Last year, I upgraded to a new Apple iPhone. The transition from my previous model was seamless. I took the phone out of the box, entered my Apple iCloud credentials and all my previous contacts, apps and data synced in minutes. Every time I upgrade my personal smartphone, I think about how painful this process is for company-issued devices. With Windows 10, however, Microsoft changed the game for enterprise IT.
Now, organizations can deliver that same consumer-like experience in the enterprise across Windows 10 laptops, desktops, tablets and other devices. In the second video in our Redmond Series, we explore newly available Windows 10 deployment options and the impact of a modern approach on IT:
- Challenges with Traditional Tools
- Opportunities with a Modern Management Approach
- Rethinking Deployment Options in the Enterprise
- Post Deployment Configuration Considerations
- Test Out the Modern Enrollment Options Today
[Miss the first video in VMware’s new Redmond Series? Click here to watch Episode 1: Exploring How Windows 10 Affects Your Business.]
Challenges with Traditional Tools
When PC lifecycle management was in its prime 10 years ago, the management of corporate desktops centered on the company network. IT delivered a standard operating environment with limited hardware and software options. Back then:
- You came into a physical corporate office.
- You sat at an assigned desk.
- You worked on a PC tethered to the corporate network.
As we shift from the client server to the mobile-cloud era, we realize that traditional PC management is complex. IT must:
- Build a golden image for each device type and use case;
- Deal with a complicated OS and application deployment and patching process; and
- Maintain a massive management and distribution point infrastructure.
All these complexities correlate to cost. According to industry analysts, the average cost to deploy a new operating system (OS) can cost nearly $2,000 per machine. Likely, a company with 10,000 employees spends more than $200,000 a year to maintain existing servers, storage and network infrastructure. IT builds deployment costs around a server-client relationship. By taking a modern approach to Windows 10, organizations deliver a consumer-like experience. Users take a device out of the box, power it on for the first time and automatically transform the machine to a company device. They do all this without the need to either re-image or IT touching the device, regardless of whether the user is on the corporate network, working from home or working out of a Starbucks on the road.
[Related Study: Total Impact of Modern Windows 10 & Content Management with VMware]
Opportunity with a Modern Management Approach
Enterprise mobility management (EMM) for iOS and Android devices changed the management paradigm for endpoints. By taking a cloud-first approach, organizations no longer need a vast server infrastructure. IT now gets:
- Real-time visibility and policy distribution;
- Automated compliance and monitoring; and
- Simplified management.
When we talk to customers leveraging EMM for their mobile device fleet, it is not uncommon for them to dedicate one admin for every 10,000 devices. When you compare that to traditional PCLM tools, we typically see one admin for every 250 devices. By extending EMM capabilities to Windows 10, organizations have an opportunity to realize dramatic cost avoidances.
Even with some of the additional complexities with Windows 10, such as application file sizes and app contingencies/dependences, I believe a highly conservative estimate of one admin for every 1,000 desktops is easily achievable. The reduced overhead and infrastructure costs free admins and IT to drive business value within their organization—instead of being a cost center.
Rethinking Deployment Options in the Enterprise
As customers begin migrating to Windows 10, enrollment best practices cause confusion in the market, based on:
- Whether the devices are domain or non-domain joined;
- The required management depth (e.g. GPOs vs. MDM);
- The type of a device; and
- The specific use case.
With unified endpoint management (UEM), organizations support all use cases within a single pane of glass. From there, they implement enrollment options that best meet their deployment requirements, whether that is an out of box experience, physical provisioning by IT or virtual desktop delivery to either corporate-owned or employee-owned devices.
[Related Whitepaper: Unified Endpoint Management—You’re Already Behind]
Out of Box Experience
We previously discussed how IT could now drop ship a device, and a user can be up and running in minutes. Here is a demo video of the experience from an end user’s perspective:
With this approach, we make enrollment incredibly simple and consumer-like for the user with no direct support from IT:
1. User receives a new device shipped to them at work, home or on the road.
2. They take it out of the box and follow a few simple steps to set-up the device.
3. On entering their corporate credentials, the device automatically joins to Azure Active Directory, and EMM enrollment happens automatically.
4. Once enrolled, device management continues the onboarding process to fully secure and configure the device for work.
5. The user starts working in minutes on a fully transformed corporate device.
While the out-of-box experience is fantastic for end users and IT, many organizations still prefer to provision devices themselves or through a third party. Historically, IT managed dedicated images across every piece of OEM hardware, OS versions and use cases. This limited the number of device types IT issued to users.
With Windows 10 and VMware AirWatch UEM, provisioning is dramatically faster and easier to perform. The new provisioning process replaces traditional imaging and creates device choice and freedom. IT can now:
- Generate a provisioning package (PPKG) with the Windows Imaging and Configuration Designer tool (WICD).
- Distribute the PPKG file to any device over-the-air with a thumb drive or even as an email attachment.
- Execute the PPKG to complete the automated onboarding based on the device type and a user’s role in the organization.
Virtual Desktop and Application Delivery
As organizations migrate to Windows 10, virtual desktop and application delivery addresses several use cases. Existing hardware might not support Windows 10 migration. Some mission-critical applications might be too graphics intensive or incompatible with Windows 10. Some users may have personal devices on a different OS. All of these scenarios may be better suited for virtual desktops and applications.
VMware Horizon extends virtual desktops and applications on premises or from the cloud wherever a user has an internet connection. Users easily access their virtual desktop or applications from the VMware Workspace ONE app catalog from any device with single sign-on.
Post Deployment Configuration Considerations
Regardless of the deployment option you choose, you also benefit from the ability to configure the device consistently from the same AirWatch console and across any use case. Now, you can easily configure or change Wi-Fi, VPN, certificates, email, passcodes, compliance and restriction settings, encryption, firewall and antivirus. You can even modify the OS license as needed instantly and over the air.
For example, by configuring per-app VPN on a device, users do not have to manually launch a VPN client and enter their corporate credentials when off the domain. AirWatch recognizes that an approved application on a managed device is off the company network and automatically establish a per-app VPN connection without user interaction.
While these new configuration policies in the AirWatch console are robust and easy to use, we recognize that many admins have advanced requirements. Some admins may have leftover scripts from their legacy PCLM tool that they need to apply within a modern management framework. With AirWatch UEM, you simply take those scripts and create advanced task automation sequences to apply policies, settings and apps to end users on or off the domain.
Test Out the Modern Enrollment Options Today
Compared with traditional imaging approaches, modern Windows 10 management tools enable IT with new options for enrolling users at a fraction of the time and cost. Windows 10 and AirWatch UEM gives you an opportunity to re-imagine how you do deployment today.
I encourage you to experience these enrollment options yourself, so you can see how simple the process can be for your organization. We created a sandboxed environment we call Test Drive, where you can try out the enrollment and other Windows 10 management capabilities.
Leave us a question or comment below. Our experts will respond directly and maybe even cover your question in upcoming episodes.