1 When you think of Windows, you probably think first of conventional desktop PCs and laptops. The Windows 10 release encompasses a much
broader range of devices, as Figure 1-1, taken from a Microsoft presentation, makes clear.2 Introducing Windows 10 for IT Professionals, Preview Edition
FIGURE 1-1 The Windows 10 family spans a wide range of devices, from phones to game consoles and the new HoloLens headset, with PCs in the middle.
Although all these devices share a great deal of common code, it’s not the case that the same code will run on each device. The version of Windows 10 Enterprise for a 64-bit desktop PC, for example, is very different from Windows 10 Mobile or the Xbox OS. But that common code has a big payoff when it comes to app development. Apps that are built on the Windows universal app platform can run on all Windows device families. They are also easier to manage and more secure than conventional Windows desktop applications, which run only on PCs.
A new approach to updates and upgrades As I mentioned, the most revolutionary change in Windows 10 is the concept of continuous improvement. New features are delivered through Windows Update rather than being set aside for the next major release. In a major change of longstanding best practices, Microsoft now recommends that enterprise customers enable Windows Update for the majority of users, although the option to use Windows Server Update Services (WSUS) might still be available for some configurations. In the Windows 10 Technical Preview, the more-or-less monthly new builds are delivered through Windows Update. Participants in the preview program can choose between two update speeds, also known as rings. Choosing the Fast ring makes new builds available as soon as they’re released by Microsoft; opting for the Slow ring delays the availability of a new build until it’s been thoroughly vetted by the Fast ring, with any bugs addressed via interim updates. When Microsoft officially releases Windows 10 to the public, the preview program won’t end. Members of the Windows Insider program will continue to receive early access to new updates, using the same Fast and Slow rings. Windows users who are not part of the preview program will receive updates for what’s known as the “Current Branch.” In addition, Microsoft has committed to an additional approach for enterprise customers who want a more stable environment, with a “Current Branch for Business” that is several months behind the consumer releases as well as “Long Term Servicing” branches that are appropriate for mission-critical applications.
CHAPTER 1 An overview of the Windows 10 Technical Preview
3 The evolution of the Windows user experience In the beginning, there was the Windows 95 Start button, which actually included the word Start. Clicking that button led to the Start menu, which was chock-full of shortcuts to programs, utilities, and settings. Both of these crucial parts of the user experience evolved significantly in appearance and functionality over the years, but a time traveler from 1995 would have no trouble recognizing the Start menu in Windows 7. In a singularly controversial decision, the designers of Windows 8 removed the Start button and Start menu completely, replacing them with a full screen filled with live tiles instead of icons. The Start button returned in Windows 8.1, although its main function was to provide access to the Start screen. Now, by popular demand, the Start menu returns in Windows 10. In the Windows 10 Preview (the April 2015 update), clicking the Start button opens a menu similar to the one shown in Figure 1-2.
FIGURE 1-2 The Windows 10 Start menu blends elements of its Windows 7 predecessor with Windows 8 live tiles.
4 Introducing Windows 10 for IT Professionals, Preview Edition
This Start menu design (which will undoubtedly change before the final Windows 10 release) contains some familiar elements, including links to common locations, a list of frequently used apps and programs, and power controls. The items on the right are live tiles, which work like their equivalents from the Windows 8.1 Start screen. The search box, just to the right of the Start button, offers quick access to the local file system and to the web. With a few quick configuration steps, you can enable Cortana, the voice-powered personal assistant that debuted in Windows Phone and is now moving to the larger Windows 10 platform. The double-headed diagonal arrow in the top-right corner expands the Start menu to fill the full screen. A separate option, called Tablet Mode, also expands the Start screen but makes additional changes designed to make Windows 10 more usable on tablets and hybrid PCs. Figure 1-3 shows Tablet Mode in action.
FIGURE 1-3 In Tablet Mode, the search box shrinks and the Start menu and apps fill the entire screen.
