Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

When it was launched, Windows 8 was very much focused on what Microsoft saw at the time as being the future of modern computing: tablets and touch screens. As such, it was perceived that this was entirely a consumer release and the OS had nothing to offer businesses. This actually is not true, and if you haven’t used Windows 8 and Windows 8.1 before, it’s worth beginning this chapter by introducing new features to you that have now been around for a while and that you’ll also get in Windows 10.

Business Features in Windows 8

We live in a world now where people are increasingly using, or wanting to use, their own PCs and devices in the workplace. This might be somebody wanting to use their own laptop (because it’s newer and more powerful than the one work provided), someone wanting to use their own phone to avoid having two handsets, or an executive gushing over the iPad they got for their birthday.

BYOD, officially known as Bring Your Own Device, though often referred to as Bring Your Own Disaster, presents unique challenges for system administrators. Not the least of these challenges is that because they don’t own the device, they don’t have full control over its security, updates, and compatibility.

Windows 8 introduced new management features that worked with Windows Server 2012. Chief among these was Workplace Join. Traditionally, you’d connect a laptop or other mobile device to a company server system using a Virtual Private Network (VPN). Workplace Join was designed to allow BYOD PCs to connect, and it offered some additional functionality over a straight VPN connection.

The most important functionality of Workplace Join was that companies could specify that BYOD PCs and mobile devices had to permit a certain level of remote administration. This included barring the machine if it didn’t meet a required minimum level of security, and permitted the company to remotely wipe all the data and files relevant to the business whenever they chose.

Windows Server 2012 also brought management support for non-Microsoft devices, such as those running iOS or Android, and any device running the Open Mobile Device Management (OMA-DM) specification could be easily managed in the same way as Windows 8 devices, without the need for third-party software.

Work Folders allowed the PC user access to files and documents on the network, but system administrators could specify what parts of the network could be accessed once a device was registered, thereby limiting the surface for malware and hacking attack.

For those people who wanted to use their work PC at home or in remote locations, but for whom a work laptop wasn’t appropriate, Windows To Go could create a copy of their entire Windows installation, including installed apps and win32 desktop software, on a USB Flash Drive. This drive could be used on any PC capable of booting from USB and provided an additional level of security in that it prevented the user from seeing the hard disks of the host machine. This feature also helped protect the Windows To Go drive from malware infection.

Encryption was beefed up in Windows 8.1, with all new portable PCs (laptops and tablets) being required to offer a TPM chip and Bitlocker encryption by default. Additionally, biometric security was baked into the OS, with fingerprint login added to the impressive list (password, PIN, smartcard, picture password) of access methods for a device.

Other features useful to businesses included Wi-Fi Direct and NFC, allowing direct pairing of a PC with a compatible printer; Miracast for connecting to remote projectors and displays without the need for cables; and Mobile Tethering, so a PC with a 3G or 4G connection could share this with up to ten other devices.

Multi-Monitor improvements included the ability to independently scale individual displays, PowerShell 4 brought new administration options for business, and InstantGo allowed people with compatible PCs to be up and running much more quickly than with older hardware.

All of these features are included in Windows 10 as well, so if you’re still using Windows 7 or even XP in your business, you have a lot to look forward to before we even get to the extra features Windows 10 will introduce.

Universal Apps and Enterprise App Stores

When Microsoft first introduced their Metro/Modern/Universal App model (delete as applicable) it was widely derided by people in the business space as being for lightweight apps and consumers only.

I’ve always argued against this, for several reasons. First, working in education I experience first-hand the amount of data replication that we can find in the workplace. The Universal App sharing feature is useful for far more than sharing a photo from your Camera app with Facebook; it can also propagate data automatically from one app to several others, according to pre-programmed criteria.

Yes, the first Modern apps Microsoft released with Windows 8 were awful; there’s no shame in admitting this. Some apps quickly rose to the top, however, including the excellent EMR Surface (see Figure 5-1), which cost $500 and helped clinicians manage their documentation process.

