What’s Windows 10 bringing to the Enterprise?

I enjoy playing with the latest technologies, so it didn’t take me long to make the transition to Windows 10. I am now using Windows 10 on both my personal and corporate laptops, and there’s a lot to talk about. In this blog post, based on Peter De Tender’s webinar, I’ll walk you through the most important features of Windows 10 Enterprise edition, and share with you some of my personal experiences.

Many things have changed in the way we use technology since Windows 7 was released. The key trigger for these changes is the end-users — an office worker, an IT admin, the mobile workforce or someone from management who needs to always be connected, from anywhere with any kind of device. Windows 10 was built around the end-user’s needs and it offers more personal interactions on a variety of devices — PCs, smartphones, tablets or even Xbox One. Windows 10 Enterprise brings more to device management and security through the new features and enables organizations to have better control of their mobile and interconnected workforce.

From an end-user’s perspective, Windows 10 is a converged platform, which has the same look and feel on any device — a smartphone, a tablet, a laptop or a desktop. From a developer’s perspective, we can also talk about Windows 10 as the universal platform. If you develop an application for Windows 10 desktop edition, the same application can be used for the Windows 10 tablet edition or the mobile edition, with no redevelopment needed.

Windows 10 is for everybody and it helps all different types of users to be more productive and interconnected. To support this, the one-size-fits-all platform comes with a lot of improvements. Internet Explorer 11 is more secure and a lot more stable than previous versions. It has a built-in malware detection functionality and uses less memory and less CPU. The main enhancement of Internet Explorer 11 is the Enterprise mode. It allows organizations to use older web applications in modern versions of IE, so enterprise customers will have the latest browser versions and still be able to use old web applications.

There’s also a new browser integrated in Windows 10, which is officially called Microsoft Edge. Its brand new reading mode feature is very fast and helps to focus on the content by removing the distractions. The built-in note taking and sharing feature is another fun integration in Microsoft Edge.

Microsoft Edge

Among other features, Windows 10 brings back the Start menu — more appropriate for desktop users — and introduces Cortana, the new personal assistant which helps you get things done. This is also the very first edition of Windows that allows you to use Ctrl+V shortcut to paste in the Command Prompt. It’s the little things that matter, right?

Aside from the personal or corporate devices that we use regularly, Windows 10 can also run everything around us, from ATMs and airport panels, to media streaming servers or healthcare applications. Windows 10 Internet of Things (IoT) Core enables the IoT by running almost any kind of device for any kind of functionality. One of the most popular devices for the IoT is Raspberry Pi. It’s a small, main board with limited connections, but it’s very useful and customizable.

Windows 10 Enterprise innovates by taking security to a whole new level. Device Guard, Microsoft Passport and Windows Hello are some of the most important features that make Windows 10 the most secure Windows version ever. It addresses the security challenges from previous Windows versions, such as identity protection, data protection, threat resistance and device security, and provides enterprise-level device management and security.

Windows 7 was using passwords as the default user authentication mechanism. Windows 10 offers a lot more today: Multi-factor authentication, using a PIN code or using Microsoft Passport. Password mechanism is still a default authentication option in Window 10, but it’s a lot more powerful and a lot more secure.

Microsoft Passport and Windows Hello are the two main features that are integrated in Windows 10 Enterprise and really secure your identity. Windows Hello goes one step further by actually enabling biometric recognition. You can unlock in your Windows 10 device and login using your fingerprint, facial or iris recognition instead of typing in a password. After Windows Hello verifies you and provides access to the device, it unlocks the Microsoft Passport, giving you permission to access the systems. Together Microsoft Passport and Windows Hello provide enterprise-level security. The same biometric recognition can be used to authenticate a user to a Microsoft account, Active Directory (AD) account, Microsoft Azure AD account or even a local account, as well as non-Microsoft services that support Fast ID Online (FIDO) authentication.

Single Sign-on Windows 10 Active Directory

Single Sign-on Windows 10 Active Directory joined is also new in Windows 10. This feature is meant to secure both the identity and the device and provides the users single sign-on access to several SaaS applications, like Salesforce, Office 365 and OneDrive for Business. For example, I connected my work email on my smartphone — which is not owned by my employer — yet it was configured and integrated as a trusted device in the Active Directory through Azure AD in conjunction with Microsoft Intune, the cloud based client device management from Microsoft.

Disk encryption with BitLocker is still the default approach to securing the device and data in Windows 10 Enterprise. It’s the same as in Windows 7 or Windows 8, securing the physical disk, or even the mobile disk, using BitLocker ToGo. But, in Windows 10, there’s an extra layer of data protection — file sharing. For example, a user that is remotely connecting to the office by using organization folders or connecting to OneDrive for Business, has the Active Directory credentials replicated, synchronized with Azure AD, and based on NTFS access rights, is allowed to access the data shared folders or not. By using integration with Azure AD and Azure Rights Management services, we can unlock a lot of data loss prevention solutions. It’s built-in partly in the operating system and it’s leveraging the power of Azure AD.

Historically, when you installed an application in Windows 7, Windows Defender could detect it as a malware and you could block running it. In Windows 10, you can actually do the opposite — lock down the operating system and only allow trusted applications. A trusted application is, for example, the mobile apps on Windows mobile. By default, every application that’s being secured and trusted out of the Microsoft reviewing process will be accepted on the Windows 10 device as a trusted app. It won’t start if an application is not considered as trusted. This is a different, more secure mindset introduced by Device Guard, a new functionality born in Windows 10. Device Guard operates at the hardware level and leverages virtualization to avoid potential glitches to the Windows. That way, the decision of blocking an application is isolated and independent, even if malware were to penetrate the OS.

However, in an organization you may not always use the latest mobile or universal apps. And for a different level of security, there is Traditional Mode. Traditional Mode is a functionality within Windows 10 that is creating silos and sandboxed environments for each component of the operating system. There’s a specific container for your security credentials and application. That mechanism is called Virtual Secure Mode (VSM), where your operating system and your full device are actually split up in different components. Usually, you install Windows 10 on the top of your machine and everything else on the server side can be classified in containers or virtual machines (VMs). But the new approach is to classify applications and security credentials in separate containers. So, if there’s a malware detected in one of your applications, it won’t impact the other running applications because they are in isolated environments.

Then, there is Conditional Access. This is one of the Microsoft Intune functionalities that allows you to set certain regulations on a Windows 10 device and block unsure devices to protect resources and confidentiality. Like I said earlier, I use my personal phone to connect to my corporate Exchange Server. And to be able to connect to the Exchange backend, I am forced to set up some regulations imposed by the organization, like a PIN code or a fingerprint lock.

I’m sure you are familiar with reinstalling Windows in the old fashioned way. Reinstallation, or the so-called “wipe-and-load mechanism,” is still valid in Windows 10. However, from an enterprise perspective, Microsoft strongly recommends the adoption of Windows 10 by migrating and not by reinstallation. Whenever you have a Windows 7, 8 or 8.1 certified device, there’s a real reason to do an in-place upgrade.

This is also how I smoothly shifted my own laptop from Windows 7 to Windows 10. Windows 10 is there, all my information is available, my documents are still there, my apps are installed (actually retained) and my desktop background even remained the same. Forget about all the deployment nightmares you might have had when moving from XP to 7 — it’s all easy now. The same applies when your computer is running slow and you want to reinstall the OS. Now, you can just perform a reset from your settings, keep your files or not and reinstall the Windows.

Below you can see my desktop before and after migration to Windows 10 — I can pick up where I left off:

Windows 7
Windows 10

Another way of moving to Windows 10 is using provisioning. A provisioning package is a collection of customizations you can integrate for a Windows image. It can be applied to an image or delivered as standalone package for updating the system without installing a new image. For example, if your organization buys preloaded Windows 10 Professional edition devices, you can use a provisioning package to upgrade multiple devices from Professional to Enterprise, instead of reinstalling those machines with the Windows 10 Enterprise edition.

Windows 10 is a very solid operating system, more secure than ever, adjusted to the digital world we live in and optimized for the various devices we use — be it a smartphone, a tablet or a PC. Also, I would say it’s the end of an era and the beginning of a new one. No more deployment from scratch and reinstalling every application and drivers. All the concerns around upgrading to a new operating system are long gone, as Windows 10 is designed to make the jump from earlier versions easy through its built-in features.

Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.