A lot of ink has already been spilled over Windows 10 (including plenty from Brian, Gabe, and me). Now that it’s 2016 and it’s been out for a little while, I’m wondering if this will be the big year for migrations, and which features will drive those migrations.
So here’s a list of some of the features and trends we’ve been thinking about—but we want to know what you think. Have at it in the comments!
Migrating as you replace hardware
We hear lots of people say that this is their plan. It seems straightforward enough. If you have a 4-year PC replacement cycle, you’ll be ready by the time Windows 7 support ends on January 14, 2020.
Upgrading sooner rather than later so you don’t come down to the wire like with XP
Sure, the end of Windows 7 support is four years away, but as Brian pointed out using a reference to Friends, it’ll be here before we know it. We’ve already heard that some companies will be getting started sooner to avoid the crunch that came when migrating from XP to 7.
Users with Surface tablets
Surface tablets are actually kind of popular, and of course Windows 10 gives the best experience. Many Surface users choose them specifically because they like the experience of the hardware combined with all the latest Windows features (just like Mac users with OS X). They wouldn’t be too happy if they were given a Surface that had been re-imaged with Windows 7. (If that’s even possible?)
Mobile device management
Windows 10 has support for MDM APIs, and all the major EMM vendors are supporting them. The MDM APIs go great with all of the newer features like Universal Windows Platform apps, Enterprise Data Protection, and Device Guard. The message from Microsoft is clear: with all these new features, you can treat Windows 10 just like a mobile device. And this is especially appropriate since Windows 10 also be powers phones and tablets. However, the MDM APIs are pretty limited when it comes to traditional desktop apps. They can push out simple, well-behaved MSIs, but that’s pretty much it. (Here's the full list of APIs.)
Enterprise Data Protection
Also known as EDP, this is a data loss prevention framework that takes a cue from recent EMM trends. EDP can designate specific apps and data as enterprise-controlled, so they can be managed separately from personal apps and data. You can enforce restrictions on copy/paste and other types of sharing, as well as wipe corporate resources off of devices without wiping users’ personal things.
Azure AD integration
Azure Active Directory is integrated directly into Windows 10, so that users can log onto computers with their Azure AD credentials and then get single sign on access to other resources through Azure AD’s role as an identity provider. Azure AD can also roam some user settings between enterprise devices.
With Windows Hello, users can use a fingerprint, facial recognition, or iris recognition to log into their devices along with a PIN. Hello relies on special “depth cameras” that use infrared light—this keeps ne’er-do-wells from unlocking computers by holding up a photograph of the rightful user.
Device Guard is a set of hardware and software features that can lock down Windows 10 so it can only run trusted applications—again, this is similar to MDM-style controls.
Retail out of box experience
With all of the MDM-style features, Microsoft has been talking about something called the “retail out of box experience.” Basically, you can have a user go buy a new computer off the shelf, and instead of bringing it back to IT to install the corporate image, the user just enrolls it in MDM out in the field and the MDM provides all the necessary enterprise features and control. (MDM can even be used to upgrade from Windows 10 Pro to Enterprise editions.) This is way different than what we’re used to doing with new PCs, but it’s what we’ve been accepting with phones and tablets for years. The question is whether or not you’re comfortable doing that with Windows—things like last year’s story about root certificates coming on Dell laptops could leave IT wary of the idea.
A provisioning package contains a set of instructions to enroll a device in management (MDM or regular management), configure it, and install apps and data, all from a single file that can be downloaded from the internet or run from a USB key. It works outside of the network or even totally offline. The idea is similar to the retail out of box experience—there’s no need to completely re-image the device. This is also useful for bulk provisioning.
Universal Windows Platform apps, A.K.A. Windows Store apps (officially) or Metro apps, TileWorld apps, Modern apps, or Windows 8 apps (unofficially).
Enough said... But seriously, I haven’t yet talked to anybody that has plans to build in-house enterprise Universal Windows Platform apps.
You have mostly modern web apps, or you’re taking care of legacy apps using desktop virtualization, Project Centennial, or Project A²
You might have a lot of modern web apps and SaaS or be using some form of desktop virtualization, and these are great for helping deal with all the non-Windows devices in the enterprise—iPhones, iPads, Android, Mac OS X, Chromebooks, and so on. But as a bonus, if you’re in this situation it also means that you could easily support Windows 10 managed with MDM. Another option is to wait and use Microsoft Project Centennial to convert desktop apps to Universal Windows Platform apps when it comes out, or something like VMware AppVolumes and Project A² to manage desktop apps on MDM-managed PCs.
MDM-style features combined with traditional management
MDM is a huge change for Windows management, but the good news is that there are a lot of ways to combine MDM-style features with all of the existing management techniques we’ve been using for years. It’s possible to enroll a device in MDM and manage it with traditional agent-based client management software at the same time. It’s also possible for traditional management agents to interface with all of the MDM APIs in Windows 10 via the WMI Bridge.
All your old apps are supposed to work fine
There shouldn’t be nearly as many application compatibility issues going from Windows 7 to 10 as there were going from XP to 7. But we know how that goes—there will still be some problems no matter what.
Windows as a Service
Windows 10 can update itself on a regular basis. Your opinion is either “Sounds great!” or “Oh gosh no, that sounds like a nightmare!” This is what happens with mobile phones, and even today it still causes headaches. (Look at what happened when iOS 9.2 broke some MDM features.) To avoid this, Microsoft has different rings, including the Current Branch for Consumers, the Current Branch for Business (which will get all the same updates as the consumer branch, but delayed a few months), and the Long Term Servicing Branch (which will get frequent security updates, but overall new versions with new features will only come out every 1 to 3 years). There will also still be options to temporarily and briefly defer updates.
The new, continuously-updated version of SCCM
To keep up to date with Windows as a Service, Microsoft will continuously update Configuration Manager—as a service!
In place upgrades
Because application compatibility shouldn’t be a big issue, Microsoft is advocating for in-place upgrades to Windows 10, instead of completely re-imaging PCs. They’re providing all sorts of tools in Configuration Manager to make sure this happens smoothly and that users’ apps, settings, and data are completely preserved, but a lot of IT departments might want to use upgrades as a time to do some housekeeping and start over from scratch anyway.
You like some of these features, you’ll get to them in 2017, 2018, or 2019.
I started out this blog post by asking if any of these features would entice you to migrate (or start planning to migrate) in 2016. But if this year is too soon for you, maybe 2017, 2018, or 2019 will be your year?