Several navigation elements that were added to Windows 8 have been removed for Windows 10. The Charms menu is gone, replaced on the right side of the screen by an Action Center that shows notifications and includes shortcuts to common tasks. Likewise, the Windows 8 navigation controls based on aiming a mouse pointer at corners are replaced by a new Task View, which also supports multiple virtual desktops. For a more detailed look at how Windows 10 works, see Chapter 2, “The Windows 10 user experience.”
User accounts and synchronization Anyone migrating to Windows 10 from Windows 7 should pay special attention to a new user account type, introduced in Windows 8. Signing in with a Microsoft account instead of a local account provides tightly integrated support for cloud-based services, along with easy synchronization of settings and apps between devices.
CHAPTER 1 An overview of the Windows 10 Technical Preview
FIGURE 1-2 The Windows 10 Start menu blends elements of its Windows 7 predecessor with Windows 8 live tiles.
4 Introducing Windows 10 for IT Professionals, Preview Edition
This Start menu design (which will undoubtedly change before the final Windows 10 release) contains some familiar elements, including links to common locations, a list of frequently used apps and programs, and power controls. The items on the right are live tiles, which work like their equivalents from the Windows 8.1 Start screen. The search box, just to the right of the Start button, offers quick access to the local file system and to the web. With a few quick configuration steps, you can enable Cortana, the voice-powered personal assistant that debuted in Windows Phone and is now moving to the larger Windows 10 platform. The double-headed diagonal arrow in the top-right corner expands the Start menu to fill the full screen. A separate option, called Tablet Mode, also expands the Start screen but makes additional changes designed to make Windows 10 more usable on tablets and hybrid PCs. Figure 1-3 shows Tablet Mode in action.
FIGURE 1-3 In Tablet Mode, the search box shrinks and the Start menu and apps fill the entire screen.
Several navigation elements that were added to Windows 8 have been removed for Windows 10. The Charms menu is gone, replaced on the right side of the screen by an Action Center that shows notifications and includes shortcuts to common tasks. Likewise, the Windows 8 navigation controls based on aiming a mouse pointer at corners are replaced by a new Task View, which also supports multiple virtual desktops. For a more detailed look at how Windows 10 works, see Chapter 2, “The Windows 10 user experience.”
User accounts and synchronization Anyone migrating to Windows 10 from Windows 7 should pay special attention to a new user account type, introduced in Windows 8. Signing in with a Microsoft account instead of a local account provides tightly integrated support for cloud-based services, along with easy synchronization of settings and apps between devices.
CHAPTER 1 An overview of the Windows 10 Technical Preview
5
Figure 1-4 shows part of the new Sync Your Settings control, found in the Settings app.
FIGURE 1-4 On devices where the user signs in with a Microsoft account, settings can be synchronized with other devices. Note the new visual design for the Windows 10 Settings app.
The list of settings that can be synchronized includes the layout of the Start screen as well as apps; previously purchased apps can be automatically downloaded and installed from the Store when you sign in with a Microsoft account on a new device. This feature makes it possible to roam easily between devices, with personal settings, apps, and browser tabs, history, and favorites available from each device on which you sign in using a synced Microsoft account. In an enterprise setting, Windows 10 will include provisioning features that allow IT pros to manage this process.
6 Introducing Windows 10 for IT Professionals, Preview Edition
One of the key features planned for Windows 10 is integrated access to cloud-based file storage in OneDrive and OneDrive for Business. Microsoft announced plans to release a unified synchronization utility that will handle both services, but that tool is not yet available for the Windows 10 Preview. In enterprise deployments, you can link a Windows domain account with a Microsoft account to allow robust security and effective network management while still getting the benefits of synchronization with a Microsoft account.
Windows apps Windows 10 includes support for virtually all desktop applications that are compatible with Windows 7. It also supports the latest generation of Windows apps (sometimes referred to as modern apps), which debuted in Windows 8 and have evolved significantly since that time. These apps are distributed through the Windows Store. (In enterprise deployments, IT pros can leverage the Windows Store to deliver line-of-business apps to users.) In Windows 8 and 8.1, modern apps run in one of two modes: full-screen, or snapped to the side of the display. In Windows 10, these apps can run in a window. Figure 1-5, for example, shows a preview release of Microsoft Excel running in a resizable window on a Windows 10 PC.
