Enterprise Mobility and Security Blog

RSS

Win10-EMS

TattooWith the launch of Windows 10, this is, as you can imagine, a very exciting time here at Microsoft.

Looking at this with some historical perspective, I’ve been working on Windows management products for almost 20 years.  Early in my career, I worked as one of two Product Managers on the research that led to Novell’s launch of the ZENworks product line. I started that research in July 1995. Since then, I have worked on management products for Windows 95, Windows 98, Windows ME, Windows NT, Windows XP, Windows 7, Windows 8, and now Windows 10.

That’s a lot of Windows!

When organizations begin planning to adopt and deploy a new version of Windows, many view this planning process as an opportunity to step back and really examine their overall Windows management strategy. It’s also a time for the organization to make significant/long-term strategy and process changes.

Windows 10 is a significant release of Windows. In all my years working on products that manage Windows, I can say that the changes coming in Windows 10 are the most significant I have ever seen. This significance is most clearly demonstrated in the way that organizations are already thinking about the deployment and management of this OS. The Enterprise’s perspective on deployment/management is more positive and enthusiastic than anything that I’ve seen in a long time.

The primary factor driving changes in how organizations are thinking about Windows are Mobility and the Cloud.

Consider it like this: Windows is now going to be delivered as a service. In other words, rather than waiting for the next major release, Microsoft will provide new features and functionality and deliver security updates and critical fixes on a regular basis.  This means that Windows 10 will keep getting better, more productive, and more secure over time. This is fundamentally different than the previous pattern of releasing Windows every 2-3 years, and this will enable us to continually provide you with extra value and help solve your business needs faster.

This mobile-first, cloud-first world that we live in today is just plain different than the world we have lived in for the past 20+ years. Today, the cloud enables things that were simply not possible just a few years ago – now our users are increasingly accustomed and dependent on continuously getting new value from the devices and apps they use in their personal lives, and they really want that same ongoing infusion of new capabilities on the devices and apps they use at work.

This is why I love what the Windows team is delivering in Windows 10. I can’t overstate how impressed I am with the way the Windows team has challenged old assumptions and asked how the OS should behave and adapt in this technologically new world. It has been an incredibly interesting couple of years here in Redmond as the entire company has collectively stepped back and asked how we should evolve the things we are doing and building in this new mobile-first, cloud-first world.

My team and I sit in a very unique position for providing insight into Windows 10 in the Enterprise

This perspective comes from having been involved in the construction of Windows 10 from the very start. The Intune and ConfigMgr teams were involved with the meticulous process of collecting your requirements and understanding your needs, and then worked to build the capabilities that will deliver on those needs.

Most of the engineers at Microsoft have been running Windows 10 on our devices for months now (it is the only OS on my Surface 3, for example), and we are already managing over 100,000 Windows 10 devices through ConfigMgr here at Microsoft. With this background and familiarity with Windows 10 in mind, I want to share some thoughts, observations, and recommendations on deploying, managing, and succeeding with Windows 10 in the enterprise.  While it may not be obvious, I want to start by calling out an important point:  Since Windows is going to be delivered as a service, you are going to need to think about how this impacts your management and deployment plans (hint: your management solution should eventually also be delivered as a service to keep up with all the changes in Windows 10).

Here are a few key points to keep in mind as you plan your adoption and usage of Windows 10:

My Perspective on What’s Been Significantly Different in Windows 10

  • Windows-as-a-Service
    This concept is going to take a little while to really sink in. There are a lot of fundamental changes that have been made to enable WaaS, e.g., the ongoing delivery of new capabilities to Windows users around the globe.
  • End-to-End Integration
    With this OS release, we have done a much better job of integrating our planning and engineering teams across all of Microsoft. I can assure you that this level of cross-Microsoft, end-to-end collaboration will show up for you in the end product in the form of more integrated and consistent solutions.
  • Enterprise Cloud Enablement
    With Windows 8, we started making some pretty strong connections to the cloud. For example, you authenticated with a Microsoft Security Account (MSA) to the device and your settings roamed across devices via the cloud and your MSA. The cloud is going to play an even more significant role for Enterprise uses of Windows 10. For example, Windows 10 will do the same kinds of things it did for consumers, but in the context of the Enterprise settings. With Azure Active Directory Join in Windows 10, Azure Active Directory (AAD) and the Enterprise Mobility Suite (EMS) will be key to your Windows 10 deployments and offer massive additional functionality. Windows 10 has definitely been built in a mobile-first, cloud-first world where connection to the cloud is an assumption and requirement. To be clear, Windows 10 does not require you to start using these cloud services; you can continue using the management solutions you use today (like ConfigMgr). But, when used with the cloud, there are a number of very interesting scenarios that light up – especially in scenarios like BYO.
  • One Kernel and One App
    When the history books are written about Windows 10, this may be the piece that is most often noted. Looking at this as an engineer, when I consider what the Windows 10 team has accomplished, I am in awe. Windows, Windows Phone, Xbox, etc. – they were all separate branches of the Windows code that had diverged years ago. In Windows 10 they have all been brought back to a single kernel – one very happy family. That kernel is so dynamic and flexible that it can run on the smallest of devices (IoT), to a small screen (phone), to a mid-sized screen (tablet), to a large screen (PC), to very large screens (Surface Hub). Across all those form factors, it is all the same kernel. The huge impact of this work on your day-to-day work is that now a single app can run across all of these devices. The Universal App that can be written once and then run on any Windows 10 device is a game-changing value. This is a first for any OS in the world – and it is an engineering feat.

What You Need to Know

At the risk of trafficking in understatements, this is a significant release of Windows. This release of Windows is going to cause you to reexamine and reassess your Windows strategy – and this examination will be a very positive experience for your organization. This is an opportunity to ask yourself: How are we going to deploy and manage Windows in world (and with a workforce) that is cloud-connected and continually updated?

The great news for enterprises looking to efficiently and painlessly migrate is that we have been thinking about this exact question for a very long time, and our thinking and planning has led to some very proactive solutions that this blog/podcast series will highlight. Since most of you are going to be using the tools my teams builds to deploy and manage Windows 10 (after all, 99% of organizations with 10k users already use ConfigMgr, and 62% will use ConfigMgr to upgrade), I want to share some of the most important elements for you to begin considering and planning.

In this series, I will share some suggestions and recommendations on:

  • How do deploy Windows 10
  • How to manage Windows and the “deployment rings” of code branches you will have access to
  • How to manage the data leakage protection capabilities being built into Windows 10
  • How and when to use the mobile device management capabilities built into Windows 10 and how those capabilities can be used with ConfigMgr and/or EMS/Intune
  • The role cloud services like AAD and EMS will play in your Windows plans going forward
  • The role of identity in Windows 10 – now and going forward

…Just to name a few. The full table of contents for the series is here.

I know this may sound a bit bold, but I want to strongly encourage organizations who are not currently using ConfigMgr and the Enterprise Management Suite (EMS) to make the move. I occasionally meet with organizations using PC Lifecycle management solutions like Altiris, LANDesk, and BigFix – and, simply put, it’s time for you to move. Despite the best efforts of these solutions, they have completely missed the mobility trends and the solutions for those trends. Those products are not being updated in the significant ways that ConfigMgr and EMS/Intune users are accustomed to, and they will underperform despite your best efforts to use Windows 10 and/or support your Enterprise Mobility efforts.

Simply put, the combination of ConfigMgr + AD + EMS is the solution that you need to really embrace the improvements offered in Windows 10, as well as to enable your users on all the devices they use and love.

To read more visit aka.ms/DeployWin10.

 

In_The_Cloud_Logos