Brad Anderson: Microsoft Management Summit 2012 – Day 2

ANNOUNCER: Ladies and gentlemen, please welcome back Brad Anderson. (Applause.)

BRAD ANDERSON: All right, welcome back. Hey, let’s see if we can do a little better than yesterday morning. Are you ready? All right, good morning!

AUDIENCE: Good morning!

BRAD ANDERSON: All right, there we go.

All right, well, you know, yesterday, what a great day. You know, we had thousands of people in the room here, we had thousands of people watching the webcast live, we had more than 70 countries represented between all of you that were here in the room and those who were watching online. So, welcome back, welcome to everybody who’s also watching online. Boy, today is going to be an exciting day.

Let me reflect back just yesterday for just a couple of minutes and just make a couple of comments. You know, it’s fun to watch what people tweet as I’ve got to say it’s just one of those really fun things.

I’ll tell you I think Vijay stole the show yesterday jumping in the pool and his cup. One of the No. 1 tweets is how can I buy Vijay’s cup, right?

So, what we’re going to do is we’re actually going to have that be — we’re going to draw a winner of the two cups. So, when you fill out your analysis and your evaluation, you will be eligible to actually win one of those coveted cups, and we’ll probably see that on, you know, eBay later in the week. (Laughter.)

The second thing, one of the greatest tweets was, hey, System Center 2012 in one word, cool, right?

And then there was a whole rack of tweets about private cloud in your pocket, and I’m just going to leave it at that.

All right, so let’s reflect back real quickly. We said we wanted to frame the conversation around what we wanted to do in the innovations that we were driving to help you deploy and operate continuous services, and then enable those continuous services to be consumed on all of your users’ connected devices.

And so today what we’re going to talk about is all those connected devices and what we’ve been building and what our vision is and what our strategy is to help you grapple with the challenges as the number of devices that you’re being asked to manage and enable your users on is just growing exponentially.

So, let’s start with a couple of numbers, OK, and this is from a recent IDC report. You know, in the past the design point for all the technology that we built was truly one desktop, one user, and that’s what we designed for. But the world has just changed. Now our users have multiple devices, many devices, and often you hear from users that they feel that the technology they have at home is superior than the technology they have at work. They want to have a say, they want to have a voice in what they’re using, they want to have a voice in how they’re being productive.

And that really is what consumerization of IT is, it’s our users and the consumers are expressing their opinion that they want to have the best possible capabilities that are going to enable them to do the best work possible.

And you know what, we think that’s a great opportunity, we think that’s an opportunity to just unleash the power of our users and do it in a way that just dramatically scales their productivity.

So, we want to enable you to be able to say yes to that. We want to deliver you the technology and the capabilities that you can say yes, bring your device, we’re going to enable you to be productive how, where and when you want.

A couple other just kind of data points to set some context. In 2011 there were 916 million smart connected devices shipped. OK, that’s phones, smart phones, tablets, and PCs. In 2016 that number doubles. How is that going to impact you?

And this is one of the most interesting data points I think from this IDC research. They asked the corporations how many of you are enabling your users, allowing your users to access corporate applications on their personal devices? Thirty-four percent of the organizations responded back that they were doing that.

They then asked the users across all those organizations how many of you are accessing your corporate application on your personal devices, and guess what that number was? OK, there’s a little gap there, right? Two times the employees in organizations said that they were accessing corporate applications from their personal devices than what corporations were willing to admit to.

You know, I’ve got a belief that when there’s a will there’s a way. If users want to use their personal devices, they will figure out a way to do it, whether that’s if they just send the data up through something like an online service up in the cloud and the data then comes down to their personal devices, they will figure out a way to do it.

And, you know, as I’ve met with some of the companies that I would say are leading the charge or are on the leading edge of really embracing this bring your own device, that actually is a part of their strategy. They know they can’t deliver everything that’s going to enable their users to do what they want, but they actually have as a part of the strategy and they bank on the fact that their users are going to figure out a way to do it. If they could just ensure that the corporate assets, the applications and the data is protected and secure, if they could just have confidence that they can do that, their belief is that the users will fill in the blanks, and I think that should be a part of your strategy as well.

So, now let’s talk about what’s happening in your environment, OK, and this isn’t going to be news to you but I want to introduce some concepts and I want to spend about five minutes walking you through a framework that we’ve used at Microsoft that’s really helped us to understand what all of this means and then really become the framework that we’ve used to build what we’re going to show you today.

You know, in the recent past the majority of the devices that you have managed have been what we call corporate-controlled. Think of these as devices that are procured by the company, they are controlled by the company, you know, when these devices come in you put an agent on these devices, you control them from cradle to grave, you push down policy, you know, really IT is in control of these devices. That’s been the bulk of what we’ve done.

And then there’s been this, you know, small and growing population of user devices coming in which mostly have been smart phones and laptops but now increasingly you’re seeing tablets come in.

What does this look like in the near future? There’s a dramatic change. There’s a dramatic change, and it’s not just, you know, simple growth or some minor growth, this is several factors of growth of what you’re doing today.

And the bulk of these new devices that are going to come in that you’re going to be asked to enable your users on are not going to be controlled by the corporation, they’re going to be controlled by the user, OK, and that really has forced us to step back and say, listen, what does it mean to manage devices and enable users on devices when the corporation and IT really doesn’t control them in the way that we’ve historically controlled devices. We’ve had to actually step back and reimagine what that means, we’ve had to reimagine what management means.

So, let me ask you this question. Why do you think we chose to use the words controlled rather than owned?

Often when I talk with customers and I ask them, hey, tell me about your strategy for bringing your own device, they always talk about corporate-owned, user-owned or personally owned devices. I don’t think it’s about ownership, I think it’s about who’s in control of the device, is the user in control or is the corporation in control.

So, let me introduce you into this framework that we’ve been using, and this over the last nine months has really informed us and enabled us to kind of see what we had to do as we reimagined what management meant in this new world.

So, your rows here is who controls the device, is it corporate-controlled or user-controlled? So, for example, in that bottom row this is what we historically have done. If I advance this, we have built technology for the last, you know, 20, 21 years since we first started the project Hermes SMS 1.0 in 1991 that delivers to you a solution that banked on basically corporate-owned, corporate-controlled devices, you put an agent on that, you push down policy, you push down updates, you basically dictated how much rights and how much empowerment you gave to the user on that device, OK?

Now, the columns, let me talk to you about the columns for a minute. Your left-hand column, and I chose to use these words, they’re kind of geeky, but what I wanted to get across, the point here is there are things that we have to take into consideration in the architecture of the operating system and the device that then dictates how we can actually manage these devices.

So, on the left-hand column think of this as traditional Windows. I can deploy an agent, that agent has global rights across the entire operating system, I can look at all the applications, I have an app, an agent that is privileged.

Now, your right-hand column, think of what the rights are on, say, an iOS device. There is no concept of an agent you can deploy. You deploy apps. An app has no rights into another app.