FIGURE 1-5 This Excel Preview app is available through the Windows Store and, like other modern apps in Windows 10, it can run in a resizable window.
CHAPTER 1 An overview of the Windows 10 Technical Preview
Figure 1-4 shows part of the new Sync Your Settings control, found in the Settings app.
FIGURE 1-4 On devices where the user signs in with a Microsoft account, settings can be synchronized with other devices. Note the new visual design for the Windows 10 Settings app.
The list of settings that can be synchronized includes the layout of the Start screen as well as apps; previously purchased apps can be automatically downloaded and installed from the Store when you sign in with a Microsoft account on a new device. This feature makes it possible to roam easily between devices, with personal settings, apps, and browser tabs, history, and favorites available from each device on which you sign in using a synced Microsoft account. In an enterprise setting, Windows 10 will include provisioning features that allow IT pros to manage this process.
6 Introducing Windows 10 for IT Professionals, Preview Edition
One of the key features planned for Windows 10 is integrated access to cloud-based file storage in OneDrive and OneDrive for Business. Microsoft announced plans to release a unified synchronization utility that will handle both services, but that tool is not yet available for the Windows 10 Preview. In enterprise deployments, you can link a Windows domain account with a Microsoft account to allow robust security and effective network management while still getting the benefits of synchronization with a Microsoft account.
Windows apps Windows 10 includes support for virtually all desktop applications that are compatible with Windows 7. It also supports the latest generation of Windows apps (sometimes referred to as modern apps), which debuted in Windows 8 and have evolved significantly since that time. These apps are distributed through the Windows Store. (In enterprise deployments, IT pros can leverage the Windows Store to deliver line-of-business apps to users.) In Windows 8 and 8.1, modern apps run in one of two modes: full-screen, or snapped to the side of the display. In Windows 10, these apps can run in a window. Figure 1-5, for example, shows a preview release of Microsoft Excel running in a resizable window on a Windows 10 PC.
FIGURE 1-5 This Excel Preview app is available through the Windows Store and, like other modern apps in Windows 10, it can run in a resizable window.
CHAPTER 1 An overview of the Windows 10 Technical Preview
7 As is the case with most modern apps, the Excel Preview (and its Office-mates Word and PowerPoint, which are also available as preview releases) is designed to deliver an excellent experience on touchscreen devices with small screens. These modern apps don’t have the full feature set of their Windows desktop counterparts, but they’re surprisingly useful nonetheless. The Windows Store is in the process of being completely redesigned for Windows 10. In builds up to and including the March Update, the original Store and the new Store (labeled as “Beta”) coexist side by side. Figure 1-6 shows a typical listing in the new Store, which has a cleaner design and offers a broader variety of products than just apps.
FIGURE 1-6 The Windows 10 Store (shown here in a Beta version) offers more than just apps.
MORE INFO For more details on these apps and on the changes to the Windows Store, see Chapter 5, “Deploying and managing Windows Store apps.”
FIGURE 1-6 The Windows 10 Store (shown here in a Beta version) offers more than just apps.
MORE INFO For more details on these apps and on the changes to the Windows Store, see Chapter 5, “Deploying and managing Windows Store apps.”
8 Introducing Windows 10 for IT Professionals, Preview Edition
A new default browser
One of the signature features of Windows 10 will be a new default browser, code-named “Project Spartan.” The new browser was not in early builds of the Windows 10 Technical Preview, making its first appearance (with an incomplete feature set) in April 2015. However, Microsoft has demonstrated its features publicly and has described its long-term goals. As Figure 1-7 shows, the “Project Spartan” browser has an uncluttered, touch-friendly interface with a few hidden features that include the ability to annotate webpages and integrate with Cortana, the Windows 10 personal assistant.
