan.
Change when the computer sleeps.
Review Power States
Standby
Hibernate
Hybrid Sleep
Fast Startup
• Scriptable command-line utility:
• DiskPart /s script to run a DiskPart script
• Run commands from the DiskPart command prompt:
• list disk displays the disks on a system
• select disk disknumber is used to select the disk to manage
• convert gpt converts the selected disk to GPT format
Cmdlets:
•
Get-Disk selects a disk
•
Initialize-Disk prepares a disk for use
•
Set-Disk sets disk parameters, such as partition style
A.
B.
C.
D.
E.
Session-based
computing
Virtual Desktop
Infrastructure
RDS
on IaaS
Azure
RemoteApp
User
Session-based desktops
and RemoteApp
Access to pooled or personal
Virtual Desktops running
Windows Client OS
Remote Desktop Session
Host deployed on cloud
infrastructure services
Windows Server sessionbased applications delivered
from the Azure Cloud
Cost-effective, easy to
manage
High performance, app
compatibility
Customizable with minimum
capital expenditure
Turnkey solution, scale
without large CAPEX
On-premises
In cloud
https://www.remoteapp.windowsazure.com/en/clients.aspx
• Publish Cloud Apps to Users
• Use group policy to control
access to signed packages.
• Supports iOS and Android
• Configure Remote Desktop Web
Access for Azure Distribution
Set up your backup
Select the Start button, then select Settings > Update &
security > Backup > Add a drive and choose an external
drive or network location for your backups.
Server Share
Desktop
Server Share
Identify settings
Settings Location Templates
• Windows Settings
• Desktop Applications
Windows Store App List
• Windows Store Apps
•
Template Catalog Location •
Capture settings
Settings Templates
•
•
•
Windows Settings
• Registry
• Local Files
Desktop Applications
• Registry
• Local Files
Windows S Apps
• App setting folder
Apply settings
•
•
•
Windows Settings
Desktop Applications
Windows Store Apps
Settings Storage Location
UE-V
Settings Packages
Synchronizes settings
•
Settings synchronized
on event triggers
Settings Packages
Settings location templates
UE-V
client
UE-V agent
Registry
Local files
Settings packages
Settings storage location
Scenario 1: Standard deployment – default templates and AD home
AgentSetup.exe /quiet
Scenario 2: Settings storage location – mandatory if AD home
directory isn’t set
AgentSetup.exe /quiet
SettingsStoragePath="\\Server\SettingsShare\%username%"
Scenario 3: VDI deployment
AgentSetup.exe /quiet SyncMethod="None"
Scenario 4: Per user enablement
AgentSetup.exe /quiet EnableSync="False“
Scenario 5: Defer Reboot
AgentSetup.exe /quiet /NoRestart
A.
B.
C.
D.
•
•
•
•
•
Introduced in Windows 8
Builds History of changes
Control frequency of backups
Great solution for remote users.
A better backup and restore
solution.
Set up your backup
Select the Start button, then select Settings > Update &
security > Backup > Add a drive and choose an external
drive or network location for your backups.
•
•
Update Settings and Windows Update Policies
• Current Branch
• New features available immediately after being published
• Minimum length of servicing lifetime is 4 months
• Supported on Windows 10 Home, Pro, Education, and Enterprise
SKUs
Current Branch for Business
New feature upgrades available approximately 4 months after
being published
Minimum length of servicing lifetime is 8 months
Supported on Windows 10 Pro, Education, and Enterprise SKU’s
Long-term Servicing Branch
New feature upgrades available immediately after being
published
Minimum length of servicing lifetime is 10 years
Supported on Windows Enterprise LTSB SKU only





Current Branch (CB)
Current Branch for Business (CBB)
Long-Term Servicing Branch (LTSB)
New feature upgrades for installation
available
Immediately
Deferred by ~ 4 months
Not applicable
Features included
Windows 10 Home, Windows 10 Pro, Windows 10
Education, Windows 10 Enterprise
Windows 10 Pro, Windows 10 Education, Windows
10 Enterprise
Optional month deferral
~ 4 months
~ 8 months
Ongoing installation of new feature upgrades
●
required to receive servicing updates
●
Supports Windows Server Update Services
for release deployment
●
(excludes Home edition)
●
Supports
Configuration Manager/configuration management
Configuration Manager/configuration
systems for release deployment
management systems for release deployment
(excludes Home)
Browser
Microsoft Edge, Internet Explorer 11 included
Microsoft Edge, Internet Explorer 11 included
System apps
No Notable Windows system apps removed
No Notable Windows system apps removed
Universal apps
No notable Windows universal apps removed
No notable Windows universal apps removed
Windows 10 Enterprise LTSB
10 years
●
Configuration Manager/configuration
management systems for release deployment
Internet Explorer 11 included
System apps removed: Microsoft Edge,
Windows Store Client, Cortana (limited search
available)
Universal apps removed: Outlook Mail/Calendar,
OneNote, Weather, News, Sports, Money, Photos,
Camera, Music, Clock
A.
B.
C.
D.
GPO1
Local Computer Policy
GPO2
Site
GPO3
Domain
GPO4
OU
GPO5
OU
OU
Free suite of tools that includes:
Application Compatibility Toolkit (ACT)
• Deployment Image Servicing and Management
(DISM)
• Flashing tools
• User State Migration Tool (USMT)
• Volume Activation Management Tool (VAMT)
• Windows Assessment Toolkit
• Windows Imaging and Configuration Designer
(Windows ICD)
• Windows Preinstallation Environment (PE)
• Windows performance tools
• Windows System Image Manager (SIM)
•
New Windows 10 security features include:
• Device Guard, which blocks execution of
unauthorized applications
• Credential Guard, which stores credentials, such as
NTLM hashes and Kerberos tickets
Both technologies require
• UEFI 2.3.1
• Windows 10 Enterprise Edition
• Virtualization processor extensions and SLAT
In Review: Session Objectives And Takeaways
https://www.microsoftpressstore.com/store/exam-ref-70-697-configuring-windows-devices-9781509303014
http://myignite.microsoft.com
https://aka.ms/ignite.mobileapp
Related documents
PDF
PDF
SOFTWARE
SOFTWARE
ppt
ppt
apsalar adds spend tracking to its mobile marketing analytics platform
apsalar adds spend tracking to its mobile marketing analytics platform
Intelligent Data Driven Applications that Learn and Adapt
Intelligent Data Driven Applications that Learn and Adapt
Forensic Development
Forensic Development
Dissecting the mechanisms of mTOR activation. Supervisor: Dr. Zita
Dissecting the mechanisms of mTOR activation. Supervisor: Dr. Zita
Group Activity 2
Group Activity 2
Presentation
Presentation
Best Practices in Health Care Marketing Analytics
Best Practices in Health Care Marketing Analytics
Evaluating Mobile Medical Applications
Evaluating Mobile Medical Applications