And so the fundamental architecture of the device is different and many of these devices that are coming into your organization we don’t have the same opportunity to control and manage them the way we have in the past because, one, the operating system doesn’t give us the rights to do that, and two, the users just aren’t going to accept it. As users are bringing in their own devices, you know, that’s these devices, whether it’s a laptop, a tablet or a phone, they’re very personal devices, there’s a great deal of pride in these devices, they’ve got a lot of personal data on those devices, and they’re hesitant and uncomfortable with us laying down an agent and controlling them in the same way that we have before. So, we’ve had to reimagine it.

So, we need to continue to deliver you great control capabilities, because you’re going to be controlling PCs that are corporate-controlled from here until as far as I can see into the future, but we also have to expand this and we also have to introduce into you what we call the concept of governance of devices, and in addition deliver that with control.

So, what are we talking about like governance? Governance is all about you being able to identify the risks of different platforms and then in the context of the management solution you be able to define a policy that then says how you’re going to enable your users to work on their devices, and then the user can either accept that or not accept that, so you have a level of control, if you will, but ultimately the user makes the decision if they want to opt in or opt out to the policies that you want to apply. Does that make sense?

So, let me give you just a couple of examples. You can say — and this is common — if you want to bring in a user device and you’re going to access corporate e-mail on that user device, we are going to require a power-on password. We need to make sure that the corporate e-mail is protected. We do that through Exchange ActiveSync. And when your users bring in their device, you can enforce a power-on password.

Now, the user can decide they don’t want to have that. That’s fine, they just can’t access corporate e-mail on their personal device. That makes sense?

Another example, let’s say that you look at some of these device and you say to yourself, I don’t believe these devices are trustworthy, and my policy is we’re not going to trust them, but I still want my user to be productive. So, I’m going to put a policy in place that says when a user comes in to access an application, I’m going to enable them to access that application but I’m going to have it run in a VDI format rather than locally so I can assure that the corporate assets and the corporate data and applications are protected and secured. Make sense?

You’re enabling your users to be productive on their device, you’re setting the policy, but it’s not this tight level of control where you control that device and every single aspect of that device from cradle to grave, it’s about governing how corporate resources are accessed on the growing number of devices.

So, I want you to start using this term and in the management and what you’re going to see throughout today and you’re going to see throughout the week and you see as we continue to build out these capabilities, you’re going to see us talking about control and governance. And if you truly are going to be a leader and embrace this bring your own device, enable your users to bring their device, you’re going to have to get comfortable and identify what your policies are to enable governance.

And let me just give you a quick example from inside of Microsoft. You know, our view is our users are trustworthy, we inherently trust our employees. And so one of our policies is users are going to be able to bring their own devices in, and as long as a device is encrypted, so if the device gets stolen or lost the data on the device is protected, if the device is encrypted we’re going to allow them to deploy applications and data and use their own devices. And that’s how we’re going to address it.

You know, I was at dinner a couple of weeks ago with five different customers, and it was fascinating to kind of hear what each of these five different customers were doing with respect to their strategy on the consumerization of IT. One said, you know what, we’re never, never, never going to allow users to bring in their own devices. That’s on one pole.

On another there was an organization that said, listen, we think it’s the greatest thing ever. Users are more productive, they’re more happy, they’re working around the clock because their devices are with them, and we’re going to enable that, and they had done a lot of work to build a self-service experience that tried to give this a consistent experience across all the different devices.

And there’s people in between that.

Our intent here is to deliver you a tool that allows you to do whatever you want to across that spectrum. We’re going to do that through System Center Configuration Manager and we’re going to do that through Windows Intune, and what you’re going to see over time is you’re going to see these things which today feel like they’re very different things, you’re going to see them become much more of a continuum, and you’re going to see us do a lot of integration to where you’ll be able to use these two things together.

Now, just fundamentally as you think about what you have to do as you enable this consumerization of IT and enabling your users to work on their devices, you know, one, you just have to provide a way that users can get access to all their applications on all their devices, and two, you have to do it in a way that ensures security across all the devices.

So, here’s what we’ve been working on. We believe these are the three core foundational principles of the infrastructure that you have to have in place to do this in order to enable you to — you know, according to what you decide and how you want to enable your users to bring in their devices, these are the three things to consider.

First one, you have to have an intelligent application infrastructure, an infrastructure that understands the different applications across the different platforms and the different ways to deliver the application, and then is able to intelligently deliver the application to the user on their device in the most appropriate manner, and we’ll go into that in more detail in a couple of slides.

Second, you’ve got to protect that and you’ve got to protect the access to that, and we’re going to do that through Active Directory, leveraging the ideas and all the investments you’ve made there, and we’re even going to be able to do that through the cloud.

And then finally, the work that we’re doing is really you’re going to see these concepts of control, which we’ve done forever, you’re going to see the concepts of governance come in, and you’ll be able to set policy that either controls or governs the devices in the appropriate manner.

And, of course, it’s all centered on the user. Every single thing that we’re going to do is on the user. And if you think about what we’ve been investing and what we’ve been talking to you about for the last several years, you know, we saw this trend coming several years ago, and so back in 2007 and 2008 we introduced this concept of user-centricity, OK? We were a lot of the thought leaders in coining this term and in really embracing and helping to understand what it mean to enable your users and to build the tools all based on that identity of the user.

So, here’s where I think your opportunity is, your personal opportunity and your corporation’s opportunity. It’s just a time of change. It’s just a time of change where users are demanding that they be given more flexibility. So, you’ve got a chance I think to broaden your impact. So, rather than being just — and I don’t want to say that in a way that’s demeaning at all, but you have an opportunity to be more than just a desktop administrator. Be the person, be the team that enables users to work across any device they want to work on. Take charge of all the different technologies in your organization that enable this. Expand your influence, expand your role, expand your impact, expand your careers.

As you do that, your users will be wildly, wildly happy, they’ll be more productive, they will look at you honestly as their hero. And as you do that, the organization will be differentiated, your organization will be able to attract greater talent because you will have a policy and you will have an infrastructure that is these just really incredibly talented individuals who want to come to work for an organization that’s going to empower them, you’ll have a story about how your organization and how you as IT are going to empower them to work the way they want to. And make no mistake, that’s a big attractor of talent.

OK, so let’s get into the meat now.

So, first of all, let’s just take a moment and celebrate the release of 2012 Configuration Manager and endpoint protection. (Applause.) Far and away the most significant release of System Center Configuration Manager in history. You know, this is the sixth release that I’ve worked on, and it’s just amazing how much innovation and how much technology the team did here.

You know, as we set out on this journey a couple of years ago, we really wanted to focus on three pillars: all about the user and being people-centric; we wanted to unify the infrastructure and give you an infrastructure that allowed you to do your protection, your management, your mobile device management, do that in physical and virtual assets, we really wanted to help you unify and really consolidate the number of infrastructures you had and fully leverage your investments in Config Manager; and then we focused on simplicity — simplicity, simplicity, simplicity, make it easier, make it easier, and we did great work and we’ve got a lot more work to do there, but this is a wonderful, wonderful product.

So, let’s give you some of the numbers on it. So, you know, as we deployed this in the beta, and as we deployed this throughout the world, there were half of a million nodes in production with the beta being managed in real world by those beta bits. You know, 280,000 of those were at Microsoft.

One thing many of you may not know, all the desktops at Microsoft are actually managed by my team. You know, I spoke yesterday about, you know, the fact that there is no substitute for experience, but I’ve got to tell you it is so wonderful to have the operations team that is responsible for all of the desktops across Microsoft in my organization. And when we do product reviews, you have dev, you have test, you have program management, and you have IT operations. And the level of conversation and the level of understanding of the pain that sometimes we inflict upon our customers if we don’t do a great job with our software comes out very relevant and we do a much, much better job. It’s a wonderful product.

And what I thought would be interesting here is just let you hear from a couple of the key leaders who built this, as well as a number of the MVPs that helped us throughout the entire process. So, let’s just take a quick look at this.

(Video segment.)

(Applause.)

BRAD ANDERSON: Yeah, thank you. You know, on behalf of the team, thank you. I’m really incredibly proud of what they’ve done, and I want to echo what Ed said there: far and away the most significant release. It’s just amazing what the team has done.

You know, one final comment there, you know, Ken talking about the fact that you started working on SMS in 1992 when he graduated from college. The kid had to have been a child prodigy when he graduated when he was like 12.

OK, so let’s go on to the next one here. Let’s now dive into the details. I want to help you understand what we’re doing here, what our vision is, get really deep into how we’re integrating with all the different ways we need you to embrace these devices and then show it to you.

So, first of all, let’s start here and let’s just talk about when I talk about having an intelligent application infrastructure what does it mean?

So, first of all, the first thing for you to take away here, the user is at the center, the user is always at the center of everything that we do, and then we need to figure out how we are able to deploy all the different kinds of applications now that that user is going to need to be productive across all of their different devices.

Just think about this for a minute, what this means. Starting from left to right on the top row you’ve got device optimized applications, you’ve got Windows applications, you’ve got iOS applications, you’ve got Android applications. How do you deploy those and how do you understand, how can you set policy about which of those applications should be deployed to which devices, and how do you manage all of that?

Then you have your Web applications, then you have VDI and VDI will continue to play a more and more important role as you continue to enable your users to bring in their own devices, and, for example, they need to access Windows applications on a non-Windows device, OK? So, the number and the kinds of applications that you have to manage going forward is just dramatically different than it was in our past.

And then that bottom row, it’s not just about enabling your users on Windows any longer, certainly Windows is going to be the primary foundation on which all business is going to be done on, but your users have also got other devices they’re bringing in. So, how are you going to do this across Android and the iOS devices? That’s what we’re building, OK?

So, let’s maybe make a statement here that’s really, really clear: in order for us to do this what I’m announcing to you this morning is we are doing deep, deep integration with Windows, with iOS and with Android, OK, and we’re going to enable you to do that. (Applause.)

So, let’s take the next level deeper in what we mean by device optimized applications.

In the past, what we did is we took MSI applications and we took App-V applications, we deployed those through System Center, you know, to the users, we had a self-service experience where we pushed the application down.

But now look what you have to deal with. You now have to deal with how are you going to deploy applications from multiple app stores or from multiple stores across multiple vendors. How do you do things like side load applications and then how do you put policy in place that makes that understandable for all of the IT organization and easy and simple for the end users to access with a consistent experience as they go across all their devices?

So, the work that we’re doing here, for example, is we’re deeply integrating with the Microsoft Store, we’re deeply integrating with the Apple App Store, as well as with Android. We’re doing things like giving you the opportunity inside of the administrative console to do what is called deep-linking into apps. What a deep link is, is it allows you to basically create an application in our IT pro console that deep links into the store, into the application store, and then as your users log in with their Active Directory ID they see the icons that appear for those applications and it removes all the noise of the hundreds of thousands moving to millions of applications that exist in these stores and just presents the user with the application that you want them to use within your corporation to be productive.

We’re also enabling side-loading of applications. Side-loading of applications is taking your line-of-business applications that have been built for the platform, whether that be Windows, iOS or Android, and it allows you to load that application onto the device without having to go through the primary store.

So, what this provides is it gives you the opportunity to take all the different kind of application types — Windows, iOS, Android — manage them all in a consistent way through a single console, deep-linking into the store, side-loading your line-of-business applications, associate that all to the user, again at the center of the model here, and then as your user uses their various devices they’ll have a self-service experience that allows them to authenticate in against Active Directory, they will then be delivered all the applications that they need in order to do their jobs, intelligently according to the device that they’re on, the system will make that determination for you based upon the policies that you’ve expressed, and your users can now roam across their different devices but always have a consistent experience to get their work done.

That sound interesting? Really? (Applause.) Come on. The worst thing I can tell you, the worst thing that all of you could be doing right now is deploying separate solutions for each one of these, a separate solution for Windows, a separate solution for the other devices, a separate solution for managing your thin client servers, a separate solution for managing your device optimized applications, a separate solution for managing an Android versus an Apple device. Every time you deploy another product, another infrastructure, it’s cost, it’s expense, and it introduces complexity to your users. You want to do it all on one thing, and you’ve been very clear with us, enable us to do this work through System Center and through Windows Intune.

So, OK, so we’re going to go through a couple of demos right now, and the first demo we want to show you is some of the innovations that we’ve driven specific to Windows and some of the things that we’ve done inside of System Center Configuration Manager 12 in enabling you to deploy the rich Windows applications down to devices.

And to do that, let’s invite Bill up to the stage. (Applause.) Good morning, Bill.

DEMOER: Mr. Anderson.

BRAD ANDERSON: Yeah, Mr. Anderson.

DEMOER: The biggest threat is not the technology, it’s tripping walking up the stage.

Welcome, everyone, great to see all of you guys this morning.

As Brad alluded to, we’re going to start off by talking a little bit about device optimized applications. This is really the fundamental behind the work that we did in Configuration Manager 2012 to really redefine and redesign the way we deliver software. So, that’s actually the demo I’m going to go ahead and start with today.

You know, we’re going to go ahead and take a simple application that you guys probably manage on a day-to-day basis. In this case it’s actually Adobe Reader.

Now, it sounds simple but it’s not always that simple. As you take a look at the bottom of my screen you’ll notice I’ve actually got five deployment types that I’ve got for Adobe, because I want to leverage the power of things like app virtualization as well as I still have the need to leverage Windows Installer Services, a consistent way of delivering these apps.

Now, in the spirit of device-optimized we’ve got a lot of rules and detection methods to make sure that the applications really do exactly what they need to do on the device for the user.

But one of the things we also want to do is deliver a little predictability, consistency, and as Brad alluded to earlier intelligence in how you can model and deploy these.

One of the features that we’ve built into Config Man 2012 is the ability to do a simulated deployment. So, taking a look at an application like this I’ll show you just how complex it is before I do the simulation.

You can see that not only is it just multiple deployment types, but each one of those deployment types actually has a series of rules on them: operating system version, prerequisites like, oh, applications like the App-V client being present, et cetera. So, I’ve got a lot of different pieces across this very big diverse application.

