Written by Robbie Tarnay, Systems Engineer
With the release of Windows 10, Microsoft EVP Terry Myerson announced ‘There isn’t anyone working on Windows 11’, encouraging organisations to start planning their move to Windows 10. Microsoft also announced its adoption of a new cloud based servicing model, simply Windows as a Service, providing organisations with the ability to deliver new Windows features without the cost and management overhead previously associated with OS migrations.
By the end of 2017, 70% of Australian businesses will have either already completed or begun migrating to Windows 10.
While Windows 7 won’t officially reach end of life status until January 2020, organisations yet to adopt the modern desktop experience forgo the significant enhancements in productivity, security and ease of management that Windows 10 provides.
If your organisation hasn’t yet migrated to the modern windows workspace, you should be asking ‘why not’?
In our experience there are a few key factors in developing a successful Windows 10 strategy which ensures an efficient and successful migration.
1. Update Windows Management Tools
Leveraging the right toolset to deploy and provide ongoing management of Windows 10 is critical to the success of your migration strategy.
If you haven’t updated your deployment tools since migrating to Windows 7, it’s unlikely you are ready to deploy Windows 10.
Microsoft ConfigMgr recently reached the milestone of managing 100 million Windows devices globally and is still recognised as the leading enterprise management toolset for on premises managed devices. Microsoft also offer full Windows 10 operating system deployment support with the Microsoft Deployment Toolkit (MDT).
The following releases of ConfigMgr Current Branch and Microsoft Deployment Toolkit (MDT) support the Anniversary Update (1607) and Creators Update (1703) releases of Windows 10:
- Microsoft ConfigMgr CB 1702
- MDT Release 8843.
2. Define a BYOD and MDM Strategy
Use of personal devices for work, as well as employees working outside the office is becoming commonplace in the modern office environment. Some organisations might require deep, granular control over devices, while other parts might seek lighter user driven management that allows them more flexibility over their device experience.
With Azure AD and Intune Enrolment, users can set up and provision their own devices, bringing them into a corporate-managed state in one simple process. New Windows 10 management offerings such as Windows 10 Auto Pilot simplify this process of enrolling devices in MDM even further.
Users connected to Azure AD have the following benefits available to them:
- Single sign-on to cloud and on-premises resources from everywhere
- Enterprise roaming of settings
- Conditional access to corporate resources based on the health or configuration of the device
- Windows Hello for Business.
3. Perform a Windows Upgrade Readiness Assessment
Organisations should consider performing a Windows upgrade readiness assessment using the Upgrade Readiness service which is offered as a solution in the Microsoft Operations Management Suite (OMS).
The Upgrade Readiness service collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
The Upgrade Readiness service is designed to best support the in-place upgrade Windows 10 migration scenario. The in-place upgrade engine is the same technology which allows Windows as a Service to install new releases of Windows 10 while retaining all current Applications, settings and user preferences.
With the release of Windows 10, Microsoft significantly improved the in-place upgrade engine feature of Windows and recommended this as the migration path.
However, the traditional wipe and load method is still predominantly used to migrate to Windows 10. This is largely due to the challenges presented with achieving major configuration changes without performing changes in hardware configuration.
Scenarios where the standard ‘wipe and load’ scenario is more suitable include:
- Major configuration drift of Applications, Security Features and Settings
- A custom WIM is required. The in-place upgrade is setup.exe driven and does not support modifications to the source media
- Disk Partitioning.
4. Test Core Business Applications
Arguably the most important aspect of any Windows OS migration is ensuring critical business applications work on the new OS platform. Performing UAT of your critical application before moving to a new operating system is a crucial part of your Windows 10 migration strategy.
Organisations should identify any of the following which can present challenges in a Windows 10 migration:
- Web Applications which do not run in Internet Explorer 11
- Incompatible Win32 Applications
- Applications with unsigned/incompatible drivers.
Organisations should also look to replace traditional Win32 Applications with the new universal application platform that was first seen in Windows 8.
5. Review Windows Security Requirements
The current threat landscape and advancement of sophisticated attacks means that IT security is a major focus of each Windows 10 release.
In response to these modern threats, Microsoft have developed their most secure operating system release yet.
Windows 10 provides many threat mitigations to protect against exploits that are built into the operating system and need no configuration within the operating system. Many of these exploit protection technologies previously required deployment and configuration in Windows 7.
In addition to security technologies such as disk encryption and application whitelisting first available in Windows 7, organisations should also explore new security features in Windows 10 and how they can help protect users and sensitive corporate data in the desktop environment.
Credential Guard: mitigates pass-the-hash attacks through the use of virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.
Windows Defender Exploit Guard: a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees.
Early Launch Anti Malware (ELAM): enable the antimalware solution to start before all non-Microsoft drivers and apps. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits.
If you’d like more information on making the move to Windows 10, please give us a call on (03) 9691 0500.