New Windows 10 and Office 365 management and user experiences (2019)

New Windows 10 and Office 365 management and user experiences (2019)


– Coming up I’m joined by Brad Anderson to look at the latest updates to support secure productivity experiences across devices with Microsoft 365. We’re gonna look at new options to get managed Windows sessions and apps across devices using
Windows Virtual Desktop, streamline management experiences for Microsoft 365 admins, and what you can do to
set baseline protections and device configurations in Intune. (techno music) I’m joined once again by Brad Anderson, CVP at Microsoft, welcome back. – It’s great to be here. I love Mechanics. – Thank you. So always device
experience and management, it’s a space that continues to evolve and there are really
more options than ever to work from anywhere. What are we doing to
make it easier to support and secure the best productivity
experience on any device? – It all starts with Microsoft 365 and that means it’s really
all about Windows 10, Office 365 ProPlus, and
then your management and security coming from the cloud. And to be really specific on that I mean ConfigMgr current branch or Intune is doing your management. Now one of the characteristics
about a modern device is it has this great user experience that also meets the needs from a security compliance
perspective from an IT. Now one of the places I’ve
spent a lot of my time over the last several
months is looking into why we have these incredibly
long boot time stories that we here from users
in commercial devices– – Yeah, I see that all the
time for a lot of people that they’ve got multiple
minute boot times. – You know, the number of times I’ve heard a customer or an IT leader say, man, it takes me four or five
minutes for my PC to boot, and it’s like well, why? Why is that happening and
how can we help IT understand what they can do to make
it a better experience? Because the reality is users are accustomed to immediate on. My phone, I’m on, I’m working, I want the same thing on my PC. And so as I looked into this, first and foremost, if you’ve
just got poor hardware, that’s gonna cause a long boot time. You know speed meaning
you don’t have enough RAM. But if you’ve got good hardware, what we have found is the
next cause of slow boot times, slow resume, and then why
your battery drains so quick is all the ages that
get jammed onto a device and those are predominantly
management and security. And so with Microsoft 365, we have built this incredible solution that we think fulfills your needs from a security, management,
and compliance perspective. You can go with what we
call Microsoft 365 native, using all of our management security. Secure the device, it
meets the requirements from a compliance and
security perspective, but delivers that amazing
end-user experience. So let me just give you a
view of what it looks like. This right here is my actual personal PC. This is AAD joined, Intune enrolled. And again, it meets
Microsoft security policies, which as you can imagine,
our security policies and requirements are high. After all, we have an awful lot of the world’s data in our cloud. – [Jeremy] Totally, totally. – Alright, so I’m gonna go ahead and I’m gonna power this on. And what I want you to see here is I’m gonna build a cold boot
to productive in 20 seconds. So you see here, it’s coming up, Windows hello comes online
and authenticates me. And right now, I could
literally be bringing up Outlook Word, be productive. That’s the experience we’re talking about when we say modern Windows
or a modern device. And this is what all of our users, all of your users should expect
and what they should get. – Totally, so it’s
really an awesome example really that brings to life the advantages of getting modern with secure
and intelligent management for both end users and IT. – That’s right. And for a user that needs access
to the most advanced tools so they can do their very best work in the least amount of time
across all of their devices. Now, we’ve leveraging AI as a part of the productivity experience
so you can focus on the content and less on the formatting and you get these insights in your data, or finding all the relative materials to make your next doc or
presentation stand out. We’re also using the cloud to get you back to what you were working on or on the files that
we were shared with you across your device is wherever you are. It’s all about making sure the user is immediately productive. For IT, this is all about
providing that best experience and keeping it up to date while protecting your data and your users. And here we use the cloud to
help enable secure identity, as well as access
management with things like multi-factor authentication
and conditional access. We can even apply conditional
management experiences based upon device or apps
accessing specific content. So we’re gonna apply
tighter controls to devices accessing sensitive information or looser controls to those
accessing low-risk data. And we can use the power of the cloud to scan your information
to help you understand what you’re gonna wanna protect, whether that’s at rest or in transit. We can detect anomalous behaviors and even proactively
hunt the bad actors out who may have infiltrated your environment. – That’s right. So let’s switch gears though
to Windows Virtual Desktop because we’re bringing
all these really powerful experiences on mobile
devices that are native, also on personal devices
and across the browser, but where does WVD then fit in here? – Well first of all, we
are really excited about Windows Virtual Desktop and
the interest in the preview has just been off the charts. So Windows Virtual Desktop is
the modern Windows experience running in the Microsoft cloud. And there are so many reasons to use remote desktops and applications. And what we’re doing here is we are really breaking down many of the barriers, both in terms of the
experience and the management just to make it easier. Whether you wanna ensure
separation of data from the device, whether
you need high bandwidth, low latency connections to data sources, ensure that compute
resources are powerful enough in scenarios like engineering,
software development, or media production just to name a few, we have literally been making changes inside of the Microsoft
365 product to ensure that that combination of Windows 10, Office 365 running with
Windows Virtual Desktop and management secured
by ConfigMgr and Intune delivers the absolute
best experience for users. – That makes a lot of sense, let’s see this in action. – Yeah, let’s do it. First, let’s walk through
the end user experience. We can use any device, iOS,
Android, Mac, or Windows, even just a browser. So Jeremy, why don’t you walk through the end user experience and
then I’ll show how you set it up and how you configure it. – Alright, sounds good. So in my case, I’ve actually
got a Windows 10 device here. And you can see when I
get to my start menu, I can actually see the different apps that have been provisioned for me by IT and they’re right there
next to all the apps that they’ve provisioned to
me from Configuration Manager, I’m just gonna open Excel for example. And the only thing that’s
really different here is in the task bar, you can see a glyph that says it’s from
Windows Virtual Desktop. When I click on a file,
it’s nice and responsive. I can even do things like snap the app to one side of the screen,
alongside a native app so it even feels native from
an end user perspective. So a really seamless experience there. Another great thing here is
so if I go to another desktop I can go to full desktop view as well. So I’m gonna go ahead and click on the multi-session environment. And here, one of the
great things is if I open the entire Windows desktop,
in this case for Windows 10, I can do something brand new, which is launch and run Outlook. And one of the things I
really love about this is when I fire up Outlook and
I’m using it, immediately, I didn’t have to spend any time
in terms of hydrating my inbox but how did all that work? – You know, the file storage
and management enhancements are part of the work that we’ve done with the FSLogix acquisition. FSLogix allows you to have that
immediate startup experience in OneDrive for business and in Outlook as if it was all on a local drive. So users can jump straight
into Outlook or OneDrive without waiting for anything to have to hydrate in the cache, it’s just immediate. I’ve known the FSLogix founder,
Randy, for almost 30 years. In fact, we sat across
from each other in cubicles when we first started taking phone calls in technical support. What FSLogix does is it really accelerates and improves that end user
experience in a virtual scenario. If you’ve worked with VDI in the past where Outlook and
OneDrive cache takes time to hydrate and get it moved
over, FSLogix solves that. And when the VDI session is provisioned, your cache for Outlook
and OneDrive for business is immediately hydrated. You’re just off and running, it’s amazing. – So we saw the seamless
end user experience but the thing I’m most excited about is actually the IT experience. So what does it take to get this setup? – Now as seamless as
the user experience was, if you’ve ever set up
remote desktop services, you’ll know that the IT experience could use some improvement. So let’s show you how
we’ve made it better. So right here, I’m inside
of the Azure marketplace and we have a resource manager template that you can actually
start to use to configure. Now, these will be used to
spin up a virtual machine in the next step and create your Windows Virtual Desktop tenant. I’ll go ahead and click create here. I’ll select my usage profile and I can say hey, is this low, medium, or a high user kind of configuration. And it’ll automatically
size the VMs for your needs. Now here’s where things
really get exciting. Before, you needed to use a server OS for multi-session environments and the client OS was limited
to one connected user. It’s important to understand
that Windows Virtual Desktop is the only license that allows you to run a full Windows 10 desktop
in a shared public cloud. In the gallery here, I can
choose Windows 10 enterprise with multi-session support. And here I just add a few
tenant authentication fields and now we can start the
build by clicking create. Now check this out, it’s
gonna take seven minutes and 39 seconds to fully build out this VDI environment that we just created. If you’ve ever built out a VDI or remote desktop services
solution in your own data center, you know that this could have taken weeks. Now you have the power of the cloud, unlimited capacity, a simple solution. You can now provision this
literally in a couple of minutes. – And it’s really awesome
to see all the progress that the team’s made even since we announced it a few months back. And one of the other interesting benefits you get with Windows Virtual Desktop is that you can run Windows 7 desktops in the cloud for up to three years without having to pay for
extended security updates past the January 14, 2020 date. Now this is also gonna be really helpful if you’ve got maybe applications with compatibility issues with Windows 10. And speaking of that, I
know that we’re doing a lot to automate that application
validation and testing. What are we doing now in terms of people that are moving to newer
versions of Office and Windows? – Back at Ignite, we
announced a new service that we call the Desktop App Assure. This has been one of the
most incredible things I think I’ve worked on in my career ’cause what this is is, we’re saying, we have such high confidence
in the rate of compatibility of Windows 10 that we’re
gonna give you a phone number and if you have any application that you think has got
a compatibility issue, you actually call my engineering team. We will look at the app,
if it’s a Windows issue, we’re gonna fix Windows. If it’s an issue with your app,
we’ll help you fix your app. But this has enabled us to
basically put a net below IT that says hey, you can upgrade to Windows 10 with confidence, with the security that Microsoft
is standing and backing you and if there are any compatibility issues, we’re gonna fix them. – One of the great things is actually the data we’ve collected since we’ve started running the program. So really a lot of things
are very compatible and we’ve got a lot of data to prove that. – And you know what, the numbers surprised all of us to be honest. What we have seen is with
all of the applications that have been brought to us to look at, we are seeing that Windows 10 has a greater than
99.9% compatibility rate with applications coming
out from Windows 7. That’s unbelievable. So what this means is 1/10 of 1% of apps that we have looked at, 1/10 of 1% actually have
a compatibility issue with Windows 10. That is nothing short of remarkable. – It is totally amazing. Right, so beyond device management and deployment side of things, what are we doing then to deploy the admin experiences and
tooling for Microsoft 365? – So what we’ve focused
on is there used to be 23 different entry points
and we’ve consolidated those into one entry point
now for Microsoft 365, for all of types of administrators. We’ve set a specialist
workspace that allow you to dive deep into those granular settings if you’re one of those specialists. So Jeremy, I know you have
all of this up and running, why don’t you give us a view. – Great, so this is something
that’s coming out of preview. We’ve had this in preview
for a few months now but one of the great
things that I can do here, this is really the heart
of the admin experience from admin.microsoft.com and it’s really your starting point, whatever your role is. Now here I can see that I’ve
got some pinned information here on my dashboard, all
the relevant tasks to me on the left hand navigation. I can click down into
any of the granular tasks that I might wanna do in
terms of managing users or devices for example. And it’s really optimized for
all the tasks that I do most because it’s been personalized. Now, here I can also see if I want to and I wanna go into
special spaces like Teams or SharePoint or Exchange or
Azure AD, they’re all there. But I wanna really show your
attention to front and center, Protecting sensitive info. These are recommendations
that are made for me, tailored specific to my environment. So when I go here and
view the recommendation and I can see it’s found
actually debit and credit cards, passport numbers, things
that I should be protecting. It actually let’s me create a policy that will actually flag me of
these and protect any files that contain the sensitive information. Now back in this view, I can
see that my users are protected and I can also stay up-to-date
with Office 365 software and see what the licensing state is here and all the mobile app policies
that I have out in place. Now one thing I wanna show
you that’s really cool is in terms of user management. If I go and expand the
users navigation item here and go into active users,
one of the great things here is we’ve actually taken all
the different user controls that were spread everywhere
and now if I click into Abbi, I see that I can do basic account stuff. I can obviously change her
password if I need to do that, also change any of the
information around Abbi but then even see things
like all the licensing states for the applications. Everything’s here. If I wanna change from Office
365 E5 to something else, I can do that right
here just in one click. And even mail settings, like even down into
the specific workloads, all of that’s in one view. So if Abbi calls me, I’ve really got just
kind of a one stop shop to do all of that. For everybody watching,
the brand new admin center starts rolling out today. Now two things, if you already
have the preview running, you don’t have to do anything. Now this is gonna be
the default experience and if you wanna get the experience sooner before maybe it takes
place in your tenant, you can actually login
to Admin.microsoft.com, turn on the preview, and you’ll have this experience right now. – Now talking about
bringing it all together and doing some of the things, let’s talk a little
about some of the things we’ve done in security. Security’s a big focus in what
we’re doing on Microsoft 365 and I’m really excited
about one of the things that we’re just releasing right now. I wanna talk to you a little
bit about security baselines. Historically, we’ve worked with
governments around the globe and this work helps us to define what a trusted, secure device is. A Windows device with
Office running in it. And you know, many, many of the
governments around the globe take this set of policies and that’s what they’ve implemented. – And these are pretty powerful. These are hundreds of settings literally that you can do through Intune and the great thing is the
devices don’t always have to be domain joined kind of in the
past like we might have had with group policy in Active Directory. – Yeah so this is really I
think one of these things that organizations are gonna love because rather than have to
figure out what a secure PC is, you can just leverage the work that Microsoft has done with governments. So let me just kind of show you
the security baselines here. So first, what you’re looking
at here is the entry point into the security baselines. And the first thing I’m gonna do is just kinda click into this. And the first thing that you’ll see here is I have to give it a name. So I give it a name, I give
it a little information, and then I go ahead and I can take a look at all of the different settings. So here’s just a few of them. I can do things like I
can set the lock screen, block video stream capturing
and auto-play of video. You can see all the BitLocker
and browser controls. And there’s more controls
around conductivity, data protection,
virtualization-based security, protect your credentials
with device guard. I’ll stop right there
but I could keep going because there are literally
hundreds of pre-built settings to get you started and the nice thing is because they’re all cloud enforced, devices don’t have to be
domain joined, as you said, you can just get these policies applied to all of your devices immediately. So we’re constantly doing
these kind of things inside of Microsoft 365
and helping you understand how you can increase your controls, deliver power and
intelligence from the cloud, to just make it simple
for you to modernize the way in which you
protect your end points. – These are really big
updates and it really shows how we’re making it easier to connect to manage experiences, stay up-to-date, and really save time managing
Microsoft 365 services. If I’m watching this from home, where do I get started? – Well the first thing, I would go sign up for the Windows Virtual Desktop. Also, if you’re a Microsoft 365
or Office 365 administrator, go enable the new look and feel and start using that integrated console. And if you’re still on Windows 7 and an older version of Office, go check out the Modern
Desktop Deployment Center and follow that deployment wheel but get upgraded. – Right and you can find
that at aka.ms/HowtoShift. Really great recommendations, thanks for joining us today, Brad. And of course, keep
watching Microsoft Mechanics for the latest updates and
don’t forget to hit subscribe and follow us on Twitter. Thanks for watching and
we’ll see you next time. (techno music)