How to configure Win 10 / Server 2017 desktops & terminal servers to use the least amount of spinning disk in your local unit for user data (student, faculty, staff) How much of user data (profile, desktop, documents, etc) can be put in the U-Drive or other places so local units can provide software and services but don't have to manage end user storage. What other storage services, besides UDrive, can be auto-mounted with GPO objects using UWNETID credentials at login time.24 votes
Hey!! We've been asking for this for years. What's the deal!?
This topic will cover:
-why this has taken so long
-what is currently happening (hopefully with demos)
-what we plan
-why we may never have fully delegated SCCM (and there is an opportunity to have a good MS follow-up topic on delegated SCCM, if there is enough interest)21 votes
An overview and demo of BitLocker encryption for protection of data on local disks and removable drives. This topic will also cover TPM provisioning, automation and management options, and recovering from a locking event.
Some discussion, demonstration, and input about MBAM may happen.18 votes
MDM has been around for awhile, with an open standard behind it, and several MDM vendor products. InTune is a recent addition to the MDM space, with a lot of Microsoft investment and momentum behind it.
This topic will explore:
-What can InTune do?
-Is it right for any UW scenarios? If so, which scenarios--if not, when might it be right?
-Looking ahead, where is Microsoft going here? Might MAM be where the real pay-off is?11 votes
Using the Microsoft Deployment Toolkit and the Windows Assessment and Deployment kit, along with the Windows Deployment Service server role, to capture and then deploy, configure, and provision Windows images to your devices.10 votes
Nebula has been a UW fixture for over 20 years, with a ton of both negative and positive associations, that intentionally rebranded itself to Managed Workstation to reset everyone's expectations of what it is. This topic will be a presentation on what the service currently is, a forward look at what we have planned, and interactive exploration of how the service might meet your needs.9 votes
Attendees expected to bring 1 script to show & walkthrough--even if you didn't write it. James Morris shows off the several PS modules and scripts he's written, including the one for working with the Groups Service, and one for sending metric data to Graphite. Everyone learns something new.8 votes
DSC has emerged as a key new capability for ensuring configuration on the Windows platform, including a variety of technologies.
This topic will focus on:
-What is DSC? What can you do with it?
-How is DSC used? Pull vs. push, how might it fit into a larger software delivery pipeline
-In what scenarios might UW leverage DSC?8 votes
Use automated setup routines, PowerShell, and stored procedures to make provisioning a database server consistent and quick.5 votes
Placeholder for more specifically focused topic on this technology.5 votes
Microsoft Azure cloud based services require administration. This topic will provide some background on critical details related to administering Azure:
-Leveraging Role Based Access Control (RBAC)
-Azure resource groups
-Resource tagging4 votes
In this topic, we'll explore Microsoft's cloud-based monitoring solution.
We'll focus on:
-How does OMS work?
-What advantages/strengths does OMS have over other monitoring agents?
-In what scenarios at the UW might OMS be a great solution?4 votes
The Windows 10 based MFA technology Microsoft initially called Passport was rebranded to merge with Windows Hello. Under the covers this is a virtual smart card provisioned either by Azure AD's Device Registration Service or your AD-CS. Logons from that Win10 device require a PIN or other Hello gesture (something you know or are), plus the virtual smart card (something you have). When combined with other MS technologies, you can leverage this device-based MFA further.3 votes
We universally do a poor job of tracking what service accounts are used where, have what permissions/privileges, and who has access to them. Having a good tracking mechanism for all of this info would improvement management, and likely reduce risk. A few folks in UW-IT have been exploring this topic, with some ideas and a potential project to initially advance this with a small scope. Discussion would cover canvasing the perceived problem space, discussing how to address it, and how to move this forward on a broader scale.3 votes
JEA allows you to control what PS cmdlets (and even parameters) are available to whom providing an elegant way to delegate privileges. This topic would explore JEA, where we might use it, etc.2 votes
We'll review the problem, then focus discussion on practical actions we can take to mitigate it. Some obvious possibilities for review (which may require their own session): Our Microsoft Advanced Threat Analytics deployment, Microsoft's Privileged Access Workstations, approaches to reduce privileges, and local admin password management.2 votes
Why don't we do this? What could be enabled if we did?1 vote
DevOps on-premises (UW-IT TFS) and in the Cloud (VSTS and Azure)1 vote
Microsoft is discontinuing Azure RemoteApp, but that is not the end of the story. This topic focuses on Microsoft's VDI and virtual application capabilities in the cloud.1 vote
Azure RMS is the cloud-based technology derived from AD-RMS. Microsoft has recently rebranded RMS as AIP.
This topic will focus on:
-What does this technology do? What scenarios is it strong in? And weak?
-Clearly differentiating between the DLP classification engine, the infrastructure behind encryption, the available controls, and what possibilities are dependent on applications
-The user experience
-Briefly touch on licensing1 vote
- Don't see your idea?