Thursday, July 7, 2016

Lessons learned from WMUG and SCUG last month (part 2)

Last month (June 2016) I went to both Windows Management User Group (WMUG) and System Center User Group (SCUG). Both with great sessions and speakers. On WMUG both Mirko Colemberg and Mike Terrill were speaking. On SCUG I listen to Pieter Wigleven, Stefan van der Wiele, Mirko Colemberg and Peter Daalmans. Let's have a look at some notes taken.
SCUG #1 (Pieter Wigleven)
-Windows 10 enrollment options: Join devices to Azure AD, Password reset, Require multi-factor, Sync settings, Application proxy
-Apps like Twitter (for example) can be installed automatically
-Windows Information Protection policies within Intune standalone (AKA Enterprise Data Protection)
-Edition upgrade policy Pro > Enterprise (or the other way around) with a provisioning package

-Wi-Fi profile and Defender block (within Intune policy)
-Use (access panel) for additional apps (with SSO support)
-Deploy Line-Of-Business (LOB) apps via Microsoft Business store
-Add x86 software to Microsoft Business store (future usage)

-When using BitLocker encryption policies, the recovery password will be kept in Azure too.
-No Direct Access support in Azure till now, but Auto-VPN instead.

SCUG #2 (Mirko Colemberg)
-Session on Microsoft Advanced Threat Analytics (ATA) and Windows Defender Advanced Threat Protection (ATP)
-Story (ATA): 200+ days. That's the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft ATA helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.

-Story (ATP): Protecting our enterprise customers has never been more challenging. Security threats are increasingly brazen and highly sophisticated. A new Windows 10 service that helps our customers to detect, investigate and respond to targeted and advanced attacks on their network.
-Source: Microsoft ATA & Microsoft ATP
-Microsoft ATA is only for information, not for protection. Maybe it will be combined with Defender in future.
-Windows Defender ATP policies will be in SCCM (next build), but is not in Intune available at the moment.

SCUG #3 (Peter Daalmans)
-Start with ConfigMgr 1511 during clean install or upgrade. Don't use build 1602 for this. Possible but not recommended!
-Since ConfigMgr Technical Preview (1511) there was an update every month (with new features)! Very good job Microsoft.
-New ConfigMgr Current Branch builds needs to be installed within a year, to be supported. No LTSB version available.
-Use the service connection tool for new ConfigMgr builds, when in offline mode or behind a proxy. Cool stuff! >
-After 1602 it's not possible to upgrade or install newer builds directly. It will break ConfigMgr and missing features!

More on Servicing here: Promote the ConfigMgr client in Current Branch (1602)

More about WMUG and SCUG sessions HERE.

No comments:

Post a Comment