FIGURE 1-7 This “Project Spartan” browser will eventually be the default for Windows 10 devices.
If you’re wondering what happened to Internet Explorer, you’re not alone. Many line-of-business apps in enterprise deployments require Internet Explorer. Some apps require versions older than Internet Explorer 11, which will be the only supported version as of January 2016. The good news for IT pros in those challenging enterprise environments is that Internet Explorer will continue to be available in Windows 10, with Enterprise Mode available as a feature for ensuring that older apps work properly. You can read more details about this two-browser strategy in Chapter 6, “Web browsing and Windows 10.”
CHAPTER 1 An overview of the Windows 10 Technical Preview
A new default browser
One of the signature features of Windows 10 will be a new default browser, code-named “Project Spartan.” The new browser was not in early builds of the Windows 10 Technical Preview, making its first appearance (with an incomplete feature set) in April 2015. However, Microsoft has demonstrated its features publicly and has described its long-term goals. As Figure 1-7 shows, the “Project Spartan” browser has an uncluttered, touch-friendly interface with a few hidden features that include the ability to annotate webpages and integrate with Cortana, the Windows 10 personal assistant.
FIGURE 1-7 This “Project Spartan” browser will eventually be the default for Windows 10 devices.
If you’re wondering what happened to Internet Explorer, you’re not alone. Many line-of-business apps in enterprise deployments require Internet Explorer. Some apps require versions older than Internet Explorer 11, which will be the only supported version as of January 2016. The good news for IT pros in those challenging enterprise environments is that Internet Explorer will continue to be available in Windows 10, with Enterprise Mode available as a feature for ensuring that older apps work properly. You can read more details about this two-browser strategy in Chapter 6, “Web browsing and Windows 10.”
CHAPTER 1 An overview of the Windows 10 Technical Preview
9 What’s new for IT pros?
As an IT pro, your first concern is, of course, the users you support. How much training will they need? Which of your business applications will run problem-free, and which will require modification or replacement? How much effort will a widescale deployment require? And most important of all, can you keep your business data and your networks secure and available? Those questions become even more important to ask when users bring in personal devices— smartphones, tablets, and PCs—and expect those devices to shift between business apps and personal tasks with as little friction as possible. That flexibility has become so common in the modern era that the phenomenon has a name, “consumerization of IT.” To users, the strategy is known by a more colorful name: Bring Your Own Device (BYOD). Microsoft’s approach to the consumerization of IT is to try to satisfy users and IT pros. For users, the goal is to provide familiar experiences on old and new devices. IT pros can choose from a corresponding assortment of enterprise-grade solutions to manage and secure those devices when they access a corporate network.
Security enhancements The cat-and-mouse game between online criminals and computer security experts affects every popular software product. Microsoft’s commitment to securing Windows is substantial, and it includes some groundbreaking advanced features. As part of the ongoing effort to make computing safer, Windows 8 introduced major new security features, Windows 8.1 added still more improvements, and Windows 10 ups the ante yet again. The most significant new Windows 10 security feature involves a major improvement in authentication, based on biometric factors. On Windows 10 devices that include the appropriate hardware, two new features will significantly ease the process of authenticating to the device and to online services: Windows Hello This feature uses biometric authentication—facial recognition, an iris scan, or a fingerprint—to unlock devices. The technology is significantly more advanced than existing biometric methods that are supported for basic authentication in Windows 8.1. For example, Windows Hello requires an infrared-equipped camera (using the same technology found in the Xbox Kinect sensor) to prevent spoofing identification using a photograph. Enabling Windows Hello requires enrolling a Windows 10 device (PC, tablet, or phone) as trusted for the purposes of authentication. In that scenario, the enrolled device itself works as an additional proof of identity, supporting multifactor authentication. Microsoft Passport The second feature is based on a new API that works in conjunction with biometric authentication on an enrolled device to sign in to any supported mobile service. The Passport framework allows enterprise IT managers, developers, and website administrators to
10 Introducing Windows 10 for IT Professionals, Preview Edition
provide a more secure alternative to passwords. During the authentication process, no password is sent over the wire or stored on remote servers, cutting off the two most common avenues for security breaches. Windows 10 also leverages security features found in modern hardware (and originally enabled in Windows 8 and Windows 8.1) to ensure that the boot process isn’t compromised by rootkits and other aggressive types of malware. On devices equipped with the Unified Extensible Firmware Interface (UEFI), the Secure Boot process validates and ensures that startup files, including the OS loader, are trusted and properly signed, preventing the system from starting with an untrusted operating system. After the OS loader hands over control to Windows 10, two additional security features are available: Trusted boot This feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot-critical drivers, and even the antimalware software itself. Early Launch Antimalware (ELAM) drivers are initialized before other third-party applications and kernel-mode drivers are allowed to start. This configuration prevents antimalware software from being tampered with and allows the operating system to identify and block attempts to tamper with the boot process. Measured boot On devices that include a Trusted Platform Module (TPM), Windows 10 can perform comprehensive chain-of-integrity measurements during the boot process and store those results securely in the TPM. On subsequent startups, the system measures the operatingsystem kernel components and all boot drivers, including third-party drivers. This information can be evaluated by a remote service to confirm that those key components have not been improperly modified and to further validate a computer’s integrity before granting it access to resources, a process called remote attestation. To block malicious software after the boot process is complete, Windows 10 includes two signature features that will be new to any organization that is migrating directly from Windows 7: Windows Defender Previous Windows versions included a limited antispyware feature called Windows Defender. Beginning with Windows 8, the same name describes a full-featured antimalware program that is the successor to Microsoft Security Essentials. Windows Defender is unobtrusive in everyday use, has minimal impact on system resources, and updates both its signatures and the antimalware engine regularly. Windows Defender includes network behavior monitoring as well. If you install a different antimalware solution, Windows Defender disables its real-time protection but remains available. Windows SmartScreen Windows SmartScreen is a safety feature that uses application reputation-based technologies to help protect Windows users from malicious software. This browser-independent technology checks any new application before installation, blocking potentially high-risk applications that have not yet established a reputation. The Windows SmartScreen app reputation feature works with the SmartScreen feature in the default Windows browser, which also protects users from websites seeking to acquire personal information such as user names, passwords, and billing data.
CHAPTER 1 An overview of the Windows 10 Technical Preview
As an IT pro, your first concern is, of course, the users you support. How much training will they need? Which of your business applications will run problem-free, and which will require modification or replacement? How much effort will a widescale deployment require? And most important of all, can you keep your business data and your networks secure and available? Those questions become even more important to ask when users bring in personal devices— smartphones, tablets, and PCs—and expect those devices to shift between business apps and personal tasks with as little friction as possible. That flexibility has become so common in the modern era that the phenomenon has a name, “consumerization of IT.” To users, the strategy is known by a more colorful name: Bring Your Own Device (BYOD). Microsoft’s approach to the consumerization of IT is to try to satisfy users and IT pros. For users, the goal is to provide familiar experiences on old and new devices. IT pros can choose from a corresponding assortment of enterprise-grade solutions to manage and secure those devices when they access a corporate network.
