Endpoint Protection|Microsoft Azure|Microsoft Endpoint Manager|MJF Chat|Podcasts|Remote Desktop|Virtualization|Windows Client OS

MJFChat: Windows Deployment: So Many Options

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy technology folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.

Readers can submit questions via Twitter, Instagram, Facebook and/or LinkedIn using the #AskMJF hashtag. Once the interviews are completed, we will post the audio and associated transcript in the forums for readers to digest at their leisure. (By the way, did you know MJFChats are now available in podcast form? Go here for MJF Chat on Spotify; here for Apple Podcasts on iTunes; and here for Google Play.)

Our latest MJFChat is focused on the many morphing Windows deployment options available out there. My special guest for this chat is Microsoft Most Valuable Professional (MVP) Donna Ryan, who has a lot of expertise and involvement in this space. Donna answered a bunch of reader and listener questions submitted via Twitter as part of this chat.

If you know someone you’d like to see interviewed on the MJFChat show, including yourself, just Tweet to me or drop me a line. (Let me know why you think this person would be an awesome guest and what topics you’d like to see covered.) We’ll take things from there…

Transcript:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Mary Jo Foley (00:00):
Hi, you’re listening to Petri.com’s MJF Chat show. I am Mary Jo Foley, AKA your Petri.Com community magnate. And I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s chat is going to be all about the many Windows Deployment options that are out there. And my special guest, Donna Ryan, who is a Microsoft Mobility, MVP knows a lot about this topic. Hi Donna, and thank you so much for doing this chat and very nice to meet you virtually for the first time.

Donna Ryan (00:42):
It’s lovely to meet you as well, Mary Jo. It’s a privilege and an honor to be on the podcast and just glad to be here.

Mary Jo Foley (00:50):
Ah, thank you so much. So when we came up with the idea of what you were going to talk about, it turned out that this was a real hot button topic, and one laden with acronyms, which I’m going to try to remember to explain and spell out, but I’m sure you’ll help me do that as well. There are a lot of topics we could cover here, everything from Intune to Endpoint Manager, to Autopilot, Azure Virtual Desktop, Windows 365. And on top of that, we got a lot of questions for you on Twitter. So I want to start out with a couple of my own questions.

Donna Ryan (01:24):
Okay.

Mary Jo Foley (01:25):
I am curious, like how do you keep this all in your head? I was thinking at the highest level, do you have some kind of a framework, or a hierarchy, or do you have like a secret periodic table of deployment options on your wall somewhere? Like how do you keep track of all this?

Donna Ryan (01:41):
It’s just experience and I guess, prioritization of what I’m going to remember. I mean, I’m a huge, huge deployment nerd. And so for me, I can remember those things, you know, fairly well.

Mary Jo Foley (01:55):
Nice, nice. There’s so many acronyms in this space, when I was coming up with things and looking at reader questions, I’m like, wow, there are acronyms I’ve never even seen here. And I’ve seen a lot of them over my time. So let’s see, I wanted to talk briefly about Autopilot with you. Because when we were talking about doing this chat, you had mentioned Microsoft had just recently introduced some breaking changes to Autopilot around user assignment. And some people were a little upset about that. So could you dig in there? What’s going on with that?

Donna Ryan (02:26):
So Microsoft had made a change on how certain scenarios and an option that works within Autopilot to address a potential concern with devices being reused and reprovisioned. What they did is they stopped the ability to have the end user’s name already displayed on the OOBE prompt, which some folks in organizations really like having that name right there. And the other component that changed is if the device had been enrolled via pre-provisioning formerly known as White Glove or Self Deploying mode, if the device needed to be redeployed, it needed to be fully deleted out of Intune, which hadn’t been a requirement. Reason being with that reusing of a hardware is there is the potential for devices to not be properly offboarded and then shipped to a new organization, you know, with identifiable data present. And so, yeah, it didn’t break Autopilot completely. It’s removing some features and adding an additional step if you’re re-enrolling. But some people weren’t thrilled by that, but I suppose it’s also understandable.

Mary Jo Foley (03:53):
Right, right. What do you think? Do you think it’s justifiable or a good idea that they were doing this?

Donna Ryan (04:00):
I think it’s generally a good idea. I know over the years there’s been some on an occasion devices getting returned that had been enrolled that are still enrolled in other tenancies and it happens. And so if that helps to mitigate that, I suppose it’s not a bad idea. I know Microsoft is very well aware of the feedback and, you know, trust that they’re going to make some adjustments if need be.

Mary Jo Foley (04:32):
Right. Gotcha. Okay. I’m dying to ask you about Windows 365 and Azure Virtual Desktop, because I get a ton of questions about this. People are always trying to figure out, you know, which one of those two is the one for me. And I was curious if you have like a simple, relatively simple, rule of thumb when you’re telling people about their orgs or IT departments and which one of those two would be better suited to them?

Donna Ryan (05:01):
Absolutely. I guess the rule of thumb that I start out with when I’m having these conversations with my clients is do you already have an existing client virtualization solution and staff that manages it? If so, then AVD is a very easy adoption because it’s made, you know, client virtualization easier to deploy. If that answer is no and they don’t have any expertise, then I think Windows 365 makes more sense because you don’t have to really have any type of that underlying understanding of client virtualization fundamentals and those other components that go into it. There more technically, you know, like right now, if you need to have, you know, Nvidia GPU support, well, that’s not in Windows 365. But generally speaking, you know, if you have folks that already have that knowledge in-house and familiarity, you know, look at AVD, absolutely. But you know, if you just need, you know, quick, simple, easy with little training, Windows 365 is totally the way to go.

Mary Jo Foley (06:11):
Yeah. I had somebody else say to me, if you are comfortable with figuring out your Azure consumption needs and goals, then great, and you can go AVD. If you’re not, then you should stay away from AVD.

Donna Ryan (06:25):
I would generally agree with that, yeah.

Mary Jo Foley (06:26):
Okay, great. Let’s jump into some of the many listener and reader questions we got on Twitter. Scott on Twitter, here’s his question. It’s a little bit involved, but we can go through the acronyms as he brings them up, he said, I’m competent with DISM, Deployment, Image, Servicing and Management and WIMS, Windows Information, I don’t know.

Donna Ryan (06:56):
What is it? Oh, it’s Windows Image Media, I think is what that acronym stands for. The WIM file is what contains your installation of Windows that actually has, you know, the file table, the packages and all that stuff.

Mary Jo Foley (07:11):
Okay. So he knows DISM, he knows WIMS, and MDT, the Microsoft Deployment Toolkit for local imaging requirements, but he wants to take the next step to learn in cloud-based tools like Intune Autopilot and Endpoint Manager. So he said, what would you suggest I do to start? Cause I am a cloud newbie.

Donna Ryan (07:30):
Okay. Well being in the community and being on Twitter is a great first step because, you know, you’ve got plenty of the Microsoft staff PM’s are on there. Our community is very robust and very collaborative. More specifically for resources, there’s two that kind of come to mind off the top of my head at least for, you know, reading and going blog post wise, there’s a windows-noob.com, Niall Brady owns and maintains that. And actually when I started off in my career learning Configuration Manager, Windows-Noob was constantly pulled up. There are absolutely fantastic walk-throughs that cover every facet of that. There’s also a forum that’s on there as well for discussion. So, I mean, that would be a good one. And then Justin Chalfont’s site, I think it’s setupconfigmgr.com. Justin is the owner of Patch My PC and has done wonderful tutorials and videos on you know, everything MEM. So just at the top of my head, those would be two really good places outside of Twitter. When, you know, conferences start to open back up you know, absolutely hitting, you know, the MMS’s, or the user groups. Those are also great places cause we have, you know, industry experts there that are happy to answer questions and go off into those various rabbit holes.

Mary Jo Foley (09:10):
That’s great. Great resources. Okay. Mike Moss on Twitter says my team has not adopted SCCM, System Center Configuration Manager. He says they use Kace for PC, but we use Intune for mobile. So are there any helpers, you know of for swapping out Kace to the new MEM, Microsoft Endpoint Manager?

Donna Ryan (09:35):
So, I don’t generally work with Kace unless it’s helping folks migrate away from Kace to Configuration Manager. Which okay being biased, I’d say yes, always do that. But I did a little bit of poking around cause I saw the tweet. And I don’t see anything that, you know looks like there’s some type of, you know, tie in, into, you know, Intune from Kace I know with Configuration Manager, you can tie into third-party MDM solutions, that’s called coexistence, but I don’t think Intune plays well with any other type of on-prem management. And so my suggestion there would be, you know, maybe talk to, I don’t know who owns Kace now, I think Quest does. You know, talk to their rep to see if they’ve written anything or if they have any type of integration. Otherwise, you know, you can always move to Configuration Manager, but it doesn’t sound like your team’s ready to make that move. So about the best I can do on that one.

Mary Jo Foley (10:38):
Nope, that’s good. Marek, who goes by @technicalflow on Twitter, says what would be the best option for a small company hardware enrollment in the near future? Will WDS, Windows Deployment Services, plus MDT still be working in two to three years or will there be better and simpler options for an SMB to choose from?

Donna Ryan (11:02):
Well, that’s one of those crystal ball type questions. I don’t know any expected lifecycle. I would anticipate that WDS and MDT will still be around. Will they be actively developed? Probably not, but they’re likely to still be here for quite some time. And so there’s that. But are there better and simpler options to choose from? If you own, you know, the Intune licensing and the requisites, you know, we could look at Autopilot. If you need, you know, quick and simple, you know, you’ve got the Azure AD only joined style of Autopilot. You don’t necessarily have to be partnered with anybody to do your device registration. You’ve got PowerShell and modules that you could, you know, upload your own. There’s also some community tools built around that, OSD Cloud, Dave Segura’s latest offering to the community that allows you to kind of merge some of the best parts of imaging with the best parts of Autopilot. So, where the industry is going to be in two to three years? Yeah, if I knew that one yeah, I’d be a millionaire.

Mary Jo Foley (12:25):
Yeah. Those prediction ones are tough, right. Because there’s so many different things going on. Well, you know, how, what will a pandemic look like in two to three years? Will people be working from home and remotely as much as they are now? There’s just so many variables and it’s just pretty much impossible to know how much Windows, you know, kind of what’s even gonna happen with Windows in two to three years.

Donna Ryan (12:45):
Oh, absolutely. Yeah, looking at it with Windows 365, you know, us on the outside, had no idea this thing existed and that’s becoming, you know, an option for organizations that are getting hit by the chip shortage. Instead of having to go buy new and inflated priced machines, you can roll out Windows 365. So maybe the answer is in two to three years, we’re all just using iPads and phones to connect into our Windows instances and then paying a monthly reoccurring. Who knows?

Mary Jo Foley (13:14):
Not iPads. I hope not iPads, I’m not an Apple fan.

Donna Ryan (13:17):
Nor am I.

Mary Jo Foley (13:17):
Okay. Another one Chris Gahlsdorf on Twitter said, do you think it’s worth migrating from MDT and config manager to Autopilot for hybrid environments? So pretty much in line with what we’re talking about here, using Configuration Manager, Intune cloud attach.

Donna Ryan (13:41):
So, there’s a couple of things to unpack in that line of questioning. So is it generally worth it? The way I look at it., it depends on what your needs are and what you’re trying to satisfy. You know, if you’re a hundred percent on premises you know, do you need Autopilot, and you have Configuration Manager, no, because you have everything there. Are you looking at, you know, going to a hundred percent pure work from home solution, then quite possibly. You know, Configuration Manager does have the ability to perform imaging tasks over the internet via Cloud Management Gateway. So that could fill that, it really, you know, comes down to, you know, does this, will this tool do what you need it to do? Now, that being said, the second part of that, you know, is looking at using, you know, ConfigMan, and Intune, and cloud attach.

Donna Ryan (14:35):
I would absolutely encourage them to try Autopilot. Even if their answer is, you know Configuration Manager works better for us. It’s good to know how that tool works, where it’s, you know, its shortcomings are and where it really shines because there are scenarios where Autopilot is just fantastic. You know, in the hybrid environment, if we’re looking at Active Directory, you’re doing the hybrid Azure AD Join. Yeah, that’s not the easiest to maintain in that type of configuration because of the client VPNs that are required to talk to domain controllers. There’s lots of moving parts to that. If the goal is to eventually move to pure AAD, then yeah Autopilot for sure. Cause Autopilot and AAD Join is really cool. On the cloud attached side, you know, if you’ve got the licensing, which, you know, they own ConfigMan, they largely own Intune and vice versa.

Donna Ryan (15:35):
Is it worth to do that? Yeah, absolutely. You already own the licensing. You’ve got the parts and that value add that the team added with Tenant Attach really is pretty cool. It used to be that, you know, with Co-Management, it was ConfigMan, does this, Intune does that. And that’s all Co-Management really gave us. And that was good enough. But yeah, with the rapid development that comes into Intune and the fact that, you know, it gets updated monthly versus, you know, three times a year with Configuration Manager, the team is able to push down certain new functions and capabilities via you know, the tenant attach mechanism. You know, you get additional features like your Endpoint Analytics and Proactive Remediation and being able to leverage the power of the Configuration Manager agent to pull off actions in Intune. It really is, you know, taking the two very good tools and putting them together to make even better tools. So if you’ve got those, there is no real downside to you know, enabling that.

Mary Jo Foley (16:40):
Cool. You know, I am remiss in not asking you this right at the start of the chat, but maybe, could you give us a quick couple sentence definition of Autopilot because I don’t know that everybody knows what this is. And I’ve been hearing from my context that this is selling like gangbusters right now.

Donna Ryan (16:58):
So Autopilot is a way to provision devices over the internet. And what does that mean? It’s sometimes referred to incorrectly as like cloud imaging. The difference between an Autopilot and imaging is with Autopilot you’re using the Windows image that’s already on the computer. What’s neat about that is you don’t have to, you know, you’re not just schlepping around WIM files and drivers because that’s already, it’s already on the computer. It allows you to, you can deploy applications, your configurations to these devices and it just works over the internet. So it is easier to provision. It lacks some of the tight controls of order for operations like you have with Configuration Manager. But you are absolutely right that it is selling like gangbusters. I mean, once that was announced, you know, we started getting requests on that, you know, almost from day one and that’s still a good chunk of what we’re doing on my team at CDW.

Mary Jo Foley (18:10):
Interesting. Interesting. All right, now here’s a fun question. I don’t know the answer to part two, but I’m curious about it. Christian Lehrer on Twitter said, please ask Donna about WIMwitch, and I hear this was a tool that you yourself created. And then he said also ask her about 3D printers and I’m curious.

Donna Ryan (18:35):
And so you’re right, WIMwitch, it’s my community tool. And what she does is performs offline image servicing to WIM files. So what you can do is, you know, apply updates to an offline or to the WIM file. And then when you install the WIM file on the PC, Windows is already patched. But she does more than that too. She can handle language packs, and features on demands, registry keys, works Autopilot for existing devices. I’ve got her working with Configuration Manager. I wrote a console extension. She does lots of stuff, but the cool thing is you can control all of this from, from a GUI, which historically any of like the community tool solutions that were out they were all command lined, which they work great. But, you know, for some of us that really are visual doing some of these more advanced functions were a little bit challenging.

Donna Ryan (19:38):
So that was the goal that I sought to solve, that and make, you know, Star Trek jokes in there. Cause they’re the main action button there is called “Make It So”. I love Star Trek.

Mary Jo Foley (19:48):
Nice.

Donna Ryan (19:48):
But on the 3D printer side. So yeah, most of my Twitter feed, I think probably a good 25% is me tweeting about my printers. So I’ve got six of them. I can say at this point, yes, I love my 3D printers. I primarily have been printing ships from Star Trek.

Mary Jo Foley (20:09):
Oh wow.

Donna Ryan (20:09):
Which is fun. I’ve started hanging them from my ceiling in the basement. I’ve also got a TARDIS there too, cause you know, that’s a spaceship. I got some Star Wars stuff there too, but yeah, yeah 3D printers is, I’m a huge fan of 3D printing.

Mary Jo Foley (20:27):
Oh, that’s cool. Do you sell that too or no? Or you just do it for yourself?

