Home » Technology » Mobility » How to efficiently manage Windows 10 with existing infrastructure
With every new operating system comes a new set of management issues to understand and deal with, and Windows 10 is no exception.
The most likely scenario is that you will be managing Windows 10 using existing tools such as System Center Configuration Manager (SSCM). For this you will need SCCM 2012 SP1 or later which, after the client is installed, provides SCCM management capabilities. Deploying the new OS currently requires custom scripting, although the next version of SCCM, out in Q4 of 2015, will automate this allowing admins to determine how, when and where to deploy Windows 10.
Note that Windows 7 Enterprise and Windows 8.x Enterprise are not included in Microsoft’s free Windows 10 upgrade offer.
One of the main differences between Windows 10 and its predecessors is that it is a service not a standalone piece of software, in that it will be upgraded and maintained through a rolling set of updates. If you are managing an estate of desktops, laptops and tablets, you will want to control when and how often those updates are installed, in order to forestall potential clashes with hardware, drivers and applications. For example, you may want to disable the new system’s ability to share downloaded pieces of update code with other PCs on the Internet, restricting this BitTorrent-like update process to PCs on the LAN only.
Updates can be controlled in other ways. Microsoft is providing long-term service branches for mission-critical environments – such as hospitals, trading rooms and air-traffic control rooms – which will provide only security and critical updates while minimising other changes. The business service branch is designed to ease the burden of desktop estate management by allowing enterprises to choose whether to receive feature updates only after their quality and application compatibility has been assessed in the consumer market – effectively taking advantage of validation by millions of consumer end-users. Alternatively, automatic updates just like consumer setups can be enabled.
From a security perspective, Windows Defender is now the default anti-malware tool, and definition updates can be synchronised across the estate using SCCM. Client passwords are recognised as a weak point in enterprise defences, leading to the adoption of a number of alternative login processes, such as a PIN – for which the user must be present – and biometrics, including facial and fingerprint recognition.
Windows 10 continues to offer authentication through Active Directory, though with the added ability to tie into Microsoft’s Azure cloud service and its Azure AD accounts, allowing users to access business applications and resources located there. For ease of use, single sign-on means a login gains access to Office 365, Azure, Microsoft Store as well as to the local OS.
Windows 10 includes the mobile device management features shipped with Windows 8.1, which focuses mainly on BYOD scenarios, though with additional support for corporate-owned devices, including support for enterprise data protection, multiple users, VPN configuration and device wipe capabilities. The system works via a built-in management component that communicates with the management server to check for updates and apply the latest policies set by IT.
Windows 10 offers a blend of the familiar and the new, as well as management features that enable control in emerging environments such as enterprise BYOD. From an end-user perspective, it should demand little training resource and, from an IT admin’s point of view, it brings the Microsoft flagship up to date with today’s corporate environment.