Here at VMware AirWatch, we are incredibly excited about the transformative power of mobility and the cloud for businesses large and small. Over the years, we have had the opportunity and privilege of supporting and guiding our customers across many industry verticals on their mobile adoption journeys. In doing so, we collaborate with technology leaders, including Microsoft, to bring the best mobile security and management capabilities to organizations as soon as a new device or operating system (OS) version is released.
In the last few years of working with the Windows product team, we have watched the OS evolve into a truly mobile OS. Windows 10 is clearly a paradigm shift that brings together the power and flexibility of PCs with the management convenience and robust security that we have come to know and love on mobile operating systems, such as iOS, Android and Windows Phone.
With Windows 10 and the right enterprise mobility management (EMM) solution, we believe that the time is ripe for enterprises to re-evaluate IT best practices and business processes and analyze how Windows 10 can meet the growing needs of companies as they adapt to a mobile-first, cloud-first world.
A “Quantum Leap” in IT & End-user Productivity
Despite being physically mobile, PCs in the workplace have always been on a virtual leash by being tied to their domain and to an on-premises infrastructure. Legacy Windows OS versions, such as Windows 7, rely on traditional heavy-handed PC Lifecycle Management (PCLM) tools, which require administrators to deploy images for individual use cases, join the devices to the domain, run complex scripts and leverage GPO policies just to bootstrap devices for basic use.
In Windows 8.1, we saw the early stages of how PCs can be managed easily for mobile use cases, but the experience was not compelling enough to drive large-scale adoption. With Windows 10, however, Microsoft has taken a quantum leap in merging the best of mobility with end-user and IT productivity.
Let’s take a look at just a few of these game-changing features that make Windows 10 a truly mobile device and warrant an cloud-based, EMM-type approach to managing the OS:
1. “Windows as a Service”: No More Fragmentation
Microsoft is finally getting out of the business of shipping CDs to stores and instead shipping incremental updates over the air, similar to a mobile OS experience. This allows IT admins and users to avoid time-consuming and expensive refresh cycles. What warranted a rip-and-replace type update management and handing over of end-user devices for installing service packs and images can be silently performed with minimal disruption to the end user. Furthermore, the “Windows-as-a-Service” model leads to consistent adoption of Windows on all desired endpoints, and IT does not have to worry about a highly fragmented device ecosystem within their organization.
2. Out-of-Box-Configuration: Shrink-wrapped Devices Straight to the End User
The cloud-enrollment experience simplifies onboarding by enabling IT to purchase and ship Windows 10 devices straight to end users. After unwrapping new devices, users will be automatically prompted to choose the device type and ownership as part of a seamless boot-up process. The system also guides users through joining Azure AD and corporate networks in a few simple steps.
Enterprise mobility management (EMM) expands these Windows 10 out-of-the-box capabilities even further—regardless of whether the company wants to deploy a bring-your-own-laptop (BYOL), choose-your-own-laptop (CYOL) or corporate-owned device program. Using VMware AirWatch, admins can add applications, remove bloatware, configure settings and push packages that enable access to company resources without the overhead of managing OS images.
[Related: Modernizing Laptop Management]
3. Enterprise Data Protection: Separation of Work & Personal Content
Today, more and more users bring their own personal devices to work, and organizations see value in supporting a BYOD program that helps users choose the device they need to be most productive. However, BYOD also results in work and personal data existing on the same device. Managed Open-in and containerization for iOS and Android for Work help isolate work and personal data on the device. In Windows 10 Microsoft has introduced Enterprise Data Protection (EDP), which is an elegant and powerful solution that places an emphasis on user privacy while still allowing organizations to secure their data at the OS and file system level.
EDP in conjunction with EMM allows admins to configure security policy levels ranging from simply auditing sensitive data at rest and motion to enforcing the prevention of accidental and deliberate data leakage. Microsoft has addressed a major privacy concern for end users and has enabled enterprises to support dual-persona devices for use cases where employees bring their own device to work.
4. Identity & Cloud Authentication with O365: Enabling the Office Worker
Office 365 is a powerful platform that offers productivity apps, identity, storage and collaboration in the cloud. The transfer of data and apps to the cloud opens up multiple new collaboration use cases while also presenting new security challenges for the organizations. Traditional network perimeter defined by firewalls and proxies are no longer sufficient as devices need to reach out to multiple cloud resources. In this environment security must expand to the endpoints and be administered from the cloud. AirWatch supports endpoint device management and enables organizations to protect their cloud and on-premises assets—including Office 365—through a scalable, cloud-based security model. VMware Identity Manager helps organizations federate identity management to the cloud and provides industry-first conditional access capabilities across all platforms and on all device types.
[Related: Deploy & Secure Office 365 with AirWatch]
5. Device Guard & Health Attestation: Most Secure Windows Ever
Jailbreaking and rooting of devices are two constant threats to enterprise data on mobile devices. Once compromised, an enterprise cannot apply any restrictions or policies on a device undermined by an attack.
Windows 10 helps organizations eliminate these security concerns on laptops, desktops and phones via the introduction of Device Guard and Health Attestation. Through Device Guard, Windows 10 provides hardware and software controls that secures a device at the kernel layer. This eliminates most threat vectors and prevents any unauthorized or malicious applications from running on the device.
Using the Health Attestation service, Windows 10 also allows admins to check the boot integrity and health of a device. AirWatch, through deep integration with Device Guard Policies and Health Attestation Services, monitors device health data in real time and performs automatic compliance actions based on the device posture policies or rules.
6. Converged Application Framework: The Changing Nature of Mobile Productivity
A majority of companies still exclusively use Win32 and web applications for business. Given the power of Win32 APIs, many organizations and independent software vendors (ISVs) have not yet adopted the modern app development platform, which means Win32 applications will continue to remain the primary application type on Windows for a few more years.
However, with the converged Universal Windows Platform (UWP), many organizations are in the process of enabling line-of-business use cases that go beyond Office apps and email. These organizations build custom applications that work on any Windows device and are crucial to the success of the field workers, remote workers, retail employees and technicians who are not confined to a desk.
Windows + EMM: Empowering the New Digital Workspace
With EMM-based management capabilities of Windows 10, IT can now manage the entire lifecycle of Win32 and universal applications over the air. Admins no longer need dedicated products to manage and distribute Win32 and mobile applications, and end users get a single point of access to the best apps they need to work anytime, anywhere and on any device.
The powerful new features in Windows 10, combined with the additional layer of capabilities and security through EMM, are already empowering enterprises to enable a truly digital workspace.
To dive deeper into how AirWatch supports your Windows 10 deployments, please visit air-watch.com/solutions/windows.
Because you liked this blog: