Four things every IT pro needs to know about Windows 10

Featured Content

This article is courtesy of TechRepublic Premium. For more content like this, as well as a full library of ebooks and whitepapers, sign up for Premium today. Read more about it here.

Join Today

Windows 10 will bring a lot more than a new Start menu. Ed Bott pinpoints several changes that will bolster security, make life easier for enterprise admins, and accommodate the multiple-device trend.

Microsoft kicked off its public preview of Windows 10 at the beginning of October. Most of the coverage you've probably seen so far is about the user experience -- and specifically, the new Start menu. That's understandable, given Microsoft's desire to win over traditional PC users who are accustomed to using a keyboard and mouse and are uncomfortable with the Windows 8 interface.

But because of that focus, some important changes in the works for IT pros have gotten lost. In this article, I explain four new features you can expect in the Windows 10 era.

1: Update speed options

Everyone knows businesses are conservative when it comes to changing the IT infrastructure. The bigger the business, the more likely they are to try to squeeze out every last second of Microsoft's 10-year support cycle. Fear of breaking critical applications, as well as worries over regulatory requirements, can keep businesses from adopting updates until long after they're released.

Beginning with Windows 10, Microsoft is trying to push, pull, tug, and cajole IT professionals into getting those updates onto client PCs more quickly. That means a radical change in the way updates are delivered.

Enjoying this article?

Download this article and thousands of whitepapers and ebooks from our Premium library. Enjoy expert IT analyst briefings and access to the top IT professionals, all in an ad-free experience.

Join Premium Today

On devices running Windows 10, security and critical updates will continue to arrive on a monthly basis, delivered on the second Tuesday of the month via Windows Update and managed channels such as Windows Server Update Services.

But businesses will be able to select their tempo for feature updates, opting in to a fast pace designed for consumer PCs, choosing a slower pace, or locking down certain machines to reject all but security and critical updates.

This Fast/Slow option is available in the Windows 10 Technical Preview in PC Settings, as shown in Figure A.

Figure A

Figure A

It's almost certain that this interface will change before the final release of Windows 10 in 2015, and of course admins on Windows domain networks will be able to configure these changes throughout an organization using group policy.

Note that these changes will only affect machines running Windows 10. Your update options for Windows 7 and Windows 8.x will remain unchanged.

2: App management

This might be the most important new enterprise-only feature coming in Windows 10. As an administrator, you will be able to lock down devices so that they can only run code you approve and trust.

That has two big advantages for enterprise deployments. First, users won't be able to install rogue applications like Dropbox, which can bypass corporate policies and allow confidential data to escape the corporate network.

Second, and much more important, this feature will stop almost all forms of malware in their tracks.

Which applications will be allowed? Any app or desktop program that's signed by Microsoft is automatically cleared, which means Windows Store apps and programs like Microsoft Office are good to go. Third-party software developers can also submit desktop programs to Microsoft for signing, marking them as safe, too.

For internal apps that run only on your corporate network, Microsoft says there will be an option to use a custom tool that can mark those apps as safe for operation on your network. Because apps signed using this tool will not run outside the network, a malicious party can't use this as a backdoor to sneak malware onto it.

This feature does come with one catch: In addition to working only with Windows 10 Enterprise edition, it requires specially modified OEM hardware. That means you won't be able to immediately roll it out on your existing infrastructure.

For high-security environments, including defense contractors, banks, and regulated industries, this is a hugely important way to prevent the sort of online espionage that has become common in recent years.

3: Next Generation Credentials

In a major security upgrade, Windows 10 will include two-factor authentication as part of a built-in feature called Next Generation Credentials.

For enterprise PCs that are already joined to a domain, this is an extra layer on top of their existing infrastructure. It will be more useful with devices that aren't domain-joined, such as personal laptops or tablets.

The authentication scheme is based on standards from the FIDO Alliance, which is widely supported in the computing, banking, and payments industries as well as by firms that provide end-to-end identity solutions.

Every Windows 10 device can be enrolled as trusted for the purposes of treating it as a secure device. If your enterprise already has a PKI infrastructure, you can generate the required private and public keys that way. Consumer devices can complete enrollment using Windows 10 itself. Enrollment requires a PIN or biometric proof, and the combination of the two unlocks access to services.

This feature has the potential to stop phishing attacks cold. Outside attackers who steal passwords won't have access to the trusted hardware, and their requests will be denied.

The necessary services are already installed in preview versions of Windows 10. Look in the Services console for the two entries shown in Figure B.

Figure B

Figure B

Note that on this PC, running build 9860 of the Windows 10 Technical Preview for Enterprise, the services are not started. A future update will add the interface for enrolling the device and enable those services.

4: Licensing and cost

Microsoft hasn't yet announced pricing for Windows 10, but it's a safe bet that it will be an automatic addition to the Volume Licensing (VL) price list. When that happens, VL customers who have also purchased Software Assurance can upgrade to Windows 10 at their own pace.

And a recently announced per-user Windows licensing option will make it easier to deal with the increasing proportion of users who have multiple devices.

Historically, Windows has been licensed on a per-device basis. That made sense in bygone times, when PCs were expensive and most employees had only one or two. But in the BYOD era, employees are likely to get work done on tablets, smartphones, portable PCs, and maybe a desktop. Even the most meticulous record-keeper could run afoul of one or more licensing gotchas. And that doesn't include the serious investment of time and energy required to learn the vagaries of licensing Windows, Office, and server products that require Client Access Licenses.

The new per-user licensing plan goes a long way toward reducing that worry if your business is large enough (250 users minimum) and you're willing to pay for the Enterprise Cloud Suite (ECS) bundle. This option includes Office 365 E3, Enterprise Mobility Suite, and a new Windows Software Assurance per User license.

In its ECS fact sheet, Microsoft notes that the new user-centric license covers all of that user's devices, including those running Android or iOS, as long as the primary user is running a qualified Pro or Enterprise version of Windows 7 or later.

Mary Jo Foley's article on the introduction of ECS is a must-read and contains links to some valuable additional documents.

Join Premium Today