ANNOUNCER: Ladies and gentlemen, please welcome to the stage Microsoft corporate vice president Jason Zander. (Applause.)
JASON ZANDER: Well, good morning, everybody, and welcome to TechEd. We’re very happy to have you here.
We’ve lined up a really great conference this week. We’ve got tons of great speakers and great sessions. We’ve got some fun here as well. So I really hope you enjoy the week.
Now, I’ve spent 22 years at Microsoft working on platforms, especially for the enterprise and things that we do here every day. And because of working on that type of environment, TechEd is actually one of my favorite shows that we do or conferences that we pull together, because everybody in this audience are people that I’ve worked with for two decades actually, and getting feedback on our systems for our developers, as well as our IT professionals. And all of us have to come together in this room, so it’s great to have everybody here.
Now, our environment is continuing to evolve. We’re going to talk today a lot about the cloud and productivity and new enhancements, and we have also some announcements that we’re going to make and give that to you as well. I think being able to have all of us here is going to be a great opportunity for us to discover how we can actually work together in order to advance that.
Now, the first thing I want to do is start looking at some of the trends that we see in the industry, and I want to be able to start off talking about device trends and what we see there.
In particular, the last 10 to 15 years there’s been an explosion of connected devices. We’ve got billions of PCs and smartphones and tablets, and I’ve pretty much figured that with everybody in the room we’re carrying at least some kind of a smartphone or probably a tablet, maybe a laptop, and for many of us probably even some kind of a wearable on our wrist.
Now, the amazing thing about this is that’s just an amazing growth, because if you look, in the year 2008 the number of connected devices actually surpassed the number of human beings on the planet. That’s just astonishing. So we’ve got hyper-growth of connected devices in all of these form factors.
And if we start looking even further off to the right, we should expect to see trillions of connected smart and intelligent devices. If we think about things like Internet of Things and how that’s starting to transform industries, we can have in the next five to 10 years tens of trillions of devices out there.
And really what that means is that what we’re doing going forward is not going to be defined by the form factors that maybe we’re even holding in our pockets right now, but by new form factors and software and solutions that we have to build that haven’t even been thought of yet. So at that point, computing is going to become truly ubiquitous.
Now, if you look at this environment, what are we seeing? We’re seeing explosive and exponential growth, and across several different things. First of all, our users continue to grow, as we just discussed, and our devices continue to explode as well.
Now, we also have a significant number of new applications we’re using on those devices, and in addition to the ones that we have today.
And the amazing thing about this, as you start putting all these things together and you’re going to get an explosion of data. All these devices that we have are going to be generating a significant amount of telemetry that we can gain insights from, and it has to be able to track.
We also have petabytes, hundreds and hundreds of petabytes’ worth of data that we create in our own productivity suites and in that type of environment.
Now, with all that explosion of all these growth that we’re going to have, we have to have something to be able to power it and be able to deal with that. And we’re going to be powering that through the cloud. We think being able to have these two things together is going to be a requirement.
Now, enterprises today, we’re operating in this ever-connected and this cloud-oriented world, so our world is changing.
Now, we believe at Microsoft that where you bring together the device, in addition to the cloud world, that that’s really where we’re going to start seeing this transformation. And that’s what we mean when we talk about this mobile-first and cloud-first world. It’s a case where I can have my mobility, I can have those sort of solutions, but without the cloud it’s harder to be able to do interesting things with it. And with the cloud itself I can augment the two together.
Now, mobile-first in this case is about the individual’s experience. What that means is no matter which form factor you’re using, we want you to be able to have that experience follow you. So if I’m using my smartphone or move to my tablet or if I even have a wall-sized display, then my information and the intelligence around that comes with me.
On the cloud side we expect to be able to use the cloud to orchestrate that environment, so how do I get that state to move and migrate and to be able to provide intelligence for it as well? That’s what we’re going to pull together in this solution.
Now, at Microsoft we also describe ourselves as the productivity and platform company in this mobile-first and cloud-first world. And that means that we want to work on the productivity that we have for not only individuals but also for teams that are collaborating together, as well as for business processes and the things that we need to collaborate together as a team.
Now, I think a really great example of this from the individual side is technology like Cortana. And Cortana is able to go in and reason over all the data that is relevant to me.
I remember the first time I had my phone wake up with Cortana and basically say, hey, you’re headed across town for a meeting in about an hour, but I checked the traffic and I know where you are, and you’re going to be late. You probably want to leave earlier than you expected. And that was just actually kind of amazing, because I didn’t actually program the system to do that, I didn’t set up macros or rules or that. It basically just looked through data that was in there about me and was able to give me that right away. So that’s the type of intelligence that we think that we can provide in these sorts of systems.
Now, we can also look at apps and productivity there. If we think of Office 365 and Delve, the new technology for really being able to find and discover information across my Office documents, we can also look at Power BI and Dynamics, pulling together my business data in ways to visualize that and discover new things about what it looks like. These are also examples of having productivity, in this case working with teams and improving my business processes.
And finally, for all of us here, because we are at TechEd after all, we want to also look at the productivity for our IT professionals, as well as our developers. And here think about things like System Center and our management systems that we’re putting in place. Also think about Visual Studio and TFS and how can we get collaboration, for example, being able to run standups and scrums in our environment. Those are all important parts of productivity for us as well.
And we think that this new world is actually one in which we can transform all these scenarios, and we have a few examples that are here actually on the screen, for example, one in the Underground, basically a user of Azure with IoT and being able to track the infrastructure that’s used there and make sure that everything is running on time and be able to understand when there might be issues.
Coca-Cola working with these self-service kiosks, these kind of vending machines where I can look at things like inventory and control. I can actually make sure that things are functioning correctly and pull that data back through. So these productivity, these new scenarios, they’re going to span across industries in every geography around the world.
Now, I want to start off today by digging into the platform side of this, because we’ve long been a platform company. We have long roots with that. And our platform vision is very broad. It includes cross-devices and cross-platform.
Now, we believe that every device is a great endpoint for our services, and a great example of this is having Office 365 available, for example, on the iPad. That means that you’re going to be able to use our services no matter which devices you’re using and no matter where you are around the world. But we also have a very unique and differentiated play, in particular in the enterprise and with Windows.
So we want to start off today by talking about devices, and in particular what are we enabling you to do in Windows and especially in the enterprise context.
Now, we expect to deliver an excellent experience and it’s going to span your digital work and your digital life.
Now, especially for the enterprise, because all of us here care very much about that, that means we also have to make sure that we’re doing an excellent job on creating a robust environment that is here and it’s compliant for what we need to do, no matter which form factor that we are enabling for these enterprise scenarios.
Now, to tell us more about this I’d like to invite the corporate vice president of Windows, Joe Belfiore, onstage to show us more. Joe? (Applause.)
JOE BELFIORE: Thank you. Good morning, everyone!
My name is Joe Belfiore, and I’m here from the Windows team to give you a quick look at what’s up with Windows 10. I’m going to take you through some of the way that we’re focused on enterprise value, and then I’m going to do a few demos as well.
First, let me just comment that the way that we’re rolling out Windows 10 is a little different than we’ve done with Windows in the past. We’re getting builds out early, we’re talking to all of you early, because we really want to emphasize a collaborative development process where we hear feedback from you where there’s an opportunity to factor it back into the product, where you get a chance to see what we’re building, and we get to an end result that we know will work well for all our customers and partners.
And today, I’m going to focus on enterprise. This first phase of Windows 10 engagement is really aimed at an enterprise audience, because we know that all of you need time to look at bits, and we want time to hear what your comments are and adjust as we go along.
I’m going to go through four things about our enterprise focus in Windows 10. The first is Windows 10 delivers a single platform across a very wide range of devices so that ISV investments, OEM investments, your investments will apply to the largest volume of stuff.
Second, we’re focused on building a product that end users will love to use. And we think this is super important within enterprises, because all of you have customers of your own within your own companies that you want to satisfy, and we’re going to help you do that on a very wide range of hardware.
We want to make Windows 10 great at providing protection against modern security threats.
And then last, we want a platform that for all of you gives you a way to manage all of your devices in a form of continuous innovation that makes sense for your business and for the devices you’re managing.
So I’m going to go through all of these four things and throw in some demos and walk through as we go.
First, with Windows 10 a key technology pillar for us is building a single platform technology that’s used across a wide range of devices, everything from small sensors that count the number of people moving through a subway station or measure the performance of a jet engine, up through phones, tablets, two-in-one devices, laptops, desktop PCs, the Xbox One and even giant conference room computing devices.
By having a common core, and by that we mean the networking stack, the file system, the kernel, device driver interfaces, and the ISV platform, by having that common core everybody’s investments in the ecosystem are leveraged and the most volume is brought to bear. That benefits everyone.
That means as you develop line-of-business applications you can use the new platform to target the widest range of devices and leverage your investment. It also means that the ecosystem grows, and when the volume is large we’ll see broad ISV engagement, which brings great apps to bear across the platform.
So this is a key part of the Windows 10 value proposition. And for those of you who follow us closely, you know this is not brand new. We’ve been doing this work for a few years, and already today Windows 8.1 and Windows Phone 8.1 share a common core, and they have a highly common ISV development platform, which we’re just now starting to see apps show up that target both as the volumes of those 8.1 versions of the product grow.
So that’s the first thing, definitely an important part of the value proposition of Windows 10 for the enterprise, but also broadly for our ecosystem.
The second thing I want to talk about that’s massive benefit for all of you and your companies in Windows 10 is our focus on building a product that regular human users will love.
And this is an interesting topic, especially if you look at the recent history of Windows. We rolled out Windows 8 and Windows 8 had some mixed customer satisfaction. On devices where its UI was designed deeply for those devices, touch-first devices, customer satisfaction on Windows 8 is higher than Windows 7. However, on your classic mouse/keyboard devices, customer satisfaction on Windows 8 not as high as Windows 7.
With Windows 10 our aim is to fix that. We’re working on the user interface, a core user interface that elegantly can target all these devices, including two-in-ones that flex, and I’m going to show you some details on that. And right now we’re focused on that core experience and really getting feedback from people who are using it, adjusting as we go, and I’m going to show you a couple new features.
In fact, with that, let me just move back here and jump right into a demo.
So what I have here, if we can switch over to the demo machine, is a PC running the earlier build of our Windows Technical Preview. And if you’re an insider, you actually have later bits than this, and I’m going to jump to that machine in a second.
And the first thing I want to really focus on is that large volume of Windows 7 users on classic laptops and desktops that probably don’t have touch but might, and I want to talk about the mouse and keyboard user experience.
Of course, this looks familiar with the desktop and the taskbar down here. And, of course, as I click the Start button I get a familiar Start menu, because in this mode we’re optimized for mouse and keyboard and this is the UI metaphor that literally hundreds of millions of people are familiar with.
So over here I have a tile for signing in and signing out, my power button, any apps or things that I’ve pinned. Here’s the system most used list, all of these things totally familiar to a Windows 7 user.
