– Ignite 2016 by Harjit –
*** This is my first pass on the recap. There is a lot more information which I would like to share and I’ll do so by adding on to this post or in a separate post ***
Microsoft Ignite Conference was held in Atlanta last week – One of my favorite conferences that I enjoy attending for learning and networking
23,000 attendees plus a few hundred vendors in a massive convention center. Sounds crazy but it was less chaotic as we experienced in Chicago last year
Over 1400 sessions from 20-minute theater sessions to 75-minute breakout sessions
Lots of great networking opportunities with peers, product teams, and speakers. One of the best values from this conference
Cloud, Cloud, Cloud = Azure, O365, Sharepoint, etc are hot stuff and the future (and the present)
Security was a big focus too with Windows 10, Windows Server 2016, Azure, and other online offerings
Azure is becoming the first AI supercomputer. Microsoft has some impressive datacenters across the world
The afternoon Innovation Keynote by Satya Nadella was cool and exciting. The morning Keynote was less than desirable but they served fresh donuts and other treats
Closing Celebration was held on Thursday at Centennial Park and it was a “camping” style theme, which had lots of games, activities, food, treats, and beer. Lots of fun!
Highlights:
- Beam Robots were introduced at Ignite and were quite popular. People signed up from all over the world to drive them around the convention center and interact with attendees, product teams, and vendors to name a few. They were a lot of fun
- Spark 360 Photo Booth – Had a cool 360 photo taken and my image turned into a window cling and displayed on a large window in the convention center along with several others. It was more of a pixelated style image
- Had some casual chats with my tech idols Wally Mead, Jason Helmick, Sami Laiho, Paula Januszkiewicz, and a few others
- Got to meet the wonderful and friendly Ignite planning team, i.e. marketing, social media, and the folks behind the new Microsoft Tech Community (which apparently will replace TechNet in the near future)
- Everyone was friendly, courteous, and nice which made the experience much pleasant and enjoyable
- Reconnecting with fellow IT peers who I see yearly at these conferences and made some new connections as well
- Having friends with privileges set me up with lounge access at Harstfield-Jackson Airport (helped to kill time comfortably before my flight home)
- Got to check out some Atlanta venues such as CNN, Coca Cola, Centennial Park, Philips Arena, and off course the massive Georgia World Convention Center
- Feeling energized, motivated, and enthusiastic for future IT and my career
- Two thumbs up!
Cons:
- I got sick!
- Missing my IT friends!
- Conference ended!
I attended many sessions, spent time in the expo hall talking with vendors and checked out the demos of their products, talked with Microsoft product teams and developers, attended mini theater sessions such as Edge, Cortana, OneNote, Windows 10, ConfigMgr, Office, PowerShell, etc; had some “hallway” sessions with fellow attendees to learn about their IT issues and how they do things at their organizations, looked at some of their home grown tools, and asked for some technical tips and suggestions; spent some time in the Hands-On-Labs (HOLs) area to try and “play” with some products; attended some after-hour social events, and took advantage of a lot of networking opportunities. I was sad to discover that my new friend from Australia had her bag stolen from an evening social event which contained her laptop, passport, wallet, and phone to name a few. It was a big setback for her but she eventually made it home with some emergency documents from her embassy.
There was a lot of information covered and things I learned at Ignite, however it was a busy week and a lot to capture in one go, so going back to some of the sessions (recorded) which I attended and others that I missed (which I had wanted to check out) in the upcoming days and weeks as time permits will be a good refresher and valuable to me. At the conference, I focused mostly on Windows 10, Windows Server 2016, ConfigMgr, and deployments to name a few. Below are some of my notes from a few different areas in no particular order. Sorry for the long post.
==================================================================
Windows 10
Windows 10 Deployments: What’s new?
- Deploy Windows 10 to Windows 7,8, 8.1 with In-Place Upgrade or Traditional Deployment
- New devices – Deploy with Provisioning or Traditional Deployments
- Existing Windows 10 (Stay Current) – In-Place Upgrade
When not to use In-Place Upgrade:
- Changing from x86 to x64
- Changing from Legacy BIOS to UEFI
- Dual boot and multi boot systems
- Using certain 3rd party disk encryption products
- Can’t use custom image for in-place upgrade. Must use install.wim that comes with the original media, which lays down the clean OS and then merges the apps, data, and settings
Upgrade Process: Drivers
- Some classes of driver are not migrated forward – Display and Bluetooth drivers are left behind and any driver considered incompatible. New in-box drivers are used for those devices
Upgrade Process: Dynamic Update
- Grabs latest servicing update to inject into media
- Gets needed drivers that aren’t in the media
- Manually inject Cummulative Updates into install.wim
Upgrade Process: Size
- Each feature update is 3.5GB per PC (whether from Windows 7/8.1 or from Windows 10 to a later feature upgrade)
- Each monthly quality update is now up to 1GB per PC (when using ConfigMgr or 3rd party patching tools)
- Recommended to use peer-to-peer distribution
- Use of Express update with WSUS, reduces monthly traffic to 50-100MB as only the new components are pulled down
- Microsoft is investigating changes to ConfigMgr (Current Branch) for Windows 10 help
- Use BranchCache in ConfigMgr
Upgrade Process: In-Box Apps
- Can remove in-box apps but each feature update puts them back
https://blogs.technet.microsoft.com/mniehaus/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence/
Workaround: Remove them again post-upgrade with task sequence step, scheduled task, or SetupComplete.cmd file that runs a script
Upgrade Process: Settings Migration
- The upgrade process should migrate all settings (default applications, file associations, user, systems, and app settings
- Some settings may not be migrated properly and these should be considered as bugs (submit feedback, contact TAM, open a case)
Upgrade Process: Preflight
- Preflight to determine ahead of time if upgrade will succeed
Use exe /Auto Upgrade /Compat ScanOnly /Quiet
- Runs an upgrade process without actually running a production upgrade
- Provides return code and XML reports to identify issues
https://blogs.technet.com/b/mniehaus/archive/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe.aspx
Other:
- Feature updates can be deferred for 1-180 days
- Quality updates can be deferred for 1-30 days
Quality Updates:
- Single cumulative update each month
- Security fixes, reliability fixes, bug fixes, etc
- Supersedes the previous month’s updates
- No new features
Feature Updates:
- Targeting twice per year with new capabilities
- Reliable with built-in rollback capabilities
- Deployment using in-place upgrade, driven by existing tools
Provisioning:
- Designed for new PCs out-of-the-box to transform for business use with little or no user interaction
- Create provisioning packages using Windows Imaging and Configuration Designer tool (available with Windows ADK)
- Provisioning packages are small (< 10K) and can be deployed by email, file server, or USB
- Can change OS SKU from Professional to Enterprise (slmgr.vbs /ipk)
- Can apply policies, settings, install apps and updates, enroll device for management
- This could be a better method to use by the Depot to prepare Windows 10 PCs for the organization instead of imaging them
MDT 2013 Update 2 is still the current release
- Fully supports Windows 10 1607 and most bugs fixed
Sysprep Changes
- Previous Sysprep did not support upgraded OSes, for example upgrading from Windows 7 to Windows 10, then trying to Sysprep and capture would always fail
- With Windows 10 1607, Sysprep is now supported on upgraded OSes
Taskbar Configuration
- With Windows 10 1607, can now configure the task bar
- Add or remove icons or replace entire layout
- Driven by Group Policy (same Start screen control policy used for the Start menu) or via LayoutModification.xml file
- Place file in c:\users\default\appdata\local\microsoft\windows\shell
https://technet.microsoft.com/en-us/itpro/windows/manage/windows-10-start-layout-options-and-policies
https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-taskbar
Windows Upgrade Analytic Service (free service via OMS with a subscription)
- Free tool that leverages telemetry
- Tells you what issues you may encounter with upgrades
- Shows you what PCs are in your environment, what applications are running, and what drivers are on them
- Shows known incompatibility issues
Windows 10 Deployment: Tips & tricks
- Handling device drivers in deployment process, common deployment issues, workarounds, parsing logs, WinPE and PXE troubleshooting, UEFI deployments
- Use MDT and ConfigMgr for deployments
Patching
- Starting October 2016 Patch Tuesday cycle, Windows 7 and Windows 8.1 will follow the Windows 10 Cummulative Update framework, where monthly patches will be delivered in one CU rather than split up into many individual patches, which means individual patches cannot be removed post CU install. Heard some rumors that Microsoft may be coming up with a tool to allow IT Pros to remove problematic updates, since that is a big concern for many especially when older LOB applications have compatibility issues.
==================================================================
ConfigMgr
New Current Branch servicing model
- New features added with 3 releases per year
- 12 month support lifecycle for each release
- N-1 support for Windows 10 deployments and management – ConfigMgr 1602 or 1607 are required to support Windows 10 1607
Two mechanisms for Windows 10 feature updates
- Windows 10 Servicing feature, for automated servicing plans
- Task Sequences – when needing to do pre or post processing steps using customized media
- ConfigMgr 1606 Tech Preview deprecates OSDPreserveDriveLetter (Task Sequence variable) – No more D: drive or E: drive issue for system OS
ConfigMgr sessions were catered around OSD, Intune, managing mobile devices and apps, deploying O365 clients, and Windows 10 deployments.
- Over 40 million clients managed by ConfigMgr worldwide
- New ConfigMgr CB release is called 1610 and offers cloud-based management and peer caching content
- Microsoft Intune portal is moving from Silverlight to Azure – New Intune portal expected in Q1 2017
- “When you need to go fast with Windows 10, you need to go fast with ConfigMgr too”
- New MDT toolkit releasing later this year and will simply be called MDT instead of MDT 2016
- Nested task sequences are coming soon in ConfigMgr
==================================================================
Cortana
- With the Windows 10 Anniversary Update, Sticky Notes got a link-enabled update with support for Cortana insights which lets you set reminders, call written phone numbers, send email messages, view web links, map directions, etc
- Cortana is gathering data and learning daily
=================================================================
Windows Server 2016
Introduce Windows Server 2016 Into Your Environment (*Watch this sessions*):
https://youtu.be/ximW1iMaUwE
– Configuration Levels
- Windows Server with Desktop Experience (Graphical Shell, Management Tools, Desktop, Core OS)
- Windows Server Core (more for application services)
- Nano Server
Windows Server with Desktop Experience and Windows Server Core follows the Long Term Servicing Branch (LTSB) – New version every 2 to 3 years and supported with 5 years support and 5 years extended (5 + 5).
Nano Server follows the Current Branch for Business model – a new version every 6 months.
Nano Server:
- Smallest footprint (approximately 500 MBs)
- Very fast deployment and reboots
- Focus on two key scenarios – Born-in-the-cloud applications and Cloud platform (Hyper-V and Scale-Out File Servers)
- Not installed in the traditional manner. Use Nano Server Image Builder or PowerShell cmdlets
- Sysinternals tools ported to run on Nano Server https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip
Windows Server 2016 utilizes Cummulative Updates like Windows 10.
Only need the latest CU to bring the server to the latest patch version.
Security Updates will be delivered on an as needed basis.
Containers:
- Most people struggle to deploy custom applications to production environment. Containers solves this by enabling applications and libraries to run in their own containers which have dependencies
- Fast deployment and high density
- Share an OS instance with user mode isolation (sandbox)
- Can be managed with DockerCLI or PowerShell (uses Docker REST API). Docker is the management engine for Containers
- Each container cannot see other containers from a user mode level
Storage:
- Storage Spaces Direct – Aggregates internal disks or connected via external storage
- Storage Replica – Block-level replication between stand-alone or clustered servers. Replication via SMB 3
- Some features in Datacenter SKUs only
- ReFS got some improvements in performance
Networking:
- Major changes with Network Virtualization – Software defined networking v2
- Manageable via PowerShell, Azure Stack, or SCVMM
Remote Desktop Services:
- OpenGL 4.4 and OpenCL 1.1 RemoteFX support. RemoteFX support in Windows Server 2016 guest
- Personal session desktops, i.e. specific RDSH per user
- Pen remoting support (pen acting as pen instead of mouse)
- Remote Credential Guard – Credentials are not stored on the remote server when /RemoteGuard switch is used with mstsc
Active Directory:
- Privileged Identity Management (PIM) to mitigate credential theft using a bastion forest, utilizes Microsoft Identity Manager (MIM)
- New workflows for administrative privilege access
- Time-bound memberships – Kerberos ticket lifetimes restricted to time of lowest time-bound membership
Manage and Troubleshoot Your Windows Server Environment Remotely
- Free Azure management tools for on-prem Windows Server 2016. Securely manage on-prem servers remotely from anywhere
- Need to setup a proxy to allow communication between on-prem servers and Azure
- Can start a free trial for Azure and when it expires, you can still keep using the remote server management tools for free
- Web-based remote Server Management Tools (SMT) – Free Azure service with a subscription https://azure.microsoft.com
- Includes replacements for local only tools, such as Task Manager, Device Manager, Sconfig, Registry Editor, Firewall rules, Certificate Manager, Local Administrators, Network Settings, PowerShell Console, Services, Storage, Windows Updates, Event Viewer, etc
- Alternative to Remote Desktop
- Based on WMI and PowerShell
- Manages Nano Server, Server Core, Server with Desktop Experience
- Supports Windows Server 2016, Server 2012 R2, Server 2012
Deployments of SMT (https://portal.azure.com):
- UX hosted within Azure portal connected via a gateway service deployed in your infrastructure
- Agentless model, gateway service connects to the internet via port 443
- Gateway deployed via MSI on a server designated as the gateway service
- Gateway resource provisioned in Azure Resource Group
- Scale gateways for resiliency and performance
- Gateway only reaches out using https – no special firewall rules required
- Gateway Group Policy – AllowGateway (lock down environment by default, only allow SMT gateways on authorized servers)
- Gateway Group Policy – RequireMFA (require MFA for Azure to send the required header)
SMT page http://aka.ms/smt-create
Blog page http://aka.ms/servermanagement
Remote Server Management Tools (RSAT)
- An updated RSAT package for Windows 10 will be available in the Windows Server 2016 GA timeframe
- Will support Windows Server 2016, Nano Server, Windows Server 2012 R2 and 2012
PowerShell
==================================================================
Security
Understanding Credential Security: Important things you need to know about storing your identity
https://www.youtube.com/watch?v=vAmgmibNVys
Paula Januszkiewicz
- Attended her session because she is a great speaker and super smart. Check it out via the YouTube link above
- Talks about the unexpected places your passwords reside, how password attacks are performed, and typical paths where credentials can be leaked
- Demos include how she hacks cached credentials, KeePass, Remote Desktop Manager, IIS, etc
- Kerberos pre-authorization token which allowed access without the smart card even when that was the only authentication method
Sami Laiho (awesome speaker)
Learn Why You Need To Ditch Admin Rights – Session not yet available online
Learn About Windows 10 Secure Kernel – https://youtu.be/7eMmR7B-xFk
Discover Windows 10 Internals – https://youtu.be/Qz2bRdwS4O4
- Another brilliant speaker on Windows security
- Sessions were demo filled, so videos will provide much details
- Talks about ditching admin rights, how admins can impersonate others, shows how to login to systems as a normal user with admin rights, etc
Microsoft Advanced Threat Analytics (ATA)
- Can detect advanced threats in your network
- ATA leverages unique machine learning algorithms, together with the latest security researches in order to detect suspicious activities such as Pass-The-Hash, Pass-The-Ticket, and more
- ATA helps identify breaches and threats using behavioral analysis
==================================================================
Office 365
- New UI
- Office 365 growing rapidly
- Office 365 App Launcher – https://blogs.office.com/2016/09/27/introducing-the-new-office-365-app-launcher/
- Office 365 Administration – New Admin Center is now GA (easier, faster, more insights, more functionality)
- New usage reporting dashboard
- Improved search
- Monitor DirSync status (easy access from admin dashboard, quickly identify issues)
- Message Center – Stay on top of upcoming O365 changes, take required action, and prevent problems
- Office 365 Admin App – Manage on the go – http://aka.ms/office365adminmobile
- Retirement of old Admin Center in Q4 2016
Office 365 Roadmap http://roadmap.office.comOffice
Office Blog https://blogs.office.com
==================================================================
Windows Hello
- Microsoft announced that Android and iOS devices will get Windows Hello authentication support
==================================================================
OneDrive
- OneDrive getting more integrated with Sharepoint Online, plus new capabilities when used on web browser or mobile device
- Built-in more features to secure and manage OneDrive content
- The sync client for OneDrive (consumer) and Onedrive for Business now gets a Sharepoint sync as well
- Delivers unified sync experience with ability to sync Sharepoint Online document libraries and OneDrive folders shared with users
- New activity center to show recent changes to files
- On web, OneDrive able to display rich previews for commonly used business file types such as Adobe, Photoshop, etc
- New features to OneDrive app for iOS and Android
- Push notifications when files are shared with you
- Scan feature to combine multiple photos into a single pdf file
- Discover how many team members have viewed the files
- New IT capabilities – OneDrive user management in O365
- Set storage quota
- External sharing permissions for specific user
==================================================================
Microsoft SQL Server 2016
Here are some SQL 2016 sessions to check out
Upgrade to Microsoft SQL Server 2016 – https://youtu.be/WboD21kxIRM
Learn How SQL Server 2016 on Windows Server 2016 are better together – https://youtu.be/bEABd2zOV9k
==================================================================
That’s all folks!
Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.
Podcast: Play in new window | Download