So, instead of just deploying it and wondering what might occur, we’ve created the concept of a simulated deployment. This allows us to take a complex application like this, send it out to the real users on the real devices, and return what we actually would have done. This is not a simulation against the database, this is real rules processed, real users, live. So, you’re going to be able to see this data accumulate back and know exactly how the application is going to perform.

So, I’m actually just going to go create a simple simulated deployment here. Now, at Contoso I’ve got a group called Contoso Users. What the heck, let’s send it out to everybody and kind of see how the behaviors would be across the entire company. And when I do a simulation I can do an install or an uninstall, even simulate removals and what I would have chosen to do.

BRAD ANDERSON: It’s that simple.

DEMOER: All of a sudden I’ve now created a piece of policy that’s going to go process on all of those systems for all those users, and it’s going to come back and tell me what it would do.

Now, as you guys well know this is real policy for real systems. This would take hours or depending on your users maybe even days to get back a really rich picture of how it would have behaved. So, of course, I actually ran one earlier against some real systems, so we can show some real results.

Go to my monitoring experience, take a look at my existing deployments that are out there, and I’ve got an Adobe that I’ve deployed out to a group of folks on all desktops, about 180 to 200 or so desktops just so we can get a picture of what it’s going to return back.

Take a look at the status. Now, the first thing it’s actually going to tell me is how many succeeded, and you’ll notice from the green pie chart at the upper right I had a pretty good success rate with this. But what’s interesting is in many of these cases I may not have actually deployed anything. If you look at the top two rows those were systems where the app was already present. So, we don’t tell you just what would have installed but even render back the systems that are compliant already so you get a really holistic view of exactly what’s going to happen when you deploy these apps.

The other thing down below I can see the simulation success there, and I even see it broken out by the different deployment types. So, you can see I’ve got some X64 machines, some X86 machines, as well as some that have actually installed the App-V version of Adobe, so I get a really good picture of the diversity of the deployment types.

Maybe less interesting for this but if I were doing a server-based app like XenApp, this is a great tool because now I can tell the administrator how to set their expectations for performance on my XenApp servers before I even deploy.

Now, notice most of this was successful but there were a few systems who actually couldn’t install it because they didn’t need a specific rule. I have all of that information at my fingertips, too. So, in other words, I can see certain apps or certain systems that don’t have the right operating system, certain systems that might be missing prerequisites; everything I need to know about where it’s going to work and where it’s not going to work is returned back at my fingertips so I can deliver these applications consistently and predictably and give the best user experience possible.

BRAD ANDERSON: Thanks. (Applause.)

DEMOER: All right, we’ll see you again.

BRAD ANDERSON: Don’t get too comfortable, we’ll see you again in a couple of minutes.

You know, one of the things I just love about what the Config Manager team did here is, you know, talk about a pre-flight, you know, there are other pre-flights that have been in the market that go running against a database, but the pre-flight that the Config Manager team built here actually runs against the actual production system so you really get that net underneath you. And if you’ve got some kind of a deployment that you need to do, you can get that real feedback back and understand what the ramifications could be and if there are going to be problems before you actually click go.

OK, so let’s dive down a level deeper now on this intelligent application infrastructure. We showed you some of the things we’ve done specific in Windows, and some of that intelligence around supersedence, and some of the dependencies in those types of pieces, but let’s now talk about what we’re doing across these different devices, and how we’re going to enable you to deploy applications and manage applications across all your device portfolio.

So, first of all, again, the user at the center of everything, OK, I just want to continue to reinforce that, the user at the center of everything. Your user wants to use all of their devices. It could be a PC at home, it could be their personal laptop, or tablet, or phone; they want to be able to use their devices.

Now, fundamental belief that I have is these devices, these connected devices, these consumer devices, should be managed from the cloud. They were built to consume cloud services. The bulk of the work that we do on those devices is consuming cloud services and capabilities. We should manage them from the cloud.

And so, we’re going to show you some of the things that we’re doing, and actually you’re going to actually be able to use today as we announce some availability of some of this capability that you are going to be able to manage the devices, whether they be Windows, iOS, or Android devices from Windows Intune, from the cloud, and these always on, always connected devices will always be in contact, and you’ll be able to put governance rules on how users access your corporate applications and data from the cloud. All that keys off the directory.

So, even on consumer devices, consumer-controlled devices, if they’re not domain-joined, we’re still going to enable you to make the devices domain-trusted by having a self-service experience on those devices that will ask the user to authenticate to Active Directory, we’ll verify the identity of the user on the device through Active Directory. And then, based upon the policies that you’ve expressed, we will enable them to access the corporate data and applications according to those rules, those governance rules that you’ve put in place. But the device becomes domain-trusted. It’s an important thing to remember.

Now, part of the work that we’ve done here is, we’ve done some work that through Azure and Azure Active Directory, we can now even when your users are out past the boundaries of your firewalls, they will be able to authenticate against your Active Directory in your organization through Windows Intune, and we pass through what is called Azure Active Directory to do that. The actual identities of your users are maintained and kept within the walls of your data center, and Azure Active Directory just links us, Azure AD links us into your Active Directory.

So, let’s see this in action, and what I want to do now is actually show you some of the work that we’ve done to do self-service on user-controlled devices across a couple of different devices.

So, Bill, why don’t you come up and give us some of that experience. Give him a hand, everybody. (Applause.)

DEMOER: Thanks, Brad.

So, Brad has actually set up a couple of things that I want to be able to demonstrate to you guys now. First and foremost is this kind of diversity of applications that really exist out there, especially in this emerging world of employee-controlled devices where we’ve got things like consumer application catalogues, et cetera. And then I also want to be able to go demonstrate that integration of identity that Brad was talking about to really show that we can get a common understanding and definition of who our users are to deliver those services successfully.

So, I’m going to start on the diverse application side first. Many of you have read or heard about this Metro style app that’s evolving in Windows 8, and I want to show you in an updated release of Config Manager that will be available around the Windows 8 timeframe some of the things we want to do to be able to embrace that Metro style app experience.

Now, Metro style apps can exist in the Windows Store, and be delivered that way, or you as a corporation can build them and deliver them to your users using your normal management tools. I’m going to show you both today.

So, I’m in my Config Manager console. The first application I’ve got here is an app called Bing Maps. Notice to the right it says “deep link.” This actually is an application that is linked to an app in the Windows Store. If I take a look at the deployment type down below, you’ll notice something very interesting. When I go to my content tab, it’s not mapped to a distribution point. This actually is a link to the real Bing Maps application in the Windows Store.

Now, we can’t automate the installation of that app, but what we can do is allow you as IT pros to use this technology to improve discoverability for your end users of those kind of business related apps that exist in the Windows Store. Again, we won’t push them, the user is redirected to the store, but at least you can help them find apps to do their job better.

Now, as I said, Metro style apps can also be built by you, and then deployed to your users using your management tool. For those of you who were in the keynote yesterday, you saw the great expense approval app that they built. Well, what we’re going to do is walk through the client side of the experience. I’ve actually built a couple of client side apps to be able to go use to approve those expenses.