Figure 5-1.
figure 1figure 1

The EMR Surface app for Windows 8

Full size image

EMR Surface and other high-end business apps proved that you can create extremely powerful business apps for Windows and that you don’t lose any pixels on your screen by doing so.

With the advent of the Universal App, able to run across all Windows 10 devices from the phone and tablet to the desktop and even the huge Surface Hub with its 84-inch screen, new opportunities were created for businesses, many of whom are still running bespoke legacy software that was originally written for Windows XP (or perhaps even an earlier version of the OS).

A legitimate criticism of apps in Windows 8 was the available options for user-interface features. I was one of the many asking why an API for Microsoft’s Ribbon interface wasn’t included. The newly released beta versions of Word, Excel, and PowerPoint apps for Windows 10 include Ribbon functionality (see Figure 5-2), and we can expect this to be available within other apps too. The extra functionality accessible using the Ribbon interface is quite considerable.

Figure 5-2.
figure 2figure 2

The Ribbon comes to apps in Windows 10

Full size image

In addition to Universal Apps, Windows 10 introduces the facility for businesses to set up their own app stores using Microsoft Azure. Here you can provide your own business apps for Windows along with your selection of third-party apps and utilities. The feature is simple to set up and deploy across all Windows 10 devices.

Whatever device is in use then, be it a laptop, tablet, or phone, the same app with the same functionality will be available to the user. This ability to bring full desktop functionality to smaller devices will allow people to keep working, and being productive, when on the move and away from the office.

Managing Updates and Upgrades in the Workplace

Windows 10 will be the last major version of Windows. However, this doesn’t mean that in three years’ time Microsoft is dropping the product. Rather, it means that they’re moving to the model adopted by Apple with OS X, in that the core OS will receive more regular and more minor updates.

Why are they doing this? In the case of Windows 10, a number of contributory factors come into play. It’s become obvious in the years since Windows 8 was first unveiled that the desktop is going nowhere for business users. Despite the popularity of tablets and other touch-based PCs, Windows users worldwide made it abundantly clear that they want the desktop, and that they don’t want the desktop to change.

Conversely, however, the touch interface Microsoft introduced with Windows Phone has been extremely successful, both on smartphones and also on tablets.

If you couple these reasons with Microsoft’s strategy to, quite sensibly, use a single OS across a multitude of devices, from smartphones and PCs to the Xbox, IoT devices, and the HoloLens headset, it then makes sense to lock down a final version of the OS. These separate devices won’t all follow a three-year upgrade cycle, Xbox being a great example. Windows is also extremely mature as a product, and it is a good time to lock it down.

Microsoft’s intention then is to roll out annual free updates to the OS that include new and modified features and functionality. This might come as alarming news to some Enterprise users, though, who change their OS only every six or seven years, and then only after extensive testing has taken place to ensure all their hardware and software will work with it.

The good news here is that Microsoft has thought of that. Microsoft is splitting the updates and upgrades to Windows into two branches, one of which will be optional for Enterprise users.

Windows Update will continue to deliver security and stability fixes and patches for the OS, while a separate Current branch for Business will provide core OS updates to the Enterprise in a way that permits them to extensively test for compatibility before deploying.

Critical and important Windows Updates will continue to be subject to the same forced installation rules as with Windows 8.1, in that after a period of time they’ll be installed automatically. The new business branch, however, won’t be subject to these rules; instead the branch will go as long as three years before installation becomes necessary.

Simplifying Deployment

Deploying a new version of Windows across a business is a time-consuming and tricky process. It can take the best part of a couple of years to upgrade a large enterprise, and many months for even a small company.

With Windows 10, Microsoft is improving the deployment process by making it possible to upgrade the existing OS in-place, instead of using the wipe-and-load approach commonly used in the workplace.

One of the challenges with Windows 8 was upgrading the OS in-place. Only when upgrading from Windows 7 could you keep all of your files, settings, and installed win32 desktop software, but with Windows 8.1 and further kernel changes, this shifted again, permitting only files to be kept in some scenarios.

