Aris Dzērvāns

Microsoft

Windows ierīces Enterprise infrastruktūrā

Windows 8.1 Update the vision for everyone

On great devices

Brings together all you do

Always business ready

Designed for the way you live and work

Hardware requirements are unchanged

All apps work as well as in Windows 8Desktop apps

New Windows apps

Web based apps

Windows 8.1 Updatecompatibility

Windows 8.1 Update: works the way you want

See the desktop only when you need it

Leave the desktop only when you want to

Windowing and improved multi-monitor support

New Search experience

IT control of Start screen

Mobility: Productive and connected

Mobility: Productive and connectedWork anywhere on any Windows device

Access your data and apps

on any Windows device

Connect to your

networks on the go

Your PC in your pocket

with Windows To Go

Wirelessly connect

to peripherals

CORPORATE

NETWORKINTERNET

Effective working with Remote Access

6

Can originate admin connection from intranet

Connection tointranet is always active

Cannot originate admin connection from intranet

VPN

DirectAccess

With DirectAccess, a users PC is automaticallyconnected whenever an Internet connection is present.

Traditional VPNs are user-initiated and provide on-demand connectivity to corporate resources.

An automatic VPN connection provides automated starting of the VPN when a user launches an application that requires access to corporate resources.

Firewall

Windows 8.1: Connectivity

SoC-integrated mobile broadband

Business class VPN features

Native Miracast wireless display

Integrated wireless printing

Your PC as a personal WiFi hotspot

Empower BYOD

Empower BYODFlexible solutions for your business

Joining workplace with

personal devices

Windows To Go

VDI* Device

Management

*Powered by Remote Desktop Services

Managing Windows devices

Exchange

ActiveSync

Mobile Device Management

via OMA-DM

Enterprise

Management

Governance Full control

Windows 8.1 provides choicesChoose by device based on scenario or capabilities needed

Consider employee versus organization-owned, BYOD, connectivity

Organizations may choose the options that works the best for them

Lightweight registration process for personal devices

Enables access to data when using a registered, trusted device – leverages the user and device identities together

Used with Dynamic Access Control in Windows Server 2012 R2

Primarily a security capability, potentially combined with MDM for manageability

Windows 8.1: Workplace join

Registering and Enrolling Devices

IT can publish access to corporate resources with the Web Application Proxy based on device awareness and the users identity. Multi-factor authentication can be used through Windows Azure Active Authentication.

Users can register BYO devices for single sign-on and access to corporate data with Workplace Join. As part of this, a certificateis installed on the device

Users can enroll devices which configure the device for management with Windows Intune. The user can then use the Company Portal for easy access to corporate applications

As part of the registration process, a new device object is created in Active Directory, establishing a link between the user and their device

Data from Windows Intune is sync with Configuration Manager which provides unified management across both on-premises and in the cloud

Connections

HomeGroup

Proxy

Radio devices

Workplace

Network

Join your workplace network so that you can use network resources like internal

websites and business apps.

Apps and services from IT

someone@example.com

Workplace

Enter your user ID to get workplace access or turn on device management

Join

Turn on

Simple access to corporate data

Enables offline access to files and folders stored on a Windows Server 2012 R2 file server

Simple group policy configuration for domain-joined computers, with easy discoverability for BYOD systems as well

Leverages web protocols (HTTP) for easy synchronization through firewalls

A compliment to OneDrive and OneDrive Pro

Windows 8.1: Work Folders

Work folderscompared to ohter sync technologies

Work Folders Offline Files OneDrive Pro OneDrive

Technology summary

Syncs files that are stored on

a file server with PCs and

devices

Syncs files that are stored on

a file server with PCs that

have access to the corporate

network (can be replaced by

Work Files)

Syncs files that are stored in

Office 365 or in SharePoint

with PCs and devices inside

or outside a corporate

network, and provides

document collaboration

functionality

Syncs personal files that are

stored in SkyDrive with PCs,

Mac computers, and devices

Intended to provide user

access to work filesYes Yes Yes No

Cloud service None None Office 365 Microsoft OneDrive

Internal network serversFile servers running Windows

Server 2012 R2File servers SharePoint server (optional) None

Supported clientsPCs and devices* inside or

outside a corporate network

PCs in a corporate network

or connected through

DirectAccess, VPNs, or other

remote access technologies

PCs, iOS, Windows Phone

PCs, Mac computers,

Windows Phone, iOS,

Android

Mobile DeviceManagement

Based on open standardsUses Open Mobile Alliance Device Management protocols

Secure communication with cloud-based management

Built into Windows 8.1 and Windows RT 8.1

Implemented by multiple ISVsMicrosoft (Windows Intune)

AirWatch

Mobile Iron

Open protocol enables implementation by additional vendors

Mobile DeviceManagement

Implements key device management functionality

Hardware and software inventory

Configuration of key settings

Line-of-business modern application installation and updating

Certificate provisioning and deployment

Data protection, including remote business data removal (wipe)

Unified Device ManagementWindows, System Center and Intune

Devices & Platforms

IT

Single admin

console

Microsoft Desktop

Optimization Pack (MDOP)

UE-V, App-V, MBAM

Windows PCs/Tablets

(x86/64, Intel SoC),

Windows To Go

Mac OS X

Windows RT

Windows Phone 8

iOS

Android

Enables a single Windows Store app experience on the device

User only experiences the specified app

Unable to access system files and other apps

Windows Embedded 8.1 Industry: broader set of device lockdown capabilities (ATMs, etc.)

Windows 8.1:Assigned Access

Enterprise grade security

Modern access controlSecure corporate data

Windows 8.1 security capabilities

Malware resistance

Multifactor authentication, virtual smartcard support

Dynamic access control

Secured system start-up

Core system hardening

Sandboxed Windows Store apps

Built-in anti-malware solution

Real time anti-phishing protection

Corporate encryption enforcement

IP protection with Office IRM

Corporate compliance with Lync

Improved Windows Defender

Improved browser security

Improved system hardening

Provable PC health

Biometrics

Improved multifactor authentication

TPM key attestation

Certificate reputation

Device Encryption all editions

Remote Business Data Removal

Trustworthy hardware

TPM virtualized as a Smart Card for auth, encryption, signing, etc

Address key challenges with existing MFA solutions

Easy to deploy, cost effective, always ready on the device

Windows 8 & 8.1:Virtual Smart Card

End to End Support For Fingerprint Biometrics

Common enrollment experience

PC Settings -> Users -> Create Fingerprint Sign-In

Experience optimized based on devices capability

Biometrics sign-in in all Windows experiences

Windows sign-in

Remote Access sign-in

All remaining authentication prompts (e.g.: UAC)

“Touch to Buy” added to:

Windows Store

Xbox Music

Xbox Video

Windows 8.1:Biometrics

Characteristics of a Modern Reader

Touch

Liveness Detection

Windows 8.1 Enterprise Edition Features

Rights are included with Software Assurance for Windows

Enterprise edition use rights are perpetual for the licensed device even after SA coverage ends.

How to License

Enterprise

Sideloading

Create a corporate

Windows 8.1

environment on a

USB stick

Connected to

corporate networks,

seamlessly

and more securely

Users in the branch

office can

download

documents and

apps faster

Improved end-user

experience

Specify what

software is allowed

to run on a user's

PCs

Deploy Windows 8

apps from outside of

the Windows Store

Start Screen

Control

Control Start screen

configurations for

different groups

and roles using

Group Policy

Windows Phone

Business as it happensPut what’s important on your home screen – email, contacts and docs. As things change, the tiles do too.

The mobile officeMicrosoft Office - Word, PowerPoint, Excel, OneNote -Outlook and Internet Explorer 10 built-in. Share via SkyDrive, SharePoint and Office 365.

Works best with MicrosoftIf your business runs Microsoft Exchange, SharePoint, Lync or Office 365, choose Lumia. Just enter your username and password and you are set.

Business level securityHardware accelerated encryption, device management and secure boot. The only smartphones with IRM for rights-protected email.

Best in navigationHERE Drive and HERE Maps that work offline. HERE Transit finds times for public transport. HERE City Lens reveals nearby cafés and restaurants.

Beautiful and robustDesign that stands out. Choose your favorite options from the range -ClearBlack screen, Wireless Charging, Carl Zeiss lenses, PureView technology, NFC.

The best phones for business

Built-in communication and collaboration

Robust security and encryption

Enterprise device management choices

Robust LOB development platform

Windows Phone enterprise feature pack