So, I’ve got an app here called Contoso Approvals. If you look at the deployment types below, I’ve got two. First of all, again with that continuing work we’re doing with Citrix I’ve got a XenApp deployment type set here, another great application really optimized for these kind of user-controlled devices as we’ve been talking about.

But as you look below it, I’ve actually got a Windows Metro style app that I’ve created, and when I select properties here you’ll notice on the content tab this is mapped to a distribution point. This is a real application we’ve built that we want to go deploy to our users so they can get a great experience on all their Windows 8 devices.

Of course, I want to make it super easy as well, so we automatically build requirement rules that set the appropriate platform, notice minimum requirements here for Windows 8 to make sure that the app only installs in places where it’s successful at.

So, what I’m going to do now is go ahead and deploy this application out to my managers at Contoso. They’re the ones who actually need to be able to go through this approval process.

Choose deploy, and I’ve got a group called Contoso managers. I’ve already put this out on my distribution point, so I don’t need to do anything there, and I’m going to go set it for install available. I’m not going to push install it, just allow people to come to the user catalogue, find the app and install it when they’re ready.

Now, at this point in time there’s a bunch of the rest of default settings that we’re just going to assume for things like time and availability. So, I’ll summary next and we can finish up.

So, that simple I’ve now taken some of these kind of emerging types of apps like a Windows Metro style app, and I’ve made it available out to my managed devices within Contoso who are running Windows 8.

But as Brad also mentioned, we’ve realized that in these kind of user-controlled devices Windows is very prevalent, but there are some other platforms out there that are critical for you guys to support as well.

So, now I’m going to jump over to the Windows Intune console, and I’m going to show you how we can have that same native application delivery experience from the cloud leveraging Windows Intune.

So, as you take a look there, you can see I’ve got a series of applications created here, and if you look in the platform column you’ll notice it supports iOS. So, I’ve got a couple of applications I’ve built that support either iPad or iPhone. We also could be building applications for Android platforms. All of those are now supported in native application delivery in this release of Intune that Brad is going to be telling you a little bit more about to be able to be available to you guys.

So, what I’m actually going to do now is just quickly do exactly what I did earlier, and I’m going to go deploy this particular application. Click on manage deployment.

Now, the other thing that Brad mentioned was this concept of a common identity and being able to leverage Active Directory even from the cloud as the way to go recognize a group of users. Notice within Windows Intune we’ve got that same concept. I can select my same Contoso managers group, choose add and choose next.

Now, to stay in line with that employee-controlled device and approach that Brad mentioned, we will not push these apps to the user. We’re only going to make these apps available to them. Again it’s their device, we want to help them discover things to do their business but again still give them the control that they need to have.

So, I’m going to choose available and choose finish. So, now all of a sudden using both Configuration Manager and Windows Intune I’ve taken some of these emerging types of applications, made them available out to my users.

Now, no demo is really ever complete unless we actually do the installation, so I need an end user to maybe help me.

Brad, do you think you could come out and maybe show the end user experience for these for me, please?

BRAD ANDERSON: You bet, I’d love to come up.

DEMOER: It’s kind of dangerous having the manager doing the demos.

So, we ended with the Windows Intune deployment to the iPhone. So, Brad, why don’t you go ahead and start there and show the experience to go find and install the app on the iPhone?

BRAD ANDERSON: OK. So, the first thing we want to see if we can actually get up onto the screen here the iPhone. It looks like we’re having a little bit of an issue here.

(Break for direction.)

BRAD ANDERSON: OK, let’s have them work on that in the background just a little bit. For some reason we’re not getting the iPhone to be able to project up here. So, let’s go ahead and actually move onto a Windows device.

DEMOER: Great, so yeah. So, go ahead and take — I know that Brad was kind of excited to show you the iPhone but he’s more excited to show you what the end user experience is going to look like from his own personal Windows 8 tablet that he’s got sitting there. So, let’s go ahead and show that one then.

BRAD ANDERSON: All right, so let me tell you a little bit about this device here, if we can get this up on the screen as well then.

This is where you and I need to dance. There we go. (Applause.)

Let me tell you a little bit about this device. This right here is a Windows 8 tablet. I’ve got to tell you, you know, I’ve been using this for a number of months and it is just a phenomenal experience.

The first thing you have you notice here, you know, just the start menu, the user experience is just this great, it’s fast and fluid, all optimized for touch. And, you know, the thing I love about this, this tablet, more than anything is this is it’s just a no-compromises experience. I can do all the things that I need to do to do my work on this device.

Now, the first thing I want to show you a couple of things here. Notice here there is this Contoso center. OK, so if I click on this application, this is the self-service experience that we’re going to be delivering in the future with System Center Configuration Manager and Intune that is going to give you just an incredibly rich experience on a Windows 8 device for your users to do self-service.

So, for example, Bill had done some things like, for example, he talked about Bing Maps and he talked about with Bing Maps he had done a deep-link into the Microsoft Store. If you take a look here, if I go to Bing Maps and I click on view the Windows Store, it literally would take me into the Windows Store and I could actually go and provision that application.

But that is all done for me based upon that policy that Bill set inside of Windows Intune that allowed me to do that, and it’s all about getting all the applications discovered to your users that they need to have to get their jobs done quickly and easily.

Let’s come back into that application again here, come back into Contoso.

Now, he also talked about this Contoso approval application that we built. We demoed the back-end yesterday. Here’s the front-end of that. This is a side-loaded application. This is an application that is not going through the Microsoft Store, it’s my custom line-of-business application and we’re using Windows Intune to side-load it.

So, I’m going to go ahead and click install on that, and what it’s going to do now is it’s actually going to go and start installing on my computer. Actually I’m going to make sure that does.

Now, as it’s installing there I’m actually going to go through and show you some more of the experience inside of the console here.

So, I’ll give you a little bit of the lay of the land. You know, I have all my applications here, they can be categorized, I can look at categories, I could actually search and sort by name; just a very, very great experience, but there are some other things that we’ve built into this.

For example, I can come and take a look at what we call the IT center, and this is where you can be communicating with your users if there’s an experience or there’s a server down or there’s s system down, that kind of a thing.

Also the end users can create service requests here and it automatically links into capabilities like Service Manager and actually gets that process going.

This is actually one of my favorite aspects of it. I go to my devices and I can see all of the devices that I’m using to interoperate with the corporation. These can be my personal devices that I control, these can be the corporate-controlled devices, but they all show up in one place. And I can take a look at this, I get a status. You know, for example, here on Brad’s personal tablet it shows that it’s healthy, it shows that this is a Windows 8 tablet. I could click on my phone, it would show me things like, you know, where the location of the phone is at. And notice on the bottom down here I have capabilities like reboot, you’ve got things like delete and erase. You know, imagine a scenario where for some reason your phone has been lost; you can actually log into this experience, you’ll be able to log into this from any browser anywhere in the world, and you could actually do a remote wipe of your phone as the end user from any PC or any device anywhere in the world, all that surfaced through this experience that you’ll be able to give to your users.

I see all my devices, and here I get a chance to look at the iPad that I’ve been using, and also my laptop, but all of my devices in one place, and I can actually manage them as the user from this experience.

So, let’s come back now to the start menu, and you can see here, here’s this approval app. So, I’m going to go ahead and go into that here, Bill.

DEMOER: Yeah, because I actually need a tiny favor here, Brad. I’ve gotten so excited working with the Windows 8 tablets this week, I went out and actually purchased one of the existing tablets that are available in the market today, and I need you to approve my expenses so I can get up and running on it.

BRAD ANDERSON: All right. You know, it’s phenomenal, so I’m going to go ahead and approve that. Brings it in, approve now. I don’t think it was ready yet. There you go, perfect.

DEMOER: So, now it’s approved and now I can actually go get that and go purchase that piece.

So, a great end user experience, great ability to go deploy those applications, but I think we probably should make one last run and see if we can maybe show that other device.

BRAD ANDERSON: Let’s see if we can get the iPhone up here.

DEMOER: So, let’s see if the video folks can get it switched for us.

BRAD ANDERSON: Well, we’ll keep working on it and let me tell you a little bit about what we would have shown, OK?

What we would have shown to you is a self-service experience where your users can go in, discover all their applications on an iOS device, so they’ll be able to discover in the future side-loaded and deep-linking, all the applications they need to do their jobs, and they’ll be able to deploy those, and it’s all managed through Windows Intune, these devices become trusted because we actually have the user authenticate across all these devices to Active Directory as they launch the application to provision their applications. And so we add value of the domain even onto the devices that are not domain-joined. They become domain-trusted.

But that’s a wonderful experience that your users can have, and as they go across their different devices they’ll have a consistent experience that’s been optimized for the device that enables them to get access to all the applications they need to do their jobs.

DEMOER: Sorry we couldn’t show you that last piece, but hopefully that gives you a grasp of some of the different things that we’re going to be working on to really make this kind of employee-controlled experience real not only for your end users but for you.

Thanks, Brad.

BRAD ANDERSON: Thanks, Bill. (Applause.) And we’ll see Bill again in a few minutes.

OK, how many of you expected to come today and see a solution from Microsoft managing Windows, iOS and Android? How many expected that? How many for that was a surprise? (Applause.) OK, a good surprise? (Applause.)

Let me tell you a little bit about what I’d like you to do. So, first of all, we are announcing today the availability of the next version of Windows Intune, the prerelease, the things that we would have talked about and shown you, the ability to manage your devices from the cloud, have a self-service experience on these devices, enable your users to work on their devices in a governance model, bringing Active Directory value onto these devices even when they’re not domain-joined, enabling you to have these devices be domain-trusted; that is some of the key value that we’ve built into this release of Windows Intune.

So, the first thing I would ask you to do while you’re here at the conference, and for those of you who are watching this live I’ll talk to you in a minute, every one of the devices here at the show is being managed by Windows Intune, OK, so it’s actually being managed from the cloud from Microsoft’s data centers, not from a local server here on-premise.

As you go to the hands-on labs what you’ll notice is there’s an icon in all the hands-on lab desktops that talks about the Windows Intune administrative console. Click into that icon, go experiment and play with the administrative console. So, that console that Bill was just showing you, go spend some time in that and look at how integrated and how beautiful of an experience that administrative experience is, and look at how we’ve been integrating these other devices into the experience.

The next thing I would ask you to do, and for those of you who are watching this live please do this, go up to WindowsIntune.com, get an account, bring down the prerelease and start playing with it, start experimenting with it, start managing your devices with it. It’s a great solution and the way I want you to think about this is in the past, you know, we really have kind of talked about Windows Intune and Configuration Manager as being two separate things. As we go forward we’re going to bring these much more close together, and we’re going to enable you to be able to do management on-premise and in the cloud in a consistent way with a consistent experience, but I fundamentally believe these devices should be managed from the cloud.

So, that’s the way I want you to think about how these two products evolve and how they become more of a continuum than two separate things as you go forward.

So, please go start taking advantage of Windows Intune and start experimenting with it.

OK, so we’ve talked about, we’ve spent a lot of time talking about the device optimized applications. I now want to spend some time talking specifically about VDI.

You know, and it’s been really interesting, you know, VDI has been one of those things where people talk about it as one of the best things in the world, other people get frustrated with it, and I’ve spent a lot of time trying to really understand what the issues have been.

You know, over the past two years, I’ve had a chance to meet with a number of you and have you walk me through what you’re thinking about VDI and what has your experience been and what have been the challenges, and a couple common things pop up.

Many organizations, you know, first of all, start out, you know, with a belief that these devices are just going to be — or VDI is going to be really the solution for everything for them, and then all too often they’ve realized that, you know what, the experience just isn’t as good as a local device and the end user’s experience gets degraded, and so that’s been a frustration.

Another common scenario that as many start out down the path of wanting to run in a pooled VDI scenario, which is one operating system, one common operating system that everybody runs on, that dramatically decreases the costs of VDI because you don’t have to store a separate OS image for every one of your users. But the technology just hasn’t been there to enable that. In order to run in a pooled scenario historically you had to disempower users because they couldn’t put their own settings in place, they couldn’t customize the desktop, they couldn’t customize their experience.

So, these are problems that we set out to tackle, and we just have a fundamental belief that VDI is going to play a more and more broad role in your strategy as you enable users to work on any of their devices that they want to work on. So, we wanted to tackle these challenges and do it in a way that allows you to run VDI and use VDI as a part of your strategy, as a part of Config Manager, as a part of Windows Intune, and do it in a cost-effective manner.

So, let me walk you through some of the innovations that we’ve been doing, first of all in the platform, in Windows. In Windows Server 8 we’ve done some great work in RemoteFX. We’ve done some great work to make that experience be live, be crisp, be fluid, make it a very, very great experience for your users.

Let’s go up a level now. We’ve done a lot of work at the application level inside of a VDI environment, we’ve done a lot of work in App-V.

You know, today we’re announcing that App-V version 5.0 is available for download. Let me tell you a little bit about what we’ve done in App-V version 5.0.

First of all, we’ve actually built into App-V now the ability for applications that have been virtualized to interact with each other. The No. 1 request from all of you who are using application virtualization is that you want the application to be able to interoperate and communicate with each other; that’s in App-V 5.

And we’ve done a lot of work specific to VDI. So, for example, in a VDI environment when you go to deploy an application, your users can stream the application down and they can run them but they never get committed to disk, decreasing the amount of storage space that is being used.

We also have built a common cache with App-V 5, so now all the users on a VDI server all consume one common cache rather than having their own cache, again decreasing the storage costs, where storage historically has accounted for up to 75 percent of the total cost of VDI.

And then something many of you may not have heard of, we’re introducing a new component into the Microsoft Desktop Optimization Pack, and it’s called the User Experience Virtualization or — I’ve got to make sure I get the acronym right — UEV. This is a user-state virtualization product that allows you to take a separate your user settings, your user state out from the image, and truly allows you to really be able to run in a pooled model where you have one OS that everybody launches from, the users can stream and self-provision their applications down, their settings are separated out from that common image so you can run with one OS image, your user state is separated, we’re not, you know, consuming too much storage because of things that we’ve done with application distribution in the past.

Bottom line is you can now use VDI in a very cost-effective way, integrated into what we’re doing in Config Manager and what we’re doing with Windows Intune.

And let’s give you just a view of what this means from a cost perspective.

So, first of all, if you’re running in a personal mode in VDI, you know what that means, is every single user has their own operating system, when they log in and log out that operating system I committed to disk, this is the highest cost form of VDI. And as you take a look at that stack, the blue is your management costs, the green is your compute costs, and the orange is the storage, and far and away the storage is the highest cost. With the innovation I just talked about with App-V your costs come down immediately even in a personal VDI type of a world.

Then you have pooled VMs, and the costs automatically come down because your storage, you use dramatically less storage, because every user doesn’t have their own committed OS image, everybody is running off of one pooled OS image. And as you look at session-based, session-based is by far the lowest cost, because you’re sharing sessions and it’s just a more effective way to do it.

Now, remember yesterday we showed you this concept of Windows Server 2012 called Storage Spaces? Storage Space is all about giving you the resiliency and the efficiency and the capabilities that you need from a storage perspective but on commodity hardware. Look what happens across the board now when you run VDI and you run session-based virtualization on Windows Server 8 on commodity storage, your cost goes down again.

We’ve done a lot of work to make sure that you can use VDI where it’s appropriate, and you can use that in a way that enables your users to be productive anytime, anywhere, and with the innovation that we’ve done in our management capabilities and in the platform we’ve driven those costs way, way down.

And as always we’ll continue to work in a very, very strong way with Citrix on this, it’s a great partnership, and between the two companies we do have the best solutions for you as you think about what your central computing and your VDI solutions are.

So, with that let’s show you some of these things, and what we want to show you here is some of the things that we’ve done in VDI to make it fast and to make it easy. So, let’s bring Bill back up and let’s show you some of these innovations. Bill, come on back up. (Applause.) Welcome back.

DEMOER: Thanks, Brad.

OK, so Brad did a lot of work there to set up kind of the overall virtualization stack, and so what I want to kind of do is walk through a demo that’s going to highlight two of those pieces.

First and foremost, we want to start with the user experience. We want to make sure that regardless of where our user roams to, including in a world of VDI, that we get a great experience so that their operating system settings and their application settings can follow them around to get a really comfortable work environment.

But the second thing is we want to kind of show with Windows Server 2012 just how fast and easy it is to get a very simple single site set up and running for your own kind of VDI implementation.

So, I’m going to start with the user settings. Now, Brad mentioned User Experience Virtualization or UEV, so I’m going to actually start in the administrator console using group policy and go configure how I want UEV to go roam my operating system and application settings.

The first thing I’m going to do, I’m going to go specify a server path where this is going to be located at. To keep me from fat-fingering it I’ve actually already got the path in. So, it’s just a server share with a user environment variable so that each user has their own store for their settings.

The next thing is I’m going to open up my location for application templates. As I said, UEV allows me to roam application settings as well. These templates define the settings of the app that should be roaming with me. So, I just need to give it a generic path where all my app templates will be stored at so that the roaming behavior can follow me wherever I go to.

And then finally, I’m actually going to go down to the user side of the policy, and I’m going to go specify what things roam. This is one of the most powerful capabilities of UEV. Instead of roaming everything, I’ll have the ability through policy to go configure which of the settings do and don’t follow me.

Now, by default we want everything to roam, we want to provide the best experience possible. So, when I actually enable this policy it allows me to choose which things I don’t want to roam. So, what I’m choosing in this user experience is not to roam folder options, not to roam taskbar and start menu, and not to roam ease of access components. We just wanted to keep it simple for the demo so you guys can actually see the pieces that are going to follow me around.

So, with that, I’ve now actually set up how I want settings to follow my domain-joined users around as they roam. So, we’re going to use Brad again as our end user. Brad, why don’t you step to that demo console over there and show us your day-to-day domain-joined PC and that user personality that you have?

BRAD ANDERSON: All right, sounds good.

So, the first thing is this is my desktop.

DEMOER: You have got to promise me one of these years you’re actually going to send me the invite to the family photo, so I can actually be included in the Anderson family. I feel like I belong there already.

BRAD ANDERSON: Yeah, you know, when you told me you wanted to use a photo, I was afraid you were going to insert your picture again into the family and just automatically just try to do it.

DEMOER: Yeah, exactly, instead of having to use Photoshop to put it in there, I’d much rather just kind of show up.

BRAD ANDERSON: I won’t hold your breath too hard.

DEMOER: Can I be in a Hawaiian shirt in that or not?

BRAD ANDERSON: I don’t know about that.

DEMOER: OK.

BRAD ANDERSON: OK, so this is my desktop. So, let’s go take a look at some settings and let’s go do some things.

So, first of all, let’s go take a look at this Adobe document here, and this is the document I’ve been working on that talks about where are the different locations we’re going to have MMS 2013 at, and you can see we’ve been a little careful about keeping it top secret.

You know, and as I scroll down here, you know, there are some of the potential cities that we could be in and some of the comments about that, but I’ve got to say I’m getting kind of old and whoever built this used a font that’s way too small.

So, I’m going to go ahead and I’m going to increase this to 200 percent, but not only do I want to increase that like that, I also want to come over here and edit my preferences so every time I bring this up it is automatically set to 200 percent.

So, what I’ve just done here is I’ve actually changed my configuration, changed the settings, and UEV should be capturing that and now running that to any device that I go login on.

DEMOER: Exactly. All you need to do now, Brad, is make sure you close out of Adobe so those settings get saved, and now go ahead and lock your workstation, please, and all of your theme and all of your app settings will actually now go roam around with you. So, we’ve created your personality.

Now, you notice that’s a pretty confidential doc that Brad had there. We trust him managing on a domain-joined, centrally managed device like his workstation he was just showing you, but we would never want him to have that on his personal device like maybe his Windows 8 tablet like he showed earlier, unless we provide another way to get access to it, like VDI.

Now, what we’d normally do in the demo at this point in time is I’d have Brad log into a VDI session, a miracle would occur, family roams and we’d be able to show you this great user experience.

But with Windows Server 2012 VDI is so simple and easy to set up that I’m actually going to do it live for you right up here onstage.

Now, when I say simple and easy, I mean simple and easy. First of all, it’s simple enough that I can do it. I mean, I’m a desktop administrator who lives in Configuration Manager, but I haven’t really played a lot with VDI, but this is simple and easy enough that I can get it done. And it’s quick enough that I can do the whole thing in under a minute.

And to make sure that you guys hold me accountable, you’ll notice at the upper corner of the screen I’ve got a timer.

BRAD ANDERSON: I’m going to come closer, I’ve got to see this. So, there he’s setting up a simple VDI deployment in less than a minute.

DEMOER: This is pressure, right? I have the VP here, a clock timer going on, got to make sure this works. And not only do I want to make it work but I want to make it work in a way that I can explain to you what I’m doing and how simple and easy it is to go.

OK, you guys ready? Wish me luck. Here we go.

The first thing I’m going to do is go add a new role or feature. Now, at this point in time I said, I want to be able to do something like VDI. That’s a Remote Desktop Service based scenario. So, I’ll choose that in my wizard and choose next.

