WINDOWS 10:
THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
August 2015
Copyright ©2015 CBS Interactive Inc. All rights reserved.
Windows 10: The essential guide for business professionals Copyright Š2015 by CBS Interactive Inc. All rights reserved. Tech Pro Research and its logo are trademarks of CBS Interactive Inc. All other product names or services identified throughout this document are trademarks or registered trademarks of the respective trademark owners.
Published by Tech Pro Research August 2015
Disclaimer
Credits Editor In Chief Jason Hiner
Managing Editor Bill Detwiler
Senior Editors Jody Gilbert Teena Hammond Sonja Thompson Mary Weilage
Graphic Designer Kimberly Smith
The information contained herein has been obtained from sources believed to be reliable. CBS Interactive Inc. disclaims all warranties as to the accuracy, completeness, or adequacy of such information. CBS Interactive Inc. shall have no liability for errors, omissions, or inadequacies in the information contained herein or for the interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
Tech Pro Research 9920 Corporate Campus Dr. Suite 1000 Louisville, KY 40223 http://techproresearch.com Visit: Site Help & Feedback Tech Pro Research is a ZDNet Web site.
Copyright Š2015 CBS Interactive Inc. All rights reserved.
CONTENTS 04 Windows 10 cheat sheet: Key details and resources 10 Windows 10 Enterprise edition: What are the key features for businesses? 17 Privacy and data-sharing concerns in Windows 10 20 The paranoid’s guide to securing Windows 10 23 How to protect your wireless network from Wi-Fi Sense 28 Goodbye Windows 8; hello Windows 10 31 10 things SMBs need to know about Windows 10 34 When should businesses upgrade to Windows 10? 36 How fast can Windows 10 grow? 39 Windows 10 will win yesterday’s battle, but what about tomorrow’s war? 41 About Tech Pro Research
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
4
Windows 10 cheat sheet: Key details and resources By Bill Detwiler
Like a Swiss Army Knife, Windows 10 was designed to do just about everything for everyone... or at least that’s Microsoft’s goal. It’s built to provide a unified operating system that can run across multiple platforms, such as PCs, tablets, and smartphones. It’s also designed to provide PC users with a more traditional Windows experience compared to Windows 8’s touch-centric UI—something Microsoft hopes will win over long-time Windows users and many IT departments that skipped Windows 8. And Windows 10 marks the beginning of Microsoft’s new Windows-as-a-service strategy, which could signal the end of numbered Windows releases.
Executive summary
What it is: Windows 10 is the next major release of Microsoft’s Windows operating system and is the successor to Windows 7 and Windows 8/8.1. Why it matters: Windows 10 contains a host of new features, security updates, and a platform-unifying design aimed at both enterprise users and consumers. Who it affects: Windows 10 is available as a free upgrade to qualified devices running Windows 7 (SP1) or Windows 8/8.1. Windows XP and Windows Vista users will need to purchase Windows 10. When it’s happening: Microsoft made Windows 10 Home and Windows 10 Pro generally available on July 29, 2015, through a staggered release schedule. Windows 10 Enterprise and Windows 10 Education editions became available on August 1, 2015.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
5
How to get it: Most Windows 7 (SP1) and Windows 8/8.1 users can get Windows 10 through the Get Windows 10 app. Users can also download a Windows 10 ISO to be used on multiple PCs.
What it is Officially unveiled on September 30, 2014, Windows 10 is the next major release of Microsoft’s Windows operating system and is the successor to Windows 7 and Windows 8.1.
Developed under the codename “Threshold,” Microsoft’s goal with Windows 10 is to provide a common operating system that can run across multiple platforms—including PCs, tablets, smartphones, embedded systems, and even Xbox One, Surface Hub, and HoloLens at some point in the future. Each platform will have a device-specific user interface (UI) but will share the same Windows 10 core. Windows 10 includes several new features and important changes, in addition to its platform-unifying design. Many new features are designed to improve the desktop experience and draw in business users who were turned off by Windows 8’s tile-based UI and the initial removal of the Start menu. New features include: Start menu: Windows 10’s new Start menu combines the Windows 7-like application list and the live tiles interface from Windows 8’s Start screen. Windows-8 style “modern” apps (now called “universal apps”) can run within a window on the desktop, like standard desktop programs. Action Center: The Charms menu has been replaced with the Action Center, a sidebar that provides notifications and contains buttons for common tasks. Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
6
Tablet mode: A new tablet mode is designed to make Windows 10 easier to operate without a keyboard or mouse. Improved security: Microsoft has announced several new security features for Windows 10, including Windows Hello—an integrated biometric authentication system. Microsoft Edge: Formerly codenamed Project Spartan, Edge will be the default web browser in Windows 10. Internet Explorer 11 will also be included with the OS, but will be basically unchanged from the version of IE11 found in Windows 7 and 8.1. Cortana integration: Cortana, Microsoft’s voice-powered personal assistant, makes its desktop debut in Windows 10 and can be configured to take over the Search box. Xbox Live integration: Although not critical for many business users, Xbox live is built into Windows 10. Users can stream games from an Xbox One to a desktop, laptop, or tablet over Wi-Fi, play multiplayer games with people on different platforms, and more. Enhanced graphics: Windows 10 will include new versions of DirectX and WDDM to improve game performance.
