CIOs and consumers alike are getting excited about the software update that is loaded with enterprise-ready and innovative features. Windows 10 will bring together a single operating system for both Windows mobile devices and traditional PCs. This release revolutionizes enterprise mobility management (EMM) for IT, enabling them to take full advantage of the new management capabilities from a single EMM solution. Windows 10 features native containerization and data encryption to provide granular security around applications and the data exchanged between them. This is the first truly mobile operating system for Windows and highlights Microsoft’s commitment to unified endpoint management.
Previously, Windows PC management has centered around joining devices to the domain and management through group policy. In this traditional client management model, administrators relied heavily on their corporate firewall and VPN restrictions to protect enterprise resources, therefore lacking support for devices not connected to the corporate network. These security concerns along with an incomplete story for BYOD and dual use devices left administrators unable to meet the requirements of today’s modern mobile enterprise. With Windows 10, security is focused on the endpoint itself, allowing enterprises to protect corporate data at the device level. This release also introduces a range of other enterprise features focused on simplifying device deployments and unifying the app experience for IT and end users.
Windows 10 introduces several new deployment methods to enroll devices, authenticate users and configure devices with corporate resources to get users up and running quickly. Traditional imaging and domain joining was a very time consuming and complex solution, but with runtime provisioning in Windows 10, IT is able to configure devices without the need to reimage for organizational use. This simplified setup allows administrators to bulk provision devices with software, applications, Windows Updates and security policies with one click. This provisioning process can also be used to deploy Windows Licenses to upgrade devices from Professional to Enterprise SKUs. As part of the setup process devices can be cloud domain joined, giving enterprises the ability to manage multiple accounts on the device, as well as take advantage of cloud directory services and identity management features.
For end users, an “out of box” experience provides a fast and simple enrollment through the setup process the first time they power on the device. Through this setup, end users are able to join their device to a cloud domain, as well as become fully enrolled into management by AirWatch. For BYOD scenarios, enrollment has been streamlined further to allow end users to enroll by simply adding a work email account to their devices.
With Windows 7 and Windows 8.1, application management capabilities were fragmented across the operating systems. Desktop applications built by the enterprise were distributed via System Center and the domain, while modern applications were delivered via the Microsoft Store and EMM. Additionally, web apps required end users to navigate to websites and provide app specific login credentials. The combination of these delivery mechanisms provided a disconnected experience for end users, and proved to be a burden for administrators.
With the introduction of Windows 10, Microsoft has consolidated the application install experience by giving EMM providers the ability to install desktop apps alongside native and web apps. This allows for the ability to provide end users with a single, unified application catalog for all application types. The combined Windows Store will be a distribution point for most application types and will introduce a corporate-friendly Business Store Portal (BSP) to manage apps on smartphones, tablets, laptops and desktops. The new universal app platform enables app developers to write and maintain a single code base while the device interface is unified, increasing the ease of deployment, and transforming the complete application lifecycle.
The Business Store Portal will provide a dedicated portal for businesses to bulk purchase, distribute, and reclaim and reuse licenses. With BSP, organizations can distribute store, B2B and LOB apps through online and offline channels. AirWatch will integrate directly with BSP to facilitate application distribution to devices with or without a Microsoft or Azure Active Directory (AAD) account on the device. Read the blog post to learn more.
Microsoft has introduced several advanced security and data loss prevention (DLP) features with Windows 10. Device Guard, one of those new features, will give organizations the ability to lock down devices against malware. Secure Boot updates will only allow trusted software to load when a device is turned on, while Health Attestation will allow IT to determine the health of an enterprise-managed device and take compliance actions when necessary. Provide additional security with identity management integration, with solutions like VMware Identity Manager, to grant conditional access to enterprise applications such as Office 365.
Windows advanced DLP system, Enterprise Data Protection, will protect data at the file-system level and be transparent for end users. With Enterprise Data Protection, differentiate corporate and personal data on the device to apply more granular controls to enterprise data. Classify data sources as enterprise, set policies on how data is handled, define which apps can handle enterprise data and configure access to internal networks.
Through the introduction of Windows Hello and Passport, Microsoft is fundamentally integrating enterprise grade biometric technology into the software. Windows Hello will provide biometric authentication into a user’s device through fingerprint, face or iris detection. Passport is an authentication feature that IT can use to replace passwords on various apps and services. Windows 10 will authenticate the user on his or her behalf, eliminating the need for passwords. This enhances security, as passwords no longer need to be stored in applications and websites.
Windows 10 will introduce a smart system for deploying updates to enterprise users with Windows Update for Business. This new program allows IT to control the deployment schedule for feature and security updates on enterprise devices through methods including distribution rings, maintenance windows, peer-to-peer delivery and integration with existing tools.