Similarly, if I open the Start menu and just start typing, and I can type EX, right up at the top the UI works exactly the same as Windows 7, so muscle memory comes into play. You can type EX and hit enter to get File Explorer. I can type EXPE and watch as it changes, because I’m using an expenses app frequently and that’s what I’ll get right at the top of the list.
Now, this provides extreme familiarity but we’re trying to do this in a way that’s elegant and adds user value. So today in Windows 7 you get apps and settings. In Windows 10 you’ll get Web services as well as you see on the bottom here where we’re expanding the functionality generally.
The other thing that we’re really trying to do is present in a familiar UI lots of additional new value. And so far in our process we’re only talking about that with regards to the core experience. And there’s more cool features we’ll be talking about later.
But in this specific example, of course, the most visual thing you see is the addition of Live Tiles to the Start menu construct. So here I have the familiar stuff that I would have had in Windows 7, and here I get some of the value that people are familiar with in Windows 8, but in a UI metaphor that’s familiar.
I have a mail tile here, and if I want to customize this, there’s lots and lots of flexibility that makes it possible for users to set up the Start menu the way they’d like. I can make that tile big. I can grab Facebook and drag it over here and attach it as well. Then I can take my Start menu and stretch the whole thing up to make it nice and tall. So it reflects the set of things that I care about as a user, makes my Windows system more personal, and makes me more productive and just enjoying my experience in general.
So if you take that idea, here I showed Live Tiles and adding Live Tiles to the Start menu, and expand your thinking about the principle that there’s lots of great value in Windows 8 that we want to deliver in a UI that’s familiar to Windows 7 users, Live Tiles are one example, but one of the biggest Windows 8 innovations is the new Windows app platform, the store app platform that enables things like sandboxed apps, it enables apps to be auto-updated through the store, it enables things like payments and commerce, lots of great stuff that today isn’t being used as widely as all of us would like because those apps behave so differently than regular apps. Well, in Windows 10 we’re going to address that as well.
And one subtle thing that sort of outlines this is right here in the Start menu, we’re blending new store apps like the reading list with classic Win32 apps like the command prompt or file explorer. A user does not need to know the difference. When I launch apps, they just behave like apps.
So as an example, I’ll open the mail app, which written as a store app today runs only full-screen, and classically is run in a separate environment, something that was confusing to users but something that we’re addressing here in Windows 10. So, of course, I could minimize this but in Windows 10 as well I can take the app and restore it. So I can grab this, make it a window.
And you see one of the things that’s nice about the app platform, the new app platform is that it’s designed to take good advantage of different screen sizes.
And what we’ve done is blend the benefits of that app platform with familiar UI for the hundreds of millions of people who are already out there and using Windows 7 or Windows 8.
And a good illustration of this is a feature that Windows 7 power users or intermediate users know, which is snap mode. So I can grab this mail app, for example, and snap it over to the side of the screen. It shows up there. I can set it up.
And I can also do that in a way that blends my Win32 apps as well. So here I’m going to grab the Win32 version of OneNote, and I’ll move over here and snap that right in there next to the modern mail store app.
The point is whether you are a line-of-business developer or a third-party ISV, if Win32 makes sense for you to write an app in, great. If the modern store platform makes sense to write an app in, great. The user doesn’t need to know the difference. Those technology decisions are independent of the UI. The system just works the way you’d expect based on the input devices you have at hand.
Now, I want to sort of evolve this conversation beyond showing you just the basics of the Windows 10 UI and talk a little bit more about power users, which I know all of you are.
When we did our September event to unveil this, one of the things I demoed was the command prompt. And that was unusual for me but I think you’re an audience that will appreciate some new features in the command prompt as illustrative of the broad ways in which we’re thinking about our Windows users and delighting them, even if they’re using something as old as a command prompt.
So for my quick command prompt demo I’m going to go in here to this mail message where somebody in my team has sent me a directory, and I’m having trouble with getting these shell scripts to work. And so what I’m going to do, what he wants me to do is send him a DIR listing from that directory.
So I can go into my command prompt, and I know the CD command, but now I can just press ctrl-V without thinking or without setting up — oh yes. (Applause.) Let’s hear it. I felt the same way about this when I saw that, too. So I hit ctrl-V to paste. I didn’t have to go to some crazy menu or set up some funny defaults. Now I’m in this directory. I can do my DIR.
And now here’s another good one. All of you I think have muscle memory wired into your brain. If you want to select words while your hands are on the keyboard, what do you hold down? Ctrl and left arrow and shift. So here I can do that as well. I’m going to hold down ctrl and left arrow. (Applause.) I can go up arrow and there I can quickly and easily select the text I want, hit ctrl-C to copy it, no need to go into a funny menu, go back to my mail here and just paste and voila, I’ve got a directory listing that I’m sending.
So the point is we’re trying to think about a great PC experience for all of the Windows users and customers out there, scaling from novices up through intermediates, even people that are using the command prompt and doing more advanced things, which I want to show you some other new features of.
I’m going to flip down here and show you the task view, which is new in Windows 10, and this is a good example of a feature that scales.
If you’re a beginning user, there’s now a discoverable button right there on the taskbar that lets you see an overview of all the apps you have running. So if you want to get rid of the send to OneNote app, you can open it up and click close, or I want to get rid of that command prompt, I’ll open it up and click close. Simple.
This task view also starts to make novice users and early intermediate users more powerful and more productive with Windows, because it adds a feature here like multiple desktops.
So down here I can switch over to a secondary desktop, and in this case I’ve got a bunch of apps running. And actually I’m going to switch over here where you’ll see — that’s a little bug — here I had this system set up for doing expense reporting. So I’ve got my Win32 Excel and I’ve got my Dynamics modern app.
And if I want to flip between my trip planning and my expense reporting, I could do that super quickly and easily by using discoverable UI elements as I’m scaling up my productivity.
But for power users this gets even better. I could switch over here and I want to show you an example of a situation where I want to do a bunch of snapping. So I’m going to work on a PowerPoint presentation, and to do that imagine I’ve got a really big display like these enormous displays, so large that I can see four windows up. I’m taking advantage of great modern hardware.
Well, I can snap PowerPoint over here and snap assist tells me what the other windows are that are available on that desktop. And because I’m going to go from Word to PowerPoint, creating my presentation, I’ll just click Word and now I have those tiles up.
But if I’m an advanced user and I want to use the screen real estate even more efficiently, I could pull Word to the corner and then tile up with IE. And then I could pull PowerPoint to the corner and tile up with my file browser, and quickly and easily set my desktop up for maximum productivity on my PowerPoint viewing. And then task view lets me switch between all these tasks in a way that’s convenient and really elegantly scales up my ability to get stuff done on Windows.
Now, all of that stuff we have shown before, and if you are an insider that’s running our builds you’re already playing around with that.
But I want to show you two more power user features that will be coming in the next flight of our Windows Insider Program. So if you’re not signed up, you should sign up now, and you’ll get to try these two.
So let’s switch over here to our second machine. Now, this machine is running a newer build of the Windows Tech Preview. And what we have, we have it set up here as a multiple monitor display.
And actually this is terrific timing. This morning, I was on Twitter and I posted a shot of the room and mentioned I was doing this demo. And somebody named Kevin tweeted back at me and asked a question, and I replied, “No, I’m not going to do a phone demo, I’m going to talk about Windows 10, and are you an insider,” and Kevin replied, “Yes, I am, I’m running the Windows 10 tech preview with four displays.”
I bet a lot of you are multimon users. And if you’ve been a multimon user for a long time, you know that some of the things that you have muscle memory in Windows 7 don’t quite work the way you’d expect in multimon. Well, I want to show you we’re fixing some of those.
So here in Windows 10 with my multimon display, if I want to snap a window, you would expect to be able to just snap it to the edge of the screen. And that works today except for the edge in between two monitors.
Well, in Windows 10 we’re fixing that. So here I can grab this guy. Actually, I think I just messed up my demo by shaking the window. Let me put these all back. This is an early build. We’re used to that kind of thing.
Here I can move to the edge and you’ll see the snap preview where PowerPoint’s going to go right on the edge of the window. I’ll let go and voila, I’ve snapped PowerPoint on the edge of a multiple display.
Now, I could put Word over here. I can grab my photos and I’m going to snap them. Watch carefully on the edge. I’m going to snap them right here, and then I’m going to choose Bing up here.
And the snap mode now works across multiple displays. So for you, power users, with multiple screens and you have muscle memory, we’re going to make that all work across the board.
Now, my last demo of showing power users, here I’m going to switch over to this Surface Pro. And I think we should have — do we have a camera coming out here to see the Surface Pro?
One of the things that power users are getting familiar with is accelerators on a touchpad. And in the past, touchpads on Windows have really been done very differently, because OEMs do them. With Windows 10 we’re adding support for power users in a touchpad where multiple finger gestures, which all of you power users learn, can make you really efficient.
So here I have the same scenario. I’m working in my PowerPoint deck. I’ve got a bunch of windows, and I’ve got a touchpad. If I want to make all these windows go away, think of what your hand might do to just say, windows, go away. I’m going to use three fingers and say, go away. Voila, they’re gone. Now, I went to my desktop. Now I want to get all those windows back: three fingers, go up. Voila, they’re all back. Super-fast, super-easy.
Similarly, if I’ve got all these windows there and I want to see my task view or to go to a different desktop, I move my three fingers up and I see my desktop.
And then last, think about how you alt-tab, except now your hand’s on the touchpad. Now we’re providing a three-finger way to go left and right and switch between whatever window you want. I can scrub here. I’ll choose Word. I pick Word and voila, up it comes, really focusing on smoothing out the power user experience, making all these things work consistently on a wide range of hardware.
So that’s a quick look at how we’re focusing on a user experience that customers will love. And for you I tried to talk a little bit more about power user-y stuff. You’ll see a lot more end user features coming after the new year when we start talking about the consumer end of all this, but for now I wanted you to get a sense of all that.
The last thing I want to show here is a video that describes how this UI will scale on devices that are two-in-ones. So can we roll the video?
This concept is a design we call our Continuum UI. And I want you to imagine I’m using a two-in-one here. It’s in PC mode, so the keyboard and mouse are present. And it works the way I’ve shown you in the demo. I get a Start menu, I get windows when I launch them.
But the key is when I remove the mouse and keyboard, and now my device is in tablet mode, you can confirm as a user that you want to use it in tablet mode, and now a few simple things change. The apps run full-screen. When you click on Start, it gives you a full-screen view, so you can use your hands to choose from a wider range of things. That’s an option that you can have wherever you’d like. When you launch apps, apps know they’re running in this touch mode, so their UI can scale up. And that enables things like writing with a pen or even writing with your finger. And then as you task-switch, you stay in that tablet mode, optimized for taking advantage of the screen real estate and your hand moving around.
Now, when the keyboard and mouse comes back, the system detects this, asks if you want to exit, and then it simply switches, leaving all your running apps the way they were, but now giving you the simple Start menu and overlapping windows.
So this leverages the things that Windows 7 users already know, Start menus and overlapping windows, as well as leverages the things that Windows 8 users already know, a full-screen Start menu and apps that run full-screen, but we do it in a way that’s optimized for the input devices that are present on the PC at the time.
We’ve been spending a lot of energy with our OEM partners. We know people are building a huge range of very compelling two-in-one devices, and we’re excited to make this a focus in Windows 10, because we think that PCs that convert, that are great with mouse and keyboard but also great with touch added or touch only, getting that right will dramatically make all those people who are productive with Windows way more productive with even more compelling devices in the Windows 10 timeframe.
OK, I’m going to change gears and talk about some of the Windows 10 benefits that are more specific to your IT audience, and probably to many of you as you think about managing PCs out there in an enterprise.
The first area I’m going to talk about is how Windows 10 will significantly improve the system protection against modern security threats.
And there’s three ways that we’re really trying to do this. The first is we’re going to enable you to secure the device and the code that’s running on any device you deploy.
The second is we want to give you some terrific tools that will satisfy end users and make your data more secure.
And then last, we want users to have their identities be secured against all the kinds of identity theft that we’re hearing about.
First, in Windows 10 you will be able to control the code that’s authorized to run on any device. This way of securing the device means that you by policy can decide that only signed code runs. That might be code that you sign, could be code signed by the OEM. You could decide that only Microsoft signed code coming through the store is allowed. The point is this is a way to set PCs up so that it’s predictable what code will run, and therefore make the device more secure.
Second, we’re going to do a lot of work to help you and your users effectively protect corporate data. And this is especially important in a world where we see phones, tablets, PC devices sometimes being company-bought and handed to users, and sometimes being bring your own device. And we’re designing a system that will work well for both those cases where you authorize apps and user experiences to handle the data you trust, either on a machine that you bought or on a machine that somebody bought themselves and that you want to authorize.
So what I’m going to do is walk through the user experience here, because we think our particular innovation is in building this into the platform and working with the key apps, starting with Office, so that users have an incredibly smooth and easy experience, and in practice that data protection is used and your company data really is secure.
So I have an imaginary user here, a woman named Brita, and she has a new Windows 10 PC that her IT department has set up for her. This was a company-bought machine.
And when Brita goes into the Start menu, there’s actually a few apps that were selected by the company to be authorized for company data. So, for example, her email, there’s a money management app, there’s a Contoso corporate app, those apps were authorized by IT to be able to access company data. But Brita can run other apps as well which are not authorized to access company data. This works for apps you write, apps like Office, and works for third-party apps as well.
And I want to show you how we’re designing the UI so it does what users expect by default, but allows them to do non-default things in a way that you set by policy.
So here’s Brita. She’s typing in the annual report in Word. She’s authoring a bunch of stuff. And because this was a company-owned machine, the default policy was set so that if she saves it, it’s protected.
Now, to illustrate this I’m going to go into the Save As dialog, where you’ll see there’s a Save As shown there where Brita can choose either a personal document or a Contoso document. As I said, in this case the company protection was set by default. So when she saves it, that document is encrypted, and you can see here in the File Explorer it’s shown as protected, and that data will not be able to get into any app that is not authorized by your policy, and you get to decide what those policies are.
So here’s Brita. Let’s say she’s trying to be a good employee. She runs Word. Remember, this document is protected. She’s going to select some text, open her Web browser and go to Twitter. This text is copied and when she tries to paste into Twitter, policy comes into play, which you get to set, and in this case because you chose to authorize Word as a company app, your policy is that this user is not allowed to paste. She gets a warning, pasting content is simply not allowed. So in this case Brita just can’t perform the task that would have leaked company data.
But let’s pick a more interesting and nuanced example. Let’s say that Brita is an employee in the PR department and sometimes she should paste from company documents into apps that you don’t authorize. Well, policy handles that scenario, too.
Now, imagine that the policy is set differently here, so when Brita pastes into Twitter, this time she’s given a warning, you’re about to paste content from a corporate document into somewhere public. This is OK but please give a reason because we’re going to put this in the audit log, and now IT has the opportunity to go back and see which people did this and why, and track the movement of company data.
This scenario is possible because we’re building the feature right in to the native platform, so all of you can use whatever management system you want to authorize these apps, and you can work with ISVs or write your own apps that you also decide to trust.
And because the platform is the same across devices, that benefit not only works on the PC but it will work on the phone and other devices as well.
Here’s OneNote. It’s a company app. It’s authorized. So when this user selects some text, copies, and goes into another app, in this case we’re choosing Word as an unauthorized app, your decision. Then when the user goes into Word here and tries to paste on the phone, they also get a message saying pasting is not allowed, again set by you as policy at your discretion to choose the apps, at your discretion to set the policy and the system participates in making sure your data stays safe in a way that users will really understand.
Next, I want to talk about how we’re going to protect user identity. And today, if you think about people’s passwords being on servers and hackers getting into company databases and all the press around this, we think there’s work we can and will do in the system to really greatly improve that.
And what I’m going to do actually is switch over here to another demo.
Today, you can do things like set up two-factor authentication with things like Smart Cards, but doing that can be a little bit cumbersome to deploy.
What we’re going to do in the platform is enable biometrics like fingerprint authorization to be a natural part of the system sign-in, but we’re also going to enable two-factor authentication in a way that’s much less expensive and easier for you to deploy and way more user friendly.
So the example I want to give here is a real demo. You can see I’ve got my Joe Belfiore account right there on the left, and I’m signing into Contoso. This is a domain joined machine. When I touch that tile, you can see there I am, Joe Belfiore. But for me to sign in, instead of typing a password into the PC, which then goes to Active Directory, is stored on the network, for me to sign in, instead two-factor authentication is set up with my phone and a pin on the phone as a second factor. So here I just sign in with my phone.
Now, I want you to watch. I’m going to touch click to sign in with your phone, and my phone will magically, via Bluetooth, recognize this, pop up. I didn’t have to find an app or choose a tile. It’s prompting me to use the virtual Smart Card, the certificate deployed to my phone. For demo purposes I’m using the ultra-secure PIN 12345678. I’ll choose OK, and voila, you’ll see there my PC is signed in.
So it’s convenient for the end user, it’s inexpensive for you as an IT manager because you’re not dealing with a complex deployment, and there was no password stored in some server on the Active Directory that’s susceptible to being stolen or copied or something. The PIN was on my phone. It’s a more secure system. It’s user-friendly and easy and inexpensive for you to deploy.
Now, the last area I want to talk about is how we’re going to enable Windows 10 to be managed by you, and sometimes by us but within your control, managed for continuous innovation.
We’re going to give you more management choice and flexibility in how to manage all your devices. We’re going to improve the app store so that you can use the app store infrastructure to deploy your own apps or apps that you license, and we’re going to enable the deployment of Windows 10 itself through in-place upgrades and dynamic provisioning so that it’s much simpler and easier for you to get out to your users.
In terms of management choices, Windows 10 devices, from phones to tablets to PCs, will be manageable either by group policy or via MDM. You can use whatever MDM system you’d like to manage BYOD devices. You can use group policy to manage devices. It’s your choice, and we’re going to make the system flexible enough to do either of those things. That’s the first thing.
Second, we’re going to make it much more flexible for you to use the app store infrastructure to deploy apps, either that you write yourself using the new platform, or to deploy apps that you license from third parties. We’re adding volume licensing support to the store with license reclaim and reuse so you can authorize which users get the apps.
We’re going to enable sign-in on Windows 10 to work with Azure Active Directory accounts as an option, no MSA required to use the store and the store infrastructure. This is probably the No. 1 feedback that we’ve heard from all of you on Windows 8 and we’re addressing it.
And with those new features in the store you can effectively use our store infrastructure to set up your own company store, manage licenses that you get from third parties or apps you write yourself across that wide range of devices.
And now the last thing I want to show and talk about is how Windows 10 will let you deploy systems in a way that will be more cost-effective, simpler for you and morefriendly for end users. This is essentially our focus on ending the era of wipe and reload.
In Windows 10 we’re going to enable full in-place upgrade from Windows 7 SP1 or later, and we’re going to enable dynamic identity-based configuration that you set up in your infrastructure so that a user can get a brand new PC and then go through the out-of-the box experience, the OEM out-of the-box experience, and have your policy and apps set up. And I’m going to wrap up with a walkthrough of how that looks.
Now, I want you to imagine we have a corporate user named Heidi. And maybe she’s in some remote subsidiary and you have her set up with Azure Active Directory or Active Directory, and you could tell Heidi, hey, go to the laptop you want to buy, buy the laptop, and when you run through the laptop out-of-the-box experience, because we’re paying for it, simply choose “my organization owns it.” Heidi will choose next.
Part of the signup, part of the out-of-the-box experience is a sign-in. In this case Heidi’s going to type her Contoso credential. The system’s going to recognize, oh, this is a corporate managed machine. Your branding is shown. And your policy is already coming into play here, because you’re specifying that these users need to sign in with two-factor authentication. So the system recognizes this, prompts Heidi to enter a verification code, which you set up to be texted to her phone.
So she types that in, and then when she chooses sign-in, that PC will get enrolled with your organization, all the policy comes down from the cloud, the apps that you’ve licensed and put in the store and want preinstalled will all come down, and voila, when Heidi signs in she gets a Start menu that’s customized for her, with the policies set, with the corporate data protection we already talked about, with the user credential system that we already talked about, all set up in a way that you never even had to touch the PC in order for those benefits to be given to your user.
And when Heidi runs apps, whether they’re store apps like this Contoso app or when she visits apps on the Web that you authorize, single sign-on comes into play so that her user identity and credentials are available to apps as well, and she gets a terrific seamless experience, putting together everything I showed.
So that’s my quick Windows 10 look. I want to encourage all of you, if you’re not already, to go install our preview builds. You can get the Pro edition at Preview.Windows.com, or the enterprise edition at the URL you see on TechNet. Today, the difference between those is the same as it is on Windows 8. Either is fine to try, and you can sign up and get all of our flighting options and see the features I showed.
Thanks very much, and we look forward to working with all of you more on Windows 10. (Applause.)
JASON ZANDER: Hey, thanks, Joe. That was awesome. We’re really excited as a longtime user of Windows to get this new version out there. And I think I can speak for all the power users in this room, including myself, more command line love is always a good thing.
Now what we want to talk about next is we’re going to transition off of devices and we’re going to start talking about the cloud components as well.
Now, the cloud is going to power that exponential growth that we talked about, about users and devices, apps and all the data. We’re going to be collecting massive, massive amounts of data, and it means we’re going to have to also figure out how to deal with that, manage it and gain insights from it.
We’re going to have to used advanced functionality, things like machine learning, and we’re going to have to be able to deploy that and be able to understand how that’s going to help us.
Now, that’s the motivation behind Microsoft cloud and in particular the platform components.
