Microsoft Endpoint Manager: Bringing together SCCM and Intune capabilities (Microsoft Ignite)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone and welcome to Microsoft Mechanics live coming up we're joined by CBP brat Anderson to get the latest on device management with the new Microsoft endpoint manager which brings together System Center Configuration Manager and Intune and one unified web-based experience plus the evolution of our compatibility tools and services to ensure that your apps and devices add-ins and sites are always ready and also new security baselines and threatened vulnerability management to help bring IT teams and security teams together and much more to do that please join me in welcoming Brad Anderson ok it's great to be here appreciate it where you come in and get on five o'clock standing around here I love mechanics I love what you guys have built thank you thank you we always love the systems management and all the different things that you know you're both starters this space you know what I mean yeah yeah so all right so we've recently announced really big updates I think you know I've been around since day one of System Center Configuration Manager really to further a unify the endpoint management solutions story that we've got in terms of bringing together Microsoft 365 all the admin related improvements everything with Microsoft endpoint manager bringing together config manager as well as in tune what's behind that it's really about simplification you know it's the same team that builds config manager and in tune and we've thought about it as a continuum but the reality is you know I continue to get these questions like this config manager dad as everyone is like the future everybody moving to India no that's not at all the way we think about it we started asking ourselves why is there this meme out there you know we could pretty quickly realize you know we had we had issues a branding didn't convey a unified experience we had some licensing issues the product truth didn't didn't reflect what we were trying to do and so I'll tell you what we really were announcing is massive massive simplification and so for example we start here config manager and in tune is now one brand Microsoft endpoint manager that is a brand that conveys listen it's all one it's just one continuum in terms of the licensing change I've already caught this when I said this before but if you own config manager today those lines now also own in tune to use in conjunction with config manager in a cult management scenario on Windows and so like the go do for all of you go attach in tune to config manager tonight in the hotel room because that's how we're gonna bring the cloud power down to it and then the third thing is made we made product truth changes and so we made we're making changes in how we actually bring this all up in one integrated experience all right so Brad you started out and user support I've done a lot of user support yeah it is an IT as well so can you walk us through a unified endpoint manager scenario in the context of helped us kind of the calls that we get every day yeah but walk through it I was like you know reflect on stuff in Jeremy said I don't know everybody knows its but in 1991 when I started in this industry I started on the front lines of technical support taking phone calls I wish everyone who worked for me could go spend six months on the phone you develop a level of empathy and understanding of customers you get no other way and that's been core to who I've been you know and then coming coming on thirty years now all right so here you're seeing looking looking at the new Microsoft endpoint management admin experience you know the first need to draw your attention to up here in the in the upper left before you used to go to what we called eMac you know and that would be where you'd go to manage your devices now Microsoft endpoint manager and what you'll see in the future instead of going to device manager of device management Microsoft comm you'll be going to something like endpoint manager Microsoft comm but this is now when we bring it all together so let's walk you through it so first of all I want to come click here on devices now give us give ourselves a little bit more room here now when I click on all devices litter what you're seeing here now are all of the devices that are being managed by into Anakin fig manager all brought together in one experience now we're not taking all the data from config manager and moving it up into into and this is a connected experience and in this in this admin experience we're bringing data in both from config manager and in tune and letting you see it all together in one place come out here let's click on ways of Isis this happens to be a co manage devices those being managed by both internet config manager as you bring it up here first of all you see here at the bottom you see the workloads that have been swung over to in tune and so from a helpdesk perspective you can see you know what do I need to go check out the policies at but I want to go specifically dive into this this troubleshooting tab here this is one of the first end-to-end scenarios targeting on a specific persona that we built into the new Microsoft endpoint manager console and so the scenario is you know somebody has called in they're looking for some support on one of their two and so from the helpdesk perspective I go and I select the user I'm gonna go in here and type in a user I'm looking for a user named Audrey I can click on Aubrey go and take a look at the devices and so now it's bringing in all the devices that are Audrey's devices you can see the first one here is an Android phone being managed by Intune the second one is though as a Windows 10 device being managed by config manager I'm going to click into that config manager device it's pulling the data out of config manager now up into this web experience and I can see things here you know like you know the device etc etc let me walk you in a device Explorer so as I come into device Explorer it's pulling again the data in from configure and the thing I love the team built here is this thing called the timeline this timeline is showing me all the changes in events that occurred on this particular PC and I can actually go dive into it now you see here if I were to scroll down here you can see the actual incidents and the actions I want to go dive into this and because there's there's some details I want to give you here so this right here is an actual crash that happened on this particular PC this crash was caused by a specific agent one of the things that we've done is we've now wired up the backend database called dr. Watson which is where all of the crash data comes into Microsoft we've now wired that up to your Intune tenant so I can now for the first time actually show you all the crashes that are happening in your tennis you can take action on I can then marry that with what's happening in crashes worldwide and that's what you see in this diagram here the red are the crashes happening in your tenant on this specific issue the blue are the the crafts that are happening globally on every single organization that is using Microsoft endpoint manager and sending back to lemon tree back to dr. Watson so you now have this global view of what you can do now the beauty of this is this is this connected experience it brings together all of Microsoft endpoint manager into one unified integrated experience and what you should expect each month you're gonna see more and more of the config manager capabilities coming up into the this experience where as you deploy config manager 1910 is where you'll start to see all this light up inside of the the console and one thing just to repeat something he said earlier if you own config manager for Windows you can use in tune today as well right yeah this was fascinating we were out doing some research with a customer we asked him why they had it turned on management and the implementer said well I don't know if I own in tune so I've been afraid to turn it on and so all we said is let's get rid of all those kind of barriers if you have config manager you are licensed to use in tune in conjunction now with config manager on that device you get all this cloud power alright it looks great to see all the additional capabilities that we have aggregating all the config manager capabilities into this console but we're also we've changed device management in the admin console for endpoint manager and even though most organizations now are probably on Windows 10 what do you do in terms of helping people stay up to date or if they're not on Windows 10 yet get up to date yeah a year ago we we launched a Orion ounce a product called desktop on analytics this right here is the landing page and the concept behind desktop analytics is let's put to work albany that comes into us and let's see if we can actually solve for you and do the work for you on your application compatibility testing and so you know what we've actually seen now over the last years we've worked with organizations as the following we've been able to reduce the amount of time that it takes to upgrade from one version of Windows to another by 85 percent which are seeing in the graphic here a number of customers told us that it takes them about 12 months to upgrade from one version of Windows to another now using desktop analytics which automates all their validation of incompatibility they've not got down into two months I'm a couple of customers that are told us their deployment of Windows in the past you say take 24 months it's now taking them before but it's such a wonderful example of how we put AI to work and solve problems for you that you had to do through humans in the past and so we completely solved your validation of your compatibility testing and how about compatibility itself how good is that yeah you know the compatibility from windows 7 to Windows 10 has been incredible you know so my team has had a chance to look at almost a half of a million applications that you've contacted us on it of those half a million applications we have found nine hundred and twenty that have worked on Windows 7 and didn't work on Windows 10 that equates but nineteen one hundredths of one percent of all the apps have had a compatibility issues like two out of a thousand yeah if you have a thousand apps two of them have not worked on Windows 10 you I got to take my hat off to the windows organization they did an unbelievable job and compatibility from 7 to 10 you know if I were to ask everyone in this room here what your applications on 70 think would break on 10 I'll bet you Bose you would save 5 or 6% 19 one hundredths of one percent is what we actually see and we were unblocking just millions of seats right yeah and so you know through this we have this program called aperture and what that allowed us to do is we unblocked 52 million devices to upgrade to the total Windows 10 and the fascinating thing about that is we were able to help those customers avoid 31 million help desk calls you do the quick math on that now say for our customers 5.5 billion dollars in helpdesk all right and I think your tagline right now I think has just call me so what where do we find all this help what's the best way to do it yeah and so you know the program is used we call desktop app assure we don't call it a pitcher because we're including additional services we'll talk about that next year but the concept here is you know whether it is on Windows on office will talk about edge and things in a minute if you find a compatibility issue you come up with this website you can actually log it in sedate actually comes to my engineering team will contact you will look at your app will look at whatever the case may be is I will either fix the Microsoft solution or we'll help you fix your app because what we want you unblocked at moving forward as quickly as you can right we've also fixed bugs inside of Windows itself so if there's about 80 or so I think only as part of this but out of the half a million yeah so we actually fixed 82 bugs inside of Windows but it son you know more often than not one of the most interesting things about this is there is less about 14 issues that are the most common things that cause compatibility of an app in terms of Windows 10 and often you'd be surprised how often the companies built an app it has a check for the for the version of Windows and it was built five or 10 years ago and it sees version 10 it says I don't know what that version is and edit and it craps out if you will and so we help you write a shim for that but we solved the problem for you get you blocked and one of the cool things is I think we announced this week we're expanding that as well yeah and so we're expanding the promise of what used to be called desktop app assure we're now calling it a pusher and we're saying the promise to edge and to Windows virtual desktop so here's the promise to you if you have an app that runs in Chrome or it runs in Internet Explorer and it doesn't run in the new edge call me for my team we will fix it okay if you have an app that runs on Windows 10 and it doesn't run in Windows virtual desktop literally call us and we'll fix it we want you to understand we are taking on the responsibility for compatibility we're putting a promise out there that if you run into a compatibility issue on Windows on office on edge on a Windows virtual desktop my team is gonna stand behind you and we will either make the fix at the Microsoft Proctor we'll help you fix your application and by the way we had an awesome show with Alex Lopez on aperture and they're really legit they've got all the debugging and fixing they'll even repackage your apps for you to get them in a state where you can deploy them with tools like config manager if you check out akms /a a mechanics you can check that out but we mentioned Microsoft edge it's part of the program now in terms of aperture how much of a problem is in terms of going to a newer version of edge and what does it look like from a from a sites perspective as you move to a more modern browser yes I look in the telemetry that comes back to us the the average organization has about 2000 apps that they deploy through config manager and those those few thousand apps you know often half of them are our web apps and I'm sure all of you who seen the following let me bring up this is the old edge this could be Chrome I'm gonna go click on to a link here now when I click on this link it's actually based on a silverlight app that requires IE and what you notice does happen here is it pops up another explorer it pops up another browser now you know to your users they go why is that happening it just doesn't feel like it's a good experience so let me show you what we've done inside of edge now so if I come to the new edge here same application but I'm now running it in the new edge that we announced show the d8 a data this will be January 15th next year I'll click on that same link now watch what happens we've built I a compatibility into edge it comes up in that tab it's subtle but it's such a better user experience your user doesn't get taken out of the flow it's not another application that's seamless and that's the kind of thing you might need a good emulation I think anyone will understand this the key to good emulation is to not expose that you're showing the user something else showing the IE engine in this case so it's going to be seamless to them that means they'd have to spend their time in the IE browser this let them stay in a modern browser sir all our html5 stuff works and even their older Silverlight or ActiveX stuff works I think what the key message is for everybody here is edge needs to be your default browser it's the most secure browser for commercial organizations and it also has the most privacy built into it and so one of the assets from us to you is go set that setting in your configuration tools in Microsoft endpoint manager that makes edge that default browser for your commercial sites yeah and you get all these great capabilities things like Windows Defender application guard built-in even the brand-new chromium based browser already has all of that up and running you can configure that with policy or with in tune I get all that stuff up and running that's right so we've also announced some additional security capabilities and some additional baselines right so can you talk us through what we're doing there yeah so one of the things that we've now built in is we built in a set of baselines so a year ago we announced the security baselines for Windows today we announced that inside of your get to tenant you're now going to see security baselines for edge and for office 365 and these are the same security baselines that we work with the government's across the planet that they apply to all their pcs it's key mattias it's in there all you literally have to do is go to apply that policy to your users and devices ok so I know that you've done a lot of work in terms of working on IT programs to really make the end user experience as good as it can be and I've got I think my favorite demo that we want to do today so why don't you show some of the things that you can do now once once you apply these kind of baselines the native kind of controls and configurations what we can expect a year ago I got really fascinated to understand more about what the experience is that we're putting in the hands of our users and if I give me like the 10 second scenario I was literally having dinner with a CFO and the CFO walked me through you know that morning he had a call and he was 8 minutes late to the call because his PC rebooted and it took at 8 minutes for it to boot and I came back to the team and I said you guys we kind of do something about this I see heads nodding up and down here you know you have it you hear these horror stories of these long incredible boots and so what we wanted to do is we wanted to understand what caused log boots and then give you guys to help on it now what Jeremy is showing you here is what we call the productivity score port TV score is a new sport that we're launching here at ignite and what this is is this is giving you the insights on what you can do to first of all understand your current user experience and then optimize it deliver a world-class exchange there's going to be two aspects of it there's an employee experience and there's a technology experience the employee experiences are your users working at modern ways so you upgrade to office 365 but are your users working in modern ways they give you a simple example are they co-authoring documents or are they attaching things to email you see the difference we're gonna give you that kind of insights and the technology experience where you're literally gonna give you a view of boot time battery life all the ways in which the technology either enables or hinders your users with guidance on how to improve it so I'd love you to be able to prove it all right let's do it okay maybe some of you see this demo today yeah I jokingly refer to this as the most boring devil ever I'm gonna cold boot my PC right now Jeremy's gonna help me here so up up on up on the screen here he's gonna he's gonna pull up my iPhone we're gonna time it now this right here is my corporate PC this is not some specialized PC or we've taken everything off of it to make sure it boots as fast it can this is literally the PC that's managed by our IT department so I'm gonna cold boot my PC this kind of Turnus you can see it here all right here we go so literally here my PC is booting and so it's coming up you know at this point you can see it's authenticating when us hello is authenticating me it's gone through all of our zero trust tests and you'll see here I'm gonna bring up the browser my PC is functional stop now literally in seconds go do this to your PC tonight how longs it take your PC to boot from boot to be productive what we see on on average is the commercial pcs are somewhere between two and three minutes now there's three causes to that it's poor Hardware too many group policy settings too many agents that causes slow boot but that also causes a slow resume it's what causes your battery to drop faster than it should and it also is the primary cause of all your crashes so what we've seen here as you've helped organizations modernize we've seen an eighty-five percent reduction of their boot time we've also seen an 85 percent reduction of the number of crashes that they see and a doubling of their battery life and you know what your users notice it they go why is this such an amazing experience and that has an incredible impact on their sentiment and their loyalty towards the company and so you know I think one of my primary jobs is to make all of you heroes I want an ID to be able to take a victory lap and when you put that kind of an experience in the hands of your users they think you're heroes all right so you want to see how we're gonna help you do it yeah all right let's do it so let's flip over to my my spy screen right here so what you're looking at here this is gonna appear in your Microsoft endpoint management console at the first part of the year and so what you're looking at here is this is that technology score so I'm looking at boot time here I'm looking at my startup score right here first of all you can see I've brought up I've got a baseline I'm getting a startup score of 70 well that's not a scale of 100 100 is great zero is terrible I'm doing up currently a baseline the baseline is of all of all organizations reporting back so that you know I'm well ahead of the baseline I can actually go benchmark against myself and this is a benchmark from a couple of months ago so I can see the progress now we're gonna give you insights here like model performance and so literally this is data that's coming out of Microsoft and you can now start to sort on this like tell me what is causing my core boot time to be long this is from the time that it comes from boot up until the time that you see the login screen the biggest cause there is poor hardware you can see here HD DS is the largest cause then the course sign-in time what's happening here is you've got ages initializing and you've got new policy initializing you can see just dramatic swings and the difference here so for the first time with this productivity score we're gonna give you insights and then we're also gonna give you advice on what you should do all right if you look over here on the side we're gonna start giving you advice on the things that you should do Hardware group policies and agents to be able to deliver that kind of experience I just showed you on my on my surface laptop 3 to all of your users because that's not interesting oh yeah all right so I still can't get over the fact that it's two times battery life I've always suspected that our own IT policies were kind of hurting the battery so it's awesome that that's that's happening these are also devices that you know we have all the security policies all the things you've got access to privileged information obviously everything's protected multi-factor authors still on so super secure now I know your team's also been working on managing configuration all the way down to the metal all the way down to the firmware can you show us what to do there yeah so you know one of the things that we've struggled with as an industry is every OEM every hardware manufacturer has had their own their own way to update the BIOS or the firmware and in fact most organizations just to avoid doing it because it's been too complex and so what I did is I worked with the surface team and you see here a screenshot of what we call it the device firmware configuration interface or DD FCI and this is a we hope this will become the standard way that all om will provide an interface where their firmware their bias could be configured Jeremy's showing you here I could go down here and say disable the camera what that actually does is it disables the power down at the firmware level so there's no power going to the camera if you're to go look at device manager it won't even show up so you'll have to go put a piece of tape on your camera anymore if you want to disable the camera right right but the goal here is we've now taken all the code for this we put it up at github and now we're working across the OEM ecosystem to say let's standardize on a way to do this across all models to make it easier for our customers so look for more announcements coming out our DFC I but I'm super excited about this one all right so the last topic I want to