Brad Anderson: Microsoft Management Summit 2011 – Day 2

ANNOUNCER: Ladies and gentlemen, please welcome back, Brad Anderson. (Applause.)

BRAD ANDERSON: Hey, good morning, welcome back. Great to be back here for day two. How was day one? Oh, come on, you can do better than that. (Cheers, applause.) The feedback has been great; classes are packed; hands-on labs are packed. What you’re telling us in terms of the feedback, in terms of the quality of the sessions, the interaction, has been phenomenal.

Day one, we came in day one, we talked about the cloud. Today, we’re going to talk about a part that is every bit as exciting but a lot more fun, which is about consumerization of IT. And I think the most fascinating thing about these two topics, as I mentioned yesterday, is where the two meet. You know, these two things were made for each other. They enable each other. They feed on each other. These devices that are coming in left and right around the world and coming into organizations were made for the cloud.

Think of the number of antennas, the number of things inside of these devices that can quickly leverage the cloud. It feeds on the cloud, it drives the cloud, and the cloud enables these devices to be more productive.

Now, in terms of similarities and things that are common, as I think about the cloud and I think about the consumerization of IT, there’s just a list of things that are common between the two. For example, it’s all about self-service. It’s all about the app; it’s all about making users, whether that be a service consumer or whether that be your actual end user, productive in a simple and easy and agile way and the way that they want to work.

So, what we’re going to talk about now for a minute is what’s happening in some of the trends, and then we’re going to show you the work that we’ve been doing. We’ve been doing this work for years. We’ve been talking with you for the last three years about this vision called user-centric client computing. You know, we’ve been thinking about this consumerization; we’ve been thinking about how users want to work in different ways. And we’ve been building this technology, so we’re going to walk you through, and you’re going to see a bunch of things that we’ve never shown you before and make some announcements about some of the things that we’re doing to help you embrace this.

But let’s start kind of at home and at work and see how these things are all coming together. So, think about your homes for a minute. I’m going to kind of give you some personal anecdotes on this one. You know, my wife Kim and I have five children. You know, we’re kind of that family when you go to the airport, you don’t want to get behind them in the security line.

You know, literally, when we travel, we have an entire carry-on that’s full of laptops. You know, all the children have got their own PCs; they all have smartphones. You know, one Xbox is not enough, so there are multiple Xboxes, you know, our home is like a datacenter.

And I know there’s a problem when my kids call me rather than text me because when they’re calling me, there’s usually something wrong with the PC that they need fixed, otherwise they just text.

But my children have been raised in a world where they never have been not connected. They’ve never been in a world where they can’t go and find some information, get something done, you know. If the plane doesn’t have wireless, I think my boy goes through withdrawal because he can’t get onto Club Penguin and those types of pieces.

But technology has just permeated our lives at home, and it’s doing the same at work. I mean, it’s been happening for a while, but the lines are blurring. Generational changes, the things that are happening that are driving change into how users want to work, which is then putting pressure on all of you from an IT perspective is forcing us to rethink about how we want to do things.

You know, historically, we had a design point when we built these desktop management tools. And one of our primary design points was the user should never know that we’re there. You know, we used to have this philosophy that if you even popped up a dialog box to an end user, that usually generated a call to the help desk. Today, these users want to be partners with IT; they want to be partners with you in how they get their work done. It’s just a fundamental change in how we even design all the technology and products that we build.

So, what’s fascinating is how this all comes together. And where work and where personal lives blur, and I’m sure you all are even more aware of this than I am, but there’s just some really interesting challenges that we have to tackle as we go forward. You know, what’s that line between, for example, on a phone that a user brings into work, it’s their personal device they have corporate data on it — what’s personal, what’s corporate? How do you handle the difference on that?

Users want to start bringing their own devices into work, you know, their own PC, that type of thing. How do you enable that? You know, these trends around consumerization, they’re here to stay. They’re not going to go away. They’re going to accelerate. And while many of you are facing these challenges of how do I enable users to work in the new ways they want to work, how do you do that but yet maintain all the things that are near and dear to your heart?

So, how do you enable these new scenarios, whether it be bring your own PC, the growing number of devices? You know, if you look at the research, what the research tells us is that half of the devices our users are going to use, our information workers to accomplish work is going to be a smartphone of some kind. Just think of the ramifications of that for a minute. You’re not going to have the same kind of homogeneity that we’ve had in the past where, you know, every user had a PC or had a Windows PC. You’re still going to have lots and lots of Windows PCs out there; you’re going to have lots of other devices. And the number of devices is going to be diverse.

Think about just on the impact on, for example, your System Center Configuration Manager infrastructure. You’re going to see the number of objects in the hierarchy double. Start thinking through the ramifications of all these pieces. So, how do you enable your users to be productive anytime, anywhere, on any device that they want to work on? How do you do that in a way that protects the corporate asset, the corporate data, and then how do you actually enable this work-life blur? You want to enable it. You really want to enable it because your users will get more done, they’ll be more satisfied, and quite honestly, the reality is if you don’t — just like we spoke about yesterday — if you don’t make it simple for those end users, they’ll go around you.

So, I think one of the key responsibilities that I feel a huge sense of responsibility in my team and my organization is providing for you the tools that enable you to embrace consumerization, enable you to truly let users work how, where and when they want, but give you that confidence that you’re secure, that you’re protected, that you’re compliant, and all the requirements of IT that your management and the organizations put on you. And so that’s what we’re going to spend today talking about.

So, first of all, today, we’re announcing that beta 2 of System Center Configuration Manager 2012 has been posted to the Web for you to download. OK? (Applause.)

Let me tell you a little bit about Configuration Manager 2012. I’m curious, how many of you have been to a hands-on lab already on this yesterday? You know, if you can get in, you know, Wally is like the rock star of the event. Get in, and take a look at this. It really is the most phenomenal release of Configuration Manager we’ve ever done. This is actually the third release of Configuration Manager that I’ve worked on.

This is a feature-complete beta. We already have it deployed, the beta 2, on 30,000 PCs across Microsoft. We deployed beta 1 on 50,000. By the end of next week, we’ll be at 100,000 installed with the beta 2. You know, we’ll kind of hold at beta 2. Then as we get to the RC, we’ll go up to 200,000, and then as we go on to the release, you know, we’ll add the last 100,000 PCs that we manage at Microsoft.

So, we’re running our business on this. It is a very, very solid release. As I take a look at the quality metrics coming in from the team, the test path, the pass rate, it is just a really, really solid product.

The point I want you to understand throughout the presentation today is that from a design point, System Center is where everything comes together, where we build and we do the end-to-end scenarios for you to embrace consumerization. It’s going to leverage a lot of different technologies from across Microsoft; it’s going to leverage technologies from partners like Citrix, but the fundamental, central point, the rallying point, the point where it all comes together, is System Center and specifically System Center Configuration Manager 2012.

So, what we’re going to do now for the rest of this conversation is walk you through all the things that we’re doing in 2012 that help you to embrace consumerization.

Now, there are three big areas of focus that as we started to build Configuration Manager 2012 we wanted to focus on. These three big areas were user empowerment, infrastructure unification, and then dramatically simplify the experience and the infrastructure required to run System Center.

Now, let’s talk about these in just a little bit of detail, then we’re going to walk you through and show you a bunch of the pieces in all of them. So, first of all, from a user simplification, the biggest area of investment we’ve made in here is truly freeing your users from a device, enabling them to work on any device they want to work on. We’ve done a lot of work to really understand what we all this user-device affinity. And what that allows us to do is have you build policies then we can intelligently understand where the user is at, what kind of device they’re working on, and intelligently, based on policy, deliver the applications in the most appropriate way.

Finally, it’s all about self-service. And so we’ve built a really interesting, a really useful and powerful self-service experience for your end users to use, and that self-service experience, they can use whether they’re on a corporate device or a non-corporate device — it’s all about enabling device freedom.

The second big area of investment: unification of your infrastructures. You know, one of the things we’re going to talk about today is every time you deploy an infrastructure across your organization, its cost. You have to deploy it, you have to maintain it, you have to secure it, you have to upgrade it, and we have spent a lot of time and a lot of effort building you a solution that allows you to manage physical and virtual through one infrastructure, management and security through one infrastructure, do your compliance through one infrastructure. But it truly enables you to have everything riding on one infrastructure. Not only does that dramatically reduce your costs, but it enables new scenarios that you’ve never been able to do before. And we’re going to show you a couple of those today.

Finally, simplification. There’s been a lot of work that we’ve done — the biggest area I think in this one is, with Configuration Manager 2007, we had the concept of Configuration Manager, and we could tell you when there was something that had gone out of compliance. With 2012, we can enforce it and reset it back if anything moves out of compliance.

We’ve dramatically simplified the administrative experience. You’re going to see the new console with the ribbon bar like you saw with Virtual Machine Manager yesterday.

Finally, we’ve done a lot of work that significantly reduces the amount of servers or infrastructure that you have to deploy in a global environment and dramatically flatten that infrastructure. OK, so as we go through this, remember this: User empowerment, infrastructure unification and then simplification.

Now, interesting question for you here: When I get a chance, you know, about once a month we have some type of a group into Microsoft, whether it’s a security officers council or small and medium-sized business. And I’ll go in and talk about what we’re doing from a management perspective in the datacenter and the client.

What do you think the number-one question I get — every time, what’s the number-one thing that are on people’s mind about what they want us to do in System Center? OK? “When are you going to manage devices other than Windows?” OK. So, today we’re announcing that with Configuration Manager 2012, we’re going to give you the ability to control and manage the settings on iPad, on iPhone, on Symbian and on Android. (Applause.)

This has been one of those areas that’s kind of been a little bit of a tweener, you know? Is it the Exchange team that does it? Is it the desktop management team that does it? You know, there have been some investments that we’ve made with Exchange with the Exchange ActiveSync. But what you’re going to see here is you’re going to see the ability, using the console that you’re already familiar with. And to kind of give you an idea of just how prevalent System Center is, two out of three enterprise desktops use it to manage themselves — or organizations use it to manage two out of three enterprise desktops globally.

So, now just some simple extensions, using a connector and working through the Exchange ActiveSync Connector, will give you the ability to use what you already know to manage this growing population of devices. Then you’ll actually be able to get some interesting reports back and those types of things to run your business.

Interesting data point, I was talking with Ken Pan who runs the Configuration Manager team last night. Internally at Microsoft, we have now found 125,000 unique phones using this. So, we’ve got this deployed worldwide on our infrastructure. And it’s fascinating to understand now what is happening with those phones.

So, single console to do this. Let me set up what we’re going to do for the rest of the day for the demos, and then we’re going to have the first demo come out.

Now, like yesterday, you know, we had a scenario where we had an end user, OK, the end user in that case was IT, but it was the application owner. Today, we’re going to have an end user named Melissa. And she’s going to represent the end user that all of you service every day, day in and day out, the information workers in your organization.

And then we’re going to have an IT professional, and that’s going to be, you know, you, and it’s going to be walking through the things that can be done to enable that user to be more productive.

So, what we’re going to show you here first of all is we’re going to show you how you can administer Windows and non-Windows devices now through System Center and show you how simple it is to react to a situation, like “I’ve lost a phone and it’s got corporate data on it.”

So, with that, please welcome Melissa and Jeffrey to the stage. (Applause.)

MELISSA STOWE: Thank you, Brad. (Applause.) Hi, my name actually is Melissa, and I’m playing the part of a technical recruiter with Contoso, which means that I need to be connected 24/7 so that I never miss an important question from a recruit.

I’m constantly on the road. I need access to my tools and information back at the office from wherever I am. Could you help me do that?

JEFFREY SUTHERLAND: Not a problem. So, I noticed you have a Windows Phone 7.


JEFFREY SUTHERLAND: Let’s start here. Have you already set up your e-mail?

MELISSA STOWE: No, I wasn’t quite sure if it was safe, you know, I receive a lot of confidential e-mails.

JEFFREY SUTHERLAND: Not a problem. Go ahead, and set up your e-mail. It’s very easy to do in Windows Phone 7, and I’ll take care of the rest, and enjoy the conference.


JEFFREY SUTHERLAND: Now, as a client admin for Contoso, it’s my responsibility to make sure that any device that connects to our environment is properly configured and secured according to our corporate security policies. Unfortunately, up until this point, I haven’t had the tools myself to be able to do that. Instead, I’ve had to work through my colleagues in the messaging IT group who manage our Exchange ActiveSync servers.

But today, with Configuration Manager 2012, I now have the tools at my fingertips to manage mobile devices just as I managed my traditional Windows desktop.

As you can see, there are a number of reports that come built in with Configuration Manager 2012, specific to management of mobile devices. I’m going to show you one report that I find particularly useful, which is the count of mobile devices by platform. And this helps me understand what type of devices are connecting in.

As you can see, here at Contoso, we have just under 14,000 mobile devices that have connected. And even though we’ve standardized on Windows Phone as our preferred device, our users are able to bring in whichever devices they want. And so you can see that we have a fairly broad distribution across IOS, Android and Nokia Symbian.

However, understanding what devices I have connecting is just the first problem that I have. Now let me show you how easily I can configure the security policies that I want to apply on mobile phones. So, I’m just going to view the properties of my connector. And as you can see, we have several settings groups from which I can build up the correct policies to apply. I’ve already set a password policy, but I’m going to make one small tweak to it, and that is if the phone is lost or stolen, and somebody is trying to break into the PIN, I want it to actually automatically wipe if the user has failed to enter the correct PIN after a number of attempts. I’m going to set that to ten.

And now just like that, this policy is now being pushed out to every device that’s connected to our environment — Melissa?

MELISSA STOWE: So it was really easy to set up my phone, the e-mail on it.


MELISSA STOWE: But I’ve already lost my phone. Can you help me? (Laughter.)

JEFFREY SUTHERLAND: Not a problem, Melissa. Losing these types of devices is, unfortunately, very easy to do. In fact, I’m pretty sure most of the people out here have lost their device.

So, let me show you how easily I can help you take care of that. We’re just going to do a quick search on your name. And this should bring back your Windows Phone, which you’ve enrolled, there it is. I’m just going to choose to wipe it. Now, of course, wipe is a fairly impactful event, so Configuration Manager warns me of the impact I’m about to have. But I’m just going to say yes. And just like that, the command is being sent to your phone, it’s going to be restored to its factory settings, and all the data on it will be wiped.

MELISSA STOWE: Thank you, you’re my hero.

JEFFREY SUTHERLAND: No problem. (Applause.) So that’s management of mobile devices through System Center Configuration Manager 2012. Thanks for letting me show you. (Applause.)

BRAD ANDERSON: Thanks guys. Hey, so pretty simple, right? Leverages the experience that you already have, you get a chance to manage all of your devices coming in.

Let me also mention one thing here. The Windows Embedded and the CE team, that team also reports up in my organization, and we just finished a body of work that’s going to extend System Center Configuration Manager 2007 to also give you richer capabilities to manage Windows Embedded and the industrial devices that many of you have in your organizations.

I got a chance to meet with a couple of you yesterday who told me that you actually have more of these industrial, you know, the devices in your organization, whether it be a point of sale or an inventory device, than you do Windows PCs. And we built a rich solution that actually will be available on April 1 to manage those devices through Configuration Manager.

Let’s talk a little bit more about the users. I spoke yesterday a lot about enabling that user to be self-service, to be agile. And if you don’t do that, how the users will just go around you. One of the things I loved about that video that we started out with this morning is it showed, you know, this younger generation, these younger kids, and it showed them wanting to express themselves and to work in a way that’s best suited for them.

You know, one of the things that was most interesting to me a couple of years ago, this kind of set a lot of the tone of what we’ve been building for the last couple of years, you know, our technical fellow was talking with a CIO. And the CIO was talking about, they were recruiting this world-class recruit from this world-class college, and they were trying to sell this individual to come to work for them.

And the CIO basically said, “Hey, after a few minutes, I quickly realized I was no longer interviewing this hotshot kid, he was interviewing me. And he was interviewing me to understand how I was going to enable him to work and if I was going to enable him to have the freedom that he expected given the way that he’s grown up and the way that he’s been accustomed to accomplishing things that he wants to do.”

So, a big, big part of our effort and a bit part of the emphasis that we’ve made in Configuration Manager 2012 is really about enabling you to build policy. That policy can then be interpreted real-time as the user goes to accomplish their work. And we can then intelligently do things like deliver the application in the most appropriate way.

Let me just give you an example. When I’m at work and I’m on a corporate device, generally speaking, I’m probably going to run my applications in a distributed fashion, I’m going to have the application deployed down to my laptop, I’ll be able to use that connected, I’ll be able to use that disconnected. But that’s generally the model that it’s going to work on.

When I go home, and now, you know, I’m working on one of my PCs at home; it’s not a corporate device; it’s not a trusted entity. The last thing most IT organizations want to do is actually deploy software down to that device. You don’t want to take the risk of something happening and then whose responsibility is it to fix it? Do you want to track all those licenses? Is it actually a secure device that you want to give access?

But wouldn’t it be great if a user could use the same self-service experience and independent of the device that they’re on, the system would be able to do a real-time determination, oh, you know, Brad’s not working on a corporate device, it’s not a trusted entity, let’s therefore not deploy software to that device, so let’s automatically launch that through a thin-client session or maybe through a VDI session. But the system makes the decisions on behalf of the user based upon policy that you build.

OK, we call that intelligent application delivery. Contrast that with what your users have to do today. Today, your users have to be trained to adjust their work style based upon where they’re at, how they’re working, what device they’re on. A big part of our effort has been to provide a simplified experience for the IT professional and for the end user.

We’ve done a lot of work in the application area around dependencies. And so you can now actually, when you go to deploy a new version of an application, say this replaces a previous version with a couple clicks of the mouse, and have the system take care of that for you.

Finally, we’ve done a lot of work that deeply integrates Citrix, even more than we’ve done in the past, with the XenDesktop and the XenApp assets and, again, bringing System Center Configuration Manager as the central point where all of these assets come together to enable you to deliver your users the applications that they need to be productive in the most efficient manner.

Remember, I said at the beginning it’s all about the app? Just like yesterday in the datacenter and on your private cloud, it’s all about the app. On the end device, and enabling your users, it’s all about the app and making sure your users have the applications that they need to be productive independent of where they’re at.

So, let’s talk about what the next demo is going to be. You know, I always like to say MMS is never complete unless there’s a Bill Anderson demo. So, what we’re going to talk about now is we’re going to show you some of these policies that can be built, and we’re going to show you some of the innovations that we’ve done in helping you to build more intelligence around the applications.

So, with that, let’s welcome Bill to the stage. (Applause.)

BILL ANDERSON: Thanks, Brad. Look, they’re so terrified of me playing jokes on him, they take him offstage now.

So, Brad set up most of what I’m going to be covering today. My job, frankly, is to deliver applications. And it sounds simple, but you guys do it on a day-to-day basis, and you know it’s not simple.

Two main reasons: One, you got a chance to meet Melissa today. You’ve seen her expectations of technology and a bit of her ultra-mobility and her expectation to work from everywhere. Second of all, our day-to-day apps are not necessarily getting easier. So, I’m going to take some of the things Brad told you about and show you how, with Configuration Manager 2012, I think we can solve Melissa’s problem.

So, Melissa works in human resources. Probably the most critical application for her is Visio, org charts galore. And so it’s important for me to make sure that Melissa has Visio everywhere that she goes to. She can roam all over the place. Her personal slate device, which I’ve got down here, VDI sessions is a big investment for us for the work-from-home scenario, and I’m going to show you how we can model Visio so she gets the best experience everywhere she goes.

Now, you’ve seen this for a couple years now, so you know that in the new application model, we represent technical representations of apps as deploy types.

For this app, I’ve actually got three. Working with our great partners at Citrix, we’ve actually built a way to go extend the app model to natively deploy XenApp. So, if I’m on a lightly managed system or I want to give a user a very quick, lightweight application to run, I can do so.

We’re also leveraging App-V to make sure we can deliver the software appropriately in other conditions as well. In this case, I’ve got App-V modeled for VDI and App-V modeled for her slate. Let me show you how we’re going to do that.

Let’s start with the VDI. First of all, in a VDI environment, it’s kind of transient. I don’t want to go deploy a bunch of content only to have it blown away. So, what I’m going to basically do is go say, “No local content,” and I want to give it a really, nice, quick, experience. So, we’re going to set it up for streaming.

We put a new feature in that allows us to actually trim the publishing down so that you don’t have to see all of the artifacts in a virtual app. So, I’m going to go take — view selective publishing and remove all of this noise so that when Melissa gets on a VDI session, she just gets to see Visio.

And then finally as Brad alluded to, I’m going to put some rules on this to make sure it always behaves appropriately inside a VDI session. I’m going to put two in place. First of all, Brad told you about our user device affinity feature, and you guys have seen it I think before. This is not Melissa’s primary place of work. So, I’m going to go set it up where my primary device actually equals false. So, we know that this isn’t the place she lives, that’s the rule I’m going to put in place.

Secondly, we’ve been working both with our partners at Citrix, as well as across the Windows Server team, to extend the metadata around a virtual desktop environment so I can make smarter decisions. With the extensibility of our rules engine, I’ve created a custom rule called virtual desktop type.

Now, in this case, these are tactical, one-off work spaces. So, we’re actually leveraging pooled VDI. So, value equals pool. Now, all of a sudden, Melissa roams into a pooled VDI session, she’s going to get a stream-only experience so she gets a really quick, optimized way to go do her work.

So, that’s one. I’ll let that go ahead and save off, update the console, and now let’s go take a look at what we’re going to do for her Win 7 slate. She loves her Win 7 slate, carries it everywhere she goes to.

For her slate device, I want everything actually local. I want to make sure it’s persisted local, even forced into the App-V cache so she can run it disconnected on an airplane. And from a requirements perspective, let’s go make sure she gets a great experience there. This is her primary device. Primary device, hello, screen refresh, there we go, equals true.

The second rule I’m going to put in place because I know that it’s a mobile device is something we’ve built custom specific to things like slates and laptops. It’s our aptly known slate laptop device rule, which is really a Win32 battery class. If it has a battery. And so if the battery setting is present inside the registry or inside of WMI, then we know that that rule is met.

So, that’s simple. I’ve now modeled Visio appropriately so everywhere that Melissa can go to, we can give her a great application experience.

Now, I promised you earlier I was going to show you how to handle some complex apps as well. Melissa’s no exception. She actually has Visio 2007 on her slate. So, when I give it to her, I need to make sure I can automate the removal of that as well. That’s been difficult over the years. Multiple targeting collections and advertisements, lots of scripting to be able to do it.

We’ve built a brand new feature in beta 2 called supersedence. It allows us to take an application, specify that another application is newer and possibly replaces it, and then automate the removal of that. Let me show how easy that is.

I’m going to go to the properties on my application, go to my supersedence tab. Add this in, and I’ll go find Visio 2007 in my application library. Click on the dropdown arrow. And then I actually click the automated uninstall button. Three clicks, and I’ve now actually set it up so that 2010 replaces 2007, automatically does the uninstall for us. (Applause.)

Craig on my team is going to be so mad I stole his thunder for today. So, fortunately, we set this up, and Melissa’s ready to roll because she got one of those emergency phone calls last week from her boss where she got a chance to try this out. Let’s take a look.

(Video segment.)

BILL ANDERSON: All about getting Melissa the apps she needs in the right way and allowing her to get back to “Finding Nemo” quickly.

So, we took care of that emergency pretty easily. Now let’s go ahead and see if we can take care of the other side. Melissa loves her slate device, so what I want to do is bring Melissa back out at this point in time and have her show you kind of what that experience would look like from her slate as well. Look, it’s a real device, not a VM either.

MELISSA STOWE: All right, so when I worked from home the other night, I saw that I had Visio 2010, and that has that cool ribbon bar. I want to get that on my slate, but I still have Visio 2007 on here.


MELISSA STOWE: Is that going to be a problem?

BILL ANDERSON: Not if I did my job right, no.

MELISSA STOWE: OK. So, just like when I was at home, I go to the application catalog, there’s Visio, click install. Yes, I’m sure. Seems like it’s taking a little bit longer than I did than when I was at home.

BILL ANDERSON: Yeah. It’s just finishing evaluating the rules, but in this case, Melissa, we want to make sure you’ve always got the content local there so you can run it on an airplane. It’s also far more network-sensitive, so if you’re roaming around over disconnected networks or infrequently connected, we can get it all persisted locally and give you a great experience.

So, this is about 700 meg of Visio at this point in time. There’s no reason to make you watch download stuff. Let’s just going ahead at this point in time and say we’ve done it right, trust me, it works on this one. (Laughter.)

You can see how simple it was for us to kind of set it up, define an application in one place with a few clicks, and make sure that she can do everything she needs from anywhere at any time. Let’s put that down and give the stage back to Brad.

BRAD ANDERSON: Thanks, guys. (Applause.)

Thanks, Bill.

BILL ANDERSON: Mr. Anderson.

BRAD ANDERSON: Hi. Thinking about how to introduce this next topic here and, you know, and the topic I wanted to talk about is some of the infrastructure consolidation that we needed to do. And I’m thinking about how many infrastructures — just think to yourself for a minute. How many infrastructures do you have in your organization that you somehow touch or you care for today? Obviously most of you have got Active Directory, you’ve got something like Configuration Manager, you’ve got a separate if for probably your protection, maybe a different one for VDI, maybe one for thin-client servers.

But, you know, the point I’m trying to make is that the majority of you have got multiple infrastructures — that’s cost, that’s time, that’s training, that’s effort. Each of those have their own console, generally speaking. So, I looked at this picture and I said, “This guy looks depressed.” And each one of those is a console that he’s having to dive in and out of every day.

A big, big part of our effort has been to help you dramatically reduce the cost and the strain on your organization by consolidating infrastructures. So, cost is a part of it, but by doing that, one of the most interesting things that happens is you start to be able to enable scenarios that you’ve never been able to do before.

You know, starting to think about how you could use the information that we now collect as we built this user device affinity with user centricity in the area, for example, of malware protection.

So, what I want to spend a couple of minutes talking about here, going to give you a couple of demos on, is some of the work that we’ve done in areas to help you consolidate.

So, as you think again about System Center, I want you to think about how you consolidate your physical and your virtual desktops into one place as far as a management perspective, how you consolidate your protection and your management, and then how you can wrap all of that with compliance.

So, let’s start with VDI. We’ve done a lot of work in VDI both in System Center and in Core Windows. With Service Pack 1 of Windows Server 2008 R2, we introduced a new set of capabilities called dynamic memory. And with dynamic memory, we were able to increase the density of VMs in a VDI world by over 40 percent. OK, all of you know in a VDI world, one of the primary cost drivers is the density of VMs and how dense can you pack in those VM sessions.

With Service Pack 1 and working in conjunction with Citrix, we now have the highest density of VMs in a VDI session, bar none. We also have the lowest cost per VDI session bar none. Now, last year at this event, we talked about some of the things that we were doing in terms of partnering with Citrix. We demoed for you for the first time some of the integration where you can manage XenApp through Config Manager. And I had an ask of you. My ask was, you know, go take your Citrix counterparts out to lunch, go have a coffee with them. Today, what I want you to even get more involved in this. You need to be involved in the VDI world in your organizations if you are not.

VDI is one of these really interesting things; it’s kind of a tweener. Is it the server team’s responsibility? Is it the desktop management team’s responsibility? You know, you’re delivering a desktop, but so much of the work is involved in how you actually build out the datacenter and the services that go with it.

So, typically when I talk to organizations about this, I hear different things in terms of who owns it and who’s responsible for it. You need to be involved, and you need to make sure that you manage it through the same infrastructure that we’re doing with System Center Configuration Manager for your physical desktops.

Now, we’ve done a lot of work that is specific to VDI in this next version of Configuration Manager. You know, we’ve done some work — when you’re in a pooled world, when you’re in a personalized VDI world, but we actually have a deep understanding now, intelligence about VDI that we can enable you to do custom configurations and actually have Configuration Manager behave and react differently, not only when you’re in a VDI world as opposed to a standard, distributed physical world, but when you’re in a pooled versus a physical VDI world.

I want to show you that, and I also want you to get an understanding of what dynamic memory does in terms of increasing your density in VMs per server. To do that, Deb and Michael are going to come out and give you a demonstration of those two pieces. So, let’s give them a welcome. (Applause.) Hey, Deb.



MICHAEL KEEFE: Thanks, Brad. Thanks, Brad. Thank you. So in this demonstration, I’m going to be the Contoso datacenter administrator. We’ve actually been working with XenDesktop 5 and Hyper-V for quite a while now. But one of the things I find frustrating is two different management paradigms — one of the VDI world and one for our physical desktop world.

DEB MCFADDEN: Let’s talk a little bit about that. I’m the client administrator, and I use Configuration Manager 2007 to manage both my physical desktop and virtual desktops in one admin console. Now, in Configuration Manager 2012, use that same console, but with the integration with Citrix XenDesktop and Microsoft RDS, I now understand those virtual desktops a lot more. And they’ve also provided some automation where I don’t have to do those custom tasks that I typically did in my VDI environment.

Michael, you know how personal virtual desktops are kind of like physical desktops, yet it’s still really hard to look at the machine names and understand what desktop type it is.

So, I’m going to walk over here and show you what we did in Configuration Manager 2012 to help you understand the virtual desktop a lot better.

I’m going to focus on — I’m a typical administrator. I have a software update deployment for this month. And what I wanted to do is understand the compliance. I see that there are a few more errors than I’d like, so I’m going to drill down into view status. And under the error tab, I see that some of the machines have failed to download updates.

If I look in the devices, I see there’s lots of machines, but I’ve got this cool, new column over here called desktop type, where I can understand that this particular machine is a personal virtual desktop whereas machine number 10 is actually a physical desktop.

So, again, Citrix XenDesktop and Microsoft RDS have helped us and integrated this information about the guest VM.

Now, how do they actually do that? Let’s jump over to administration. In my client settings, I have a default client agent settings group. And these properties of agents and the hardware inventory are all defined for all my clients in my hierarchy. My intention is to gather information specifically for the virtual desktop.

So, I click — I’ve made this virtual desktop settings group. I’ve already selected the hardware inventory. And what I’m going to do is choose hardware inventory set classes. And there’s a virtual desktop class that I can enable. And you see that here we have broker site name, pool name, desktop type. That’s all the information that our partners have provided to us. So, we can start gathering that for the virtual desktop group.

Now, it will make sure that that group gets applied to a set of machines. And I’ve already created the pooled virtual desktop collection, so I’m going to choose that. Now, in Configuration Manager 2012, I don’t need to create a separate site or edit SMS in the notepad anymore. (Applause.)

I mentioned automation a little bit earlier. And what I wanted to tell you is that, in Configuration Manager 2012, we’ve put the schedules for software inventory, hardware inventory, software updates so you don’t have to worry so much about those VDI storms, and I don’t need to think about my staged deployment methodologies that I did in the past.

Now, let’s flip over to personal virtual desktops, which are a little bit different in nature because they’re transient. As a VM shuts down, it rolls back to the base image. And a lot of times, I’d lose all that information, any type of space that I would have had on that machine.

As I thought about this as the desktop administrator, I wanted to understand what kind of feature sets really were applicable in that type of setting. And we looked again at software updates, and we decided that for software updates we want to make sure that those deployments don’t go to the pooled virtual desktop end points. Therefore, we decided that we wanted to create a collection that didn’t target those pooled desktops.

So, I’m going to go to asset and compliance. I’ve already created my desktop clients, and you also see that I’ve already created the all pool to the virtual desktop.

What I’m going to do is go into all desktop clients, and change the membership rule. I have this ability to exclude the pooled virtual desktops. Now, when I target the desktop clients group from my Patch Tuesday deployment, the pooled virtual desktops will not get that actual deployment.

So, again, back to a little bit of automation in this space, for pooled virtual desktops, we’ve worked with our partners, and they’re saving the Config Manager uniqueness. So, as the VM shuts down and starts up, the uniqueness is still there, which ultimately means that I don’t have to spend time managing obsolete records, and the end users actually get their applications faster.

What do you think, Michael?

MICHAEL KLEEF: That’s fantastic. That’s exactly what we were looking for in our environment. But for me as the infrastructure architect, I’ve got to think a little bit more about some things like density, cost per user, making sure we’re getting the best performance for our users.

So, we’ve actually done some work in our datacenter with XenDesktop and Hyper-V already, as I mentioned. But one thing we haven’t tried yet is Service Pack 1. Now, previously on our blade we have about a 96 of RAM loaded blade; we would get about 85 virtual machines because we had to static reallocate memory on those VMs. But now with dynamic memory, Microsoft is saying 40 percent. That for us means 120 VMs per blade, which is a significant increase, and a much lower cost per user if I can increase that density.

Now, what I’ve done in my datacenter is, I’ve modeled this environment. I’ve used the exact same workloads that Microsoft has actually been using to do some of its tests, although in my version, I’m using Login VSI Version 3 whereas they were using Version 2. Now, just to give you a bit of information, Login VSI is becoming the de facto industry standard benchmarking tool for VDI. It’s a tool that tries to simulate user behavior.

On the screen, you can see this iteration as it’s going through. It does a number of typical user actions. It starts Word; it starts Outlook; it starts Flash-based media. On the screen you can see it’s doing a workflow application, and right now it’s about to do some more stuff in Word and type some stuff in. I’m doing this across all 120 VMs. We actually started this workload test around about 35 to 40 minutes ago. I’ve got 40 individual sessions on this particular machine. And I’ve got another 40 on each of these two other launchers as well.

I want to go a level lower and see how the blade is actually performing. I will switch to my Hyper-V console, and you can see I’m definitely stressing the blades. I’ve got 120 individual VMs on this blade right now. Let’s just go and have a look at those VMs. As I scroll down from 1 through to 120, you can see all those VMs are in various different states of operation. You can see some of them are sitting at around 700 meg. Some of them are even sitting around 500 meg because they’re waiting to start the workload itself. But this is an example of dynamic memory in action. Dynamic memory is realizing what each VM requires and allocating the appropriate amount of memory to each VM. As the VM is finished using the application memory, it gets handed back to the pool of memory on the server itself.

So, we can see the performance right now, I want to see how that’s actually been going over the last 30 minutes or so. So, I’ve been running a data collector set here. I’m going to stop the data collector set and commit those results to my report. So, I’ll switch over to the one we’ve just been doing. And you can see it’s been definitely going up and up and up as the workload has been increasing on the blade. And we actually did one last night as well. So, you can see the difference in dates. This is the 23rd of March 2011 at 8:37. That’s when we started that this morning.

Last night we did one, 22nd of March 2011 at 7 p.m. Now this particular one will pop and show us the similar information but with a different curve. Oh, thank you, performance monitor. Thank you so much for that. OK, so let’s go to another performance monitor console, and we’ll pop that one instead and go to reports, and we’ll do that again. There we go.

So, you can see there  (applause)  wasn’t that a good demo recovery? I mean, that was pretty good, huh?


MICHAEL KLEEF: So, you can see the curve in action. You can see the green line represented by the processor. You can see that it went right to the top. It didn’t exhaust the server by any means. So we still had plenty of user response left. You can see the red line is the memory pool on the server itself. You can see how dynamic memory was in action automatically allocating memory to all those VMs, and as the workload started to change and move, you see it reclaim memory back. At the end of the test, you see it all coming back to the pool.

The blue line represents one of those virtual machines in action. It started at 512 meg of memory, and during the workload, it was required to add more memory. So, it showed dynamic memory definitely in action doing what it needs to do. So, it’s a combination of dynamic memory and XenDesktop. We’ve got a really great high-density solution that definitely delivers a solid performance. And with the management capabilities, we’ve really got a great integrated single pane of glass story that integrates those two pieces together.

DEB MCFADDEN: That’s pretty impressive, Michael.

Now, Melissa, what’s her experience going to be like when the system is fully loaded, like it is now?

MICHAEL KLEEF: Well, we expect she’s going to still get a very snappy performance experience based on, you know, she doesn’t even see dynamic memory. It doesn’t even mean anything to her. It’s just going to perform.

DEB MCFADDEN: All right. Well, let’s bring her out and see what she says.

MICHAEL KLEEF: Hi, Melissa. How are you?

MELISSA STOWE: Happy to be here. How about yourself?

MICHAEL KLEEF: Good, good. So, what we’ve done is, we’ve just already logged in for you to your XenDesktop VM. So, we’d just like you to just try a few things out, and just do the sort of typical things you would tend to do. So, how does that sort of feel for you?

MELISSA STOWE: It feels pretty darned snappy.

MICHAEL KLEEF: There’s your Outlook. There’s Word. Actually, we just also put like a little icon on your desktop. If you can just run that video, we want to see how that performs as well.

MELISSA STOWE: Video over the VDI.

(Video segment.)

MICHAEL KLEEF: That’s fantastic. So, we seem to be getting really great results and performance on a fully loaded blade. So, it really demonstrates that dynamic memory is delivering really great value, really great density, and, with the integrated management that Deb is obviously delivering from the client administrator, Melissa gets fantastic benefits, really great results, just good overall.


MICHAEL KLEEF: All right. Well, thanks very much, everyone. We’ll turn it back to Brad. Thank you. (Applause.)


So, the main point I want you to take away from this is VDI is a way to deliver a desktop. It’s not a desktop management strategy in and of itself. You still need the tools like Config Manager and System Center to really truly enable a VDI environment. And we’ve done a lot of work to deeply understand that VDI environment and give you some of the options that you need. So, we talked about how we can consolidate physical and virtual.

Let’s talk a little bit about some additional consolidations. What I’m representing here is most of you are in an environment today where you have one infrastructure deployed, the white servers, for your configuration management, your desktop management capabilities, and another infrastructure deployed, the gray servers here, to do your host protection, your antimalware. Two separate infrastructures, two separate consoles, two separate learnings. This is just not a place you want to be.

So, what we’ve done with System Center and Forefront Endpoint Protection is we released Forefront Endpoint Protection 2010 in December, which builds our antimalware directly on top of your existing Config Manager infrastructure. At Microsoft, my team manages the 300,000 desktops that we manage at Microsoft. We deployed FEP 2010 to all 300,000 desktops, the existing infrastructure, and guess how many servers we added? We added one because we wanted to have a dedicated reporting server to do some of the reports; we wanted to run the steps.

For most of you, what this means is you will be able to eliminate an entire infrastructure, a global infrastructure, in your environment, take out costs, and at the same time enable some scenarios we’ve never been able to do before.

So, a big, big part of our technology investments here have been, let’s enable you to consolidate the infrastructures and the consoles, which we’ve done, but I think we can do better. I think we can simplify even how you acquire and use this technology. So, this is a significant announcement. We’re announcing today that Forefront Endpoint Protection is moving from Enterprise CAL into Core CAL. (Applause.)

Make sure everyone understands what this means to you, the majority of the people in this room own Configuration Manager, and the majority of you who own Configuration Manager have acquired that through an enterprise agreement and Core CAL. What this means is you now own the right to Forefront Endpoint Protection, antimalware, a solution that drops right on top of your existing Config Manager deployment.

So, my challenge to you is go do it, right. There’s no reason why you shouldn’t be using Forefront Endpoint Protection, take your costs down, and then let’s imagine for a little while now what we can start to do as you start to move forward and you look at Config Manager 2012, and these concepts of user centricity. Let’s talk, and let’s demo now what you can do as you start to marry your Endpoint Protection with Config Manager. And to do that, Mark is going to come out and show us some of the things that are going to be coming out with the next version of Endpoint Protection built on Config Manager 2012.

MARK FLORIDA: In this demonstration I’m going to show how I, using Config Manager 2012, manage the security settings on malicious devices, how I automatically deploy new antimalware definition updates, and I’ll also show you some rich new, user-centric reporting capabilities available in Forefront Endpoint Protection.

Let me hop into the console here to show you how I get this done. So, here I have the baseline monitoring experience for a security compliance baseline in my environment. What you can see is that Melissa’s slate device is currently compliant; however, her laptop is not compliant. With Configuration Manager 2012, I can now not only use this baseline for monitoring, but I can also use it to remediate devices as well. Let me show you how I do this.

Right here is that baseline that we were just looking at. Since it will take a few minutes for the change to apply on the client, what I’m going to do is modify the deployment so that it will remediate Melissa’s laptop for us. So, now that that’s working, what I now want to talk to you about is what’s actually in this baseline.

So, in this baseline I have settings for Forefront Endpoint Protection, Windows Firewall, Internet Explorer, Office settings, as well as mobile device settings. So, what this means is I have one baseline, with all of my security settings. This means that I can manage with this baseline across all of my devices. That means the laptop, the desktop, mobile devices. Configuration Manager will then do the magic for me by applying the right settings to the right devices.

Now that I have the settings defined that I want to manage, let me show you how I automate the distribution of new definition updates. So, my company has decided to consolidate an entire infrastructure using Forefront Endpoint Protection on top of Configuration Manager. New antimalware definition updates are released multiple times a day, and I know that I don’t have the time to manually approve each one. Luckily for me, there’s a new feature in Configuration Manager 2012 called Autodeployment Rules that do the work for me.

Here’s a rule that I have for Forefront Endpoint Protection, definition updates. In this rule what I’m able to do is, using a rich set of criteria, define the updates that I want to automatically download from Windows Update, and then deploy out to my client. So, what I’m going to do is I’m going to grab just the definition updates. Then I’m going to set an evaluation schedule of every eight hours since new definition updates are released three times a day, and it’s as easy as that.

Now, Configuration Manager will keep my clients up to date using my existing Config Manager content distribution system. Now let me show you what it looks like for me to monitor antimalware activity in my environment. Here I have an antimalware report, which shows me great information. It shows me summary information of the number of clients that are infected. It has information about the top malware that exists in my environment.

I can then drill into that malware to see statistics that relate to a specific type of malware. Again, I can see information about how prevalent it is. I can see which machines are currently infected. And then, this is where it gets really exciting, what I can now see is I can see the users that are impacted. Understanding the users that are impacted means that I can understand the impact to my business. This is something in Forefront that’s now only possible using Configuration Manager 2012.

Now, let’s take a look back at Melissa’s laptop. What you can see here is that we’ve successfully remediated Melissa’s laptop, so now that she’s compliant, Configuration Manager will now automatically remediate her laptop, if for some reason she becomes non-compliant again. So, in closing with Configuration Manager 2012 and Forefront Endpoint Protection, we as client admins can unify our security and management infrastructure while providing a consistent and secure experience to our end users.

Thank you. (Applause.)

BRAD ANDERSON: Good job, Mark.

So, what do you think about that? How does that dramatically simplify the work that you have to do to both manage and secure? As I think about this user-centricity and now the ability to integrate and tie that user identity down to the malware that you find, think of that just in terms of compliance. At the end of the day, what you’re concerned about is when a user’s device gets compromised, where else might that user have compromised any resources or data within your system?

So, while we’re talking about security, let me talk about another thing that we’re going to announce today. We’re going to announce an addition to the MDOP family. Inside of the Desktop Optimization Pack, we’re going to introduce a new feature, a new set of capabilities called the Microsoft BitLocker Administration and Monitoring. So, take a look at that acronym for a minute. And BAM, it’s one of the best acronyms I think we’ve ever had.

Let me tell you what this does. Think of this as a set of capabilities that are now going to allow you to go out and scan your systems across your enterprise, across your organization, identify which devices are capable of having BitLocker deployed, deploy BitLocker. On a regular basis, get reports back about which devices have BitLocker enabled, and which do not have BitLocker enabled, enable a self-service experience for key recovery, in the case that a user forgets what their key is. This will really make BitLocker enabled for you to use across your organization. Beta is available today.

This will be releasing this year. And just like we’ve done with the other MDOP components, you’ll see us more deeply integrating this with Config Manager, as Config Manager really is that integration or rallying point where all of this comes together. So, I really would encourage you to take a look at this. BitLocker is truly a remarkable capability in terms of protecting the data and the assets that walk out of your organizations every day. And this is a great management solution to use with that.

