Windows 10 has officially launched amid a fanfare of publicity from Microsoft, but the focus so far has largely been on the capabilities that the new platform brings for individual users, while businesses are looking for better security, easier deployment and manageability.
All of the focus of the Windows 10 launch on 29 July was around Windows 10 Home and Windows 10 Pro. However, Windows 10 Enterprise is now available for volume licensing customers, and there are some differences in the capabilities supported by these versions.
That said, Windows 10 Pro is aimed at professional users and small businesses, and includes some features not in the Home version intended for consumers. These include the ability to be joined to a corporate domain and be managed via Group Policy in Active Directory, Bitlocker, client-side virtualisation using Hyper-V, and Remote Desktop.
However, one of the most important differences for businesses is in the way updates are delivered. Microsoft has previously said that Windows 10 will be continuously updated with new features over the lifetime of the platform, automatically delivered and installed via the Windows Update service.
This decision has already been causing problems for some testers on the Windows Insider preview programme.
Fortunately, business users have other choices. Customers running Windows 10 Pro or Windows 10 Enterprise can take advantage of Windows Update for Business or Current Branch for Business, while a third option, Long Term Servicing Branch, is supported only in Windows 10 Enterprise.
Windows Update for Business gives companies more control over the way updates are delivered. It allows for maintenance windows, whereby administrators can specify periods when updates should or should not take place. It also supports distribution rings, enabling the administrator to specify which devices should receive updates first as part of an update wave.
Current Branch for Business offers an alternative update schedule. Opting for this will allow an organisation's Windows 10 systems to receive updates that bring new operating system features only after their quality and application compatibility has been assessed in the consumer market. Security updates will continue to be delivered as normal.
Long Term Servicing Branch is intended for environments such as financial trading systems, where stability is paramount. To this end, it will minimise change by not delivering new features for the duration of mainstream support. Once again, these systems will continue to receive security fixes and critical updates.
On the security side, Windows 10 Pro and Windows 10 Enterprise both support a new feature called Enterprise Data Protection, while only customers on Windows 10 Enterprise will have access to Device Guard.
Enterprise Data Protection is designed to help organisations deal with the increase of employee-owned devices in the enterprise, potentially leading to corporate data being exposed.
It allows administrators to control how company-owned data is used on such devices by defining specific 'privileged apps' that are allowed to access corporate data, managed via Intune or System Centre Configuration Manager. Conversely, non-privileged apps can be blocked from accessing data that is flagged as company-owned.
Device Guard takes this a stage further, using a combination of hardware and software to ensure that only trusted applications can run, in a bid to exclude malware from corporate machines. Device Guard will allow applications to run only if they have been signed by specific software vendors, the Windows Store or the organisation's own IT department.
At the core of Device Guard is the Windows 10 Enterprise Hypervisor, which introduces new capabilities for virtual trust levels, enabling services to run in isolation from other software.
The Code Integrity service, which checks whether an app is trusted to run, operates this way. Device Guard also requires PCs with Unified Extensible Firmware Interface firmware to enforce a secure boot of the operating system.
Windows Hello (below) is not strictly a business-only feature, but this new capability in Windows 10 provides greater security through biometric authentication, enabling a user to unlock their device with their face, iris or fingerprint. This requires a fingerprint scanner or specialised camera hardware.
Further, Windows Hello can be used in concert with Microsoft Passport to replace passwords when logging in via Active Directory or to a Microsoft Azure Active Directory account.
During Microsoft Passport enrolment, a Passport is set up on the user's device and the user defines a gesture, which can be Windows Hello or a Pin, to verify their identity in future. The user therefore requires a specific device and their biometric gesture to gain access.
Finally, on the deployment side, Microsoft is offering an updated System Centre Configuration Manager with expanded tools to deploy, update, manage and secure Windows 10, which also integrates with Windows Update for Business.
The firm is also enabling corporate IT departments to create provisioning packages that can be distributed to end users to enable them to configure their device with all the necessary settings.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal