Microsoft's biggest challenge with Windows 10 is meeting the needs of two distinctly different constituencies.
Consumers have to be coaxed into upgrading their old PCs, perhaps with a new Windows-based tablet or a hybrid device. But businesses have an upgrade cycle that's determined by long-term IT budgets, along with a completely separate set of needs that revolve around management.
With today's major update to version 1511, Microsoft is asking IT pros to accelerate their Windows 10 pilot projects and begin deploying the new operating system faster than ever before.
Is that pitch realistic?
Maybe. This is a new Microsoft, and Windows 10 is definitely a new way of building and delivering Windows. But before hardened IT pros even think about replacing their legacy versions of Windows, Microsoft has to answer three key questions.
What's in it for my business?
There's a laundry list of features that Microsoft offers for skeptical IT pros who rightly demand a reason to disrupt an existing Windows infrastructure that is working just fine, thank you very much.
That list starts with sheer speed. Microsoft claims that Windows 10 machines boot (and restart) significantly faster than Windows 7 PCs. For task workers, downtime is lost productivity, so that's theoretically a good thing.
Much more important, though, is the list of security features in Windows 10. The most important is probably Credential Guard, a new form of hardware virtualization that makes it impossible for crippling "pass the hash" attacks to compromise multiple machines on a corporate network.
Another feature that should appeal to IT managers in locked-down environments is the Windows Store for Business, which allows deployment of line of business apps through a customized version of the Windows Store.
One business feature that's still on the to-do list for Microsoft is enterprise data protection, which lets a company encrypt and manage corporate data and applications on employee-owned (BYOD) devices, without affecting personal apps and data. The infrastructure is in place, according to Windows boss Terry Myerson, but the client pieces won't be ready till 2016.
Will businesses have adequate control over updates and upgrades?
IT pros don't like surprises. So the "continuous update" aspect of Windows 10 is not so much a feature as an opportunity to experience extremely unwelcome surprises when updates don't play well with existing enterprise infrastructure.
That's where the new update rings of Windows 10 enter the picture.
Microsoft has been talking about Windows Update for Business for nearly a year. This feature addresses one of the biggest deployment blockers for businesses by giving network managers a set of tools to delay the installation of updates until they have completed compatibility testing or at least waited for early adopters to give the all-clear.
With this release, Microsoft has officially released the free Windows Update for Business, which works with Pro, Enterprise, and Education editions. The new tools offer the ability to control when and how updates and upgrades from Windows Update are installed in an organization.
The controls in Windows Update for Business divide update packages into three groups, each with its own set of management controls:
- OS upgrades These are major releases, delivered 2-3 times a year, that are declared new milestones in the Current Branch for Business, such as today's update from the original Windows 10 release to version 1511. Using Windows Update for Business, these installations can be delayed in one-month intervals, up to a total of eight months.
- Updates The update packages in this group include Security updates, Critical updates, and new device drivers delivered through Windows Update. That group encompasses virtually everything in the monthly Patch Tuesday cycle. These updates can be deferred up to four weeks, in one-week intervals.
- Definition updates These updates are mandatory and cannot be deferred. Organizations that standardize on non-Microsoft security software can avoid any potential negative impact from these updates.
For extremely conservative organizations, the Long Term Servicing Branch is available. Today's release is the latest entry in the Current Branch for Business but does not replace the initial LTSB release (build 10240).
I'll have a more detailed, hands-on look at how Windows Update for Business works in a follow-up post.
Can the upgrade process be simplified?
Historically, enterprises have deployed Windows using a labor-intensive process that involves creating standard disk images. As new PCs arrive, IT pros wipe the OEM Windows installation and replace it with the corporate standard image.
In traditional Windows deployments, that upgrade wave happens every three or four years, in a long, staggered process that's often tied to new hardware purchases.
Windows 10 offers several new tools designed to simplify these deployments, so that an enterprise can deliver its own standard image by modifying existing OEM installations. That's less time- and labor-intensive than the wipe-and-reload process.
A bigger hurdle, and one that isn't yet solved, is the sheer size of major upgrades like today's release. These are still multi-gigabyte packages, with correspondingly long installation times. Slimming down those packages and streamlining the upgrade process needs to be high on the priority list for an OS that is designed for two or three upgrades per year.