Microsoft has worked to improve the in-place upgrade experience in Windows 10, and they promise that all Windows 7, Windows 8, Windows 8.1, and Windows RT PCs on which an in-place upgrade is performed will be able to keep all files, settings, and both store and win32 apps during the process.

They’ve worked hard to maintain compatibility with older software and hardware, and indeed the hardware driver model is unchanged from Windows 7, so any PCs and hardware you’re already using will work fine in Windows 10.

Windows 10’s new configuration tools for Enterprise are also being improved, permitting much quicker configuration and provisioning of Wi-Fi, VPNs and email profiles, apps, language packs, security updates and certificates, and security policies. All of this will be done through remote management facilities, such as the Assessment and Deployment Toolkit (ADK), Microsoft Deployment Toolkit (MDK), and System Center Configuration Manager.

Azure and Active Directory Single Sign-on

There are many reasons why Windows 8 was resisted in the workplace, not the least of which is that most businesses were only just migrating to Windows 7 when Windows 8 was released. One of the coolest features in Windows 8, however, was also one of the most contentious, this being signing into the PC with a Microsoft Account.

Using this MS Account sign-on permitted synchronization of settings across different PCs; the use of the OneDrive cloud backup and sync service; and, crucially, access to the Windows store for apps.

Anybody who wanted to log in to a Windows 8 PC using a local account or a Domain didn’t get these benefits. Now, for those people in business using Domains, this likely wouldn’t have been an issue, unless they really needed to use Store apps, but with Microsoft creating new Enterprise app stores in Windows 10, the situation clearly needed to be improved.

Windows 10 will allow business users to use a single-sign-on (SSO) system with an Azure or Active Directory account to log in to the PC, the store, and more besides. This is all part of Microsoft taking a more connected approach to Windows 10 in the business space.

The Internet Explorer Question

Earlier in this book I talked about Microsoft’s new web browser, codename Spartan, and how it is replacing Internet Explorer in Windows 10. Woah! Thought I heard you cry. Many businesses both need and rely on Internet Explorer for plug-in and intranet compatibility, so if it’s removed, what the hell are you all to do?

Well, there’s no need to panic, because Internet Explorer isn’t going away. While Microsoft has not yet announced what versions of Windows will include IE, it’s very likely that both the Professional and Enterprise editions of Windows 10 will still include Internet Explorer 11 (the version that shipped with Windows 8).

IE will still be able to be set as the default browser for the PC, and will be unchanged from the current Windows 8.1 version (though we may yet see new features aimed at maintaining compatibility for business users).

Identity Protection, Access Control, and VPN Updates

I’ll focus on security in Windows 10 in much more depth in Chapter 6, but Windows 10 includes some valuable new security technologies. Chief among these are Identity Protection and Access Control. The former is a new system that uses Hyper-V virtualization technology to store identity and access tokens in a secure store where they can’t be accessed by an attacker.

Access Control will employ a series of measures to restrict access to a specific PC to all but an authorized user. This will include improved biometric controls, some of which are already included in Windows 8.1, and new baked-in, two-factor authentication.

This latter system will use biometric sensors, or even the proximity of a Windows 10 Phone, to keep data and files on a PC safe and secure.

Virtual Private Networks (VPN) also include new security controls, including monitoring which apps can access data across the company network and permitting the restriction of specific communication ports and IP addresses.

Threat Resistance

Windows 10 will also provide the ability for companies to lock down devices so as to provide better resistance to malware and attacks. This works in several ways, including by only allowing trusted and digitally signed apps to run on the PC.

Businesses will be able to choose for themselves which apps are to be considered trustworthy, including both win32 and Universal apps.

BYOD Improvements in Windows 10

Bring Your Own Device (BYOD) management is already strong in Windows 8.1 and Windows Server 2012, and it’s unclear what new features Microsoft will be bringing to the table with Windows 10.

We can be certain, however, that BYOD will feature heavily in both Windows 10 and Windows Server 2016, as it’s a crucial part of the business environment, with executives wanting to use their own iPad or sales staff only wanting to carry their own smartphone.

