Technology is more important to businesses than ever; from individual productivity to efficient business processes to engaging with customers, IT is at the heart of modern business organizations. But there’s long been a tension between the need for CIOs and IT managers to manage and safeguard infrastructure for security and governance, and the willingness of technology-savvy department heads and employees to turn to BYOD, cloud services and ‘shadow IT’ to get their work done when those controls slow them down.
Moving to Windows 10 gives organisations the opportunity to square that circle. Employees appreciate the improved battery life and extra features like touch, ink and unified notifications. But businesses are picking Windows 10 because the improved security, predictable updates and easier management options mean IT managers can set policy and leave the day-to-day operational management of PCs to users. This significantly reduces the cost of management and leaves the CIO free to concentrate on strategic development, helping to shift IT from a cost centre to a source of business value.
The speed and scale of Windows 10
Modern PC hardware, along the new approach to security and management in Windows 10, will give you the full benefit from this approach.
Moving to Windows 10 is faster, and much less work for IT teams than with previous versions. In-place upgrades that used to take sixty minutes now take only five minutes, and with the most recent versions of Windows 10 you can do that upgrade even if the PC has third-party encryption or needs switching from BIOS to UEFI so you can turn on secure boot. With Intel Active Management Technology you can manage the upgrade out of band, over a wireless connection, instead of sitting in front of the PC or if you need to you can securely wipe the drive for a new install; Intel Manageability Commander can even find the devices that can be upgraded, remotely.
Many enterprises also find that they’re ahead of schedule on app compatibility testing, benefiting from the work Microsoft did to support 400 million consumer users who moved to Windows 10 during the year it was available as a free upgrade.
Once PCs are upgraded to Windows 10, management is also a better experience – for users and for the IT team. The Creators Update adds many more policies to the built-in MDM client, so you can move from Group Policy to the same management you’re already doing for mobile devices and have unified policies for in-house and BYOD devices.
Simpler and more secure
Keeping PCs up to date is also easier with Windows 10, because new features arrive in the twice-yearly releases in a more manageable way. This semi-annual channel gives you a predictable schedule to prepare for, by signing up for the Windows Insider builds to pilot the new release in small groups, with the long-term servicing build reserved for those few systems you need to stay on the same build for years rather than months. There’s a predictable support lifecycle as well (18 months from the date of release), and it’s all aligned with Office and System Center.
Cumulative security updates and quality fixes come out every month as a single package (older versions of Windows might have up to twenty different updates on Patch Tuesday). You can stick with Windows Server Update Services or use the Windows Update for Business Cloud to have them deployed automatically, on the schedule IT managers choose but still allowing users some control over the timing, so their PC doesn’t reboot just as they’re starting a presentation.
Windows 10 PCs can be auto-enrolled in Azure Active Directory as they’re deployed or upgraded, but the built-in Windows Hello biometrics also now works with on-premise Active Directory, which the majority of enterprises use for identity. Whether it’s the built-in 3D cameras in modern laptops and tablets or fingerprint readers, Hello improves security and user experience at the same time. Logging into a PC just by looking at the screen is very convenient for users, but it also brings IT management and security costs down.
Misused and stolen user credentials are responsible for more than half of data breaches (according to Verizon’s 2015 Data Breach Investigations Report); biometric credentials are safely stored in hardware where they can’t be phished or extracted. vPro PCs also have the hardware virtualisation needed for the new Virtual Secure Mode which virtualises the entire Windows logon system, protecting you from tools that scrape user credentials for other systems in your corporate network from an infected PC.
That hardware virtualisation also enables the new Application Guard in the Edge browser. While trusted sites on your own network load normally, unrecognised sites load in a new instance of Windows, with its own copy of the kernel and no access to memory, local storage, applications, credentials or anything on the corporate network. Even if a phishing mail tricks a user into loading a malicious site, that site can’t reach any useful information.
Intel Authenticate banishes the password problem
According to Gartner, anywhere from a quarter to half of all help desk calls are for password resets; Forrester Research puts the cost of each password reset at $70. You can’t forget your face or leave your finger at home like a password or a smart card, and with Intel Authenticate IT managers can decide which combination of factors to use to verify a user’s identity before letting them log on to the domain and access the corporate network; that could be a PIN, a device (whether that’s the PC or a nearby phone connected via Bluetooth), biometrics or even a physical location. Use this to set up contextual multi-factor authentication; the same user would need to authenticate with more factors to access confidential business information remotely than they would to use the office wireless network to browse the web.
Windows 10 also gives you the opportunity to modernise your applications. New applications written for Windows 10 run in a sandbox that stops them writing to the registry or system files. That protects against malicious software, and also prevents ‘DLL hell’ and registry bloat, ensuring that apps install with a single click, get updated seamlessly and be uninstalled cleanly. You can package existing apps the same way, adding in features like push notifications and app data that automatically roams to other devices.
It’s this mix of user convenience and improved security and manageability that makes Windows 10 appealing to the business, and the IT team.