In the Power BI service, you can subscribe yourself and others to individual report pages, dashboards, and paginated reports, which will make Power BI send snapshots of content to your email. When subscribing, you can select the frequency and specific times when you want to receive subscription emails.
Subscribing to content
The process of subscribing to a dashboard, report page, or a paginated report is similar:
Navigate to the content item of interest and select Subscribe.
In the Subscribe to emails menu, select Add new subscription.
Enter the subscription name, addressees, email subject, frequency, time, start and end dates, and other options as needed.
Select Save and close.
You can create several subscriptions to the same content item. Figure 4-18 shows options available when subscribing to a dashboard as an example.
FIGURE 4-18 Subscription options.
When creating a subscription, you can select Run now to receive an email immediately. To disable a subscription without deleting it, switch the toggle next to Run now to Off. To delete a subscription, select Delete in the upper-right corner of the subscription settings. The Manage all subscriptions link takes you to a list of all subscriptions you created in the current workspace. Viewing all subscriptions you created is covered in the next section.
Need More Review? Subscriptions In the Power BI Service
In addition to viewing workspace-specific subscriptions, you can see all subscriptions you created in the following way:
Go to My workspace.
Select Settings in the upper-right corner.
Select Settings > Settings > Subscriptions.
Figure 4-19 shows a sample list of subscriptions to manage.
FIGURE 4-19 List of subscriptions.
While the page says My workspace, it shows subscriptions created across all workspaces. To edit subscriptions, select Edit under Actions. The Overview column shows how many subscriptions to a content item you have.
When you create Power BI content and share it, you can increase its visibility for other users by endorsing it. For example, other users can search for an endorsed dataset and build reports from it. When many datasets are available in the organization, it’s useful to know how reliable each dataset is—some may be created for test purposes only, whereas others may be considered a single source of truth in the company. By default, all datasets look the same when you search for datasets, be it from Power BI Desktop or the Power BI service. In this case, it may be a good idea to endorse datasets—let the reports creators know which datasets are high quality and reliable.
You can endorse datasets, dataflows, reports, and apps. There are two ways to endorse Power BI content:
Promote Promoted content has a badge that signifies that the content is ready to be used by others. Any contributing member of the workspace where the content resides can promote it. Content promotion facilitates the content being reused across the organization.
Certify Content can be certified to show that it’s recommended for use, meaning it is highly reliable and curated. Only people selected by the Power BI tenant admins can certify Power BI content.
Note Endorsing Different Types of Power BI Content
The process of endorsing all content types is the same. For ilustration purposes, next we review how to endorse a dataset.
A dataset can be promoted or certified in the Endorsement and discovery section of the dataset settings in Power BI service, as shown in Figure 4-20.
FIGURE 4-20 Endorsement.
Once you select Promoted or Certified, select Apply to save the changes.
Note Dataset Description
To help users understand what they can use a dataset for, you can add a description in the Endorsement section as well.
If the Certified option is inactive, it means you cannot certify datasets yourself. In this case, you should request dataset certification from those who were selected by your Power BI tenant admins to certify datasets. Those who can certify datasets may not always be members of the workspace that contains the dataset. If that’s the case, the person who can certify a dataset will need to become a contributing member of the workspace.
You can see the Certified and Promoted badges in Figure 4-21.
Windows 10 offers organizations new and exciting methods for deploying the operating system to users. However, traditional on-premises image creation-based deployment methods continue to be supported and are widely used. You can expect that the adoption of the new dynamic deployment methods will gain traction in the modern workplace and will be featured in the MD-101 exam. You must understand when these methods should be implemented over more traditional methods.
Embarking on any new project should be carefully planned so that the delivery can be given every chance of success. This is especially applicable when deploying Windows 10 within an enterprise environment.
There are several tools and services available to help you evaluate, learn, and implement Windows 10. By following best practices and avoiding making deployment mistakes, you can ensure that your users are productive and that the project is delivered on schedule.
Windows 10 is released using a continuous delivery model known as Windows as a Service, with a new version of Windows 10 available every six months. Therefore, the skills you learn in deploying Windows 10 to your users will be reused again, and often.
It is recommended that you choose a group of users and deploy Windows 10 into focused pilot projects. This enables you to test each version of Windows 10 within your organization before rolling out the operating system to larger cohorts of users.
Plan pilot deployments
Each organization is different, and therefore, you must determine which deployment method (or methods) you will use. For example, you may choose to deploy new devices to your remote salesforce using Windows Autopilot and perform an in-place upgrade of your head office computers using the in-place upgrade method, perhaps.
To make effective decisions relating to the deployment method, you should perform testing in a non-production environment, and if you are successful, you should proceed to roll out Windows 10 to a small group of users.
By breaking down your Windows 10 deployment project into multiple stages, you can identify any possible issues and determine solutions where available. This will involve documenting and obtaining feedback from stakeholders at each stage. The first stage of deploying the operating system will be with a pilot deployment.
As part of the pilot, it’s important to determine the following:
Production hardware, including PCs, laptops, and tablets, meets the minimum hardware requirements for Windows 10.
Peripherals, such as printers, scanners, projectors, and other devices, are compatible with Windows 10.
All required device drivers are available.
All apps required following the deployment will work on Windows 10.
Any existing third-party disk encryption will work with Windows 10 (alternatively replaced with BitLocker Drive Encryption).
Your IT support staff has the necessary skills to support Windows 10.
The pilot is essential because it can be useful to ensure compatibility with existing hardware, apps, and infrastructure, and it provides you with an insight to the gains and potential pitfalls that you are likely to encounter during the later stages of the roll-out program. By reviewing and implementing feedback gained during the pilot phase, you can seek to minimize the future impact of any problems encountered.
If you find that your existing IT support staff doesn’t have the necessary skills to support Windows 10, you may use the pilot deployment phase to identify any training needs; doing so gives you time to implement the recommendations before a larger roll-out. You should also consider your non-technical users, who may require information relating to the new operating system so that their day-to-day productivity is not affected by the adoption of the new operating system.
You can also use the pilot to help to determine user readiness for Windows 10 and to identify any training needs—for both users and IT support staff.
As part of your planning considerations, you should review the system requirements for installing Windows 10. Windows 10 can run adequately on hardware of a similar specification that supports Windows 8.1. Consequently, most of the computers in use within organizations today are Windows 10–capable. However, to get the best from Windows 10, you might consider installing the operating system on the computers and devices that exceed the minimum specifications described in Table 1-1. A good working specification is an Intel i5 processor or equivalent, 8 GB of memory, and an SSD of sufficient capacity for your users’ needs.
TABLE 1-1 Minimum hardware requirements for Windows 10
Component
Requirement
Processor
A 1 GHz or faster processor or System on a Chip (SoC).
Memory
1 GB RAM on 32-bit versions and 2 GB for 64-bit versions.
Hard disk space
16 GB for 32-bit versions and 32 GB for 64-bit versions.
Graphics card
DirectX 9 or later with a Windows Display Driver Model (WDDM) 1.0 driver.
Display resolution
800×600 pixels.
Internet connection
Internet connectivity is required to perform updates and to take advantage of some features.
Note Evaluate Windows 10 Enterprise
You can access a 90-day evaluation of Windows 10 Enterprise through the Microsoft Evaluation Center. The evaluation is available in the latest released version, in 64-bit and 32-bit versions, and in multiple languages. The Evaluation Center and Windows 10 Enterprise can be downloaded from https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise.
Determine hardware compatibility for Windows 10
After you’ve verified that any new or existing computers on which you intend to install Windows 10 meet the minimum hardware requirements, you must verify that the operating system also supports any existing hardware devices and peripherals.
If you are purchasing new computers preinstalled with Windows 10, take no further action. But if you’re using existing computers, or you want to attach existing hardware peripherals to your new computers, you must verify compatibility of these older computers and peripherals.
If you have only one or two computers and a few peripheral devices to check, the easiest—and probably quickest—solution is to visit the hardware vendor’s website and check for compatibility of these devices and peripherals. You can then download any required drivers for the version of Windows 10 (32-bit or 64-bit) that you may need to install.
Verify Hardware Compatibility for Multiple Devices
When you have many computers to install or upgrade to Windows 10, it is not feasible to visit each computer and verify device and peripheral compatibility. In this situation, consider using a tool to help determine compatibility.
If you have a traditional on-premises infrastructure, you can use the Microsoft Assessment and Planning Toolkit (MAP) to assess the computer devices attached to your network. You can use MAP to:
Determine feasibility to upgrade scanned devices to Windows 10
Determine your organization’s readiness to move to Microsoft Azure, Office 365, or Azure AD
Plan for virtualizing workloads to Hyper-V
Note Download Microsoft Assessment and Planning Toolkit
Desktop Analytics is a cloud-based service that integrates Configuration Manager with Intune. By using Desktop Analytics, you can:
Create inventory
Evaluate app compatibility
Create pilot groups for deployment
Deploy Windows 10
Consider using Desktop Analytics as part of your overall assessment strategy. But first, you must verify that you meet the requirements for Desktop Analytics. To enable and configure Desktop Analytics, you’ll need:
An Azure subscription
Global admin permissions
Configuration Manager version 1902 or later
Full administrator role in Configuration Manager
Devices running Windows 7 or later
Windows Diagnostics data
Internet connectivity
Licensing considerations:
Devices enrolled in Desktop Analytics must have a valid Configuration Manager license.
Users of devices require licenses for one of the following: Windows 10 Enterprise E3 or E5, Windows 10 Education A3 or A5, or Windows Virtual Desktop Access E3 or E5.
After ensuring you have all you need to deploy Desktop Analytics, use the following high-level steps to set it up:
After you’ve set up Desktop Analytics and enrolled your devices in the service, you’re ready to create a deployment plan. A deployment plan enables you to:
Determine which devices you should include in pilot deployments
Identify compatibility issues
Suggest mitigations for detected issues
Track your deployment progress
When you create your deployment plan, you must:
Specify the Windows 10 versions you want to deploy
Specify to which groups of devices you want to deploy Windows 10
Define readiness rules
Define app importance
Based on Desktop Analytics recommendations, you must:
Select pilot devices
Determine how to fix issues with apps
Need More Review? How to Create Deployment Plans in Desktop Analytics
Evaluate and select an appropriate deployment option
Dynamic provisioning of Windows 10 using modern tools including mobile device management solutions offers organizations new deployment choices. Many of these options were not available when deploying previous versions of Windows using traditional deployment methods. Table 1-2 provides a summary comparison between modern dynamic provisioning and traditional deployment methods, which can also incorporate image creation.
TABLE 1-2 Provisioning methods
Dynamic provisioning methods
Traditional deployment methods
Enrollment into Azure Active Directory and Mobile Device Management (such as Microsoft Intune)
On-premises deployment tools using Windows ADK, Windows Deployment Services, Microsoft Deployment Toolkit, or Configuration Manager
Provisioning packages using Windows Configuration Designer
Bare-metal install
Subscription Activation
In-place upgrade
Windows Autopilot
Wipe-and-load upgrade
The deployment choices available to an organization may be skewed by the existing investment it has made in traditional deployment methods and infrastructure. This may include reliance upon on-premises tools and procedures, such as using Microsoft Deployment Toolkit (MDT) and Endpoint Configuration Manager for Windows 7 and newer versions. These tools continue to be supported and can be used to support on-premises deployment methods, such as bare-metal, refresh, and replace scenarios. You should understand the modern alternatives to the traditional on-premises methods.
Deploying Windows 10 using modern cloud-based deployment and dynamic provisioning methods includes using subscription activation, Windows Autopilot, and Azure Active Directory (Azure AD) join. Ongoing management of Windows 10 is then undertaken using Mobile Device Management (MDM), such as Microsoft Intune.
Dynamic provisioning
You should see a theme throughout this book, which is to recommend an alternative method of provisioning client devices to the traditional approach, which would typically include the following stages:
Purchase or re-provision a device.
Wipe the device.
Replace the preinstalled operating system with a customized image.
Join an on-premises Active Directory.
Apply Group Policy settings.
Manage apps using Configuration Manager or MDT.
With a cloud-based deployment approach, the stages are simplified to the following:
Purchase or re-provision a device.
Apply a transformation to the preinstalled operating system.
Join Azure AD and enroll in MDM.
Use MDM to configure the device, enforce compliance with corporate policies, and to add, remove, and configure apps.
There is a significant difference between the two approaches. Dynamic provisioning seeks to avoid the need for on-premises infrastructure and resource intensive reimaging procedures.
Because Windows 10 is updated twice a year to a newer version—with each new version supported for a maximum of 18 months (30 months for Enterprise and Education editions)—maintaining customized deployment images can become a costly process and burdensome for the IT department.
The types of transformations that are currently available using dynamic provisioning include the following:
Provisioning packages A provisioning package is created using the Windows Configuration Designer and can be used to send one or more configurations to apps and settings on a device.
Subscription Activation Windows 10 Subscription Activation allows you to automatically upgrade devices with Windows 10 Pro to Windows 10 Enterprise without needing to enter a product key or perform a restart.
Azure AD join with automatic MDM enrollment A device can be joined to Azure AD and automatically enrolled into the organizational MDM solution by having users enter their work or school account details. Once enrolled, MDM will configure the device to the organization’s policies.
Provisioning packages are created using the Windows Configuration Designer, which is included in the Windows Assessment and Deployment Kit (Windows ADK). You can also download the standalone Windows Configuration Designer app from the Microsoft Store.
Provisioning packages use very small configuration files. These are used to modify existing Windows 10 installations and configure their runtime settings.
A provisioning package can perform a variety of functions, such as:
Configure the computer name and user accounts.
Add the computer to a domain.
Upgrade the Windows 10 version, such as Windows 10 Home to Windows 10 Enterprise.
Configure the Windows user interface.
Add additional files or install apps.
Remove installed software.
Configure network connectivity settings.
Install certificates.
Implement security settings.
Reset Windows 10.
Run PowerShell scripts.
To create a provisioning package, you should complete the installation process of Windows Configuration Designer using either the Windows ADK or the Microsoft Store. Once you have done so, you are ready to create and deploy your provisioning packages. Start by opening Windows Configuration Designer. On the Start page displayed in Figure 1-1, select the option that best describes the type of provisioning that you want to do. If you’re unsure, choose the Advanced Provisioning tile.
Figure 1-1 Creating a new provisioning package
Use the following procedure to create your provisioning package to deploy a universal line of business (LOB) app:
Select the Advanced provisioning tile.
In the New project wizard, on the Enter project details page, enter the name and a meaningful description for your provisioning package. For example, enter Deploy LOB App1 and then select Next.
On the Choose which settings to view and configure page, select All Windows desktop editions and select Next.
On the Import a provisioning package (optional) page, select Finish. (You can use this option to import settings from a previously configured package that mostly, but not entirely, meets your needs.)
On the Available customizations page, in View, select All settings, and then expand Runtime settings, as displayed in Figure 1-2.
On the Available customizations page, in the navigation pane, expand UniversalAppInstall and then select DeviceContextApp.
In the details pane, in the PackageFamilyName text box, enter a name for this collection of apps. For example, enter LOB App1.
Select the PackageFamilyName: LOB App1 node.
In the ApplicationFile text box, select Browse, navigate to the .appx file that represents your app, and select it, as displayed in Figure 1-2.
In the File menu, select Save and note the location of the saved provisioning package file.
Figure 1-2 Available customizations for your provisioning package
You have created a customization for your app, and you are now ready to deploy this customization by applying the provisioning package.
Note Deploy Powershell Scripts from Provisioning Packages
If you want to use PowerShell scripts with provisioning packages, you need to select All Windows Desktop Editions on the Choose Which Settings To View And Configure page within Advanced Provisioning. You can then add command-line files in the Runtime Settings\ProvisioningCommands\DeviceContext area of the available customizations. To view detailed information about using scripts in provisioning packages, visit this Microsoft website at https://docs.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-script-to-install-app.
To apply a provisioning package, you must start by exporting the package. To export your provisioning package, in the Windows Configuration Designer, use the following procedure:
Select the project file from the Recent Projects area of the Start page or select File and locate the project file. (It should use the name of the project and have an .icdproj file extension.)
On the menu bar, select Export > Provisioning package.
In the Build wizard, on the Describe the provisioning package page, the Name box is already complete with the project name. You can now specify the Package Version number and Owner information, such as IT Admin. Complete this information and select Next.
On the Select security details for the provisioning package page, choose whether you want to encrypt or sign your package (or both) and then select Next. (To digitally sign your package, you must have an appropriate digital certificate that users of your package trust.)
On the Select where to save the provisioning package page, specify where you want to store the package and then select Next.
On the Build the provisioning package page, select Build. Your provisioning package is exported to your specified location.
The All done page appears. Make a note of the package details and then select Finish.
You can now apply the package to client devices and run the .ppkg file.
Once you have configured the settings within the Windows Configuration Designer, you export the provisioning package to a .ppkg file. To secure the .ppkg file, you can optionally choose to encrypt the package and digitally sign it. Once signed, only packages that are trusted can be applied on a client computer.
You can deploy the provisioning package to users by any method, such as email, physical media, or by sharing the file using OneDrive for Business. The settings are applied to the target device by one of the following methods:
Running the .ppkg file
Adding the provisioning package using the Settings app
Using the Add-ProvisioningPackage Windows PowerShell cmdlet
Provisioning packages can be applied to a device during the first-run experience when a device is first turned on by using a USB drive containing the provisioning package or after the Out-Of-Box Experience (OOBE) has been completed.
Need More Review? Provisioning Packages for Windows 10
You have already seen how using provisioning packages as part of your dynamic provisioning of Windows 10 can simplify your deployment processes.
The Windows Configuration Designer tool can be installed from the Microsoft Store as an app, which allows it to be regularly updated. Alternatively, you can install the Windows Configuration Designer tool as part of the Windows ADK.
The WCD interface is simple, and common tasks are offered using the available wizards, which can be used to create a provisioning package that can be used in the following environments:
Provision desktop devices Provides the typical settings for Windows 10 desktop devices.
Provision Windows mobile devices Provides the typical settings for Windows 10 mobile devices.
Provision HoloLens devices Provides the typical settings for Windows 10 Holographic devices, such as HoloLens headsets.
Provision Surface Hub devices Provides the typical settings for Surface Hub devices.
Provision kiosk devices Provides the typical settings for a device that will run a single app.
Advanced provisioning Enables you to view and configure all available settings. Choose this option if you are unsure which specific package type to use.
Most provisioning packages will be aimed at provisioning Windows 10 desktop devices and will use the advanced configuration option because this allows the greatest customization.
Provisioning packages offer administrators a quick and simplified mechanism to securely configure devices. Once created, the settings within a .ppkg file can be viewed using the WCD and edited using the built-in wizards or by using the advanced editor. When provisioning packages that need to be deployed to remote devices, they can be protected using encryption and signed.
Several usage scenarios for provisioning packages are shown in Table 1-3.
TABLE 1-3 Usage scenarios for provisioning packages
Scenario
Phase
Description
New devices with Windows 10 need to have apps deployed to the devices.
New device
Provisioning packages can be used to deploy apps to devices.
Existing Windows 10 Pro devices need to be upgraded to Windows 10 Enterprise.
Upgrade
Provisioning packages can be used to change the Windows edition by deploying product keys or licenses using the Edition Upgrade settings.
You must update device drivers on Windows 10 devices.
Maintain
Provisioning packages can be used to deploy device drivers to devices.
When using provisioning packages, you may need to troubleshoot them if devices are not configured as expected.
There are several areas on which you can focus your attention when troubleshooting provisioning packages, as follows:
Configuration errors and missing customizations
Expired Azure AD Token
Export errors including encryption and signing issues
User issues
Advanced troubleshooting
If you have deployed the .ppkg file to multiple devices, and they have all failed to process the required changes, then you should first inspect the provisioning package. Locate the project file (with the .icdproj file extension) and open it using the WCD. You should then inspect the settings and confirm that they match your expectations and the design specification or change documentation for the provisioning package.
If you use the configuration wizard to configure automatic enrollment into Azure AD, as shown in Figure 1-3, you should ensure that the Bulk Token embedded inside the provisioning package has not expired. By default, this token is set to expire one month after creation, although you can manually set the token expiry date to 180 days after the creation date. If the package is used after the Bulk AAD Token has expired, the package will fail to install. You will need to edit the package, apply for a new Bulk AAD Token, and re-export the package.
Figure 1-3 Performing bulk Azure AD join by using a provisioning package
After the customization settings have been verified as correct, you should export the package again. Increment the version number to avoid confusion with the previous version of the package. Packages with the same versioning number will not be applied to the same target device twice.
If issues are suspected with either the encryption or signing of the package, you can export without these enhancements and re-deploy to your test machine to determine whether the issue remains.
For users, devices can be configured by placing the provisioning package on a USB drive and inserting it during the initial OOBE setup phase. Windows Setup should automatically recognize the drive and ask the user if he or she wants to install the provisioning package. If the package is not recognized, check that the file is in the root directory of the USB drive.
There are several tools that you can use to perform advanced troubleshooting for provisioning packages on user devices, including the following:
Windows Mobile devices The Field Medic app, which is available from the Microsoft Store, can create and export reports.
Desktop devices The Windows Performance Recorder, which is contained in the Windows Performance Toolkit, offers advanced Event Tracing for Windows. The system events recorded by this tool can be analyzed by using Windows Performance Analyzer, which is available from the Microsoft Store.
Windows 10 requires activation to unlock all the features of the operating system and to comply with the licensing requirements.
Once activated, Windows 10 devices can:
Receive updates
Access all Window 10 features
Access support
There are several types of activation that register the installation of Windows on a device with a standalone or corporate Windows 10 product key.
The three main methods of activation are as follows:
Retail
OEM
Microsoft Volume Licensing (volume activation)
Note More about Retail and OEM Activation
Both retail and OEM activation are outside the scope of this book and are part of the MD-100 Windows 10 exam. (See Exam Ref MD-100 Windows 10, published by Microsoft Press.)
Organizations with Enterprise Agreements (EA) can use volume activation methods. These provide tools and services that allow activation to be automated and deployed at scale. These tools and services include the following:
Active Directory–based activation This is an automated service that, once installed, uses Active Directory Directory Services (AD DS) to store activation objects. This simplifies the maintenance of volume activation services for an enterprise. Activation requests are processed automatically as devices authenticate to the Active Directory domain.
Key Management Service (KMS) This is an automated service that is hosted on a computer within your domain-based network. All volume editions of Windows 10 periodically connect to the KMS host to request activation.
Multiple activation key (MAK) Enterprises purchase product keys that allow a specific number of Windows 10 devices to be activated using the Microsoft activation servers on the internet.
All the preceding enterprise activation methods utilize services found within traditional on-premises, domain-based environments. An alternative method of activation is required to meet the needs of devices that are registered to cloud-based authentication and identity services, such as Azure Active Directory.
Subscription Activation allows your organization’s Azure AD tenant to be associated with an existing Enterprise Agreement; all valid devices that are connected to that tenant will be automatically activated.
Eligible licenses that can use Subscription Activation include the following:
Windows 10 Enterprise E3 or E5 licenses obtained as part of an Enterprise Agreement
Devices containing a firmware-embedded activation key
Windows 10 Enterprise E3 in CSP (Cloud Solution Provider), which is offered as a subscription for small- and medium-sized organizations, from one to hundreds of users
Organizations must meet the following requirements to implement Subscription Activation:
Enterprise Agreement or a Microsoft Products and Services Agreement (MPSA) associated with the organization’s Azure AD tenant.
Windows 10 Pro or Windows 10 Enterprise is installed on the devices you want to upgrade.
Azure AD for identity management.
All devices are either Azure AD–joined or are members of an AD DS domain that is synchronized to Azure AD using Azure AD Connect.
If all the requirements are met, when a licensed user signs in using their Azure AD credentials using a device, the operating system switches from Windows 10 Pro to Windows 10 Enterprise and all Windows 10 Enterprise features are then available. This process takes place without entering a product key and without requiring that users restart their computers.
Exam Tip
Devices that have been upgraded using Subscription Activation must be able to connect to the Azure AD tenant at least every 90 days to remain licensed. If the Azure AD tenant expires or the user license is unassigned, then the device will revert to Windows 10 Pro.