Now, when we think about the Microsoft cloud, we want to empower every business across every industry and every geography through the cloud. It’s a very expansive version for the Microsoft cloud. It includes Office 365, Dynamics, as well as Azure, and we’re powering all of the cloud systems that we’ve built, and we’ve been doing this and building services for over 10 years and powering that with Azure. And I want to spend some more time talking about the cloud, and we’re going to talk about all the examples that we have for the cloud today.
Now, the next thing I want to do, though, before we get there is let’s talk a little bit about how we need to evolve our infrastructure, because I think everyone in here is probably facing a lot of tough questions we have to deal with.
We have that massive new data but we’re also being asked to improve agility, agility of everybody here, as well as the people that are using the systems that we’ve deployed.
At the same time, we have to increase and work on security, and we care a lot about data privacy. That’s a super important thing for us, our users, as well as our corporations.
We also want to be able to reduce costs and at the same time increase flexibility for everyone. I mean, that’s an interesting equation because when I start balancing for one thing I may cause tension on something else.
Now, at the same time as we’re doing all this, the pace of innovation is just advancing at a dizzying rate. I mean, right now there’s a set of workloads that we’ve learned to run and deploy and optimize, and we’ve been using those for a long time. We’ve been very successful.
And at the same time, we’re getting brand new workloads that are being created to solve these issues with massive amounts of data and scale-out and recoverability. Some of these are being designed for the cloud data points.
What that means is we’re going to have new workloads that are going to be created that we don’t even know about yet, that we’re going to have to make sure that our infrastructure and processes are able to handle that.
Now, I do believe that businesses that are able to navigate this transition are going to be not only just successful but they’re going to thrive in this environment. And, in fact, I think we’re seeing a lot of disruption in the industry right now where smaller shops are able to come in and be able to use some of this technology to their advantage.
Now, when we think about what we’re doing for the cloud, that means bringing the cloud across the way that you would like it. We start off with one consistent platform. And our options for Microsoft cloud, especially when we talk about being in your data center, includes multiple aspects. The first thing is you can bring the cloud into your own data center. You can run a private cloud that you run and you control, and you have full control on top of it.
We can also work with service providers. So if you want to work with a trusted partner or you want to be running in another geography, but you still want to have that kind of ultimate control, then we have service providers who can work on this as well.
And, of course, we have support for Microsoft Azure.
Now, what does a consistent platform mean? At its core we’re using the consistent management framework, as well as the virtualization technology that gives you compatibility as you’re able to move workloads around. We have common identity with AD and Azure Active Directory, networking and data support as well, in addition to things like development for very common scenarios, things like doing dev/test in the cloud, or being able to do production deployment with my data that I care about that’s maybe privacy data. I can keep that on-premises and get the best of both of those worlds. And we do believe that these scenarios are really what people are trying to evolve to.
Now, when we think about bringing the cloud, there’s three things that we typically talk about, and these are capabilities that we have. It’s how we differentiate our value. There’s hybrid, hyper-scale, and enterprise-grade. And we think the combination of these three really produces a very powerful and differentiated experience in the market today. And I want to spend some time going through each of these and explaining what they’re about.
I want to start off first of all with where you’re at today. We’ll start off with hybrid, because many of us in this room, we’re already running data centers. We’ve got servers running everywhere with workloads on top of them, users and processes in place. And that’s where we are today. So what sort of things can we be doing in order to start taking advantage of some of this new technology?
Well, it starts off at the base with newer version of Windows Server and Microsoft System Center. These are things that many of us in this room spend our days actually working on tuning, optimizing.
And we’ve been working for several years in a row bringing waves of brand new functionality coming out with Windows Server and System Center. We’ve got new functionality coming out in the next version of Windows Server as well. In particular, we’re making key investments in server around software-defined everything. And one of the things you’ll see, for example, is a network controller. This is something new that we’re building in as a role that you can install in Windows Server, and it gives you the ability to very cost-effectively get a network controller in your environment and run it as part of Windows Server.
And there’s many more support in here, and we have a lot of new functionality that’s coming. You can just see all the list of features that we’ve delivered.
Now, we’re also moving to a point where many of you are coming off of Windows Server 2003 and R2 and you’re ready to move on to the next version, to take advantage of these new features that are there. And we want to make sure that that is a seamless environment for you, that that’s something that you can take control of.
This site that we have here has a lot of material that you can use, and you can go back and discover, assess, target and migrate. We’re going to help you with that, so you can figure out where your workloads are, what they need in order to be able to move forward, and be able to take advantage of that. So I encourage you to take a look at that site and those resources and we’re here to help you with that.
Now, one of the other easiest things you can do to get started with the cloud is simply to connect your existing datasets and your existing server resources. Now, I can do this with everything that I already have, I don’t have to make major changes, but by you being able to connect to the cloud I’m enabling these hybrid scenarios.
For example, we recently acquired InMage, a company which gives us disaster recovery and failover, and I can use that with the cloud. It also gives me VM mobility so I can move workloads around.
I can use things like StorSimple as a backup device where I can actually install that and be able to take my storage and be able to put it in the cloud where the cost economics are actually very, very good.
With disaster recovery I can actually take my on-premises solution, and I can have it fail over to the cloud when I need it. Whether I’ve got a local issue or actually a natural disaster, I can keep my availability up the entire time.
And we’re also going to give you the ability to get insights from the server environment. And the key thing here is these are your machines, this is your data center, it’s your hardware. I’m simply enabling this hybrid scenario to get extra advantage out of it.
Now, I’m happy to announce today the Azure Operational Insights. It’s a new technology that we’re bringing out that actually follows this pattern I just described.
What we allow you to do is simply install an agent of your existing server machines, and we can start uploading, with proper scrubbing, your telemetry, your log data, things about how that environment is running.
With this data we can upload it into the cloud and we can start taking advantage of some of our advanced analytics systems, our HDInsight, our version of Hadoop, and we can actually go in and figure out how are things running and visualize that data for you.
Now, we’ve also created a set of ready-made intelligence packs. These things handle things like security and capacity planning, change management. And we’ve built these in, inside of the products. So by imply installing the agent, uploading the data, we’ve started giving you all of that intelligence right away.
You can also go in and do a fast search to be able to fix incidents that are there very quickly.
So I really think that for all of us in the room it means we can just immediately, we’ve had awesome feedback on this for people that have been helping us test this out, it’s really straightforward to get that data up there and the amount of insight that you can unlock is just truly amazing and very powerful, and we’re going to see that in just a second.
Now, the next thing we want to do, that was taking our existing servers and data centers and just being able to connect and get new power, but also there’s cases where you want to actually be able to take the cloud and the learning that we’ve had at Microsoft and bring that to my own data center as well.
And the first question is, well, why cloud? I mean, I have my data center, it’s up and running, I’ve got my software, I’ve got my automation, things are going. Well, here’s the thing: As we move forward, we’re evolving into more software-defined everything. Networking was a great example that I just gave. That’s a case where having these components built in is going to give you new power and it’s going to be cost-efficient. But there’s also those new workloads I mentioned, workloads that are taking advantage of PaaS and new cloud-oriented systems.
We also with the cloud systems have really built in self-service and elasticity as part of that, and so that’s a great environment, especially from a developer side as we start building out these new workloads.
So I do think there’s a great motivation for cloud, but again sometimes you want to have full control, full flexibility, which means I want to run it in my own data center.
And that’s why we created Azure Pack, which is an Azure consistent version of the Azure software that you can run in your own data center, and it includes things like a consistent management portal. In fact, it’s exactly the same portal that we run in the public cloud, the same code in both cases. It’s also a consistent management API so I can script against it with PowerShell or write against it with programming.
We also have the same hypervisor at the core, and you have many of the features that are there in the public Azure, including infrastructure as a service and a few other options like that.
Now, rather than talk any more about this, let’s go see all of this new technology in action. And I want to invite Jeff Woolsey up on stage to give us a demo. Jeff? (Applause.)
JEFF WOOLSEY: Thanks, Jason.
How’s everybody doing? Oh, come on. How’s everybody doing? (Laughter.)
Excellent. Well, we have some tremendous new technology to demonstrate, and I want to start off right off the bat with a brand new technology called Storage Replica. Storage Replica is storage agnostic, synchronous replication included in the box.
With Storage Replica I can set up standalone servers for disaster recovery, I could do disaster recovery between clusters. Or if I’d like to stretch clusters between sites, I can do that, and get high availability as well.
So let me show you.
Here you can see I’ve got four nodes, two nodes in New York, two nodes in New Jersey. What I want to do is I want to ensure that if for any reason my users can’t access the data in New York, that it automatically transparently fails over to New Jersey without any loss of data, the beauty of synchronous replication.
In addition, I’m going to take advantage of the new Azure feature as well called Cloud Witness. To do a stretch cluster you need to have a vote for the cluster quorum. In the past, this meant extra hardware, extra infrastructure, extra cost. Now we’re just making this part of Azure as well. So that’s an option to take advantage of the Cloud Witness. As you can see, we’re baking hybrid capabilities right into Windows Server.
So here is my file server. Here’s all where my data resides, and I want to make sure that my users can easily access this. And again I want this to be available in the case for failover.
So what I’m going to do here is I’m going to go in here, I’m going to access the file share data, and I’m going to enable replication, which is going to bring up this easy to use storage replication wizard.
I’m going to select my source log disk, I’m going to select my destination storage volume, I’m going to select my destination log disk, and literally in just a few clicks that’s it, I’ve gone ahead and I’ve set up synchronous replication. Setting up synchronous replication has never been this easy before. And again it’s storage agnostic. It works with any storage that you have out there, doesn’t require SANs. In fact, like I said before, it works with stand-alone servers. And just like that, we are finished and ready to do failover from one site to the next.
Now, the key there is easy. Well, speaking of easy, wouldn’t it be great if you could harness the power, the scale, the data analytics, the knowledge that we have in Azure, and be able to package that up and give that to you so that you could run your own data centers, your own infrastructure as efficiently as possible?
Well, we think so, too. That’s why we’re introducing this brand new Azure service, Microsoft Azure Operational Insights. Azure Operational Insights collects, combines, correlates and then visualizes all of this infrastructure data in this very easy to use interface here.
For example, you can see each one of these tiles is an intelligence pack. Let’s start with a very common issue in infrastructure, change tracking. How do you know what’s changed? There’s so much change occurring that you can’t even track it. Whether would you go? Are you going to be looking through log files to find it? Well, with change tracking we’re going to find all that information and surface it up to you easily so you can see those changes by configuration type.
You can see over the last week just what has changed. I can see software changes, I can see application changes, service changes, all very easily without having to go trolling through logs. We’re surfacing this data and providing this insight.
Another area, what about threat management? Well, from a malware assessment standpoint I can see that immediately I’ve got nine servers with inadequate protection, so I’ve got some work to do there.
From a patching and system update standpoint you can see I’ve got 12 servers missing security updates, again readily available. All I did was install an agent and this data starts streaming and flowing to me. So all of this, very readily available.
Now, personally one of my favorites, capacity planning. How often have you wondered, how much storage do I have, how much compute do I really have, how much memory do I have, how do I know if I’m going to make it to the next budget cycle without actually running out of resources? Engineering has a whole bunch of new projects planned; can we actually provide the resources needed?
Well, with capacity planning we’re looking and tracking all of your historical usage so we can project those and give you what-if scenarios. You can see right here, oh my goodness, I only have eight days left before I hit capacity on my virtual machines. I’ve got some work to do here.
You can see here from a storage perspective I look OK, from a compute perspective my cores are fine, but my memory is actually pretty low. I only have about 28 percent of memory.
Let’s dive into this further. Wow, look at all of the analytics being presented here. Look at all the cores, averages, ratios, hotspots. Look at memory. Oh, I can see what’s going on here. This shows me now as I feed into the projection tool, wow, OK, now I know what my issue is. I really need to start looking at my memory.
So what’s really underlying Operational Insights, of course, is search. As you search, we want to make sure we can easily find and give you the remediation to fix any issues that come to mind. And one of the best ways to do that is to provide you your own personalized dashboard, because we know that there are going to be some things that are important to some of you and maybe not to others.
And, guess what, I love this, because you can look across many different vectors simultaneously. It’s not just CPU usage and memory. It’s high disk read latency. It’s memory utilization by virtual core. It’s firewall policy settings. It’s SQL backup errors. You decide what you want to put here and you can make this and customize this to be your own personal dashboard. And so in this way you can run and take the knowledge that we have from Azure, give it to you so that you can run your operations, your infrastructure more efficiently than ever.
Now that we’ve shown you how to do that, let’s talk about how you can manage your infrastructure in an Azure consistent way with the Azure Pack. So the Azure Pack has been one of the hottest releases at Microsoft. And the Azure Pack allows you, built on top of Windows Server and System Center, allows you to create your own Azure consistent clouds. So what you’re looking at right now is the IT admin portal. So I’m the person that can create run book automation. I can create portals. I can create plans. I can create automation. I can create services so that my tenants internally, and my infrastructure, can consume those.
Let me show you what a plan looks like. So here I’ve got a TSP plan, and this TSP plan consists of PaaS websites, PaaS SQL Server, PaaS MySQL Servers, IaaS virtual machines. So let’s take a look at our virtual machine clouds. And you can see again, this is all using my on-premises infrastructure. This is my hardware that I’m managing. In fact, here’s my System Center Virtual Machine Manager Server. So you can see that. I can establish quotas and establish usage limits to make sure that somebody can’t just start firing up resources willy-nilly. This is limited to ten virtual machines, 100 cores, 20 gigs of memory.
Further on down, you can see that I can do things like assign images to the gallery. And it’s not just plain operating systems. It’s operating system with services and applications running. For example, Web Server, Exchange Server, or SQL Server. So this is the admin side where I actually create those plans.
Let’s switch now to the tenant side. So this is where your users actually log in, and you can see, again, PaaS websites, PaaS SQL Server databases. I can create Hyper-V network virtualization, network is here as well. I’m going to go into virtual machines here, and you can see that I’ve got a number of virtual machines available. What’s interesting to point out is these aren’t just plain vanilla virtual machines. These are virtual machines configured as roles. And what that means is it’s a little bit more than just a plain OS, it’s actually configured with services and applications, Domain Controller, Exchange Server, SQL Server, all ready to go. So instead of your folks internally having to just check out an OS and then install a bunch of apps, you already do that and provision it. In fact, you can see I have SQL Server Domain Join. So I’m going to go ahead and close that.
Rather than go through the process of creating one, I’ve already created that Web server here. And you can see it’s got a core, and it’s got memory, and it’s got storage. And over time, I’m going to want to be able to scale this. So I can scale it up, and the way I can do that, I can simply go in here and say, let’s give it some more memory, let’s give it some more cores. But what I would really like to do is, I want to take advantage of cloud. And I really want to scale out. This gives me more resiliency as well. So I’m going to go ahead and add the instance count, click save, click yes, and just like that I’m adding a new instance on the fly and scaling this out all on my own infrastructure with the Windows Azure Pack.
So think about what you’re seeing here. You’ve seen Storage Replica, which gives you storage agnostic synchronous replication. You’ve seen Azure Operational Insights, and you’ve seen the Windows Azure Pack. These are very powerful cloud technologies. This is the Microsoft cloud.
Thank you very much.
JASON ZANDER: Great, thanks, Jeff.
Now, we wanted to go one step further than this, because you just saw Azure Pack working on your own hardware. But, one of the things I’ve also found in talking to people is that going off and creating your own private cloud with limitations can sometimes be tricky. I mean sometimes you’re working with vendors that are giving you software, they’re trying to figure out which direction they’re going to take it and you have to spend a lot of time trying to figure out how to operationalize it.
So we wanted to take the learning that we’ve done, not only on the software, but also on the hardware side, and so we’ve just announced our cloud platform system. Now, this is an Azure-consistent cloud in a box. It’s an appliance that’s fully integrated with the hardware and the software pulled together. We think this is going to give you the ability to adopt the cloud with even greater control.
Now, what this means is by the time you order the Azure appliance, this CPS device, you’re going to be able to have it delivered, you energize it, you hook it up to your network and you’re basically good to go. You’re right at the point where Jeff was showing you, creating plans and being able to get that thing up and running. So you don’t have to spend the time trying to integrate the two. And we’ve done all the work over the last couple of years, actually, to go build this hardware, this knowledge, and integrate these things together. We think it’s an incredibly easy and straightforward way to get going, but it’s also incredibly powerful.
Now, in order to show you the advantage you get out of this, I’d like to take one of our partners that worked with us and show you an example of how they’re using CPS. Let’s go ahead and roll the video.
So we’re really excited about CPS and we’re partnering with Dell in order to provide the first version of the CPS appliance that we have available. Now, we’ve actually got it over in the expo hall. So I encourage you when you have time here at the conference head over to the Microsoft booth over there, you’ll be able to actually see CPS in person, as well as get demonstrations of all the things that you can do with it.
Now, we wanted to take this, as well, and so now that we have a solution we know that sometimes what you want to do is to be able to work with a hosting partner. You may not actually be running your own data center, or there’s cases where you need data centers in other locations, where you don’t have one, but you’re going to work with a partner on that. So we’ve also created the Cloud OS Network. It’s a network of hosting and service providers worldwide, we have over 100 partners in Cloud OS Network, and half of them are here in Europe.
Now, these partners represent over 600 data centers worldwide, one third of those are actually located here in Europe and they’re basically helping over 3.7 million customers every day. And so the CPS device that you saw there, or other environments can be enabled and those partners can enable that for you. That gives you the ultimate control over where your cloud solution is going to be. That means no matter where you live, or where you work, we’ve got you covered.
Now, the next thing I want to talk about is to move into this next capability. It’s called hyper-scale. Now, hyper-scale really recognizes the fact that over the last actually several decades our industry has really been defined by the scarcity of resources. We do a lot of work in order to manage how much capacity we have, how well we’re using it. Sometimes we’ll wind up overprovisioning in order to make sure that we have enough, but then we wind up with a utilization problem. It’s really been in that environment. And this cloud design point is actually saying, hey, what if you could flip that on its head? What if you could say, look, I don’t care. I’ve got petabytes of storage. I’ve got tens of thousands of compute cores that I’d like to use, but I don’t need them the entire time. Hyper-scale really reads on that.
Now, for Azure one of the important things for hyper-scale is having a global footprint. And what you’re seeing on this map, every little circle here is an Azure region composed of multiple data centers. And in fact, yesterday we just made our Australia data center available for the public to go use. And that brings us up to 19 regions. Now, these regions, each region is capable of running up to 600,000 servers.
That’s an amazing amount of capacity when you think about it. And just to put that in perspective, that’s nearly two times the number of regions that you can get with Amazon Web Services, and it’s six times the number of regions that you can get with Google and their public cloud. Also, the immense scale that we’re running on this really gives us scale economics. That means that we can afford to continue to cut our prices, so we can pass those savings on to you.
Now, over the last 12 months we’ve shipped over 300 new features into the Azure public cloud. This includes infrastructure improvements, but also higher-level services, like live streaming media and Azure machine learning. Now, we’ve been able to also include new technology both with SQL as well NoSQL options with, for example, Document DB. We’ve had amazing growth with this. Right now we are storing over 30 trillion, with a T, storage objects in the Azure storage system. We have over 1.2 million SQL databases that are hosted in the environment. We have 350 million Azure Active Directory users. And as you know, 95 percent of the enterprise’s identity is in Active Directory and Azure Active Directory allows us to be able to federate those, so I can use it in the cloud.
And we actually process 18 billion, with a B, authentications every week with Azure Active Directory. Every time you hit Office 365 you’re going through that path. We’ve also registered over 2 million developers with Visual Studio Online. And that’s a service we’ve launched less than 12 months ago. So we’re very excited about the momentum that we have here. It’s another example of that pace of innovation, bringing it into the cloud. And as we bring that in we’ll continue to take that experience and bring that along into our private cloud solutions, as well.
Now, we also want you to have very powerful VM combinations to run new workloads. So we just announced our G family of virtual machine sizes. Now, this one is optimized for data workloads. We have up to 32 CPU cores, 448 gigabytes of RAM, 6.5 terabytes of local SSD. It’s all running on the latest Intel processors. Now this thing is a monster. It’s actually the biggest virtual machine size that’s available out in the market. Now, to give you a feeling for that, that’s two times the amount of memory that you can get from the largest AWS VMs, and it’s four times the largest Google VMs that are available today. So it really is the biggest one that’s out there today.
We’ve also just announced support for Azure Premium Storage. Azure Premium Storage gives you durable storage for your virtual machine. We can actually go up to 32 terabytes per storage, for each of the VMs that you have, and we can deliver that with over 50,000 I-ops per VM. We’re going to do that with a very fast, less than one millisecond, read latency. I really think that the combination of these large VM sizes and premium storage gives you an opportunity to run workloads that maybe today you’re thinking I really have to run them on bare metal. But, we believe you’re going to be able to take advantage of this and be able to speed them up and actually take advantage of the public cloud for this case, as well.
I’m also happy to announce today Azure Batch Preview. Now, Azure Batch is a new service that we are releasing just now into preview. It’s job scheduling as a service. And we can do massive scale with this service. What this allows you to do is take advantage of compute cores so that rather than you having to do a lot of work and write a lot of plumbing for virtual machine pools instead we’ll do that for you. We’ll to do the job scheduling. We’ll do all the auto-scaling required for that. And you don’t have to concentrate on that plumbing. Now, in particular the useful thing about that is that since you’re running in Azure no matter how many cores you’re using, you just pay per minute for those VMs, so what you’re actually going to consume. So we think in that case you get very good cost-effectiveness, and it allows you to be able to scale up, to scale down and just pay for what’s required.
Now that we have all the system, we also want to have an open ecosystem that we can run this content on. And Azure has always been an open ecosystem that includes the operating systems you run, the languages that you write in, or the runtimes that you have and other workloads that are available to you.
We recently announced a strategic partnership with Docker, a brand new technology that is very popular for writing new applications, especially in the cloud. Now, it includes support for containers on Linux, and it actually had support already when Docker released earlier this year. So you can already run Linux containers with Docker orchestrating those.
We’ve also announced that we’re bringing a container technology to Windows Server. So no matter whether you’re using Linux, or you’re using Windows Server in the future, you’ll be able to use Docker to do the orchestration of those. You’ll be able to integrate well with the Azure Gallery, and into the Docker hub, and you’ll have great workloads there. And we’re very excited about that. And we are executing as a first-class member of this open source community, led by the Docker team.
Now Linux is also an important thing for many workloads that you might be running. In fact, one of our five virtual machines that are created on Azure today are actually running Linux. And we see more and more coming forward. We just announced the support for Core OS, a new Linux distro running to be certified on top of Azure. The Core OS is a container optimized version of Linux with a minimal footprint on it, which makes it great for deploying workloads. We think this container technology is going to be a great way to get great density, and also to increase productivity around development of new cloud scenarios in the future.
Now, we have basically 10,000 new customers joining with Azure every week. And you can see some awesome examples that we have here of being able to use the public cloud. I want to talk about two cases in particular that I think are very interesting.
The first one is Paul Smith. Paul Smith is a British fashion designer and a retail group. They basically have a classic IT shop, and they open four to five new retail locations every year. In this particular case, Paul Smith has decided to use our hybrid scenario. They run their own data center, but they actually can do disaster recovery up into the cloud. And that means that no matter what issues they may have, they can do the failover, and they can keep the availability up for their operations.
I also want to talk about Towers Watson, which is a global professional services firm. Now they specialize in making software insights available to insurance companies in two things, particularly modeling risk and making sure you’re complying with financial regulations. Now the next version of their application, the risk management financial modeling, is built on top of Azure Batch. Now what that means is, again, they can concentrate on the business value of this insurance business that they’re working on and not have to worry about that plumbing case. That means they can go after large customers that they want to tens of thousands of cores for a job. Again, jobs that may take, today, hundreds of hours to complete, I can get them done in just a few hours in the public cloud.
And because we have this massive scale, you never have to say no to a customer. We have that. You can use it. And when you’re done with it, you can actually just dial it back down, and just pay for what you actually use. So it increases the numbers of points that you can actually work with, customers that are large and customers that are small that may not be able to afford their own systems. So it really does spread that out, and we’re very excited about that.
Now, let’s go ahead and take a look at some of this new technology I just described, and I would like to invite Mark Russinovich on stage to give us a demo.
MARK RUSSINOVICH: Good morning, everybody.
So the first demo I’m going to show you is to highlight the scale-out capabilities of Azure Batch. And to do that I thought I would show you the limitations you run into when you scale up versus scale out. The application I’m going to open here is called Blender. It’s a popular open source 3-D modeling and rendering application. And I’ve loaded a model into it. What you’re looking at looks like just some grey blocks with a cylinder. These are actually going to be ice cubes with a glass. And what this rendering job is going to do is do some cool ray tracing effects to have lights come through those translucent objects.
To show you the limits of scale-up, I’ll start this rendering job here on this local system. You’ll see that it’s a little bit like watching paint dry, the speed of this thing filling in. What we’ve done is, because this application is so popular, integrated with Azure Batch by writing a plug-in for it, which is over here on the right side. Using this plug-in, you can easily take rendering jobs like this, and submit them up to the Azure Batch service. One of the things you do when you configure it is specify the number of infrastructure-as-a-service emphasis or the VM emphasis that you want that job to render into. You specify 37 here, and these are going to be 8/8th size virtual machines, which are eight-core, high-compute intensive virtual machines with a InfiniBand networking. The reason that I specify 37 is that the plug-in is going to take that rendering job and slice it into a six-by-six grid for a total of 36 tasks with one final task that’s going to stitch those images together to create that final image.
I’ll submit the job now by clicking on it. And right from here, again, in the plug-in, you can look at the job status. So this is it. The job that I just submitted, you can see it’s already cranking along, and it’s got 36 tasks with 37 virtual machines scheduled to run.
But you can also go directly, if you want more detail about what’s going on with that job, from the plug-in is jump right to the Azure Batch portal and see the status of the job and the tasks within it.
So this is the job that just has kicked off. If I click this open, we’ll see the individual tasks executing. And for each task you can see a nice graph up here. This is task number 30, of this usage of CPU, RAM and I/O as it executes. You can see the time that it took each of these tasks to complete, and you can already see that this final task, the merge task, is just about to finish.
If you want to take a look at the execution history of all those tasks and what they were doing, this job log here will show you that what was going on is these individual images, like image 10 was being uploaded to Azure Storage. And then that final task is taking, like said, all those 36 images and stitching them together. And that job should be complete now, which it is.
And the job output now is ready with the final rendered image in Azure Storage that we can download directly from the Web. And open it up and see our beautiful rendered picture. And there it is.
Now let’s go back and take a look at how the local machine is doing, and you can see it’s still got a ways to go. So we’re going to sit here and wait for that to finish and then move on. Just kidding.
Let’s stop that and move on to the next demo. So that was taking advantage of the scale out, about 300 cores were used there. For this next demo I’m going to show you some of the elasticity that containers give you on Azure with the Core OS Linux distribution that Jason mentioned.
Because Core OS is now part of our marketplace, you can come to the marketplace, the gallery here, find Core OS and launch and instance right on top of Azure, and then deploy Docker containers into it very easily.
Most people manage their Docker containers from Linux because Docker is natively written for Linux. What I’m going to show you for the first time ever in public is Docker client for Windows. This Docker port to Windows will let you manage your Linux Docker containers from your Windows systems. And in the future it will let you manage your Windows containers also from your Windows systems.
This command is the command that I ran just a little while ago to create what’s called a Docker Host. A Docker Host is a virtual machine or server that’s managed by the Docker client and into which you can deploy Docker containers. You can see that the name of this host is Azure Core OS 1. And that’s going to be the DNS name that we’ve got for the virtual machine in Azure that was created.
If I execute just Docker Host, this will show me the Docker Hosts that are under management by this Docker client. There’s three of them that you’re going to see, including that Azure Core OS 1 host that I created earlier. And that one we marked as the active one, which means that when I execute the Docker client commands here, they’re going to be targeting that Docker host. And you can see here the DNS name that I mentioned, Azure-Core OS 1.
The first thing I’ll do is create a container right from here into that Linux machine. It’s a Linux Ubuntu container. And it’s going to run a command, the Azure Batch command, the Linux Batch command, and then connect to that Batch command. So I’m connected into that Docker container running in that Core OS virtual machine in Azure. And if I execute a Linux command like TS, that will show me the processes that are active inside of that container, which because it’s in a container it’s isolated from the rest of that Linux OS; it can’t see the rest of the Linux processes, just the ones running in its own container.
The next thing I’ll show you is just how easy it is to launch images from the Docker hub into those Docker containers, and how fast Docker execution or container execution is. First, I’ll show you that that Linux virtual machine up in Azure has no active website on it. I’ve gone to it in the browser and there’s nothing listening.
Using, again, the Docker Windows client, I’ll create a WordPress site using the WordPress image from the Docker hub connected to a MySQL database container that’s already executing in that Core OS host, and have it listen on port 80 by default. Give it a second, press refresh, and there it is, my WordPress site where I can blog about TechEd, active up in that virtual machine. And that’s the power of the integration of the Docker Windows client with Core OS on top of Azure and Docker containers and Docker Hubs.
For the final demo I’ll give you a look at our premium storage capability. And to do this I thought it would be interesting to contrast it with our standard storage capability. I’ve got three virtual machines; this one has a standard storage disk attached to it, and I’ve got a tool here called Iometer, which is a disk stress test tool. And it’s going to hit that disk with a bunch of load, read and write load. And then show us in a nice speedometer the I/Os per second that it’s able to achieve.
You can see that it’s hovering between 500 and 600, which makes sense, because the standard storage service delivers about 500 IOPS. And so we would expect to get that. The second virtual machine is on one of our new D series VMs and I’ve connected a premium storage disk to it. Again, the same stress test, I’ll launch the test, open up the speedometer, you can see now I’m getting 4,000 IOPS, which is the performance of a single premium storage disk.
But, Jason mentioned in the slides we could deliver up to 50,000 or more IOPS using the premium storage service. To show that I’ve got another virtual machine here, another D series, but instead of one premium storage disk attached to it I’ve got 16 disks attached to it and I stripe them, so they appear as one 16-terabyte premium storage disk for the stress test program. And when I launch the stress on it, open up the speedometer, you can see that it’s actually more than 50,000, it’s close to 60,000 IOPS we’re getting. This demonstrates how you can take your scale-up workloads now into a platform like Azure and really get the performance that they need to excel on the Azure platform, and this 60,000 IOPS is the highest throughput of any storage service in the public cloud today.
So with that I’ve showed you containers, I’ve showed you the scale-out capabilities, the easy scale-out capabilities of Azure Batch, and finally the scale-up capabilities now we’ve got with our Premium Azure Storage.
So with that I’ll turn it back over to Jason and I hope you have a great TechEd.
JASON ZANDER: Thanks, Mark.
So you just saw the advantage of hyper-scale in several different examples. Now we think that there’s probably only going to be three public cloud vendors that can run with this kind of footprint. It’s going to be Microsoft, Amazon, and Google. Now, our intent here is to be able to differentiate, though, on the capabilities that we’re describing. That means, for example, the hybrid scenarios that we also showed you, none of the other guys have that, in addition to enterprise-grade. Enterprise-grade is very important for us. It really relates to our security and compliance work. It includes things like being able to run a very high resiliency on the compliance side, we think about things like article 29 support, especially here in the EU. And we’ll talk about more compliance later in another session.
Now, the other thing we want to do with enterprise-grade, though, is look at the breadth of the offerings we have. In spring Gartner updated their Magic Quadrant for enterprise application platform as a service, cloud infrastructure as a service, public cloud storage services and x86 virtualization. Now, Microsoft is a leader in all four of these. In fact, we’re the only vendor that’s actually a leader in all four. And again, part of this is because we really are trying to do a breadth of technology for you that gives you those options we talked about, private cloud, public cloud, everything in between. And this really demonstrates the value that we’re delivering with that.
Now, we talked about connectivity before, but we also want to make sure that you can do that in a secure, and a robust, and a resilient way. And so earlier this year we shipped Express Route. And Express Route allows you to extend your data center to Azure and can use over 16 worldwide locations and growing. We add more and more all the time. And in fact, you probably will see your networking provider is already up on this list, and if not we’re probably working with them. More will come along the way. This gives you a high-bandwidth, low-latency connection between your data center and the Azure public cloud. I can put a VPN around it. I can have full control. I can put domain servers and really anything else that I want. I can just treat it like a natural extension of my existing data center.
Now we provide this with an enterprise-grade resiliency. That means we give you two circuits. You can back up between them and make sure you have good availability. And we back that up with a connection uptime SLA of 99.9. Just to put that context, today Amazon has 12 locations and Google does not have an offer like this. And we think this is a critical offering in order to be able to enable this hybrid, connected environment.
Now, we’re also happy to announce today that the Azure marketplace is available. We’ve got a lot of partners that are working already and it is part of the Gallery. You can get their images there. Now, Azure Marketplace is a case where we’ve come and made it much, much easier to go in and be able to browse and find things like virtual appliances, virtual machines that are pre-configured, applications and services that you’d like to run. And we think this combination of bringing together these solutions that ISVs are creating to solve problems that we have, especially in the enterprise, that’s a win-win for both of us.
Now, the Azure Marketplace as of today and literally today is now open for business with a set of curated offerings that are there. We make it super-simple to get it up and running through VM extensions and other mechanisms, so you can get very, very fast deployment times with this.
Now, you’ll probably even see some names inside of this list that you wouldn’t even expected us to have worked with on Azure, but part of what we’re also trying to do is make sure that you have choice, and that for services and products that you’re already using, that you have access to those and it works in a first-class way. So we’re very excited to have the marketplace available out here. Go check it out.
Now, this wraps up our conversation on the platform side of this. We’ve talked through devices and Joe showed us some great features and we’ve walked through all the cloud value props and what it means to pull these two things together. What we want to be able to do now is transition, because having all this infrastructure, that’s great, but in the end what we’re really trying to do is enable users and new scenarios to show up. That enables that productivity that we talked about before, that productivity for individuals, for teams, and for business processes.
So we want to be able to talk about what does that look like for those users. What do we need to be able to develop? But, I want to talk a little bit first about what kind of trends we’re seeing and what environment we need to operate in. Now, really the world has changed. I mean, again, we talked about all these connected devices. The expectations of our users now is that they’re a global workforce. I’m going to be able to be connected anywhere that I go. I’m going to have access to my resources. And I want to be able to do that basically everywhere. We really have to make sure that our operations and our IT software solutions can keep up with that pace, because that really is what our user base is demanding.
Now, our workforce is also changing. We’re at a point where the new workforce that is entering today and leaving university and coming to work with us, they probably have never known a world that didn’t have touch screens for smart phones, in addition to tablets. And they work in a very collaborative environment, so a social thing as they do today, but they’re also expecting to have some of those same environments for collaboration amongst their teams. So they’re constantly connected. They’re looking for this environment to be a collaborative space. They want to be able to have and discover information quickly, instead of being stuck in systems where I can’t actually find what I need to be successful.
Now, I’m also bringing my devices with me. And I use it all day long, it’s part of my life, it’s part of my work. I have the same phone all day, whether I’m at a party with my friends, or I’m actually in a meeting, actually trying to pull up a PowerPoint or a Word document. So we really need to have something that’s going to give us that experience, but the thing about this is that it’s great, but it also introduces new risks, because this person unfortunately left their smartphone on the metro, they’ve got their contact information in there, they’re probably going to lose that, but that can also have confidential corporate information on it, as well. And that represents a problem.
Every year millions of smartphones are stolen or lost and we have to figure out what that looks like. How do you prevent that data from getting compromised? Now, we get into this balancing act, which is how do I make sure that I have a great user experience, that matches what I would like to have as an end user, so it doesn’t feel like it’s intrusive, and it feels like it’s just a normal part of my tools that I use every day, but at the same time exercises that control that we want to have.
Now we think about this, we believe the solution for this is to be able to implement security in multiple layers. That includes, for example, being able to manage the physical device itself and understand and set policies around how a device works. And you saw a little bit of this with Joe and we’ll show a little bit in just a moment. But, we also want to have great applications that I want to be able to use. I want to use the native apps for the data that I created, because that gives me the highest-fidelity experience, but I also need to control the app to make sure that it’s not able to leak confidential data.
I also care about the files that are underneath it, because at the end that is the data that we’re really trying to protect. We want this entire thing to be backed up with an identity system that can really be the substrate for this entire thing. We want to be able to pull this together and today some vendors will go as far as devices and they’ll create applications, but they may not do all of these layers. We believe we have an excellent solution for all of this.
Now our solution starts off by being able to manage the devices that you want to use, the support for Android and iOS as well as, of course, Windows. On top of that we build our identity system with Azure Active Directory and, again, that base that we talked about before of our enterprise users. And we provide a couple of solutions. One, Enterprise Mobility Suite, or EMS, and this gives me the ability to have software to go manage those applications, device policy, and all those things related to that. And then also Office 365, because it is the premier application for productivity, and I want to be able to use it but again have this flexibility around security.
And we’ve had tremendous interest in Enterprise Mobility Suite in the enterprise. In fact, we’ve grown our end user base by over 400 percent in the last year and it continues to just skyrocket. So I think this solution that we’re providing is actually proving to be very popular and very successful.
So happy to announce today that we have new Microsoft Intune updates that are coming to you over the next several months. These updates are going to allow you to do things we just talked about, like manage my devices. For example, I want to be able to manage Office 365 on my iPad and have control over that. I want to be able to set policies around those apps on those devices so I can actually decide how am I going to interact with it and how does my data work?
In addition to that, we want to figure out how your applications work with data. So things like copy and paste and other metaphors like that, and making sure that all my data continues to stay secure. That gives everybody here control over that environment.
We also want to promote the MDM solution for Office 365, Mobile Device Management. In this case, again, Office 365 is a premier application. We want you to be able to do administration tasks around that and the data documents associated with it. We’re going to allow you to do that directly from the Office 365 Access portal. You can also set conditional policy on your applications.
The most important, of course, are your docs and your email, how can you actually set data? What policy do we have in there? And if you do get to the place where that device that was on the metro actually gets lost and you need to deal with it, then we’re going to give you solutions that allow you to do a remote wipe of that corporate data while keeping the user data intact. And so that handles a number of scenarios that you may run into.
We think this combination of the Intune updates and the support for Enterprise Mobility Suite as well as the new MDM support for Office, it really is a no-compromises solution. It gives you the best of those applications as well as the controls, great for the end user experience, and it’s great for our IT professionals.
So what I would like to do next is let’s go ahead and take a look at some of this functionality. I’m going to invite Julia White up on stage to give us a demo.
JULIA WHITE: Thanks, Jason.
Now, Jason talked about security across four layers, identity, devices, apps and data, and the importance of being productive and security across all of your devices. So I’m going to show you some recently released technology as well as some coming in the near future to help you manage all of your devices in a secure way. And that’s working across Azure Active Directory, Intune, and Office 365. So again, you can meet your security requirements, but also enabling that great end user experience.
Now one of the first things you need to do when you’re starting to manage a cloud app is get your directory connected. So something like Getting Started with Office 365, and that gets you on-premises directory connected to the cloud. And I work with a lot of Office 365 customers, and they’ve told me in the past this has been a reasonably complicated experience. Now I’m thrilled to say that is no longer the case. Thanks to Azure Active Directory Connect, you can literally get your cloud directory connected to your on-premises directory in six clicks. So you get that security and access control and single sign-on experience.
But don’t take my word for it, let’s take a look here in the Connect tool. And essentially this is a single download that addresses everything you need to do to get your directory connected to the cloud. Essentially it automates that process that used to be relatively complex.
So here in the wizard I just go ahead and agree to the terms, it’s that simple. Keep going. And it’s going to check and see what prereqs I need and install those for me, and then I have to add in my credentials here to connect to my cloud directory. And I’ll load that. And I’m just going to go ahead and use my express settings to keep it simple. And let me grab my on-prem creds here. So here’s my Windows AD credentials.
Now as you’re viewing that, literally with this click it’s going to perform that configuration and connect my cloud directory with my on-premises directory. It’s that simple. So it’s so much easier than it used to be. So I can now manage my cloud-based apps as well as have single sign-on experience. So really awesome compared to what it used to be on that front.
Now once I have Azure Active Directory set up, I can manage all of my cloud-based apps and have the benefits of security, auditing, reporting all in one place. Now you can extend that same experience to your on-premises apps as well, because increasingly you’re managing both on-premises as well as cloud-based apps. And you want that single control plane for all of your apps. Well, now with the new Azure Active Directory App Proxy, you can actually bring those on-prem apps right into Azure AD so you have that single control plane.
So let me show you an example of that. I have this SharePoint site. It’s running on-premises. Maybe I have some fully trusted code or something, so I’m not ready yet to move it to Office 365, but I want to connect it to my Azure AD. Well, now I can just do that very simply. So if I go into my AD portal here, into my Azure portal, into my AD area, you can see this is where I manage my users, my groups, and my applications. Now I want to add that SharePoint app that I have. Let’s go down here and add it. And I can just publish it directly. And I’m going to call this my SharePoint On Prem Site.
And let’s see, I’ll go there and check it out. And then I just let it know where it’s sitting. And it checks. So then literally with that I’ve taken that on-premises app and I’ve published it, I’ve connected it with my cloud directory.
So let me flip over to the end user experience. We can see that now I get that single experience for them as well. So as a user, go to one place to get all of my access to all of my cloud apps, but also to my on-premise apps, too, like this SharePoint site that I just loaded into it.
If I go over to my iPad now, flip over here. Great. Here I’m in my app site, and I can just click down here at the bottom. You’ll see I have that SharePoint on-prem site that I published, and if I load that up ‑‑ let me log in first, of course. It’s good to have the security. Now let’s get that loaded. There we go, there’s that team site that I just published. So again, giving the user experience a really nice single place to get all of their apps as well.
Now I just showed you how simple it is to get your directory connected and to get your app proxy set up. But now you can get your users, your groups, your cloud-based apps, and your premise apps all managed by and connected to Azure Active Directory. So that covers really quickly what we can do across identity.
Now let’s talk about device and apps security. So Jason announced some great new Intune capabilities coming. I’m going to show you the Mobile Application Management aspects coming in the next few months, because users want access to all their important information, particularly email and Office documents, so they can be productive everywhere. Well, and also since we’ve shipped the Office for iPad app, you’ve had a lot of feedback asking for people to be able to manage those apps. And I’m thrilled that Intune will be uniquely able to manage the Office for iPad apps.
And using the app management, it helps you to set policy for how the apps can interact with your corporate data. So, for example, which apps I can copy/paste into, where I can save as. So I’m going to go ahead and set up some policies for my Office for iPad app.
So here I’m in the Intune portal, in the dashboard. And I can set up my policies here.
I’m going to go into my configuration policies and grab those Office for iPad apps. And if I go in, I can actually configure and set up what I want to do and what I want to enable with these apps specifically. So I have set here that you can use these apps to transport data to other managed apps. So only managed apps can transfer data to other managed apps. And very specifically with cut, copy, paste, I’ll let people paste in content as long as it’s a managed app. So that way I make sure that people are only using these in the right way.
Well, then I can also manage the deployment of these managed apps as well. So if I go in here to my managed software, see here is where I have those Office for iPad apps with the policy embedded into it, and I can actually manage the deployment right from here. It goes into the My Portal app that my users can access from all their devices, and they can get these apps onto their iPad devices.
This is similar to what Joe showed that’s natively built right into Windows 10. Well, with the Office for iPad you use Intune to get that policy embedded and out to the iPad.
So let’s actually switch over and take a look at what that looks like for the user once they have these Office for iPad apps with the policies embedded right in. So I’m going to get my iPad here. I’m going to go into my Outlook app, which is a managed app, so I am prompted for my PIN, of course. So I can access it. And in here I have an email from Michael with an Excel attachment. So I want to open that Excel attachment and when I go to open in you see that I only get Excel, because that’s the only managed app that I have on this device. It’s not showing me other apps that I’m not allowed to use. So I as a user don’t get in trouble and put this in a different app. It only shows me what I’m allowed to use. So let me enter my PIN in there and we can get going, again, prompting me for security, because this is a managed app and I know that as a user.
I’m going to go ahead and get in here. All right. So here’s my Excel table and I want to copy some data from this and put it in another document. So let me grab this, nice big touch handles there, and I’m going to copy that. Now, I’m going to try and paste this into my unmanaged app, an unmanaged email app, the native app on the client that I use for personal reasons. And I’ll go ahead and tap in here. And you see when I do that there’s no paste option, because this is not a managed app. I cannot paste into it. Intune has managed that for me, again, so I don’t get in trouble. But, if I go into Word, which is a managed app and I tap in here I can see that there is that paste option and I can drop the table in just like that, because it’s a managed app. So the great user experience makes sure that I stay right where I should and keeps the data safe across all those managed apps.
Now, I showed you how Intune capabilities enabled that app and management policy with the new mobile application management. But, while I’m sitting here on my iPad talking about Office I also want to mention that we just released a fantastic new Office 365 SDK for iOS. So now it’s really easy to build iPad apps that connect to the data sitting in Office 365 in a great new way, and if you want to learn more about, that check out the developer foundation session.
All right. So let’s talk more about Office 365 security and protection. And when you go to Office 365 you get the benefits of how we run our cloud service, things like ISO27000/01, or the support for EU Model Clauses, or importantly and very recently Article 29 Working Party approval for privacy. And Microsoft is the only global public cloud provider that has been approved by the Pan-European Data Processing Authority for this. And just one of many examples of how we’re staying on the very front edge of security and compliance controls with our cloud service. And last, but not least of course, your data in Office 365 is fully encrypted at REST. So you have that assurance, as well.
But, it’s not just about the capabilities that come in the service, it’s also about the security settings we give you to customize and use based on your unique business requirements. And one key aspect of security is data loss prevention, or DLP. And DLP enables you to protect your sensitive business information, but it does this in 365 in a way that your user always understands what’s happening, so they don’t confuse or get frustrated, or worse, try and work around you. They know what’s happening. So let me show you what that looks like in Office 365.
So here I’m now in my Office 365 admin console in my reports view. So I have reports across all parts of the service, including what’s going on from a data loss prevention policy. So I can see which rules I have and what’s happening. So let me pull up a report that shows the different policies and here’s a reporting of this policy actually is getting hit, you see this is override, on a certain email policy. And I see that actually people are ‑‑ there’s a lot of overrides happening and I might not love that. I might want some additional security. So I’m going to go actually and add some additional security to this particular DLP policy.
So I’ll go into in this case Exchange into the email rules specifically set up. And I can manage all aspects of my Exchange online experience here, including here’s my data loss prevention. So I’ll go into that. And here I have my different DLP policies set up. And I notice this one, credit cards, so it’s scanning and looking for credit card information. And this one is what’s getting hit and overridden 14 times. So I want to maybe take some additional actions, because a lot of people are overriding, I want to put some additional security measures in place.
Let me go into that rule and in this case it’s people sending internally. So I’ll select that one. And within the DLP area you can see I have my rules set up, but I want to add an additional action. So if people are overriding I’ll give it some more security. So I’m going to go ahead and add some message security here and I’ll apply rights protection, add that, as well. And there are some RMS templates, rights management templates here
I’m going to go ahead and choose the do not forward. So if people do choose to override, they can’t forward it, the information can’t get shared farther than that. So I’ll go ahead and save that rule and get that set up. And you can see that I’ll I also have different workflows. So if someone overrides it’s automatically sent to some people in the organization. So I can set up different policies and pretty sophisticated things within my DLP rules.
All right. So I’ve got that set up and so I’m going to actually flip over to the end user experiences so you can see what that looks like, again, really important to make sure the end user knows what’s happening so they don’t try and work around what’s going on. So I’m going to go ahead and create a new email and send this to Steve here, and I’m going to copy myself so you can see what it looks like when you get it. And I’ll attach this file with some information in it, the customer info.
And you see as I’m typing, well before I hit send, I’m getting prompted as a user that something is happening, I get this policy tip here, and it’s hovering over and it shows that there’s credit card numbers. So I know what’s going on and why I’m getting this rule and I see I’m given the choice to override. So I’ll go ahead and choose override, and I’m going to send that.
Now, when I send that both the message and the attachment is getting encrypted and the rights management policy, that do not forward policy, is being attached to the message. And that way I make sure that the protection always stays with the content. So let me open that and you can see that I get the policy here, let me open this one to give you an example, the policy here, it says do not forward, can’t print, can’t copy, even my Windows snippet tool won’t work when I have that email open, because it’s got that additional RMS policy attached to it.
All right. And so this same experience, both the admin experience as well as the end user, getting that policy tip, seeing what happens, that is what’s extending now beyond just email into all the content that’s going into SharePoint Online, as well as OneDrive for Business. And in case you missed it yesterday, OneDrive for Business, unlimited storage, so a lot more content going in there. So we want to make sure you have all the right policies so your sensitive information, email, and content is protected.
Now, so what I showed you today is security and management across identity, devices, apps, and data, and that’s using Azure Active Directory, Intune, and Office 365 to provide you the security you see, while making sure your users have a great enterprise productivity experience.
JASON ZANDER: Thanks, Julia.
So at this point we’ve come full circle back around onto our platforms, including the productivity part. We also covered over the device and the cloud. And I hope you’ve gotten a good feeling for this mobile-first and cloud-first era. Now we showed several examples here and we think that examples like the Coca-Cola, the IoT scenarios that we have are going to transform and change the way that we work in the industry.
We’ve really only scratched the surface for these environments. In fact, right now we’re seeing transformation across all parts of the industry. I think there’s going to be cool new ways that you’re going to be able to solve problems with all the solutions that we’ve given you here.
Now, one of the important things for us also is to think about the next generation of technologists that we have. They’re thinking today about solving problems in a way that’s kind of out of the box from what we have today, new ways of solving issues. They’re also thinking about the possibilities for their own careers, and what does that look like going forward.
Now, every year we sponsor the Imagine Cup where thousands of students from across the globe participate in a worldwide student technology competition. Let’s go ahead and take a quick look at the highlights from this year.
So please help me in inviting up our worldwide winners for Imagine Cup this year, Jennifer and Jarrel, representing Australia with their winning application Eyenaemia. (Applause.)
Good morning. Congratulations for winning, this is a really great accomplishment. We saw all of the competitors from around the world. So tell us a little bit about the application that you wrote.
JENNIFER TANG: So our solution, Eyenaemia, is a low-cost, non-invasive, and easily accessible screening tool for anemia. So we’re both medical students and we thought about this idea when we were in rural Australia. So this is a place 6-1/2 hours north of the nearest city. So we found out that anemia is a problem, 2 billion people worldwide suffer from anemia. But, what we found the problem to be was for every person that walked through that door and was diagnosed with anemia there were many people out there that were missed. Access was a problem. So what we did is we created our solution which enables users, everyday users, to be able to take a selfie and be able to identify their risk of anemia.
JASON ZANDER: That’s really cool. And so tell us a little bit about the technology. We have all sorts of developers here in the audience, what did you actually use for the technology, the cloud, the devices?
JARREL SEAH: Yes. So our solution is actually built on Windows Azure, which is really cool, because this means that a lot of the reach across a wide variety of devices. For instance, that means that not only smartphones or webcams can accept our solution, you can actually build in SMTP gateways as well as MMS gateways, so people with feature phones, with low-end Nokia phones, or those brick phones that you have from the (inaudible) era, you can actually take a photo and send a text, send an email to our server, and that server will analyze that photo, do all the processing offline. It means that we can run our solutions on any different hardware, and that means we can reach all the people in areas which have difficulty accessing healthcare.
JASON ZANDER: That’s really cool, because it makes it very accessible in all the areas, like you said, in the regions where maybe you don’t have the other technology. But these are medical students, so you joined this technology conference. What made you decide to join this technology conference with a lot of computer programmers?
JENNIFER TANG: That’s a question that we’ve gotten a lot. Well, we’re very self-professed geeks, and pretty much we do business outside of the hospital time that we had. And we saw the Imagine Cup, it’s an international student competition, as a great way to be able to, I guess, combine those two passions that we have for technology as well as in medicine.
And we also believe that with technology IT is not just a single-cell animal. It’s something that you’re seeing every single day everywhere. And in the future the greatest technologists will be the people that can identify the problems and find those solutions.
JASON ZANDER: That’s really cool. You have a couple of thousand hackers in this room. So I think they really appreciate what you’ve accomplished here.
So just one last question for you. So what was it like to meet Bill Gates?
JARREL SEAH: So Bill Gates is very fast and very direct. He’s also a very great mentor and he gave us a lot of good advice. Not just generic advice, as in I like your app or I don’t like your idea, but gave us concrete barriers and challenges to overcome, told us exactly what we needed to do, what were the steps that we needed to take in order to make this have the social as well as economic impact that it could possibly have in the world.
JASON ZANDER: That’s fantastic. Congratulations again. And thank you for coming today.
JARREL SEAH: Thank you very much.
JENNIFER TANG: Thanks very much.
JASON ZANDER: All I can say is wow. I mean, that is really cool, to think about that usage of that technology like that and be able to solve that problem, and especially medical students being able to think outside of the box on a solution and make that work. That’s super-impressive and it makes me want to go back to a bunch of those other scenario sand think about how I can do really cool and innovative things like that as well. So very impressive, and congratulations to the team.
Now, we’ve got a fantastic conference for you here this week. We’ve got lots of great sessions and great speakers. We think you’re going to learn a lot. We also want you to have a lot of fun while you’re here. I think it’s going to be a great TechEd. We’re really happy you’re here with us. Thank you very much.