We’ve been talking about simplification and unification of your infrastructures. If you want to go to the ultimate step, in terms of infrastructure simplification, you want to move that infrastructure into Microsoft’s cloud.

I guess the ultimate simplification is there is no infrastructure in your environment. So, many of you have been coming to MMS, we’ve been working on desktop management protection as a service offering, and today we’re announcing the general availability, day one, of Windows Intune. (Applause.)

Truly, I think we’re all going to look back in the years to come and look back today and say, this was an historic day. As you think about the movement to the cloud, and this integration of the cloud and devices, and consumerization, as I look at what the True North is, and where the market is going to head over time, more and more and more of you are going to want to deliver your desktop management protection services from the cloud and not have to worry about that infrastructure.

You’ll do it at your own pace. You’ll do it on your own terms as we’ve talked about. But, with version one of Windows Intune, here’s what you get. You get, first of all, Software Assurance for Windows. As we come out with a new version of Windows, you’re guaranteed the upgrade rights to that.

You have a solution that gives you inventory, software updates, host protection, some remote assistance, some policy management, as well as monitoring. Now, this is the first version. We’ve had 15–16 years of investment in Config Manager. So, it’s going to take us time to get up to parity with that. But this is a solution that has been incredibly well received. A year ago today, or a year ago at this event, we talked about releasing the beta.

We thought we had been pretty generous in the number of slots we had opened for the beta, but it filled up in less than eight hours. So, the next day, we had to open up at 10 times what we thought the beta allocation was going to be in terms of the infrastructure we had deployed, there was that much interest in it.

Many of you know that one of the things that my team has done is we have taken on the responsibility of managing three organizations’ desktops. So, we manage the desktops of Energizer, an organization called Doosan and an organization called XL Capital. And the reason we’ve done that is Microsoft is just not quite the average organization in terms of what a corporate IT looks like. So, having to live and die by where, you know, we charge a certain amount per month, and we have to live within that, it drives discipline, and it drives feedback into the engineering teams about what a real world looks like, and we live and die with that.

One of those organizations, Doosan — and Doosan for those of you who don’t know, it’s the company that makes the little Bobcats that are used in construction. They’ve moved all 3,000 of their nodes to Windows Intune and managing them on Windows Intune for about six months. So, our aspirations on this are very big in terms of what we want to deliver, our aspirations are very, very big in terms of delivering value to this. And the great thing about it is, when we deliver new technology into the service, you can start consuming it that same day.

You know, one of the things I talk about with organizations on this is, one of the things that just kind of frustrates me as a leader, and as I go out and visit with customers I’ll ask, “Tell me what capabilities you’re using of the product that we build for you? “ For example, I’ll be talking with someone who is using Config Manager, and say, “Well, we’re doing inventory, and we’re doing software distribution and software updates. I can’t wait to start using Desired Configuration Management. I can’t wait to start using these other capabilities.” And whenever I ask, “What’s hindering you, what’s blocking you?” It’s just time. All of you here today, you’re going to be learning about System Center Configuration Manager 2012, it’s going to be releasing this year. When will you actually get it deployed in your environments to take advantage of all the new capabilities? Will it be three months? Will it be six months? Will it be 12? Will it be 18? It depends on what your rate is. With an online service, as we deploy new technology, you can take advantage of it that day. You don’t have to worry about upgrading your infrastructure. This does not put you out of work. This does not threaten your livelihood. This enables you to build more value to the business and deliver that value faster. So, as I think about these online services, I think about the rate at which you can deliver new value to your users, to your business, and differentiate your business.

Now, what I thought would be interesting is for you to actually hear how people are using this. OK, so not Brad talking, not Microsoft talking, but let’s let an individual who actually has been living with this, not only for their own desktop management, but is actually managing multiple customers with the beta. And so, with that, please welcome Steve Hall to tell us a little bit about that.

How are you doing? (Applause.)

STEVE HALL: How are you doing, Brad?

BRAD ANDERSON: Thanks for coming.

STEVE HALL: Thank you. The pleasure is all mine. It’s March Madness. I’m here at MMS with all of my peers. And even though the weather is not so great, it’s still Las Vegas.

BRAD ANDERSON: Hey, you know what, there’s sun here. In Seattle, it’s rain, so I’m happy.

STEVE HALL: Well, back east in D.C., it’s kind of cold there, too. So, I’m always happy to be here in Las Vegas.

You know, I’m only here today, though, because of solutions like Windows Intune. We manage desktops for many clients, hundreds of desktops. But using Windows Intune, we’re now able to manage all the desktops the same, whether we’re at home, we’re at our office or I’m working the Mandalay Bay.

You know, when I heard about Intune about a year, year-and-a-half ago, just like you just said, one of the concerns I had, will this solution commoditize my business, commoditize a lot of my work, put me out of work. You know, none of us want to go look for jobs in this industry in this market right now. But, like you said, we’ve been using Windows Intune to manage hundreds of desktops for the past year, and not only will it not put us out of work, it’s allowed us to do our jobs faster, better and much more efficiently.

I’m going to jump right at the demo, if you don’t mind?

BRAD ANDERSON: One of the interesting things as Steve and I were talking is, we talked about how not only has it not commoditized what he does, but it’s actually been able to accelerate their business, so they can actually do more and take on more customers with the same amount of capacity.

STEVE HALL: Now, I really wanted to show you guys my live demo environment with all of our clients and all their PCs. For legal reasons, we’ve had to use the Microsoft Demonstration Account. So, you’ll see some familiar names up there. Fortunately, I did get my company in here, District Computers.

When I login with my Live ID and password, I’m presented with the multi-account console, which is a fabulous console, and it’s really the magic behind the efficiency for my company.

BRAD ANDERSON: I want to make a point about this. Last year, when we demonstrated Windows Intune, many of you came to us and said, listen, we love this, but I manage multiple customers, multiple accounts. I want a multi-tenant console where in one place I can quickly see everyone that I’m working with.

STEVE HALL: It’s more than just seeing everybody I’m working with. I mean, we can scroll through and see all the client accounts, all of the PCs across all of the client accounts, and get a picture of health. I can sort by health what’s going on with these clients instead of names. But the power here is that no longer do we have to VPN into one client network, then open up the PC management platform. You know, RDP into another client environment, pull up antimalware. I can just jump in.

BRAD ANDERSON: Because this is running in the cloud, and it’s multi-tenant in its inherent nature, as long as you have an Internet connection, you can manage.

STEVE HALL: So, let’s see right now who is not doing so well. We’re going to sort by health, and we see Northwind Traders has red Xs all across the board, never a friend of mine.

BRAD ANDERSON: Yes, red is usually not a good color.

STEVE HALL: I’m now prompted with the Windows Intune Account Management Console. Some of you may have seen this before; it may be new for the rest of you. We have the traditional Web interface with the left navigation pane. I’m most concerned with this overview panel right here in the middle. IT gives me a singular snapshot view as to what’s going on with all of the PCs within Northwind Trader’s network.

Being a stickler for security, I want to find out exactly what’s going on with its Endpoint Protection. Simply click through, and low and behold, it’s the CEO’s computer.

BRAD ANDERSON: It’s always the CEO.

STEVE HALL: Always those guys, they never get the stuff right. But fortunately, with Windows Intune, I don’t care if the guy is working at home. I don’t care if he’s at the office, I don’t care if he’s on VPN, or even using direct access to get in the corporate network. As long as he is online, we can access his computer. We see there’s one follow-up needed. So, let’s see what’s going on.

Now, I’ve drilled down further. From here I can get a lot more granular detail as to what is going on with this machine, updates, hardware, software, status. Once again, I want to focus on that malware threat.

BRAD ANDERSON: I think the team has just done a wonderful job here of a very simple interface that just very quickly you can see exactly what the status is.

STEVE HALL: Exactly.

BRAD ANDERSON: Hats off to the team. They’ve done a wonderful job.

STEVE HALL: From here, I get a big sigh of relief. Thankfully, the malware is blocked, so it takes care of half of my job for me.

BRAD ANDERSON: So, blocked, are there actions you need to take on this?

STEVE HALL: Well, it tells us right here. Even though it’s been blocked in this case, there are still always steps to be done. Always running a full-system scan is a best practice, we all know that. After I run that scan, the status log will go away. Even if the malware was not blocked, it would give us steps as to what to do.

BRAD ANDERSON: This is all coming off the Web, coming off the Microsoft website in real time. You’re getting a very easy way to look at it.

STEVE HALL: Yes. I mean, it really makes what we do a lot faster and easier.


STEVE HALL: Now, we all know threats and updates go hand in hand. If we’re not all the way up to date, we’re more susceptible to getting attacked by threats. So, I’m going to jump right into the update, sort by those that need to be improved. Well, go figure, he doesn’t even have Service Pack 1. You know, that just came out a few weeks ago, and I hope all of you, all of our desktops have it now.

Being that he doesn’t have it, and he’s the CEO, he might not be the only person in the company that doesn’t have it.

BRAD ANDERSON: So, is there is an easy way to see who else?

STEVE HALL: Sure. It’s not only his computer; it’s 82 others that need the update. Now, I’m going to go ahead and approve this update for all 82 computers. I’m going to select all the computers, select install, press OK, and I’ve already sent the approval for the installation.

BRAD ANDERSON: And those devices, as long as they’re online somewhere, they’re going to get Service Pack 1.

STEVE HALL: As soon as they come back online, they’re going to be prompted to install. That’s really the power of Windows Intune. But not just that, like we said earlier, I could simply switch to another account and manage an entire other network like that.

BRAD ANDERSON: I hope you can see the value that this brings. Literally today we went general availability with this. One of the things you told me about one time was, you went into an account and in, like, five minutes you had a certain number of nodes up and running.

STEVE HALL: It’s fast to deploy. All we have to do is go into the software settings, click on Install the Agent; within 30 minutes the agents have already checked in and we’re able to manage online, just like that.

BRAD ANDERSON: So, in 30 minutes you’ve gone through an account, and 50 PCs are up and being managed and updating them.

STEVE HALL: And I’m making money along the way.

BRAD ANDERSON: This is wonderful; what else do you want to show us or talk about?

STEVE HALL: Actually, I’ve pretty much gone through all the things for the demonstration purposes, but I do have a question for you.


STEVE HALL: Obviously, I believe in Windows Intune as a PC management platform, and I think it’s an incredible solution. But, what else can we expect to see because you did mention this is generation one, and there can be more things.

BRAD ANDERSON: OK. That was a good question. So, V.1 is available today; because this is a cloud service, it’s going to be released on a cloud cadence. What that means is it’s going to be coming out frequently. So, to give you an idea we’ve had the team working on Version 2 — Version 2 is well over half done. And so expect, first of all, from a cadence standpoint, us to release this frequently, as you would expect from any service.

STEVE HALL: I’m on board, and I’m definitely in tune with Windows Intune, and I hope all of you all are, too.

BRAD ANDERSON: Let me give you some additional data on that. The first question when people want to drill into this, like you’re asking about it, OK, when are things coming like software distribution, OS deployment, designer configuration management, start going through the features that we’ve built over many, many years in configuration manager. As I mentioned, our aspirations on this are big. OK. We expect that this is actually going to become  I mentioned, this is an historic day. A few years from now we’re going to look back and this, and this will become the premier tool that people use to manage their desktops from the cloud.

So, as we think about this, we’re doing what we call intentional parity. So, we’re going to drive intentional parity with the tools that we have on-premise. Some of the pieces really don’t make sense in the cloud, but certainly software distribution and designer configurations, all of the pieces that are there are just hallmark components, user-centric client computing based upon an identity in the cloud. All those pieces are coming, and expect them to come at a pretty frequent cadence because this is a cloud service.

STEVE HALL: Well, I’m certainly looking forward to it. A lot of my clients are looking forward to it. I mean, those features are incredible; we have some good stuff now.

BRAD ANDERSON: Thank you for coming.

STEVE HALL: Thank you.

BRAD ANDERSON: Let’s give him a hand. (Applause.)

It’s a big day. Interesting data point here: It went live this morning, and so we actually had put the URL and the website up live on Monday, but I hadn’t published the website. I was talking with the team last night, and they said that there are already dozens and dozens of customers who had signed up for the  to use the product, even though we hadn’t technically made it available yet.

All right. Let’s summarize, and let’s talk about what  summarize what the day has been about. Look at the similarities, again, between this and what we spoke about yesterday with the cloud. Empower your users, empower your users, they want to be productive. They want to be partners with you. They want to work how, where and when they want, and you can do that, you can enable that, given the tools we’ve shown you today.

Unify your infrastructure. We’ve shown you ways that you can now empower more, and more highly leverage that Config Manager infrastructure that you have.

Take advantage of that. Get a hold of Forefront Endpoint Protection; use it for your device management; use it to manage your distributed and your centralized desktop. You will not only see dramatic decrease in costs, you will see dramatic increases in some of the things that you’re able to do. And finally, all this will simplify your lives and makes you more productive.

So, let’s talk about the roadmap for a minute. One of the questions you’re all going to have is, “When does all this come out; when is this released; when can I get my hands on it?” The yellow items are beta today, or are generally available today, the blue are things that are coming soon. But look at what is releasing this calendar year, in terms of value for all of you.

I mentioned yesterday at the beginning of the first keynote, in my career I’ve never seen this kind of innovation coming out, so concentrated in one single area. The team has done a phenomenal job of building tremendous execution skills, so that we deliver what we say we’re going to deliver to you when we said we’re going to deliver it to you. The teams are doing phenomenal in keeping their commitments.

You can count on these technologies delivering with all the things that you’ve seen today, that you’re going to see throughout the rest of the week. You can count on them hitting their dates with quality and enabling you to advance your businesses.

So, again, clouds and consumerization, it really is all about empowering you and empowering you to empower others. The theme and the message of the conference is all about empowerment. Empowerment has been a core concept that we’ve thought about throughout the design, throughout the execution, and building of what we’re delivering into the market this year. Embrace the cloud, embrace and drive differentiation, drive your businesses forward, drive your personal careers forward.

Embrace consumerization, enable your users, enable them to work how, where and when they want. It’s the best thing that you can do for your business because your businesses will differentiate.

In closing, I just want to say thank you. It is a true honor to partner with you and your businesses. We feel that responsibility. We feel that on our shoulders that we want to partner with you more deploy. And we’re going to work hard to keep that commitment, and we’re going to work hard to more deeply partner with you and your businesses.

Finally, there’s a lot of things to happen this week yet. This is only day two of four days — you’ve got three days of wonderful session and hands-on labs ahead of you. But we’ll look forward to seeing you next year in April at the Venetian. Thank you, and have a great time.