Standard versus quick start, I like quick, so we’re going to choose quick start next.

Now, we could do session virtualization if we wanted to here, but I’m actually going to choose VDI. Next.

OK, keep going. Now, it found the servers in the pool, in this case I only have one, so I’m going to select that server and choose next. And this is where it’s not only fast but it’s smart. It’s actually going to go to that particular server and assess that that server has everything it needs to be to be the VDI host.

Click on browse, I choose the gold image. This is going to be the image that’s the basis for my VDI session. I choose next, I tell it to restart, and I click on deploy. And at that point in time it’s actually kicked off the process, with a few seconds to spare. (Applause.)

Now, because I can’t really lie to you guys because I’ve known most of you for like 10 or 11 years, what’s really going on is it’s actually finishing the setup in the background. It’s going to take the VHD and set it up as my gold image, it’s going to be putting in all the rest of the services I need, and then it’s actually going to go restart the system.

So, in true cooking show fashion I’ve got a site that it’s actually completed on that I can show you really quickly what it did.

So, now this is Server Manager at the end of it. I choose Remote Desktop Services, and you’ll actually see through here that it’s set up my gateway for me, it’s got my broker set up for me, and it’s even automatically created the starter VM for me to get jumping up and running. And it even set the security principles so that all domain users by default have access to this particular image.

So, that’s it, I’m actually completely done and now you can go over to your Windows 8 tablet, connect up via RDP, and we can show what that roaming experience looks like in your VDI session.

BRAD ANDERSON: OK, so again back here on the Windows 8 tablet what I’m going to do here is I’m going to launch the RDP client, so my Remote Desktop client here. Up it comes, I see the VDI session, I’m going to launch that, and now what should be happening, it should be building my desktop, it should be my desktop, the picture of my family should be coming up here, it single signs me in. Yeah, sure enough, there’s my desktop. I’m going to go to the desktop.

DEMOER: There it goes.

BRAD ANDERSON: There it is, so at least that’s followed me.

But let’s go see if the settings in Adobe followed me. Again so again we’re going to come open up Adobe, come to file, potential future places for MMS 2013, and you know what, it’s set at 200 percent, so my settings followed me.

And one of the great things about UEV is it allows my settings to follow me in physical and virtual environments across Windows 7, across Windows 8, it truly allows me to have my settings follow me on all those devices as I roam around the world. I love it, it’s great.

DEMOER: It’s great.

BRAD ANDERSON: Thanks, Bill. (Applause.)

DEMOER: OK, so now it’s time to surprise the VP on stage.

Brad, stand back a second, please. We are so committed to making sure that you guys absolutely understand what we’re doing for non-Windows devices that we want to make sure we get a chance to show you that this device is here and it actually really worked. So, we actually have a camera who’s going to come up here and be able to go show this particular work for you. (Applause.)

Don’t mind me, I’m just pulling the duct tape.

BRAD ANDERSON: Got it?

DEMOER: We’re disconnected from the umbilical cord, and so we have an iPhone up here. Can we see it? This is demo on the fly. So, there we go.

DEMOER: So, you can see the first experience that I get here is actually we’ve named it Contoso Center. This is that kind of self-service experience on this device where I’d be able to go find my applications.

In this case I don’t know if you can see it completely, the right-hand button actually says contact IT. So, you could even go build in things like support information, contact –

BRAD ANDERSON: Just like we showed on the Windows 8 tablet.

DEMOER: Just like we did on the tablet. But in this case what we really want is to make sure that we can get that approval application.

So, I’m going to go select get apps, and it renders a list of applications for me now. At this point in time I’ve only made one application available, which is that Contoso approvals application. I’m going to select it, assuming I hit it right. I have really fat fingers for these phones.

OK, and so now I can see the application details just as I showed you in the administrative console in Windows Intune. I’m going to go ahead and select install, it’s going to prompt me, I’m going to choose install, and there we are back to the main iPhone screen, if you can see it as I turn it.

BRAD ANDERSON: Now, don’t tell me you’re going to go and actually approve your own expense report.

DEMOER: Sweet, I didn’t even think about that. This is cool. (Laughter.)

So, at this point in time it’s waiting, it’s downloading the policy and it just needs to be able to locate the content to install the application. It’s actually installed the application successfully, and I am going to go approve my own expenses. What the heck, who gets to do this before? (Applause.)

Assuming I actually hit the approve button. I just am missing the button, sorry.

BRAD ANDERSON: Those are some big fingers there, Bill.

DEMOER: This is my fingers not being able to hit the button, sorry.

Anyway, but you can see the application installs, the application successfully delivered by Windows Intune, again just really wanted to make sure that you guys understood kind of our commitment to making sure you guys had all the tools you needed to deliver the services to your users on all the devices that they needed to use.

BRAD ANDERSON: Thanks, Bill.

DEMOER: Thanks for your patience, guys.

BRAD ANDERSON: Thanks, Bill. Thanks, Jeffrey.

DEMOER: Thanks, Brad.

BRAD ANDERSON: Yeah, thanks. (Applause.)

All right, so now to just kind of summarize a couple of things here for you the last couple of days, first of all, let me just kind of just put in context some of the things that Bill and I just demonstrated. The ability for you to embrace the consumerization of IT, to embrace the concept of your users bringing their own devices, and doing that in the appropriate way, giving what your users are going to allow us to do, as well as what the operating system architecture is and what that allows us to do, delivering you a solution that allows you to control as well as govern access to the corporate resources across all your devices is where a great deal of the work that we’re doing is.

And like I said yesterday, like are we committed to the private cloud? You’d better believe it. Are we committed to enabling you to enable your users to work on any device anywhere in the world? Boy, you’d better believe it.

You know, we want to make sure that you continue to use and leverage the infrastructures and the capabilities and the skills that you’ve built with System Center over years and years of experience, and expand your influence, expand the impact and role that all of you have to really become those individuals who enable users anytime, anywhere, independent of the device, and that’s our commitment to you.

So, three things that I would ask you to do here. First of all, embrace the world of continuous services and connected devices. Start deploying cloud. We walked yesterday through how you can create your own private cloud in a very simple way, and the feedback that I got from all of you yesterday as I spoke about it is really the cloud is something that is in your grasp, you can have a cloud set of capabilities running in your data centers and start to use it and can deploy these continuous services. Enable your users to work on their connected devices. Manage those devices from the cloud.

So, my two big requests of you is deploy the Microsoft private cloud and deploy System Center Configuration Manager 2012 and Windows Intune, and start looking at how you can use a common set of tools and a common set of capabilities to enable your users across all their devices.

Two more slides. Who is interested in seeing where MMS is going to be at next year? (Applause.)

OK, so from that top secret document that we had anybody want to place a guess? OK, let me give you a hint. So, we will see you next year in June in New Orleans. Look forward to being there, look forward to walking you through the additional things that we’ve done.

One final thing, with what we’ve walked you through over the last couple of days my biggest request is please lead, lead the industry, lead your corporations, lead, don’t follow. Thank you. (Applause.)

END