Windows 10–What is in it for IT implementers?
Its been close to a month since Windows 10 is launched and the excitement is still out there and let me also add some elements to that.
Today, the topic that am going to discuss is the IT implementer view of Windows 10. What are the interesting features that you as an IT pro/IT implementer would want to understand. Well.. lets plunge into this without any delay.
There are three pillars to focus in my point of view.
- Windows10 Deployment
- Windows10 Security
- Windows10 management (manage and update)
While there are tools, methods and more and more shortcuts getting discussed, you can categorize all in these three pillars.
There are three ways to consider the deployment.
- Wipe and Load – you may consider this irrespective of what the client OS is.
- Capture data and settings
- Deploy (custom) OS image
- Inject drivers
- Install apps
- Restore data and settings
- In-place upgrade – you may consider this if the client OS is Windows 7/8/8.1
- Preserve all data, settings, apps, drivers
- Install (standard) OS image
- Restore everything
- Provisioning – you may use this for configuring new devices
- Custom image – create provisioning packages and deploy quickly.
- Remove extra apps and add organization apps and configurations
- These are the new capabilities for new devices.
One of the key investments in Windows 10 is in the identity and security space. we will see this in four key buckets.
- Secure Devices
- Device integrity achieved by UEFI Secure Boot
- Cryptographic processor achieved by Microsoft Passport
- Virtualization – Virtual Secure Mode (VSM) on Windows 10 is an architectural change that fundamentally prevents the current forms of the Pass the Hash (PtH) attack
- Biometrics – Windows Biometrics Framework (again closely associated with Microsoft Passport)
- Secured Identities
- User Credential – two types of Microsoft passport credential type – key based, cert based
- Derived Credential & Access token – a pointer to VSM again.
- Identity Platform – Windows10 can be used across all identity platform (On prem AD, Hybrid, Azure AD)
- Information protection
- Device Protection – using BitLocker
- Enterprise Data Protection - provide corporate data separation and containment no matter where the data roams to.
- Data Sharing protection – using Rights management services
- Threat resistance
- Platform integrity
- Platform and application security
- Conditional Access
Windows10 Management: (manage and update)
When it comes to management of Windows10, there are two ways to look at – one is the day to day management in terms of access etc. and second is the keeping the clients updated on the patches and the fixes etc.
- On-Premises management
- Prepare existing infrastructure for Windows 10
- Get current with System center configuration manager
- Enhance the management stack with mobile device management capability
- Mobile device management
- Setup Azure active directory
- Consider mobile device management needs (EDP, RMS etc.)
- Store management
- Do try the new business portal for compatible apps for iOS and Android devices
- Classify and categorize which stores to publish to users
- Windows store
- Windows store and Business store portal
- Enterprise application store (MDM)
- Company portal (Config Manager)
- Current Branch (CB)
- Current Branch for business (CBB)
- Long Term Servicing branch (LTSB)
I will be discussing about each and every pillar in detail in my further blog posts. Please stay tuned.