What Windows 10 means for the enterprise

Built-in MDM

Group Policy is the traditional way of managing PCs in the enterprise, but with the shift to BYOD, apps rather than desktop programs, and cloud services, controlling the settings on a PC is less important than managing what users have access to.

MDM

Mobile Device Management is built into Windows 10

The phone-style Mobile Device Management that's built into Windows 10 is cheaper and simpler to manage, and less annoying for users. Instead of controlling specific Windows features, it lets you check that a device has all the necessary security updates, including anti-virus protection, and it allows you to control the Windows Store, limit which apps can connect over VPN, put confidential company information in encrypted containers and prevent it from being copied to unmanaged apps – and manage multiple users on a device.

And unlike Group Policy, MDM lets you remote wipe a device. You need to use an MDM service like Windows Intune, but you can manage PCs from the cloud wherever they are – not just when they're on the office network.

No more imaging?

When you deploy PCs in an enterprise today, you wipe the operating system they come with and install your own image – it's a chance to customise the setup and pre-install software. It's a lengthy process, even with tools like the Microsoft Deployment Kit and System Centre Configuration Manager (you'll need the new version of SCCM or System Centre 2010 R2 Configuration Manager with the new service pack to deploy Windows 10; SCCM 207 will manage Windows 10 but not deploy it).

Windows 10 has a new in-place upgrade system that can keep existing apps, data and configuration, and Microsoft is promising new tools that will let enterprises configure Windows 10 systems during that upgrade – adding apps, certificates, language packs, Wi-Fi, VPN and email profiles and enforcing security policies – rather than doing the usual wipe and reload process. You can even set up MDM on devices at the same time.

company store

Enterprises want more control over the Windows Store

Volume licences in the Windows Store

Windows 10 comes with plenty of universal apps – including the touch-friendly version of Office – that need to be updated from the Windows Store. But enterprises want more control over the Store, and Windows 10 gives them a range of options.

If you want to assign apps to specific users and send them a link they can install from – or put those apps in a private company portal that uses APIs to pull the app details from the Store – you can do that through a new web-based Store portal, using an Azure AD account. Or you can create a private area in the public Windows Store for apps you've got volume licences for, or for your own apps that you upload to the Store.

If you don't want to send users to the Store to install their own apps, you can also install, update and uninstall Store apps on user devices through System Center Configuration Manager, Microsoft Intune and other MDM tools, including managing and reassigning app licences, and adding apps to custom Windows images so you can install them on PCs that aren't connected.

Contributor

Mary (Twitter, Google+, website) started her career at Future Publishing, saw the AOL meltdown first hand the first time around when she ran the AOL UK computing channel, and she's been a freelance tech writer for over a decade. She's used every version of Windows and Office released, and every smartphone too, but she's still looking for the perfect tablet. Yes, she really does have USB earrings.