Windows 10 Enterprise deployment for Contoso
Prior to the wide rollout of Microsoft 365 for enterprise, Contoso had Windows-compatible PCs and devices running a mixture of Windows 7 (10%), Windows 8.1 (65%), and Windows 10 (25%). Contoso wanted to upgrade their PCs for Windows 10 Enterprise take advantage of advanced security and lowered IT overhead from automated deployments of updates.
After assessing their infrastructure and business needs, Contoso identified these key requirements for the deployment:
- As many PCs and devices as possible should run Windows 10 Enterprise
- Rollout of the in-place upgrades leverages existing Configuration Manager infrastructure
- Control over which versions of Windows 10 Enterprise to deploy and updates are done through rings
- PCs and devices should stay up to date with minimal IT administrative costs and with minimal impact to end-users
Up to date is defined as the supported version of Windows 10 Enterprise that meets Contoso’s business needs, which can be different from having all Windows-compatible PCs running the latest version of Windows 10 Enterprise.
Prior to and during in-place upgrades of Windows 10 Enterprise, Contoso used the following solutions of Windows Analytics:
Collects system, application, and driver data for analysis, and then identifies compatibility issues that can block an upgrade and suggested fixes the issues are known to Microsoft.
Shows you the state of your devices with respect to the Windows updates so that you can ensure that they are on the most current updates as appropriate.
Identifies devices that crash frequently, and therefore might need to be rebuilt or replaced and device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes. Provides notification of Windows Information Protection misconfigurations that send prompts to end users.
Contoso has an existing Configuration Manager (Current Branch) infrastructure. Configuration Manager scales for large environments and provides extensive control over installation, updates, and settings. It also has built-in features to make it easier and more efficient to deploy and manage Windows 10 Enterprise.
Prior to deployment, Contoso defined the following rings:
- Three rings for validation and deployment staging
- One for preview builds
- One for new release builds
- One for a previous build
- One ring for broad deployment of Windows 10 Enterprise based on data from the validation rings
Contoso also used the Upgrade Readiness solution of Windows Analytics to determine the set of installed apps and their compatibility with Windows 10 Enterprise.
To complete the in-place upgrade deployment of Windows 10 Enterprise, Contoso implemented the following process, which includes best practice recommendations from Microsoft:
- Enabled peer cache for Configuration Manager.
- Created customized Windows packages based on images from the Volume Licensing Service Center.
- Used Configuration Manager to deploy the Windows packages to distribution points across their network and deployed builds to the three validation and deployment staging rings.
- Performed assessment of success for PCs and devices in the three validation and deployment staging rings using the Device Health and Update Compliance solutions of Windows Analytics.
- Based on the Windows Analytics information, Contoso determined the version of Windows 10 Enterprise to deploy to the broad deployment ring.
- Ran the Configuration Manager deployment task sequences to deploy the selected Windows package to the broad deployment ring.
- Monitored PCs and devices in the broad deployment ring using the Device Health and Update Compliance solutions to address issues.
Here is Contoso’s in-place upgrade and ongoing updates deployment architecture.
This infrastructure consists of:
- Configuration Manager, which:
- Obtains images for Windows 10 Enterprise packages from the Microsoft Volume Licensing Center in the Microsoft Network.
- Is the central administration point for deployment packages.
- Regional distribution points that are typically located in Contoso’s regional hub offices.
- Windows PCs and devices in various locations that receive and install the deployment packages for the in-place upgrade or ongoing updates based on ring membership.
Learn how Contoso is leveraging its Configuration Manager infrastructure to deploy and keep current Microsoft 365 Apps for enterprise across its organization.