cover is how we're bringing IT and security teams together we've had Rob Lefferts on the show showing some of the cool integration work there why don't you show us how everything hooks up with your side of the fence ok and so if you take a look at going on my screen here I want to show you something to call threat vulnerability management now the concept here is in most organizations you've got a security team that sets policies and then there's an IT team that implements it the security team often but also will do hunting for issues and then they instruct or they give and have an ask a ticket in order to have the IT team go do things now today the way that works is you open a ticket you give information in the email or maybe in a spreadsheet but it's a bunch of humans doing it you know it's it takes time I remember like air somebody would say I want to find every machine that runs this process ok let's open up an inventory do all of that wait for a couple of days to get all of that information back at that point you don't even have all the devices maybe they have that process running then we have to actually ship a patch out to the same machines so it can take sometimes several days sometimes a week or so to patch that no that's fine right and so what we have done up in Microsoft 365 if you know all that all these are just all services running in our clouds we can now connect the security with the management aspects of our cloud and have you communicate instantaneously on action so let me walk you through a scenario threatened phoner ability management here takes a list we have up in the cloud of all known threats and all known vulnerabilities on Windows and then we continuously scan your de pcs to see if you have pcs that are still open it and exploitable by the known threats and vulnerabilities you know and it's been fascinating the first thing you see is you see an exposure score and then over here you have a personalized to-do list of how you should spend your time it has the greatest impact now let me click on to one of these right here cuz I want to make a point here for a second as I click into this one you're gonna see here this is a list of all of the exploits in this particular tenant that has devices that are still open and exploitable now think about your organization for a minute if your security team found this list of devices that needed to be updated how would they tell the IT team here's the payload or the configuration change here's the devices to target how would they do that today could you do it instantaneously and the answer for most organizations is no so now let me show you what we've done here this is that particular issue I'm gonna go into my remediation options and right here I'm gonna say open a ticket for in tune now that'll say Microsoft endpoint manager you know now that we've got the new branding out now it doesn't it doesn't have to go through into it if you have config manager in place in to construct config manager but I'm gonna go and say hey this is a high priority I want it to start immediately please get it done and submit the request now what's happened upon the Microsoft 365 there's just a minute better cloud-to-cloud communication and defender ATP is told in tune all the instructions about what it wants what it needs to be done so if I click over now into the endpoint security and I come to my tasks so now I'm back in the IT Pro experience here the endpoint administrator and I'm gonna do a refresh here you can see here that I have this prophetess this request that is pending that's where requests that just came in for me I accept that and just like that all those instructions from the security team came over to the into an organization those devices are being updated right now it's instantaneous its air free you're far more secure because we're now able to connect IT and security within your organization and even the security team gets a progress view into how those patches are going so really cool stuff that again we've shared with Rob Rob Lefferts recently it's super efficient for both sides from a security and IT perspective love and the love and the integration here and so you know this really is the the best of both worlds because you know you get that separation of church and state both organizations get to have their view but this is how you deliver that moderate workplace that is loved by users loved by IT trusted by all so this is really awesome in terms of the experience itself that we're driving to help really increase productivity driving an employee sentiment I think that's a big deal here as well now these updates are huge and I really can't wait to start using endpoint manager but tell us what's the best way to get started yeah a couple things I'd ask you to do first of all go check out AKMs slash endpoint manager all the data in terms of what it is what we're gonna do there please go check that out the other thing I would ask you to go do is go Cloud Connect your config manager deployments just go and patch into into it you don't have to go go manage all the devices but by connecting into to your config manager deployment we can now start to flow down all of this all this insight all this intelligence we're gonna make this easy for you as you upgrade to the 1910 release of config manager a part of that upgrade is gonna help you automatically attach it into tenet to your config manager deployment so they're really great recommendations thanks so much again for joining us today brad also keep watching Microsoft Mechanics for the latest updates that's all the time we have for this show we'll see you next time goodbye for now everybody [Applause] [Music]

Info

Channel: Microsoft Mechanics

Views: 57,611

Rating: 4.9297013 out of 5

Keywords: Microsoft Endpoint Manager, Configuration Manager, System Center Configuration Manager, SCCM, ConfigMgr, Intune, Threat and Vulnerability Management, Microsoft 365, Windows 10, Device Management Admin Console, Device Management, Microsoft Office, Microsoft Edge, Microsoft Ignite 2019, Microsoft App Assure, MDM

Id: q9Bc2_eJozM

Channel Id: undefined

Length: 26min 2sec (1562 seconds)

Published: Tue Nov 12 2019