From c07cc2be53f666db57a48fe76450b57678c47c66 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Wed, 4 May 2016 20:59:40 -0700 Subject: [PATCH] Edits --- windows/plan/deploy-windows-10-in-a-school.md | 161 +++++++++--------- 1 file changed, 83 insertions(+), 78 deletions(-) diff --git a/windows/plan/deploy-windows-10-in-a-school.md b/windows/plan/deploy-windows-10-in-a-school.md index 3627aaab6b..b5678c5efa 100644 --- a/windows/plan/deploy-windows-10-in-a-school.md +++ b/windows/plan/deploy-windows-10-in-a-school.md @@ -38,29 +38,25 @@ Figure 2 shows the classroom configuration this guide uses. *Figure 2. Typical classroom configuration in a school* This school configuration has the following characteristics: - +- It contains one or more admin devices. +- It contains two or more classrooms. +- Each classroom contains one teacher device. +- The classrooms connect to each other through multiple subnets. +- All devices in each classroom connect to a single subnet. +- All devices have high-speed, persistent connections to each other and to the Internet. +- All teachers and students have access to Windows Store or Windows Store for Business. +- All devices receive software updates from Intune (or another device management system). +- You install a 64-bit version of Windows 10 on the admin device. +- You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device. +- You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device. +- You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.

**Note**  In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2. +- The devices use Azure AD in Office 365 Education for identity management. +- If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](http://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/). +- Use [Intune](http://technet.microsoft.com/library/jj676587.aspx), [compliance settings in Office 365](https://support.office.com/en-us/article/Manage-mobile-devices-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy](http://technet.microsoft.com/en-us/library/cc725828%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396) in AD DS to manage devices. +- Each device supports a one-student-per-device or multiple-students-per-device scenario. +- The devices can be a mixture of different make, model, and processor architecture (32 bit or 64 bit) or be identical. +- To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment Boot (PXE Boot). +- The devices can be a mixture of different Windows 10 editions, such as Windows 10 Home, Windows 10 Pro, and Windows 10 Education. Office 365 Education allows: @@ -169,30 +165,38 @@ As a first step in deploying your classroom, create an Office 365 Education subs Complete the following steps to select the appropriate Office 365 Education license plan for your school: -1. Determine the number of faculty members and students who will use the classroom. - - Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan. - -2. Determine the faculty members and students who need to install Office applications on devices (if any). - - Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 1 lists the advantages and disadvantages of standard and Office 365 ProPlus plans. +

    +
  1. Determine the number of faculty members and students who will use the classroom.
    Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan. +
    2. +
  2. Determine the faculty members and students who need to install Office applications on devices (if any).
    Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 1 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.
    3. *Table 1. Comparison of standard and Microsoft Office 365 ProPlus plans* + +++++ + + + + + + + + + + -| Plan | Advantages | Disadvantages | -| ---------------|:------------- | :--------------| -| Standard || | -| Office ProPlus | | | + +
    PlanAdvantagesDisadvantages
    Standard
    • Less expensive than Office 365 ProPlus
    • Can be run from any device
    • No installation necessary
    • Must have an Internet connection to use it
    • Does not support all the features found in Office 365 ProPlus
    Office ProPlus
    • Only requires an Internet connection every 30 days (for activation)
    • Supports full set of Office features
    • Requires installation
    • Can be installed on only five devices per user (there is no limit to the number of devices on which you can run Office apps online)
    The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device. -3. Determine whether students or faculty need Azure Rights Management. - - You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management](https://technet.microsoft.com/library/jj585024.aspx). - -4. Record the Office 365 Education license plans needed for the classroom in Table 2. +
  3. Determine whether students or faculty need Azure Rights Management.
    You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management](https://technet.microsoft.com/library/jj585024.aspx).
    4. +
  4. Record the Office 365 Education license plans needed for the classroom in Table 2.
*Table 2. Office 365 Education license plans needed for the classroom* @@ -202,7 +206,7 @@ The best user experience is to run Office 365 ProPlus or use native Office apps | | Office 365 Education for faculty | | | Azure Rights Management for students | | | Azure Rights Management for faculty | - +

You will use the Office 365 Education license plan information you record in Table 2 in the [Create user accounts in Office 365](#create-user-accounts-in-office-365) section of this guide. ### Create a new Office 365 Education subscription @@ -213,17 +217,19 @@ To create a new Office 365 Education subscription for use in the classroom, use #### To create a new Office 365 subscription -1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar. - **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window in one of the following: +1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar. + + **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window in one of the following: - Microsoft Edge by opening the Microsoft Edge app, either pressing Ctrl+Shift+P or clicking or tapping **More actions**, and then clicking or tapping **New InPrivate window**. - Internet Explorer 11 by opening Internet Explorer 11, either pressing Ctrl+Shift+P or clicking or tapping **Settings**, clicking or tapping **Safety**, and then clicking or tapping **InPrivate Browsing**. + 2. On the **Get started** page, type your school email address in the **Enter your school email address** box, and then click **Sign up**. You will receive an email in your school email account. 3. Click the hyperlink in the email in your school email account. 4. On the **One last thing** page, complete your user information, and then click **Start**. The wizard creates your new Office 365 Education subscription, and you are automatically signed in as the administrative user you specified when you created the subscription. ### Add domains and subdomains -Now that you have created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has `contoso.edu` as the primary domain name but you have subdomains for students or faculty (such as `students.contoso.edu` and `faculty.contoso.edu`), then you need to add the subdomains. +Now that you have created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you have subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains. #### To add additional domains and subdomains @@ -240,10 +246,10 @@ To make it easier for faculty and students to join your Office 365 Education sub **Note**  By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries require opt-in steps to add new users to existing Office 365 tenants. Check your country requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. -Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of `user@contoso.edu`, then Office 365 automatically performs one of the following tasks: +Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks: -- If an Office 365 tenant with that domain name (`contoso.edu`) exists, Office 365 automatically adds the user to that tenant. -- If an Office 365 tenant with that domain name (`contoso.edu`) does not exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it. +- If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant. +- If an Office 365 tenant with that domain name (contoso.edu) does not exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it. You will always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before allowing other faculty and students to join Office 365. @@ -258,7 +264,7 @@ All new Office 365 Education subscriptions have automatic tenant join enabled by |------- |----------------------------| | Enable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`| | Disable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $false`| - +

**Note**  If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant. ### Disable automatic licensing @@ -275,7 +281,7 @@ Although all new Office 365 Education subscriptions have automatic licensing ena | -------| --------------------------| | Enable |`Set-MsolCompanySettings -AllowAdHocSubscriptions $true`| |Disable | `Set-MsolCompanySettings -AllowAdHocSubscriptions $false`| - +

### Enable Azure AD Premium When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory. Azure AD is the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD–integrated apps. Azure AD is available in Free, Basic, and Premium editions. Azure AD Free, which is included in Office 365 Education, has fewer features than Azure AD Basic, which in turn has fewer features than Azure AD Premium. @@ -378,7 +384,7 @@ In this synchronization model (illustrated in Figure 6), you run Azure AD Connec 1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/). 2. On the VM or physical device that will run Azure AD Connect, sign in with a domain administrator account. 3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect). -4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure features](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#configure-features). +4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure features](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#configure-sync-features). Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD. @@ -474,7 +480,7 @@ Assign SharePoint Online resource permissions to Office 365 security groups, not **Note**  If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant. -For information about creating security groups, see Create and manage Office 365 groups in Admin Center Preview. +For information about creating security groups, see [Create and manage Office 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US). You can add and remove users from security groups at any time. @@ -533,16 +539,17 @@ After you create the Windows Store for Business portal, configure it by using th *Table 7. Menu selections to configure Windows Store for Business settings* -| Method | What you can do in this menu | +| Menu selection | What you can do in this menu | |---------------| -------------------| |Account information|Displays information about your Windows Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Portal. For more information, see [Update Windows Store for Business account settings](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings).| |Device Guard signing|Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide).| |LOB publishers| Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps).| |Management tools| Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-with-management-tool).| -|Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing_model).| +|Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see [Licensing model: online and offline licenses](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing-model).| |Permissions|Allows you to grant other users in your organization the ability to buy, manage, and administer your Windows Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/roles-and-permissions-windows-store-for-business).| |Private store|Allows you to change the organization name used in your Windows Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store).| + ### Find, acquire, and distribute apps in the portal Now that you have created your Windows Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this by using the Inventory page in Windows Store for Business. @@ -614,7 +621,7 @@ The MDT deployment process is highly automated, requiring minimal information to -Windows Deployment Services +Windows Deployment Services This method: