10 New things I System Center 2016 from OCT 2016

1. System Center 2016
10 nyheder på 60 min

2. Per Larsen
Microsoft MVP – Enterprise Mobility
Solution Architect | per.larsen@atea.dk | m: +45 3078 1828 | f: +45 7025 2575
Co-Organizer - Everything Windows User Group Denmark | www.ewug.dk
Microsoft Partner Technology Solutions Professional (P-TSP)
in: http://www.linkedin.com/in/perlarsen1975 | t: @PerLarsen1975
Blog: http://osddeployment.dk
P

3. Mikael Bach Jakobsen
Senior Consultant | Mikael.bach.jakobsen@atea.dk |
m: +45 3078 0471 | f: +45 7025 2575
in: https://www.linkedin.com/in/mbjakobsen| t: @MikaelbJakobsen

4. System Center 2016 – 10 nyheder på 60 min
1. Config Manager CB & LTSB
2. Optimized on Azure
3. Windows Store for Business
4. Windows Defender Advanced Threat Protection
5. Health Attestation

5. System Center 2016 – 10 nyheder på 60 min
6. SC 2016 SCVMM
7. SC 2016 SCOM
8. SC 2016 SCDPM
9. SC 2016 SM & SCO
10. Operations Management Suite (OMS)

7. 1511
• Deploy, upgrade, and
manage Windows 10,
including new
features
• Manage Windows as
a Service
• Servicing model for
ConfigMgr Current
Branch
• Combined end-user
portal
1602
• Client online status
• Support for SQL
Server Always On
• Windows 10 Device
Health Attestation
reporting
• Office 365 update
management
• Conditional Access
support for PC
management
1606
• Windows Anniversary
Edition support
• Windows Information
Protection
• Windows Defender
Advanced Threat
Protection
• Windows Store for
Business integration
• Windows Hello for
Business
• Content status links
in admin console
• End user portal
improvements

8. 4,142
6,105
10,286
Configuration Manager Current Branch
tenants by version
1511 1602 1606
20,533 total tenants

9. 9.47
13.86
17.17
Configuration Manager Current Branch
clients by version
1511 1602 1606
40,497,142 million total clients

10. Configuration Manager
Current branch (version 1511) CB (1602) CB (1606)
Fall 2015 2016
Branch Availability Windows 10 features supported Support Windows Servicing
Model supported
Current Branch
Generally available on 12/8/2015
with updates released periodically
throughout the year
New features, security updates, and bug
fixes
Can defer updates for up to
12 months before you must
deploy updates to maintain
support
Windows 10 Current Branch,
Current Branch for Business, and
Long Term Servicing Branch
CB (1610) CB (17xx)
2017
LTSB (1606)
CB (1602) CB (1606)
Fall 2015 2016
CB (17xx)
2017
LTSB (1606)
Long-Term Servicing
Branch (LTSB)
Generally available on 10/12/2016.
No new features and support for
new OS releases. Security fixes only.
Only the Windows 10 mgmt. features
released up to ConfigMgr version 1606.
No new Windows features will be
supported in the future.
10-year fixed support;
different from traditional 5+5.
Only up to Windows Server 2016
and Windows 10 LTSB (1607).
CB/CBB is not supported. New OS
releases won’t be supported.

11. Is this “Configuration Manager 2016” ?
• No. The Configuration Manager release included with System
Center 2016 should not be considered as “System Center 2016
Configuration Manager”.
• The included release is a baseline version of 1606 with two
installation options:
• Configuration Manager (current branch - version 1606)
(default)
• Configuration Manager (LTSB – version 1606)

12. What is removed from LTSB?
• Support for the future releases of Windows 10 LTSB and
Windows Server
• Support for Windows 10 CB/CBB
• The ability to add a Microsoft Intune Subscription, which prevents
the use of
• Hybrid MDM
• On-premise MDM
• Windows 10 Servicing Dashboard and Servicing Plans
• Asset Intelligence
• Cloud-based Distribution Point
• Support for Exchange Online as an Exchange Connector
• Any pre-release features available in ConfigMgr (current branch)

13. What is LTSB intended for?
• LTSB of Configuration Manager is intended for a scenario when
customers allow their Software Assurance (SA) or equivalent
subscription rights (such as EMS) to expire as of Oct 1st 2016.
• Per product terms, customers cannot use the Current Branch.
• In the past, customers could install System Center 2012 R2
Configuration Manager.
• Starting on Oct 1st 2016, LTSB provides an alternative install
option with a 10-year fixed support lifecycle policy.

14. Should customers use Current Branch or LTSB?
It simple…..
Unless customer’s SA or equivalent subscription rights are expired,
they should use the Current Branch of Configuration Manager.

17. Manage traditional clients that roam on the Internet
• Without additional infrastructure
• Without exposing infrastructure to the Internet
• Easily configured through the Configuration Manager console
• Key features continue to work on the device when not on the corporate network
• Settings
• Software updates
• Applications
• Hardware and software inventory
• Endpoint protection
Cloud-based management service

18. Cloud-based management service
architecture
AD CA
Windows
Update

19. Find, acquire, manage, and
distribute apps on Windows
10

20. Windows Store for Business
ONE PLACE FOR YOU
Volume acquisition
and distribution
Acquire Store apps and
Line-of-Business apps
Flexible deployment
to meet your needs
Designed for
organizations
Curated for business or
for education
Apps owned and
managed
by your organization
Easy and familiar
for your users
Simple discovery and
installation of apps
Automatic app updates
by default
To find, acquire, manage, and distribute apps on Windows 10

21. Option 1
Assign app licenses directly to users
Option 2
Use a private store page
Option 3
Integrate with management tools
For organizations and departments that
do not want to use app management
tools
Simple invitation model targeting
specific users
Users receive an email or can go to My
Library in Windows Store to install and
launch organizational apps
For organizations and departments that
do not want to use app management
tools
Provides users flexibility to choose
organization apps to install
Admin chooses apps to appear in
company tab in the Windows Store;
users self-discover
For organizations that want to leverage
existing app management tools
Supports complex management options
including dynamic groups, update
management, push installation, etc.
Users can find and use Windows Store
for Business apps pushed to their
device(s) or on a company-approved
portal
App distribution options

22. Application Distribution via System Center Configuration
Manager (CM) and/or Intune

25. WINDOWS DEFENDER
ADVANCED THREAT PROTECTION
D E T E C T , I N V E S T I G A T E A N D R E S P O N D T O T A R G E T E D
A T T A C K S
Unique threat intelligence knowledge base
Rich timeline for investigation
Behavior-based, breach detection
Built in to Windows, cloud powered

26. ADDING A POST-BREACH MINDSET TO THE
WINDOWS 10 DEFENSE STACK
PRE-BREACH POST-BREACH
Windows Defender ATP
Breach detection
investigation &
response
Breach detection
investigation and
response
Windows Defender
Advanced Threat
Protection (ATP)
Device protection
Device Health
attestation
Device Guard
Device Control
Security policies
Device
protection
Device Health
Attestation
Device Guard
Device Control
Security policies
Information
protection
Device protection /
Drive encryption
Enterprise Data
Protection
Conditional access
Threat
resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Identity
protection
Built-in 2FA
Account lockdown
Credential Guard
Microsoft Passport
Windows Hello :)
Built-in 2FA
Account lockdown
Credential Guard
Microsoft Passport
Windows Hello ;)
Identity
protection
Device protection /
Drive encryption
Windows Information
Protection
Conditional access
Information
protection

30. TODAY HEALTH
IS ASSUMED
Unknown PC health
Important resources
1
Authenticated access request
2
You’re in

31. ConfigMgr and
Intune TO GATE
ACCESS BASED ON
DEVICE INTEGRITY
AND HEALTH
Device Health Attestation enables:
1
Authenticated access request
2
Prove you are healthy
5
Here is the proof
Important resources
Windows Cloud Attestation
and Intune
Attestation
request
3
Attestation
response
4

32. 45

35. Cluster Rolling Upgrade
Seamless
Zero downtime for hosted VMs
Effortless
VMM orchestrates the process
Safe
Maintain backup SLA using DPM
Upgrade WS 2012 R2 host cluster to WS 2016

36. • Nano Server
• New minimal-footprint installation option in
WS2016
• Better resource utilization
• Faster reboots
• Fewer updates
• Bare metal to Nano Server
• Compute clusters
• Storage clusters (hyper-converged or
disaggregated)
Nano Server provisioning

37. Hyper-converged cluster creation
• Use VMM to create cluster
and check S2D checkbox
• A hyper-converged cluster
gets provisioned with a
global pool and up to two
tiers – capacity and
performance
• Use VMM to create CSV for
use as VM storage
Storage Pool
Storage Space Virtual Disks
Virtual Machines
Cluster Shared Volumes
Software Storage Bus

38. Shielded VMs
• VMs whose data, at rest or in transit,
can’t be snooped by malware or
malicious fabric admins
• Create new shielded VMs or shield
existing unshielded VMs
Shielded VM
Admin
No access
w/o
credentials
No access to
VM data

40. Operational simplicity
Monitoring
Experience
• MP discoverability
• Data-driven alert management
(alert noise reduction)
• Schedule maintenance mode
• In-place upgrade
Improved
Fundamentals
• Scale improvements for X-Plat
• Performance improvements
• Improved UI responsiveness
• Removing Silverlight
dependencies

41. • Nano server compatible SCOM agent
• Agent installation experience is at par with
full agent installation
• Supported workloads - DNS, IIS, Failover
Cluster, and Base OS (more to come…)
• MPs of Nano compliant workloads is
updated, to use PowerShell instead of VB
Script/JScript
Nano server monitoring

42. Storage monitoring reimagined
System Center 2016 Operations Manager
PowerShell
Actions
Windows Server
Health Service
Storage System
Discovery
User Notifications Dashboards
 Focus on relevant objects
(Cluster/Storage
subsystem, volumes and
file shares)
 No dependency on VMM
Management Pack
 New visualizations

43. HTML5 Web Console
No Silverlight
dependencies
Access Web Console
from different browsers
Faster web console
HTML5-based dashboard
views

45. SC 2016 DPM
• ReFS Cloning
• Deduplication
• VHDX
• Workload-Volume
Affinity
Reduced TCO
WS 2016
Private
Cloud
• 3X Faster Backups
• 50% storage savings
• 2X scale
• Reduced storage costs
Modern DPM
Storage• Resilient VM backups
with RCT
• Backup VMs stored on
S2D
• Rolling Cluster
Upgrade – Don’t miss
backup SLA

47.  PowerShell ISE plugin for authoring
 Support for PowerShell scripts in
SMA
 Windows Management Framework
5.0 support
 HTML Self Service Portal
 Significant Performance
Improvements
 Service catalog, including support
for Lync 2013 & Skype for Business
Integrate people,
process, and
knowledge
Efficient resource
utilization and SLA
tracking
Easy publishing and
consumption of
IT services
Deploy cloud services
and process
automatically

48. SM 2016 performance improvements
Creating WI
10x
faster
Workflows
1.5x
faster
Portal page load
<2s
WI capacity
45+/min
each taking <0.5s
AD connectorSCCM connector
Groups n Queues
2x
faster
ECL grooming
67%
faster
50%
faster
3x
faster

50. • Log analytics
• Use OMS log analytics to gain insight and troubleshoot
• Network performance monitoring
• Live-monitor performance parameters of networks within and across datacenters using OMS
NPM. Works with and complements SCOM network fault monitoring
• SCOM assessment
• Get insights into the health of your SCOM deployment, and remediation assistance using OMS
SCOM Assessment
Available now

51. Microsoft
Operations
Management
Suite
Premises Datacenter
WINDOWS
HYPER-V
WINDOWS
VMWare WINDOWS
SC and OMS – Enabling new capabilities
System
Center 2016
• Comprehensive management
of heterogeneous
infrastructure and workloads
• Breadth of coverage
• Integration
• Rich ecosystem
• Rich analytics
• Scale and agility
• Operational simplicity
• New services
• Reach from anywhere

52. Network Performance Monitor
Physical Network
SDN Controller
BGP
Agent Agent Agent
Auto detect
subnets & paths
Custom
alert rules
Detect faults
Analytics-driven
monitoring
Determine e2e
loss & latency
NPM Service
Agents can be placed
across DC/clouds
Live intra and inter-network
performance monitor
Device
Agnostic

53. Application
Dependency Monitor
 Feature description
 Brings big picture applications to
OMS and System Center
 Delivers seamless visibility into
Azure Hybrid Cloud and on-
premises workloads
 Built on BlueStripe Software’s
market leading technology
 Status: Private Preview

54. Patch management
Grouping and Orchestration
• Grouping (AD, WSUS, SCCM collections)
• Hybrid proxy support
• On-demand/recurring schedule
• Patch reporting using Log Analytics telemetry
• Linux patching Reporting/Installation
Patch Insights
• Patch dashboards, searching. Time
estimates applying patches
• One time parallel execution
• Patch Orchestration
• Ability to do pre/post actions
• Sequence: Applying patches to a group
of servers
Workload Aware/Approvals
• Workload aware patching leveraging ADM
• Linux patching extended
• Patch approvals and management
• Microsoft products patching
• Patch co-ordination across workload
owners/patch owner

56. Windows Upgrade Analytics
• Workflow visualization from pilot to
deployment
• Powerful upgrade readiness insights
and recommendations about the
computers, applications and drivers
• Risk based approach to app
rationalization
• Microsoft guidance on app and driver
compatibility issues
http://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics
Allows the enterprise IT to quickly
identify and focus on the critical
issues impeding upgrades;
provides data driven insights to
plan and manage the upgrade
process end to end

57. Windows Upgrade Analytics and ConfigMgr

58. © 2015 Atea A/S. All rights reserved.
This presentation is for informational purposes only. Atea A/S makes no warranties, express or implied, in this summary.
Thank you