Security enhancements The cat-and-mouse game between online criminals and computer security experts affects every popular software product. Microsoft’s commitment to securing Windows is substantial, and it includes some groundbreaking advanced features. As part of the ongoing effort to make computing safer, Windows 8 introduced major new security features, Windows 8.1 added still more improvements, and Windows 10 ups the ante yet again. The most significant new Windows 10 security feature involves a major improvement in authentication, based on biometric factors. On Windows 10 devices that include the appropriate hardware, two new features will significantly ease the process of authenticating to the device and to online services: Windows Hello This feature uses biometric authentication—facial recognition, an iris scan, or a fingerprint—to unlock devices. The technology is significantly more advanced than existing biometric methods that are supported for basic authentication in Windows 8.1. For example, Windows Hello requires an infrared-equipped camera (using the same technology found in the Xbox Kinect sensor) to prevent spoofing identification using a photograph. Enabling Windows Hello requires enrolling a Windows 10 device (PC, tablet, or phone) as trusted for the purposes of authentication. In that scenario, the enrolled device itself works as an additional proof of identity, supporting multifactor authentication. Microsoft Passport The second feature is based on a new API that works in conjunction with biometric authentication on an enrolled device to sign in to any supported mobile service. The Passport framework allows enterprise IT managers, developers, and website administrators to
10 Introducing Windows 10 for IT Professionals, Preview Edition
provide a more secure alternative to passwords. During the authentication process, no password is sent over the wire or stored on remote servers, cutting off the two most common avenues for security breaches. Windows 10 also leverages security features found in modern hardware (and originally enabled in Windows 8 and Windows 8.1) to ensure that the boot process isn’t compromised by rootkits and other aggressive types of malware. On devices equipped with the Unified Extensible Firmware Interface (UEFI), the Secure Boot process validates and ensures that startup files, including the OS loader, are trusted and properly signed, preventing the system from starting with an untrusted operating system. After the OS loader hands over control to Windows 10, two additional security features are available: Trusted boot This feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot-critical drivers, and even the antimalware software itself. Early Launch Antimalware (ELAM) drivers are initialized before other third-party applications and kernel-mode drivers are allowed to start. This configuration prevents antimalware software from being tampered with and allows the operating system to identify and block attempts to tamper with the boot process. Measured boot On devices that include a Trusted Platform Module (TPM), Windows 10 can perform comprehensive chain-of-integrity measurements during the boot process and store those results securely in the TPM. On subsequent startups, the system measures the operatingsystem kernel components and all boot drivers, including third-party drivers. This information can be evaluated by a remote service to confirm that those key components have not been improperly modified and to further validate a computer’s integrity before granting it access to resources, a process called remote attestation. To block malicious software after the boot process is complete, Windows 10 includes two signature features that will be new to any organization that is migrating directly from Windows 7: Windows Defender Previous Windows versions included a limited antispyware feature called Windows Defender. Beginning with Windows 8, the same name describes a full-featured antimalware program that is the successor to Microsoft Security Essentials. Windows Defender is unobtrusive in everyday use, has minimal impact on system resources, and updates both its signatures and the antimalware engine regularly. Windows Defender includes network behavior monitoring as well. If you install a different antimalware solution, Windows Defender disables its real-time protection but remains available. Windows SmartScreen Windows SmartScreen is a safety feature that uses application reputation-based technologies to help protect Windows users from malicious software. This browser-independent technology checks any new application before installation, blocking potentially high-risk applications that have not yet established a reputation. The Windows SmartScreen app reputation feature works with the SmartScreen feature in the default Windows browser, which also protects users from websites seeking to acquire personal information such as user names, passwords, and billing data.
CHAPTER 1 An overview of the Windows 10 Technical Preview
11 Windows 10 adds information-protection capabilities that make it possible to protect corporate data even on employee-owned devices. Network administrators can define policies that automatically encrypt sensitive information, including corporate apps, data, email, and the contents of intranet sites. Support for this encryption is built into common Windows controls, such as Open and Save dialog boxes. For tighter security, administrators can create lists of apps that are allowed to access encrypted data as well as those that are denied access—a network administrator might choose to deny access to a consumer cloud file-storage service, for example, to prevent sensitive files from being shared outside the organization. Two features should be of significant interest to anyone with responsibility for sensitive enterprise data: Enterprise Data Protection This feature is an evolution of Remote Business Data Removal (RBDR), a feature introduced in Windows 8.1 and significantly enhanced for Windows 10. Using this feature, administrators can mark and encrypt corporate content to distinguish it from ordinary user data. Policies control what employees can do with data marked as such, and when the relationship between the organization and the user ends, the encrypted corporate data is no longer available to the now-unauthorized user, This is a significant new feature, due in the Windows 10 timeframe but not yet available in preview builds. Pervasive Device Encryption Device encryption is available in all editions of Windows 10. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on the Pro and Enterprise editions. Devices that support the InstantGo feature (formerly known as Connected Standby) are automatically encrypted and protected when using a Microsoft account. Organizations that need to manage encryption can easily add additional BitLocker protection options and manageability to these devices. On unmanaged Windows 10 devices, BitLocker Drive Encryption can be turned on by the user, with the recovery key saved to a Microsoft account. BitLocker in Windows 10 supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. On this type of storage device, BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption. On devices without hardware encryption, BitLocker encrypts data more quickly than you’ve grown accustomed to in Windows 7 environments. BitLocker allows you to choose to encrypt only the used space on a disk instead of the entire disk. In this configuration, free space is encrypted when it’s first used. This results in a faster, less disruptive encryption process so that enterprises can provision BitLocker quickly without an extended time commitment. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN. A final security measure is appropriate for organizations with high-security needs, such as regulated industries, defense contractors, and government agencies concerned about online espionage. With Windows 10 Enterprise edition and specially configured OEM hardware, administrators will be able to use the Device Guard feature to completely lock down devices so that they’re unable to run untrusted code.
12 Introducing Windows 10 for IT Professionals, Preview Edition
In this configuration, the only apps that will be allowed to run are those signed by a Microsoft-issued code-signing certificate. That includes any app from the Windows Store as well as desktop apps that an organization has submitted to Microsoft to be digitally signed. These signed apps can also be delivered to employees through a customized Business Store. If your enterprise uses internal line-of-business apps that are sideloaded, they will need to be signed by an enterprise certificate. This feature is not available in current Windows 10 Technical Preview releases. Chapter 4, “Security in Windows 10,” provides more information about these security features.
Deployment and manageability Deploying Windows 10 in an organization is faster and easier than in Windows 7, thanks to new features originally introduced in Windows 8.1. Improvements in deployment processes for Windows 10 can make it even easier to standardize on a corporate configuration. The traditional “wipe and load” option is still available for Windows 10 upgrades. That process involves capturing data and settings from an existing device, deploying a custom operating system image, injecting drivers and installing apps, and then restoring the data and settings. An additional option is the in-place upgrade, in which Windows handles the process of migrating apps and data from an existing image to a new (standard) image. This process is similar to the upgrade process consumers use via Windows Update, but it’s managed by System Center Configuration Manager and the Microsoft Deployment Toolkit, both of which should be familiar to IT pros. Windows 10 adds a new provisioning option, which transforms a device with an OEM installation of Windows 10 into an enterprise-ready device. This procedure removes unwanted items from the OEM configuration and adds items, apps, and configuration details that would have been part of a standard custom image. The result is the same as a wipe-and-load deployment, but simpler and more flexible.
On unmanaged devices, the Refresh Your PC and Reset Your PC options help streamline the recovery process. These options, which have evolved significantly from their original Windows 8 versions, allow users to restore or repair a Windows 10 device without having to make an appointment with the help desk. The new recovery options in Windows 10 include a significant benefit: The restored operating system contains all current updates, meaning that the user doesn’t have to go through a tedious round of system updates after repairing the installation. As with Windows 8.1, the reset option includes data-wiping capabilities that make it possible for a user to transfer a device to a new owner without worrying about inadvertently disclosing sensitive personal or business data.
MORE INFO For more information about planning and carrying out a Windows 10 deployment, see Chapter 3, “Deploying Windows 8.1.”
CHAPTER 1 An overview of the Windows 10 Technical Preview
12 Introducing Windows 10 for IT Professionals, Preview Edition
In this configuration, the only apps that will be allowed to run are those signed by a Microsoft-issued code-signing certificate. That includes any app from the Windows Store as well as desktop apps that an organization has submitted to Microsoft to be digitally signed. These signed apps can also be delivered to employees through a customized Business Store. If your enterprise uses internal line-of-business apps that are sideloaded, they will need to be signed by an enterprise certificate. This feature is not available in current Windows 10 Technical Preview releases. Chapter 4, “Security in Windows 10,” provides more information about these security features.
