#IoTinActionMS

KoldingJune 12, 2018

Windows 10 for IoT solutions

Dmitry TeterukCloud Solution Architect

Core aspects of the Internet of Things

Data

Analytics

Devices

Connectivity

Need a cohesive

computing

environment

Security is a major

concern

Devices need versatile

connectivity

EDGE AND CLOUD COMPUTING DRIVE IOT

“ T H E R E I S A S H I F T I N G B A L A N C E B E T W E E N E D G E C O M P U T I N G

A N D C L O U D C O M P U T I N G ” - A B I R E S E A R C H

SUCCESSFUL IOT SOLUTIONS DEMAND

ROBUST EDGE COMPUTING CAPABILITIES

Microsoft Windows 10 IoT Enterprise

One platform optimized for all IoT devices

Leading user experiences and connectivity

to empower business scenarios

Streamlined manageability including

lockdown and bulk provisioning to

help enable industry-specific scenarios

Enterprise-grade security specifically

designed for enterprise devices

WINDOWS 10 IoT EDITIONS

Windows Server 2016 for Embedded Systems (for IoT)

Advanced multi-layer security

Cloud-ready application platform

IoT Server Appliances

Windows 10 IoT Core

Smaller OS footprint; low level bus and hardware access support

Headless/Headed; UWP 512MB RAM, 2GB storage* | X86, X64, or ARM

Smart Devices

Windows 10 IoT Enterprise

Rich user experience

Windows 32 and UWP apps 2GB RAM, 16GB Storage | X86 or X64

Powerful Industry Devices

Windows 10 IoT Mobile

Lockdown, multi-user support and cellular

Modern Shell and UWP apps 1GB RAM, 8GB storage | ARM

Ruggedized Handheld Devices

*For details see: https://msdn.microsoft.com/en-us/library/windows/hardware/dn915086%28v=vs.85%29.aspx

IoT Gateways

Industry Tablets

ATMsDigital Signs

Handheld Terminals

Thin Clients

POS Terminals

Medical Devices

Industry Robotics

Secured DevicesSecured Identities Secured Data

Seamless connectivity to Microsoft Azure

Interoperability across devices

Easy incorporation of sensors and

peripherals

Feature Highlights for Windows 10 IoT Enterprise Feature Benefit

Mobile Device Management (MDM) Consistent management framework across devices (1st or 3rd party)

Granular UX Control and Lockdown Provide a predictable and consistent device experience

Machine login with Azure AD Join and

Azure State Simplify device access to cloud resources

Device Guard*Protect operating system from running unwanted apps and increase

security on mission critical devices.

Credential Guard* Protect device credentials from pass the hash attacks

Custom Branding (logon and boot) Helps create a custom device experience

AppLocker Prevent users from installing and using unauthorized applications.

Next Generation CredentialsReducing reliance on passwords, increasing resistance to theft and

phishing

HORM Boot fast to a known state on the device

Image Configuration Designer (ICD) Easily customize the device experience/image

* Requires UEFI 2.3.1 or greater; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; TPM 2.0; BIOS Lockdown;

Windows Universal App Platform

• Converged APIs: write ONE Universal App and target all Windows 10 editions.

• Reuse existing development skills.

Languages

• C++ /CX

• C#, VB

• JS

• Python

• Node.js

APIs

• WinRT

• Win32

• .NET

• Wiring

Deployment and

Execution

• APPX

• XCopy

• App Isolation

UI Frameworks

• HTML

• Xaml

• DirectX

Tools

• Visual Studio

• PowerShell

Universal Windows Platform

Common & Consistent APIs

Windows Universal Driver Platform

WDFAudio

BluetoothBuses (USB, SPB)

HID (Retail), ButtonsCamera

Graphics & Display

LocationNetworking - WiredNetworking - WLANSecurity - Biometrics

Security - CryptoSecurity - Smartcard

Security - TPM

NFCSensorsThermal

TouchUEFI

Video

• Write ONE Universal Driver and target all Windows 10 editions – converged device areas/APIs

• We scanned over 100k drivers to create a universal driver API set for you.

If you are using Actions to take Why

Inbox/Class drivers • It just works! Core device-types

(storage, mouse, keyboard, touch,

video, etc.…)

Your device automatically

leverages a large ecosystem

of peripherals

Kernel Mode drivers • High backwards-compatibility for

converged device areas

• Make minimal changes and test

Your driver runs on more

editions

User Mode drivers and

services

• Know that Windows Universal

Platform Win32 API surface is smaller

than desktop Windows

• Use replacement APIs where

available

• Re-design/re-implementation if APIs

are not available and test

Your driver runs on more

editions

Why move to Universal Driver?

Choose the peripherals that are right for you

MagStripe Reader

Barcode Scanner

Receipt Printer Cash Drawer

New New

Application developers can build Classic Desktop applications

using a UnifiedPOS implementation to integrate retail peripherals

into solutions.

UnifiedPOS implementations for Classic Desktop include (click

links for additional information):

▪ POS for .NET

▪ OPOS

▪ JavaPOS

Building Classic Desktop apps for retail

Consistent device management for all Windows 10 IoT devices

Industry Devices

Windows 10 IoT

One Windows Platform CSP CSP CSP Custom

DM

• Converged MDM Stack• Common CSPs

3rd Party MDM

Azure IoT Hub

Device Twin

Device Twin

OMA DM

• Enterprise and

OEM/MSP device

management

• Customer can select

from both models in

one platform

MDM in Windows 10

One consistent set of MDM capabilities

across Mobile, Desktop, and IoT

• Provisioning

• Bulk enrollment

• Simple bootstrap

• Converged protocol

• Azure AD Integration

• Extended set of policiesClient certificate management

• Enterprise Wi-Fi

• VPN management

• Email provisioning

• MDM Push

• Device Update control

• Kiosk, Start screen, Start menu configuration and control

• Curated Windows Store

• Business Store Portal (BSP) app deployment; license reclaim

• Enterprise App management

• Simplified LOB app management

• Win32 (MSI) app management

• App inventory (LOB/store apps)

• App allow/deny lists via Applocker

• Enterprise data protection

• Full device wipe

• Remote Lock, PIN reset, Ring, & Find

• Enhanced inventory for compliance decisions

• Un-enrollment with alerts

• Removal of Enterprise configuration (apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)

• Additional device inventory

BitLocker

Device Guard

Enterprise grade security for mission critical devices

Next Generation Credentials

Windows DefenderAdvanced Threat Protection

Enterprise Data Protection

Advanced lockdown for mission critical devicesCreate a consistent and predictable device and user experience for Line of Business apps

+ +

Create consistent and predicable device experience

Protect system against write operationsEasily create read-only devices

Improve system up-time & reduce IT support

Create dedicated LoB device experiencesKeep users focused on line of business app(s) that matter

Customize the layout to meet the needs of the device and user experience.Keep users focused on line of business app(s) that matter

TargetedProvide a consistent & predictable experience

Lockdown comparisonsWindows Embedded 8.1

Industry ProWindows 10 IoT Enterprise

Lockdown Capability Feature Mapping

Protect devices physical storage media Unified Write Filter -----> Unified Write Filter

Boot fast to a known state on the device HORM -----> HORM *

Suppress Windows UI elements displayed during Windows logon and

shutdownEmbedded Logon -----> Embedded Logon

Block edge gestures Gesture Filter -----> Assigned Access

Block hotkeys and other key combinations Keyboard Filter -----> Assigned Access / Shell Launcher

Launch a desktop app on login Shell Launcher -----> Shell Launcher

Launch a Universal Windows app on login Application Launcher -----> Assigned Access

Suppress system dialogs & control processes that can run Dialog Filter -----> AppLocker & MDM policies

Suppress toast notifications Toast Filter -----> MDM & Group policies

Configure lockdown features Embedded Lockdown Manager -----> ICD / Provisioning package(s)

Restrict USB devices / peripherals on system USB Filter -----> MDM & Group policies

Launch a Universal Windows app on login plus lock access to system Assigned Access -----> Assigned Access

Custom brand a device by removing and/or replace Windows UI boot

elements

Embedded Boot Experience /

Unbranded Screens----->

Embedded Boot Experience /

Unbranded Screens

Suppress Windows UI elements displayed during logon and logoff Embedded Logon -----> Embedded Logon

* HORM capability available in Windows 10 IoT Enterprise LTSB 2016 and CBB SKUs.

Bringing it all together

The latest connectivity optionsEthernet, Mobile Broadband – MBB USB Class driver, OEM BSP support

Wi-Fi, Wi-Fi Direct, Bluetooth, BTLE

Your devices work togetherDevice interoperability with open standards

Sensor access from Universal Windows appsDirectly interact with hardware busses to build innovative IoT devices

Sensor to CloudAzure services to build IoT solutions

Activation states for Windows 10 IoT Enterprise

Windows Product Key is

injected or installed into each

device during manufacturing

Device deployment

• Device will reach AVS server for activation

• Upon successful activation access to online services

Note: Activation failure UX will be appear if activation fails

☺

• Image is fully functional

• No access to MSFT and/or 3rd party services

• No disruptive activation notifications or watermarks

☺

Has never connected to the Internet

Internet connectivity

Deferred Activation

Semi-Annual Channel vs. Long Term Servicing Channel

Semi-Annual ChannelLong Term Servicing

Channel (LTSC)

Ongoing security updates for the lifetime of the branch

1st party browsing choices

Several months to consume feature updates

Support for Cortanaand some 1st party Universal apps

No feature upgrade required to stay supported

Value of the latest features as they are released

Capabilities

Recommended IoT use scenario

Modern UWP device experiences

Traditional embedded devices with Win32

Microsoft Edge, IE 11

Support for Microsoft Store

Ability to load universal apps

IE 11

CBBCB

CBBCB – RS2

Summer Fall Spring Summer Fall Spring

CB – TH1

Semi-Annual Channel (ex-CBB) WaaS Servicing Cadence

• There are only 2 active CBBs at any given time.

• CBB is declared after ~4 months of servicing of the active CB

• CBB has ~8 months of servicing.

• First CBB occured in July 2015.

• All CBB updates contain a delta of previous updates

CB – TH2

CB – RS1

CBB

CBB

CBBWindows 10 IoT Editions

Windows 10 IoT Enterprise (CBB)

Windows 10 IoT Core

Windows 10 IoT Mobile

LTSC (ex-LTSB) WaaS Servicing

• 10 years of servicing ( 5 Main + 5 Extended )

• Security, and required reliability/performance fixes only

• No feature additions

• All updates are cumulative

• Infrequent, every 2-3 years

CB – RS1 CBB

CB – RS2 CBB

CB CBB

CB CBB

LTSB 2016 (Redstone 1)

CB CBB

CB CBB

CB CBB

CB CBB

CB CBB LTSB Future

CB CBB

CB CBB

CB CBB

CB CBB

CB CBB

CB CBB

CB –TH2

CBB

CB –TH1

CBB

Windows 10 IoT Editions

Windows 10 IoT Enterprise (LTSB)

LTSB 2015

Mange tak!(Thank you!)