It’s possible that much of the new BYOD functionality will be delayed until 2016 and the release of the next version of Windows Server. This was supposed to be released alongside Windows 10, however a delay was announced in late January 2015, perhaps because of bug and stability issues that Microsoft doesn’t want to rush through.

Windows Server 2012 allows you to manage all manner of BYOD devices, and not just Windows PCs. These devices include both iOS and Android options. It’s with Windows 8.1 devices, however, that the best BYOD experience is to be had, because they support features such as remote wipe, where a business can delete corporate data and files from the device remotely and at any time.

It’s certain that we’ll hear more about BYOD as 2015 progresses, and new and enhanced functionality that is centered on security will be forthcoming in Windows 10.

The Surface Hub

Microsoft’s Surface brand has undergone a series of changes over the years. It began life back in 2007 as a 30-inch touchscreen table, intended for use in hotels and business spaces. It could interact with NFC tags attached to everyday objects and devices, and it used cameras to locate the user (or users), so that no matter where you sat at the table, the content you were viewing was always the correct way up.

The Surface name was transferred in 2012 to Microsoft’s new tablet PCs, and it’s for these devices that it’s most widely and best known.

Large touch devices themselves became known as Microsoft PixelSense, such as the Microsoft/Samsung SUR40 table and Perceptive Pixel, which is better known as being the world’s first 82-inch wall-mounted touch display.

Over the years I’ve had a chance to use both the original Microsoft Surface table and the Perceptive Pixel screen, and I’ve found both to be limiting, the former with a lack of useful applications, and the latter by a limiting 1080p resolution. It’s clear, however, that large touchscreen devices do have a place in business, both in the boardroom as well as for business and political commentators on 24-hour news channels.

Thus, at Microsoft’s January 2015 Windows 10 update event they introduced the world to the Surface Hub (see Figure 5-3).

Figure 5-3.
figure 3figure 3

The Microsoft Surface Hub

Full size image

Surface Hub is a smart touchscreen device that will be available in 55-inch (1080p) and 84-inch (4K) versions. I say it’s smart because it does much more than just work as a super-large touch screen. The Surface Hub has been designed as a “team device” that will help groups of people work together more effectively.

Digital Whiteboard

Probably the most obvious use for the Surface Hub is as a digital whiteboard, and it performs this job with a couple of pens (stored left and right on the screen’s edges) and a specially-adapted version of OneNote.

Anybody in a meeting where a Surface Hub is being used who is also using a Windows 10 PC or phone can pair their device with the Surface Hub and automatically receive a copy of the meeting notes when the meeting is over.

Collaboration Tools

The Surface Hub comes equipped with cameras that help it perform a series of different tasks. One of these tasks to use the integrated Skype for Business app, which allows the Hub to be used for remote meetings.

Additionally, though, the Surface Hub can recognize individual people and wake up, welcome them, and log them in when they approach the device. The cameras can track movement and follow you as you move around the room. Also, anybody can share content from another Windows 10 device to the Surface Hub over the Miracast wireless display system, which is built into many modern laptops and tablets, including Microsoft’s Surface Pro 3 and the Dell XPS 13 Ultrabook.

Specially-Designed Apps

Specially-created versions of Microsoft Office and other apps will be available for the Surface Hub, enabling groups of people to view and work collaboratively on files and documents together. The Surface Hub will use touch, ink, and sensors to allow third-party developers to create innovative collaboration apps and utilities for business.

Easy to Use and Deploy

The Surface Hub has been designed to be easy to use and deploy, requiring only a power lead and a Wi-Fi connection to get started. Microsoft will also be providing carts and stands so that the Hub can be moved easily from meeting room to meeting room.

Summary

It’s clear that Windows 10 will bring a huge number of benefits, not just to home users and end users in the workplace, but also to business and system administrators.

The most important question still remains, however: How secure is it, both in everyday use and for business and remote workers? In the next chapter I’ll detail the new and improved security features in Windows 10 and how they can be used in business and enterprise environments.