Deployment and manageability Deploying Windows 10 in an organization is faster and easier than in Windows 7, thanks to new features originally introduced in Windows 8.1. Improvements in deployment processes for Windows 10 can make it even easier to standardize on a corporate configuration. The traditional “wipe and load” option is still available for Windows 10 upgrades. That process involves capturing data and settings from an existing device, deploying a custom operating system image, injecting drivers and installing apps, and then restoring the data and settings. An additional option is the in-place upgrade, in which Windows handles the process of migrating apps and data from an existing image to a new (standard) image. This process is similar to the upgrade process consumers use via Windows Update, but it’s managed by System Center Configuration Manager and the Microsoft Deployment Toolkit, both of which should be familiar to IT pros. Windows 10 adds a new provisioning option, which transforms a device with an OEM installation of Windows 10 into an enterprise-ready device. This procedure removes unwanted items from the OEM configuration and adds items, apps, and configuration details that would have been part of a standard custom image. The result is the same as a wipe-and-load deployment, but simpler and more flexible.
On unmanaged devices, the Refresh Your PC and Reset Your PC options help streamline the recovery process. These options, which have evolved significantly from their original Windows 8 versions, allow users to restore or repair a Windows 10 device without having to make an appointment with the help desk. The new recovery options in Windows 10 include a significant benefit: The restored operating system contains all current updates, meaning that the user doesn’t have to go through a tedious round of system updates after repairing the installation. As with Windows 8.1, the reset option includes data-wiping capabilities that make it possible for a user to transfer a device to a new owner without worrying about inadvertently disclosing sensitive personal or business data.
MORE INFO For more information about planning and carrying out a Windows 10 deployment, see Chapter 3, “Deploying Windows 8.1.”
CHAPTER 1 An overview of the Windows 10 Technical Preview
13 Virtualization Windows 10 includes a robust, built-in virtualization platform. This feature, called Client Hyper-V, will be familiar to organizations that tested or deployed Windows 8.1, but for those upgrading from Windows 7 it is a major addition to the platform. Client Hyper-V uses the same hypervisor found in Windows Server, allowing you to create virtual machines (VMs) capable of running 32-bit and 64-bit versions of Windows client and server operating systems. IT pros and developers can create robust test beds for evaluating and debugging software and services without adversely affecting a production environment. Client Hyper-V leverages the security infrastructure of Windows 10 and can be managed easily by existing IT tools, such as System Center. VMs can be migrated between a desktop PC running Windows 10 and a Hyper-V environment on Windows Server. Client Hyper-V requires Windows 10 Pro or Windows 10 Enterprise; it also requires that specific hardware features be available on the host device. For more details about the capabilities of Client Hyper-V, see Chapter 8, “Virtualization in Windows 10.” In conjunction with Windows Server 2012 and later releases, Windows 10 also supports an alternative form of virtualization: Virtual Desktop Infrastructure (VDI). Setting up a VDI environment is straightforward, thanks to a simple setup wizard. Managing a VDI environment is simple with administration, intelligent patching, and unified management capabilities. The Remote Desktop client in Windows 10 allows users to connect to a virtual desktop across any type of network, either a local area network (LAN) or wide area network (WAN). Microsoft RemoteFX provides users with a rich desktop experience that compares favorably with a local desktop, including the ability to play multimedia, display 3D graphics, use USB peripherals, and provide input on touch-enabled devices. Features such as user-profile disks and Fair Share ensure high performance and flexibility, with support for lower-cost storage and sessions helping to reduce the cost of VDI. All these benefits are available across different types of VDI desktops (personal VM, pooled VM, or session-based desktops).
No comments:
Post a Comment
suggest me about my post