The end of support for Windows XP has given the business PC market a boost, but it's also made businesses — and the Windows team — think about the future of Windows. Even the increases in enterprise tablet sales that Microsoft has been boasting about haven't made Windows 8 a success in mainstream businesses, but neither side wants a decade of Windows 7 and out-of-date versions of Internet Explorer, followed by another rushed update cycle. The early availability of the Technical Preview of Windows 10 is an attempt to produce a new version that addresses business issues far beyond the question of the touch interface or improved productivity for keyboard and mouse users.
How often do businesses want new features to appear in Windows, and new versions of the browser? The enterprise compatibility mode in IE 11 is designed to persuade businesses to upgrade IE more often, but Microsoft doesn't want to have to build that for old versions of Windows instead of supporting the latest web standards. What will it take for enterprises to adopt the more secure WinRT runtime for development? How do you balance the demands of BYOD users, to whom cloud storage is second nature, with the need to control corporate information and manage provisioning through corporate infrastructure like Active Directory instead of consumer Microsoft accounts over which the IT department has no control? Microsoft has been building tools in Azure Active Directory and Intune to address these issues; now it needs to show how they make sense in Windows.
The visible features in Windows 10 Technical Preview for Enterprise are productivity shortcuts like the task switcher, the links to commonly-accessed files and folders in Explorer and the improvements to Snap for laying out multiple windows (many of which seem reminiscent of ideas explored in Windows Vista), plus the relegation of WinRT apps to windows on the desktop and dropping the immersive version of IE in favour of just the desktop browser. But the architectural changes are more important.
Authentication and data protection
Although you need a Microsoft account for the technical preview of Windows 10, you won't need one for the final release. Instead, you'll be able to use an Azure AD account to log into Windows, and get Store apps, Live Tiles and settings sync between devices (all of which need a Microsoft account today). The Azure AD support is visible in the PC Info app, which gives users the option to sign in with an Azure AD account as well as a standard AD account; the Store and sync options aren't in this build, but this addresses one of the main enterprise complaints about Windows 8.
There are new user credentials coming in Windows 10 that support single sign-on for consumer services like Twitter as well as enterprise authentication, but again the management tools aren't yet available for this.
Windows 10 will also include Enterprise Data Protection (EDP), which uses containerisation file techniques to personal and enterprise data separate (similar to what we've seen on smartphones with BlackBerry Balance and Samsung Knox, or the containerisation Microsoft will offer in Office for iPad with its Enterprise Management Services). As David Treadwell, corporate vice-president for program management in Microsoft's OS group, explained to ZDNet: "what it does is allow the enterprise to have full control over corporate data, and the user to have full control over personal data, and you can't move between them."
Treadwell suggested this will be a more seamless experience than with other platforms because users won't need to install apps twice or think about whether they want to open an app in the business world or the personal world. Apps don't have to be specially written to work with EDP, unlike options like document-based rights management. Instead, you mark enterprise apps and set policy that stops users copying work data out of them into personal apps -- and stops them copying potentially embarrassing personal data into them. "The IT department might be more liberal, and if there is a need for users to sometimes copy data they can log the data and warn the user to only do it if they know it's safe to move, or they can say flat out that it's prohibited," Treadwell explained.
As well as apps that are purely business or personal, Windows 10 will support "enlightened applications that work in both realms". These will have to be specially written so users can choose whether to save a document as corporate or personal, which will determine which realm it lives in and where it can be saved. The tools for creating this aren't yet available, and again, neither are the tools to set up these policies.
Making modern apps acceptable
The obvious changes to modern, WinRT apps in Windows 10 are the way they show up on the desktop like all your other software, complete with title bars and a mouse-optimised version of Charms. Until the tablet mode features Microsoft is calling Continuum show up in a later build of Windows 10, that can feel like a step backwards for touch users who have got used to the finger-sized Charms bar and multiple modern windows in Windows 8.1. To keyboard and mouse users, they'll look like desktop applications with very simple interfaces and larger fonts. But for IT admins, the important changes to the app model are under the surface.
Rather than making their own enterprise app stores (including deep-linking to the apps in the public Windows Store you want employees to use, and then walking them through getting a Microsoft account), pushing out a portal app that employees have to remember to open, and acquiring the correct sideloading CALs to make sure you're correctly licensed, businesses will be able to create their own app store for custom or volume-licenced apps that will appear inside the main Store app in Windows 10. You'll be able to buy volume licences — by credit card or purchase order and invoice — and then manage and reclaim those licences as employees join and leave the company. The Store will also be more useful to enterprises now that it can include tools like third-party VPN clients that can be managed through mobile device management (MDM) solutions.
Sideloading can still be fully managed via MDM, but you'll also be able to just email links or push modern apps using the same tools with which you deploy desktop apps with, with the option to deploy apps just on the primary partition, or on secondary volumes, SD cards and USB sticks if you want to give users flexibility on devices with small amounts of storage. You can send users to the Windows Store, but have them use their Active Directory account rather than a Microsoft account you don't control. And you can choose whether to allow them to install personal apps with a personal Microsoft account as well, or to block all Store apps except the ones you have volume licences for.
That's close to the flexibility IT pros have been wanting for working with modern apps, although the tools for the Volume Purchasing Program aren't ready yet so we can't yet say how well they will work. WinRT apps are important to Microsoft because they're more secure and isolated than desktop applications, and they can be far more battery efficient. Letting enterprises manage them like desktop software might seem obvious, but like the other changes in Windows 10 it's an acknowledgement that the desktop environment isn't just the status quo; it's a key part of the Windows future.
Tools for managing Windows 10
Beyond the tools inside Windows 10 itself , IT pros testing out Windows 10 in the enterprise will be looking for Microsoft's next generation of management tools and utilities. The Windows 10 symbols for kernel debugging are already available, as is a preview version of the Windows 10 RSAT client for remote server administration (so you can use a Windows 10 desktop to control a Windows Server technical preview — although the BitLocker, Direct Access and RDS tools aren't ready yet).
There are no specific deployment tools for Windows 10 — not even the Microsoft Deployment toolkit or the Windows ADK. We had no problem installing on physical hardware or in VMs, and we were able to upgrade Windows 7, 8 and 8.1 devices and keep files, settings and installed software. The system requirements are low; 1GHz CPU, 1 or 2GB of RAM (for 32 and 64-bit respectively), 16GB of free disk space and a DirectX 9 graphics card with a WDDM driver. Some older 64-bit systems won't run Windows 10 if they don't support some hardware security features (CMPXCHG16b, PrefetchW, and LAHF/SAHF). Even though it's a preview, you still need to activate the enterprise version of the technical preview (that's not necessary for the consumer version).
Because so many of the new features coming in Windows 10 for enterprise aren't actually in the technical preview at this stage, there won't be a preview of the next version of System Center Configuration Manager until the first half of 2015 (and the MDM option will need the next version of Intune and Microsoft's Enterprise Mobility Suite). Current and older versions of SCCM (back to SCCM 2007 SP2) will support Windows 10; the oldest versions will let you manage it, newer versions will let you deploy and upgrade Windows 10 and the next version will let you manage things like how fast each Windows 10 device gets upgrades.
That makes sense, but it also underlines how early a preview of Windows 10 this is. Although we found it mostly stable and performance good, this isn't a beta you'd want to run in production environments. Microsoft is cautioning against using it as a development platform, although developers creating universal apps will definitely want to use it to test modern apps to see how they behave on the desktop and with the new Charms interface. IT pros will want to try it out to check compatibility with LOB applications and internal sites (especially with IE 11's enterprise compatibility mode), and to evaluate the changes to the interface to see how they'll affect users. But with updates to the technical preview expected to come every four to six weeks, it's far too early to come to a conclusion about Windows 10 for business. Microsoft seems committed to giving businesses what they want, so at the very least it's worth evaluating it and giving your feedback.