Donna Ryan (20:31):
I primarily do it for myself. I lack a good skill set when it comes to CAD and design. And so most of these things that you can find online to print for free, have a license that either you can’t sell them or you give attribution. But I’m in it more just to make the machines run because they’re super fun to tinker with, you know.

Mary Jo Foley (20:57):
Nice. I was trying to figure out if there was some weird connection between 3D printing and like Endpoint Manager or something.

Donna Ryan (21:04):
Well, I did print off some clippies, but I think that’s probably about the extent of it.

Mary Jo Foley (21:11):
Okay. One last question from Twitter here, Alex Mags, what are the current options for rebuilding machines at remote sites without local file shares and distribution points. Peer-to-peer options?

Donna Ryan (21:27):
So that’s going to largely depend on what kind of toolset you’re going to use. Assuming that there’s Configuration Manager, you can, if they’ve built out the Cloud Management Gateway, which can distribute content. He could assign the cloud DP to provide content to that remote site. Peer-to-peer absolutely works. I’ve done that numerous times. There’s BranchCache which is fantastic. You know, if we’re not looking at Configuration Manager, then you know, the Cloud Management Gateway thing goes out the window. You know, you could do Autopilot because that’s not site-dependent. You could do I guess MDT standalone would work. Or if you wanted to go with, you know, like an OSD cloud type of type of option that would function as well. But yeah, and if they, again, if they have ConfigMan, I’d encourage them to go look at you know, like a cloud DP. They could also pair that up with, you know, oh is it, Two Point software has a community tool that allows BranchCache to work in Windows PE. So you could lessen to that amount of content coming down over there, you know WIM files are big, you know they’re five gigs and change. So peer-to-peer cloud solutions. Yes.

Mary Jo Foley (22:54):
Nice. All right. My last question for you is there seemed to be a lot of news at Ignite around Endpoint Manager, Intune, Config Manager. Were there any things that you saw or were kind of keeping tabs on from the recent Ignite conference that you want to kind of put on people’s radar, who were curious about the space?

Donna Ryan (23:21):
Yeah, I was kind of more paying attention to the Windows 365 offerings. We now have, you know, the pure Azure AD Join option. Cause when that came out it was hybrid. And maybe personally I got excited about that, cause I’ve been keeping an Azure lab and then have had the domain controllers have a site-to-site VPN, which isn’t free, so I can break that dependency. But yeah, mostly, it was more focused on the Windows 365 stuff on Intune. There is the announcement that Remote Control from Intune is coming, which is yay. It’s an additional cost. Boo. So there was some mixed emotions around that type of announcement, but yeah.

Mary Jo Foley (24:13):
Yeah, yep. There was a lot of Windows, 365 excitement at Ignite. I saw a lot of people tweeting about that, so, yeah. All right. Well, I wanted to say thank you so much for doing this chat with me and helping answer all these good listener questions.

Donna Ryan (24:29):
Absolutely, it’s my pleasure.

Mary Jo Foley (24:31):
I wanted to also let people know where they can find WIMwitch. If they’re interested in checking out your tool, what’s the best way for them to do that?

Donna Ryan (24:40):
You can just Google it. You’ll probably end up finding a link. I’m part of a fantastic and dare I say, intelligent and good-looking group of IT professionals, consultants, and MVPs at MSEndpointMgr.com. You know, if you go browse over there, go to Tools, you can go to WIMwitch, you can also find it at the URL, msendpointmgr.com/wim-witch, all the instructions are there. I’ve got docs, blog posts. Worst case you know, just ping me on Twitter. Happy to talk about that topic ad nauseum.

Mary Jo Foley (25:19):
Great. Well, thanks again for doing this today.

Donna Ryan (25:22):
You’re welcome.

Mary Jo Foley (25:22):
Thanks. For everyone else who’s listening right now or reading the transcript of this chat, I’ll be posting more soon about who my next guest after Donna is going to be. And once you see that you can submit questions directly on Twitter using the #MJFChat. In the meantime, if you know of anyone else or even yourself who might make a good guest for one of these chats, please do not hesitate to drop me a note. Thank you very much.

Listen now and subscribe on

Also On: RSS |

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Live Webinar - Thursday, December 2nd! Active Directory Masterclass: AD Configuration Strategies for Stronger SecurityREGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: