There’s little doubt that Windows 10 adoption is on a roll—400+ million devices and 54% of global organizations are running Microsoft’s latest operating system (OS). It’s only about a month since the third major upgrade (Creators Update/v1703) was launched, and Microsoft is continuing to ride the wave by introducing the newest variant of its operating system: Windows 10 S. At its core, the “S” stands for simplicity and security, and fully embraces the modern, mobile-cloud architecture and management model.
This cloud-first approach for deploying, managing and securing Windows 10—and for that matter any endpoint—is also something VMware has perfected and consistently pushes forward. The launch of Windows 10 S is particularly exciting and a great testament to our endpoint management strategy. If you are planning to embrace Windows 10 S, you will be excited to know that we support this new OS today.
To quickly recap Microsoft’s announcement, the new OS is a variant or a subset of Windows 10 Pro and will:
- Not support on-premises directory, and can only be cloud-domain joined with Microsoft Azure Active Directory (AAD).
- Also support a local user account or a Microsoft Account (MSA).
- Be managed exclusively leveraging the modern, Mobile Device Management (MDM) APIs.
- Be updated exclusively over-the-air using the new Windows Update service.
- Run only trusted Windows Store apps within a secure container.
- Run only secure web browsers that are installed from Windows Store.
- Unlike the Office modern apps, feature a full suite of native Microsoft Office 365 productivity apps that are converted for installation from Windows Store.
- Support a broad range of modern Windows devices such as touch-enabled tablets, two-in-one devices, ultrabooks and even the sub-$200 education-focused PCs.
VMware Supports Your Windows 10 S Deployments
VMware is uniquely positioned to make your journey to Windows 10 as seamless as possible. As you consider rolling out Windows 10 S, our end-user computing solution, VMware Workspace ONE, helps address several scenarios, such as:
- Accelerating the move to Windows 10;
- Reducing the costs of PC lifecycle management;
- Extending the life of endpoints;
- Delivering apps more reliably, while also extending incompatible or graphic-intensive apps;
- And improving endpoint, app and data security.
Accelerate Business: Get your workforce ready—faster!
Workspace ONE supports your end users with intuitive and self-service onboarding of Windows 10 devices. With Workspace ONE, out-of-box enrollment (OOBE) can be enabled. End users simply power on the device and enter their corporate credentials on first boot. This auto joins the device to the cloud domain (AAD), and enrolls the device into mobile device management (MDM).
Alternatively, for bring-your-own (BYO) use cases, end users can also manually navigate to “Settings” and join AAD by entering their corporate credentials. When using just a local or MSA account, users can follow a simple Workplace Enrollment (native MDM) workflow, similar in experience to smartphone enrollments.
For education, you can provision student devices in bulk by taking advantage of the Set up School PCs app or the Windows Imaging and Configuration Designer (WICD) tool. Quickly create baseline settings for school PCs and enroll into VMware AirWatch endpoint management.
Modernize Management: Manage your digital workspace—not things!
Once onboarded, Workspace ONE manages the Windows devices leveraging the modern, mobile-cloud framework. Powered by AirWatch unified endpoint management, Workspace ONE enables instant push-based policy configuration of Windows 10 endpoints over the air. It also supports and provides a much more granular management for the recommended Windows Updates service.
Workspace ONE integration with Microsoft’s Business Store Portal (BSP) makes it easier for organizations to buy, assign, revoke and manage licenses for any Windows Store apps. IT can manage and distribute these Universal Windows Platform (UWP) apps directly from a custom company app catalog (Workspace ONE UWP app) or silently upon device onboarding.
Control Risks: Defend modern security threats—in real-time!
Today’s new age of cybersecurity challenges also requires an end-to-end security consideration, which establishes user trust; hardens the OS defense against new threats and provides work and personal data separation to protect company data at rest, in use and in transit.
Workspace ONE integration with AAD enables secure and simple single sign-on access controls to work apps and resources. You can create application whitelist and blacklist rules and prevent users from downloading and installing unapproved apps from the Windows Store. You can set security policies and restrictions for the default Microsoft Edge browser (e.g. enable SmartScreen phishing filters, disable Password Manager, etc.). Further, native Data Loss Prevention (DLP) and app-level VPN features ensure that work info / IP is constantly protected whether in use, at rest or in transit.
Redefine User Experience: Maximize Productivity on any device—anywhere!
Over the years, VMware has invested a lot of thought and resources into enhancing both IT and end-user experiences. Consider, for example, the features I just laid out around out-of-the-box deployment—one-touch, self-service access to all work apps and services.
With Workspace ONE, you’re also no longer constrained by the lack of support for traditional Win32 apps on Windows 10 S. Using the VMware Horizon UWP client, you can now extend access to any virtual desktop or your apps to your Windows device. The client includes support for Horizon’s Blast Extreme protocol for a superior user experience, even on non-ideal networks that have higher latencies and lost packets. This means that with the Horizon UWP client, any device running Windows 10 S can be transformed into a workstation-class desktop that takes full advantage of shared data center resources, with on-the-go access from any location.
Benefits of the Cloud-First Windows 10 Management & Security Approach
Organizations increasingly find that the legacy, on-premises approach for managing PCs is not suited for a large portion of their evolving workforce. With consumerization at the workplace, organizations also need to respect employee choice, privacy and mobility. Taking a one-size-fits-all approach of controlling the endpoint state (e.g. with standardized OS image and heavy-handed management policies) instead of managing the outcomes (e.g. simple, secure workspace for your employees) fails to meet this objective and turns out to be a burden on IT, insecure for business and counterproductive for employees.
On the other hand, VMware’s cloud-first approach empowers your digital workspace. It allows you to:
- Unchain your employees from the domain and consistently manage users anywhere.
- Deliver instant user value by onboarding devices in minutes, right out of the box.
- Adopt real-time security, compliance and remediation from the cloud.
- Establish contextual access policies for any app in one place.
- Deliver anytime, anywhere app and desktop access for the user.
- Enable employee self-service functionality to reduce the burden on IT.
- Harness consumerization and collaboration in the enterprise—any app, any device.
The changes in Windows 10 S are only the first step towards realizing these goals. Taking the cloud-first management and security approach for your endpoints completes the journey—lowering IT costs, increasing security and delivering a peak user experience.
Will you be at MMS 2017?
We would love to see you. Stop by the VMware booth, and join Jason Roszak, director of product management at VMware, for a demo! Learn how to efficiently deploy, manage and secure Windows 10 endpoints across all networks and use cases Tuesday, May 16, 8–9:45 a.m. in Nokomis, BC. Register here.
Because you liked this post:
- Azure AD Join with VMware Workspace ONE
- What’s New for Windows 10 Management with VMware AirWatch 9.1
- Windows 10 Enrollment Made Simple
Featured Image Source: Microsoft