Microsoft’s new Edge browser (Image: Mark Kaelin)
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
7
Windows 10 comes in four Editions (versions): Windows 10 Home, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. Microsoft’s official system requirements for Windows 10 are: Processor: 1GHz or faster processor or SoC RAM: 1GB for 32-bit OS or 2GB for 64-bit OS Hard disk space: 16GB for 32-bit or 20GB for 64-bit OS Graphics card: DirectX 9 or later with WDDM 1.0 driver Display: 800x600
Why it matters Windows 10 is Microsoft’s effort to recapture many enterprise users who balked at Windows 8’s mobile-focused interface and to finally move the last Windows XP and Vista holdouts onto a newer OS. Beyond the new features, security updates, and its platform-unifying design, Windows 10 marks a significant shift in how Microsoft’s characterizes its flagship operating system. Microsoft is now encouraging people to think of Windows 10 as a “service.” Instead of releasing a new numbered version of Windows every few years, the company will continuously release new features and updates. Microsoft has committed to support Windows 10 for a decade after launch. According to ZDNet’s Mary Jo Foley there are three distinct “servicing branches” for Windows 10: Current Branch (CB), Current Branch for Business (CBB), and the Long Term Servicing Branch (LTSB). Access to each servicing branch will be determined by the version of Windows 10 you have. Windows 10 Home users can use only the CB, under which Microsoft will automatically push new features, bug fixes, and security updates to them through Windows Update. The version of Windows Update that ships with Windows 10 Home does not give users any way delay or disable updates. (Microsoft has released a special tool designed to allow power users to block certain updates, particularly hardware drivers, but this tool isn’t intended for mass use and doesn’t ship with the operating system.) Windows 10 Pro users can use either the CB or the CBB servicing branches. The CB option on Windows 10 Pro works exactly as it does on Windows 10 Home. The CBB option allows Pro users to install security updates immediately but delay new features and bug fixes (although not indefinitely). Windows 10 Enterprise customers can use the CB, CBB, and/or the LTSB. The LTSB allows enterprise IT departments to put off the installation of new Windows 10 features for up to 10 years.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
8
Who it affects Users running an eligible version of Windows 7 (SP1) or Windows 8/8.1 can upgrade to Windows 10 Home or Windows 10 Pro for free during the first year of general availability. Users running Windows XP or Windows Vista must purchase a copy of Windows 10 from the Microsoft Store or other retailer. There is no direct upgrade path from Windows XP or Windows Vista to Windows 10. On these machines, Windows 10 must be loaded as a “clean install” and users should back up their data prior to installing the new operating system.
When it’s happening Windows 10 general availability (GA) began on July 29, 2015, but Microsoft has adopted a staggered deployment schedule. Windows 10 Enterprise and Windows 10 Education editions became available on August 1, 2015, through Microsoft’s Volume Licensing Center. Neither edition is included in the first-year-free program.
How to get it For the first year of general availability, Windows 10 Home and Pro is free if you’re running a genuine copy of an eligible version of Windows 7 (SP1) or Windows 8/8.1. On eligible machines, an icon for the Get Windows 10 app will appear in the taskbar and allow users to “reserve” a free copy of the operating system. Users can cancel their reservation prior to installing the new operating system. On July 29, 2015, Microsoft began rolling out Windows 10 to Windows Insiders (who have been testing the OS) and to users who reserved an upgrade through the Get Windows 10 app. The Windows 10 files are downloaded in the background. Once the files have been downloaded, the user can initiate the upgrade. Windows 7 and Windows 8 users who don’t see the Get Windows 10 app icon or want to install Windows 10 on multiple eligible devices, can get the update files by downloading an ISO image from Microsoft.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
9
Windows 10 Enterprise edition: What are the key features for businesses? By Nick Heath The Enterprise version of Windows 10 is now available, offering the prospect of new features that Microsoft says will help with security and management of PCs and mobiles. While businesses tend to lag far behind consumers when it comes to updating their machines, some analysts are already seeing Volume Licensing customers express interest in upgrading from earlier versions of Windows. “What we’ve been a little surprised at is how aggressive a lot of our customer base is towards Windows 10,” said Stephen Kleynhans, research VP with analyst house Gartner. “There are a lot of customers who are coming to us and saying, ‘We’d like to move in early 2016’. “They’re interested in going ahead with Windows 10 in much bigger numbers than we saw with Windows 7 six years ago, which has been a bit of a surprise for us.” That eagerness to migrate can, in Kleynhans’ view, partly be put down to the stress organisations went through in moving from Windows XP when support ended last year. “They ended up having to do a lot of work very quickly, really under the gun. That’s always expensive—and when you end up making mistakes, that’s when things go wrong,” he said. “A lot of them are aware of that and say, ‘We don’t really want to do that again. Next time, let’s be a little more organised, let’s be a little more proactive, let’s not run into that wall’,” adding that these companies want to move well ahead of support ending for Windows 7 in January 2020. The other force driving businesses to make the switch will be the rise of convertible PCs, machines that can switch between being a tablet and a laptop, such as the Microsoft Surface. These devices can take advantage of Windows 10’s ability to adapts its interface to suit both mouse-keyboard and touchscreen controls. “A lot of enterprises have some internal demand for some of these new cool devices. To meet that you either go with Windows 8, and deal with the whole set of issues that surround it, or you can just go with Windows 10, which looks like those issues are addressed.” But not everyone agrees that upgrading will be a priority for businesses. Richard Edwards, principal research analyst for enterprise productivity and mobility at Ovum, said, “Clearly, there’s knowledge of Windows 10 within corporate and enterprise IT departments. But we’ve not heard from any of our enterprise customers just yet that they have plans to roll out Windows 10 any time soon.”
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
10
Here is a rundown of the key Windows 10 Enterprise edition features that Microsoft is hoping will persuade businesses to make the switch.
Windows 10’s new enterprise features Enterprise Data Protection
Windows 10’s Enterprise Data Protection features, which are to be added to Windows 10 Enterprise at a later date, are designed to help prevent the accidental disclosure of sensitive information. The system will use containerisation file techniques to keep personal and enterprise data separate—with “minimal” impact on the way employees work, according to Microsoft. Additional safeguards will protect sensitive data when it is shared. “It’s encrypting data as it moves around your organisation. If you send an email to the wrong person, with the wrong file attached and it escapes your organisation, it’s not going to be readable; it’s going to be encrypted. But someone inside your organisation would have no problem reading it,” Kleynhans said. Microsoft has also highlighted Windows 10’s ability to wipe corporate data from devices and leave personal data untouched, as well as to use audit reports for tracking issues and remedial actions. And it will be usable with a mobile device management (MDM) system to protect corporate data inside Office universal apps.
Device Guard This feature allows devices to be restricted to running only trusted software—whether it’s traditional desktop, Windows store, or in-house apps. Microsoft says this makes it “much less likely” that an attacker who seizes control of the Windows kernel will be able to run malicious code. Device Guard uses the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service that controls the process from the Microsoft Windows kernel itself, letting the service use signatures defined by enterprise-controlled policy to determine what is trustworthy. “You can lock the operating system to that piece of hardware, and nothing else could ever boot on that piece of hardware,” Kleynhans said. “You can make it so that it would be very hard, if not impossible, to wipe and reload a machine with something else.” Microsoft says this whitelisting approach will be effective in stopping malware from being run on machines, particularly software that alters its code to prevent detection by antivirus software. Using technology embedded in the hardware and virtualization to sandbox the Code Integrity service will also help foil exploits that compromise Windows at the kernel level, and that can tamper with traditional virus and malware countermeasures.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
11
Device Guard requires various hardware features and software settings: UEFI 2.3.1 or greater; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; TPM 2.0; BIOS lockdown. HP, Acer, Lenovo, Toshiba, Fujitsu, and others will manufacture systems designed for the new Microsoft security controls.
Provisioning packages
Microsoft says Passport provides both convenience, in that the user has to remember fewer credentials, and
This feature allows Window 10 machines to be set up more
security, because no
simply than earlier versions of the OS. IT admins can configure
passwords are used.
provisioning-package rules that determine the look of the OS and what apps and certificates should be installed, that enroll devices with an MDM suite, that set out user rights, and more.
The same provisioning-package rules can be used to configure multiple machines and can be applied to either a Windows image or running Windows machine via SD card, USB drive, or network share. Packages are created using the Imaging and Configuration Designer, part of the new Windows 10 Assessment and Deployment Kit.
Microsoft Passport Microsoft Passport provides a system for allowing users to log into Windows 10 using biometrics, such as their fingerprint or facial scan, or via their PIN. This same scan or PIN can then be used to log into Microsoft, Active Directory, or Azure Active Directory accounts, as well as many non-Microsoft services that support Fast ID Online authentication—including Office365 Exchange Online, Salesforce, Citrix, Box, and Concur. Microsoft says Passport provides both convenience, in that the user has to remember fewer credentials, and security, because no passwords are used.
Credential Guard Credential Guard will offer additional security for login details by storing derived credentials—NTLM hashes and Kerberos tickets and the process that manages them—in a secured isolated container that uses Hyper-V and virtualization-based security. It will require UEFI 2.3.1 or greater; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; TPM 2.0; BIOS.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
12
Deployment features Sideloading apps
Sideloading allows certain Windows Store apps, which firms don’t want to publish and make publicly available, to be installed on Windows machines. This practice of sideloading is useful when a firm wants to deploy line-of-business apps internally. Sideloading is a built-in capability with Windows 10 for Home, Pro, and Enterprise users. “If an organisation is developing its own set of corporate apps
New device management
that it wishes to push out to employees, clearly there is some inherent business value in Windows 10,” said Ovum’s Edwards.
options include the
Mobile device management
ability to update policies
Phones, tablets, and other devices running Windows 10 can be
automatically, to retrieve device compliance information, and to specify a per-device update approval list.
centrally managed by IT. Windows 10 machines can connect to a mobile device management (MDM) server that will enroll and configure the devices, as well as applying updates and enforcing the latest in-house policies governing usage. An MDM package can be used to manage Windows 10 phones, desktop PCs, and laptops—allowing IT pros to use the same tools to look after fixed and mobile devices. Microsoft’s own MDM offering, Intune, or a third-party alternative, can be used.
There are various new MDM features in Windows 10. Azure Active Directory integration allows MDM tools to be used to manage network Domain-joined devices. MDM services can also be used to install apps directly from the Windows Store and to deploy non-store line-of-business apps. New device management options include the ability to update policies automatically, to retrieve device compliance information, and to specify a per-device update approval list. Microsoft is also promising improved support for managing multiple users and VPN configuration. Windows 10 allows users and devices to be managed by various services, providing a choice between Active Directory, Group Policy, and System Center Configuration Manager for corporate-owned devices that are frequently connected to the corporate network, and Azure Active Directory and MDM for devices that are typically mobile and internet-connected.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
13
“What we see here are elements of the desktop operating system being managed with MDM-like capabilities and/or with Group Policy, which has been the traditional manner of controlling and managing desktops. Microsoft suggests they are very complementary,” said Ovum’s Edwards.
Business Store for Windows 10 Microsoft is planning to launch Windows Store for Business, an app store designed to make it easier for firms to deploy apps to staff. Organisations will be able to create private sections of the Windows Store that offer a bespoke list of pre-approved apps, and admins will be able to assign apps to specific employees. Businesses will also be able to acquire apps in bulk. Users will sign in via the Azure Active Directory.
Azure Active Directory features Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based directory and identity management service that provides single sign-on access to thousands of SaaS applications, such as Office365, Salesforce. com, Dropbox, and Concur. Microsoft is integrating Azure AD with Windows more deeply to reduce the number of passwords users need to remember. By linking Windows 10 devices to Azure AD, users will be able to sign into Windows using their Azure AD account and password. The same devices can be automatically enrolled in a mobile device management service at the same time. Users will also be able to gain single sign-on access to in-house services from personal Windows devices by linking that Windows machine to a work account managed with Azure Active Directory.
Free access to Microsoft Desktop Optimization Pack The Microsoft Desktop Optimization Pack (MDOP) is a suite of technologies previously available as a subscription to Microsoft Software Assurance customers. It is designed to help enterprises set up and run virtual Windows desktops and applications, to manage Windows users with features such as encryption, and to recover systems more rapidly. From the launch of Windows 10, MDOP is included free with Software Assurance for new customers and renewal customers.
Update paths
Current Branch for Business For work devices that are not mission-critical but that require a bit more control over updates than consumer machines, there is the Current Branch for Business (CBB) update path. This option allows PCs to receive feature updates several months after they have been pushed to consumer versions of Windows 10, allowing additional time to validate their quality and application compatibility. Security updates will be delivered as normal.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
14
CBB will allow users to choose between Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) to push these updates to users.
Long Term Servicing Branch (LTSB) Unlike other Windows 10 versions, Enterprise will offer a Long Term Servicing Branch (LTSB), which allows Windows updates not related to security or fixes to be deferred for 10 years. Edwards said the ability to use the LTSB and CBB update models on different machines is appealing to businesses. “Some of our clients have responded to this model very positively. They think it gives them a kind of flexibility they’ve not really felt as though they’ve had in the past.”
Other features
Granular UX Control This feature allows IT managers to customize and lock down the user interface of a Windows device to restrict the machine to performing a specific task, such as acting as a check-in kiosk at an airport.
Enterprise Mode Internet Explorer Old corporate intranet sites will often not render or behave as intended in more recent browsers. To address this Internet Explorer (IE) 11, which ships with Windows 10, has Enterprise Mode—which provides an experience more akin to IE8. It allows newer browser features that could cause errors to be disabled, such as tab-switching, and provides tools for management and monitoring of compatibility.
Device Encryption As in Windows 8.1, if Device Encryption is enabled, all a machine’s drives are automatically encrypted and can be unlocked only by someone who knows the user account’s password. Basing encryption on the password is designed to make it simple for users to log in and use the system, while stopping a malicious third party from accessing the data. Device Encryption uses BitLocker and 128-bit AES symmetric encryption. It also supports a recovery mechanism whereby the recovery key can be stored in an organization’s Active Directory Domain Services.
Group policy management Like earlier Windows operating systems, Windows 10 physical and virtual machines and devices can be managed using Group Policy settings, which allow IT professionals to configure users and computers across the business. Microsoft says Group Policy settings offer more than 30,000 ways to configure machines and devices. Windows 10 adds new features and settings that can be managed using Group Policy—such as about 20 settings related to Microsoft’s new Edge browser, the ability to restrict a user’s application data to always stay on system
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
15
volumes, and the ability to disable the deployment of Windows Store apps to non-system volumes. There will also be various options for customising the Start Menu layout.
BitLocker BitLocker allows drives to be encrypted with 128-bit or 256-bit encryption, to protect data should the computer be lost or stolen. While guarding data against access by third parties, BitLocker also provides tools that allow network admins to access a recovery key to retrieve data from a drive when a machine fails.
Assigned Access 8.1 This feature allows Windows 10 to be set up to run a single Windows Store app in only full-screen mode, barring access to settings or the ability to quit that app. It is designed to allow the OS to be run on a kiosk or self-service terminal, where you want users to access the kiosk app and not the OS underneath. It requires support for InstantGo.
Remote Desktop As the name suggests, the Remote Desktop client allows the operating system to connect to a remote PC and access its files, applications, and networked devices.
DirectAccess DirectAccess allows desktop PCs to connect to a server to access in-house systems without the need for a virtual private network (VPN).
Windows To Go Also found on Windows 8 Enterprise edition, Windows to Go allows for the creation of a bootable desktop image identical to the one the business uses to set up its PCs. Users can boot into this desktop from USB on any PC that meets Windows 7 or later certification requirements. There are some differences between a Windows To Go workspace and a standard Windows desktop, including not being able to access the machine’s internal drives.
AppLocker Present in from Windows 7 onward, AppLocker allows admins to specify which users or groups can run particular applications, based on the unique identities of files. Rules can also be created to control which versions of software are used within the business.
BranchCache Also a fixture since Windows 7, BranchCache enables the creation of local caches of information stored on a remote server. The information is usually cached on a local server but can also be stored on a Windows 7, 8, or 10 machine. The feature is designed to make it easier to access information and reduce strain on a wide area network.
Copyright Š2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
16
Privacy and data-sharing concerns in Windows 10 By James Sanders
The release of Windows 10 is an important transition for Microsoft, as the service model of Windows is changing from a finished product to a rapidly evolving software-as-a-service (SaaS) model. These changes include tighter integration with previously separate Microsoft services and the inclusion of the Cortana virtual assistant. This integration also brings monetization opportunities for Microsoft, including monthly subscriptions for additional storage on OneDrive, advertising delivered with Bing searches from the desktop, a 30% cut from app sales on the Windows Store, and advertisements inserted in preinstalled apps, such as the MSN and Xbox content apps, and in the Solitare app. Many of these features depend on transmitting personal information to Microsoft. Windows 10 does not presently have a unified “do not share” switch—many of the options are scattered around various menus. In addition, the sharing of some information about your computer and previously configurable options regarding some system behaviors are now compulsory.
Important considerations and comparing ecosystems A substantial number of the features added to Windows 10 are intended to compete with the available analogues from the Apple and Google ecosystems. OneDrive, like Dropbox, iCloud, and Google Drive, offers additional
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
17
storage for a fee. Cortana is Microsoft’s answer to Siri and Google Now. Apple and Google also take a cut from app sales. That, in itself, is not controversial—the difference is implementation. The user could uninstall these features (rather, these features’ predecessors, Windows Live SkyDrive and the Bing Bar) in previous Windows versions; now, Microsoft embeds the features into the OS. It is also important to note that a substantive amount of the data sharing can be configured during the installation, as long as the user does not select Express Install.
Cortana and Bing integration Cortana requires a great deal of data to be useful, and in the privacy statement, Microsoft indicates that it “collects and uses various types of data, such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device.” While this isn’t too different from the way in which competing services operate, this monitoring was previously limited to mobile devices. When asked about this data collection, a Microsoft spokesperson said, “Microsoft honors the controls and the customer’s choice—if you turn off Cortana, information will no longer flow for Cortana. However, some of the same or similar information may still flow if needed for other functionality that a customer has opted into (e.g., if a customer uses Bing Maps, we may still collect their location).” The Bing integration is now added to the taskbar, much to the frustration of people attempting to remove the Bing Desktop software delivered via Windows Update. Unlike Firefox and Internet Explorer, there is no way to change the default search provider, but Bing can be disabled. According to a Microsoft spokesperson, “If users do not want to receive Bing search results from the Windows search box, go to Settings, and turn off Online Search. This prevents Bing from receiving your search queries and/or returning web results.” Of note, Microsoft has partnered with the analytics startup Interana for mining Bing search usage and user behavior data. According to a press agent for Interana, “Microsoft Bing recently purchased behavioral analytics solution Interana for the massive volumes of clickstream data generated daily.” (Update: Microsoft did not acquire Interana; it is a client of its services.)
Concerns with OneDrive security and the Microsoft account Unlike the services from other cloud storage vendors, OneDrive does not offer at-rest encryption for home users. OneDrive support can’t be uninstalled from Windows, though it can be disabled using the Group Policy editor. Microsoft does not permit users to store any images that contain nudity, and violation of this policy could be grounds for having your Microsoft account revoked—which Microsoft has allegedly done in the past, even when
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
18
the data was not publicly shared. According to Microsoft’s services agreement, they “do not monitor the Services and make no attempt to do so.” However, the contents of OneDrive accounts are subject to scanning via PhotoDNA. The revocation of the Microsoft account would prevent users from accessing their stored OneDrive data, Outlook mail, and subscriptions to or updates of software purchased in the Windows store, such as Office 365. When asked about losing access to updates and prior purchases of content in the event of the closure of a Microsoft
Windows 10 forces diagnostic and usage data to be transmitted to Microsoft, a behavior that can’t be prevented except for Enterprise and Server SKUs.
account, a Microsoft spokesperson said, “You don’t have to have a Microsoft account connected to use Windows 10. The closure of a Microsoft account would not prevent a customer from receiving updates to Windows 10. Updates come through the Windows Update that is unconnected to the Microsoft account.”
Security updates and bandwidth sharing For Windows 10, Microsoft has removed the ability for users to disable Windows Update, a decision covered in greater depth at ZDNet. Issues with Windows Update breaking display drivers have been reported in the RTM version, and Microsoft has used the utility in the past to push browser toolbars and other commonly unwanted add-ons. And Microsoft does not allow users to permanently disable Windows Defender—it notes on the Settings page that “if it’s off for a while, we’ll turn it back on automatically.” These decisions remove control of the computer from the user, though for the vast majority of home users, it’s not a particularly big loss. Windows 10 forces diagnostic and usage data to be transmitted to Microsoft, a behavior that can’t be prevented except for Enterprise and Server SKUs. This data “may unintentionally include parts of a document you were working on when a problem occurred,” though Microsoft states that “we won’t use that information to identify, contact, or target advertising to you.” By default, Windows 10 is configured to use Windows Update Delivery Optimization, which can transmit update data to any other computer on the internet. (For Enterprise and Education, this is limited to only PCs on the local LAN.) This setting can be disabled, and if you indicate to Windows that you are using a metered connection, this will automatically be disabled.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
19
The paranoid’s guide to securing Windows 10 By Steven J. Vaughan-Nichols Just because you’re paranoid doesn’t mean that they’re not out to get you. That said, I think some people’s fears about Microsoft looking over your shoulder are over-the-top. And I speak as someone who looks at Microsoft with a great deal of suspicion. What you need to realize is that Microsoft has made Windows 10 both a desktop and a cloud operating system. Adding cloud functionality means that when you run Windows 10 you’ll be sharing far more information with Microsoft and its partner customers than ever before. For example, while Windows 10 doesn’t have a keylogger it does collect your keystrokes and voice to improve spell-checking and voice recognition. Before having a fit about this, keep in mind that every cloud-based software-as-a-service (SaaS) program does this to one degree or another. Google Docs, Apple’s Siri, Office 365, whatever—they all collect not just your final words but every keystroke and spoken syllable that went into making those words. It’s another case with Wi-Fi Sense. You don’t need to be afraid that Wi-Fi Sense will let any of your Skype, Outlook, or Hotmail contacts use your Wi-Fi network without your permission. Yes, Wi-Fi Sense is on by default, but take a closer look. It doesn’t permit anyone to use any of your Wi-Fi networks without your permission.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
20
Still don’t trust these new “features”? I can’t blame you. This is not the Windows you’ve known and used for years. This is a Windows that exists both on your PC and in Microsoft’s cloud. Here’s how to lock down Windows 10 and make it more of a PC-centric operating system.
Locking down Windows 10 First, head to Settings | Privacy. There you will find no fewer than 13—count ‘em, 13—privacy settings screens. The major settings are on the General screen. The other screens are concerned with which apps can and can’t access your calendar, camera, messages, microphone, and so on. On the General screen, you’ll see your Advertising ID. This is your
...if you turn off Getting To Know Me, you’ll also disable both dictation and Windows 10’s voice-activated assistant, Cortana.
unique ID number. Think of it as being like a web cookie and you won’t be far wrong. It’s used to identify you to Windows apps advertisers. So, for instance, if you’re a big Dallas Cowboy fan, you can count on seeing ads for Cowboys gear. Microsoft claims it doesn’t link this ID with your name, email address, or other personal information. Of course, it doesn’t need to. Any company that does modern web advertising is going to have you pinned down with our without this ID. Welcome to the 21st century. Personally, I’ve already turned it off. If you’re still concerned about keylogging, head to Privacy | Speech, Inking & Typing. Think long and hard about whether to use Microsoft’s
Getting To Know Me improvements. For instance, Steve Hoffenberg, VDC Research’s Director of IoT & Embedded Technology, worries that these Windows 10’s “features” violate Health Insurance Portability and Accountability Act (HIPAA) privacy requirements. If his fears are valid, this means medical offices and health insurance companies should turn off this Windows 10 setting. I doubt he’s right, but I’m no lawyer. Even so, were I working with transactions that fall under Sarbanes- Oxley (SOX), Gramm-Leach-Bliley (GLB), or HIPAA, I’d turn off this feature and its related setting, Windows 10 Input Personalization. Better safe than sorry. Be aware, however, that if you turn off Getting To Know Me, you’ll also disable both dictation and Windows 10’s voice-activated assistant, Cortana. Next, you’ll want to use Manage My Microsoft Advertising And Other Personalization Info to decide whether you want advertisers to show you ads based on your browsing history and interests. Better still, skip that page and head directly to Microsoft Personalized Ad Preferences and opt out of everything. Advertisers already know far too much about me as it is.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
21
You’ll also want to look at each individual setting page to make sure that Microsoft and Windows have just as much access as you feel comfortable with. So of course you want the Windows Calendar app to access your calendar data (obv)—but share it with advertisers via App connector? I don’t think so. Be sure to go through each setting even if you don’t think they’ll all matter. By default, every privacy setting is set to give Microsoft and friends the maximum possible access. This is not a good thing. Moving on: Head to the Location settings and turn them off. While your PC probably doesn’t have a GPS like your smartphone, you’d be amazed at how accurately your location can be pinned down using Wi-Fi access points and IP address. I’ve never been comfortable with letting anyone track me and I turn location off on every device I own except when I need GPS directions. If you turn off location services, though, you won’t be able to fully use Cortana. That’s annoying because Cortana is one of Windows 10’s best features. It’s helpful to just ask your computer a question and get useful, personalized answers. But like its older relatives, Siri and Google Now, for Cortana to show to its best advantage it needs access to an enormous amount of personal data. For instance, Cortana must have locations services on. Cortana also watches pretty much everything you write, say, and do on your PC. For example, it keeps track of your flights by detecting Tracking Info, Such As Flights, In Messages On My Device. That’s both incredibly handy and incredibly creepy. If you find it more disturbing than useful, head to Cortana’s settings. Under Cortana and Search, turn off everything there that doesn’t pass the smell test. Cortana will be less useful, but you’ll get more privacy. Another approach to locking down Windows 10 is the brand-new open source app, Disable Windows 10 Tracking. It claims that it disables telemetry collection, certain Windows services, and other tracking. At this point, this is a bare-bones program and only Windows experts should use it. Still not private enough for you? Then don’t use Windows 10, Chrome OS, iOS, Android, or any other system that’s tied closely to the cloud. Instead, use Linux as your desktop operating system. By default, Linux is the only mainstream operating system that still relies primarily on true desktop apps. Not ready for such a radical move? Well, actually, it’s not that radical. If you can use Windows, trust me, you can use Linux distributions such as Ubuntu 15.04 or Mint 17.2. Otherwise, get busy locking down Windows 10. Good luck.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
22
How to protect your wireless network from Wi-Fi Sense By Ed Bott When social networking collides with wireless networking, it makes a lot of noise. That’s what Microsoft is discovering, as critics take aim at a controversial new Windows 10 feature called Wi-Fi Sense. (For an explanation of what the feature does and how it works, see this earlier post.) The level of alarmism I’m hearing over this feature is truly, well, alarming. I completely understand the concerns over this feature, because its basic design seems counterintuitive. But I’ve looked at it carefully and I see it as a solid, net improvement to wireless networking. Yes, the availability of Wi-Fi Sense should make everyone think about wireless security. But the funny thing about the barrage of coverage of this feature is that it’s finally forcing people to think about the tradeoffs we make every day between convenience and security—especially when connecting to wireless networks. Microsoft isn’t the first company trying to expand wireless coverage worldwide by making it possible for its customers to turn personal wireless routers into more readily accessible hotspots. The Electronic Frontier Foundation has been pushing for years for a much more sweeping plan, called the Open Wireless Movement, which is intended “to build technologies that will let users open their wireless networks without compromising their security or sacrificing bandwidth.” Mozilla is one of its partners. Comcast has had its variation on this theme, a feature called the “Neighborhood Hotspot initiative,” for more than two years. In Australia, Telstra has something similar, with the theme “share a little, get a lot.” Crowdsourcing Wi-Fi isn’t insecure if it’s done right. The problems are the same as with websites that require authentication. Shared passwords make phishing and social engineering possible in both places. There are plenty of easy things you can and should do to ensure that your business and personal wireless networks are secure from outside attackers. But if you adopt these best practices, you effectively eliminate any of the perceived risks from Wi-Fi Sense as well. I have that full list later in this article, but to understand the “why” behind the “what to do,” you need to look at how Wi-Fi Sense fits into the bigger wireless networking picture.
Why does the Wi-Fi Sense feature exist? In all the focus on the “share your wireless network with your friends” feature, everyone seems to be missing the biggest benefit of Wi-Fi Sense.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
23
With this feature, you can connect automatically to what Microsoft calls “suggested hotspots.” I can see you recoiling in horror now. “Connect automatically to an open wireless network? That sounds terribly insecure.” You certainly should avoid connecting to open networks you know nothing about. But if the only networks to which you automatically connect are those that are known to be safe, the net effect is to improve your security. With Wi-Fi Sense, Microsoft keeps a list of open networks that are known to be safe and reliable, like the official hotspots found in airports and shopping malls and hotel lobbies and increasingly in public areas in cities. When I’m in a new place with Wi-Fi Sense turned on, my Windows 10 device never sees those fake hotspots run by bad guys; it connects automatically to the one that is known to be safe and reliable. That’s a good thing. If it becomes widespread and is copied (or better yet, evolves into a standard), it makes the internet a safer place. This is exactly the sort of thing Microsoft has a lot of experience with, having run its effective SmartScreen service to block malicious software and web sites for many years. If I open my Windows 10 laptop in an airport while I’m waiting for my next flight, I don’t have to manually scroll through the list of open networks and try to guess which one is the official access point and which ones are honeypots trying to lure me into an unsafe connection so bad guys can attack my system. And then there’s the other Wi-Fi Sense feature, the “share my network” thing. The more we use mobile devices, the more data we use. In our increasingly networked world, we expect Wi-Fi to be available all the time. Running a wireless access point with WPA2 security means choosing and using complex passphrases for encryption. For some people, the hassle of those complex passwords is so great, especially when they want to share access to their network, they say, “Screw this, I’ll just run a completely open and insecure network.” That’s a very bad thing. What Wi-Fi Sense does is give consumers a safe way to share wireless access without sharing Wi-Fi secrets. The fact that it’s limited to Windows 10 at this point is its biggest weak spot. If only Facebook and Apple and Google and Microsoft could cooperate on an open protocol for wireless sharing....
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
24
The biggest objection here is that someone else can share access to my network without my permission. Fair enough. But that’s the inherent problem with shared passwords, which is why they’re adequate for home networks and not so great for business networks.
What’s the realistic threat assessment? Imagine you have a small business, too small to effectively set up a secure business-class wireless network based on the 802.1x standard. Instead, you’re using a consumer-grade router and WPA2 security. I visit your office and tell the person at the reception desk I need access to Wi-Fi so I can do a few things before my meeting with your VP. Your receptionist gives me the WPA2 passphrase, I enter it in the Wi-Fi connection box on my Windows 10 laptop, and for some reason, I go out of my way to click the option to share the network with my contacts. Notice that it is not selected by default.
At this point, those who feel that Wi-Fi Sense is a security risk paint a scenario that sounds horrifying: Everyone I know can automatically connect to your network. In theory, that’s true. But it doesn’t factor in the proximity-based nature of Wi-Fi. Yes, if I select that option, people in my Outlook.com or Skype contacts (as well as my Facebook friends if I opt in to this feature) will be able to securely sign in to your wireless network, but only if they are actually in your lobby.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
25
I might have hundreds of contacts and Facebook friends, but the only way they can access your network is if they are already in the building (or, if you have a really strong Wi-Fi signal, in the parking lot). So how is that going to happen? And why? My friends and family and business contacts are scattered
Regardless of how you
around the country and even around the world. If one of my
feel about Wi-Fi Sense,
there to do business with you, and the reason that person is in
contacts is in your lobby, it’s probably because he or she is
there are common sense
my contacts list is that all of us share a business relationship.
measures you can and
Is my deadbeat cousin from Reno who spends all his time play-
should take to secure your wireless network.
ing Facebook games going to camp out in your lobby as if it’s a Starbucks? Is one of my Skype buddies going to cruise into your parking lot and steal your Wi-Fi? Not likely, because they don’t even know you exist.
There’s no master list of networks I’ve shared using Wi-Fi Sense. My hundreds or even thousands of contacts have no way of knowing they don’t have to ask your receptionist for the Wi-Fi key if they are waiting in your lobby. At any rate, this scenario wouldn’t happen in the real world, because as your visitor I didn’t click the check box to share your network. Why would I go out of my way to do that? And even if I did, how is that configuration going to hurt you? That’s the threat assessment you have to make.
What you can do As I’ve tried to make clear, I don’t see any realistic scenarios where this feature poses a threat. (I remember a colleague, back around the launch of Windows Vista, who was convinced that the new voice recognition feature was going to be a security nightmare. People could walk by your machine and format drive C: just by yelling commands. But I digress....) Regardless of how you feel about Wi-Fi Sense, there are common sense measures you can and should take to secure your wireless network. I assume that: You have already enabled WPA2 security with a strong passphrase. If you regularly have visitors and you don’t want to permit sharing of your wireless network, you’ve already added _optout to your SSID using the instructions in this FAQ. You’ve disabled remote administration of your router and replaced the default password with a strong one. Here’s what to do next.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
26
1. Treat your Wi-Fi password as if it were the key to your home or office. Hand out your Wi-Fi password only to trusted individuals. That’s not just me talking. That’s the advice of every major security source, including Google. Here’s what the official Google blog had to say two years ago in a post titled “Securing Your WiFi Network.” After encouraging you to create a strong password, it advises: “If you’re in a private space such as your home, it’s OK to write this password down so you can remember it, and keep it somewhere safe so you don’t lose it. You might also need it handy in case your friends come to visit and want to connect to the Internet via your network. Just like you wouldn’t give a stranger a key to your house, you should only give your WiFi password to people you trust.” [emphasis added] You should also, of course, train your employees not to share your company’s Wi-Fi password. But what about visitors and guests?
2. Ask visitors and guests not to write down or share Wi-Fi passwords. Every modern device, regardless of operating system, is capable of saving Wi-Fi credentials in encrypted form. When people show up at your home or office, they might ask for your Wi-Fi password. Ask them not to write it down or share it. Train your reception staff to include that admonition when giving a user the passphrase. If your visitors are worthy of your trust, they’ll respect that wish. And if you can’t trust them not to share it, go one tiny step further: When visitors request access to your Wi-Fi network, ask them to open the connection interface and hand their device to you so you can type the passphrase yourself. In your office, this is something your reception staff can do. Naturally, you’ve trained them not to share credentials with other people, so they’re not going to check that box in Windows 10. Your guests will be able to access your account, but they won’t be able to see the saved passphrase, which means they can’t share access with anyone else.
3. Set up a guest network, separate from your business network. You’re not letting your guests use your Wi-Fi access point to sign in to the same network where your business files are located, are you? If you answered yes, please stop doing that. Every modern router can create a guest network, isolated from your business network. If your router doesn’t offer that capability, it’s time to replace it.
4. Change your Wi-Fi passwords regularly. Anyone who is concerned about the security of a networked asset should change its passwords at regular intervals. For a small business that is using consumer-grade hardware, you might decide to change the password for the company’s internal wireless network every few months. For wireless networks in an office, change the guest password every Friday afternoon. If some jerk using Windows 10 inconsiderately shares your account with his or her contacts, the shared, encrypted credentials will stop working after a few days.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
27
Goodbye Windows 8; hello Windows 10 By Mary Jo Foley It’s official. I am (finally) now a Windows 10 user. And one who’s happy to be no longer stuck with Windows 8 on my laptop. I’ve been running Windows 10 on my Acer S7 laptop for just under one week. I wasn’t among the five million Windows Insiders who have been clamoring for new builds and taking pains to install each and every one. After seeing the many nasty bugs (expected, mind you) that testers were encountering, I decided my time was better spent doing just about anything other than installing the new preview builds. Consequently, when Microsoft provided me with the Windows 10 RTM bits (Build 10240) on a USB drive last week, I had a chance to run Windows 10 for the first time, not just watch demos and videos of it. As a result, my Windows 10 “review” is more of a “normal user’s” first take than one with all the speeds and feeds that are available from many power users and professional reviewers who’ve been using the various preview builds for months. I also should mention I’m using Windows 10 on a touch-screen laptop—not a machine with a detachable keyboard that can double as a tablet—and 99 percent of the time with a mouse. I’ve been running (rather unhappily) Windows 8 and then 8.1 on this Acer machine since I bought it just over a year ago. I was hoping Windows 10 might make me more productive on this device, as I felt Windows 8.X has hampered my ability to get things done, given that it wasn’t designed well for those using their PCs as PCs. After one week, what’s my verdict? I like Windows 10 a lot more than I liked Windows 8 or 8.1. But I’m still not entirely sold on putting it on my main desktop PC—a 22-inch Dell Optiplex that doesn’t support touch. First, here’s what I’m (mostly) liking. I’m surprised how happy I am that Microsoft brought a Start button and menu to Windows 10. I’ve come to grips with the fact that the Start button is my anchor. And as long as I think about the live tiles on the right as “gadgets”—just a way to see more information at a glance and/or to make available quick links—I am fine with their being there. It’s easy to unpin any/all live tiles if you really find them confusing or distracting. (It’s also possible to turn off any and every tile’s “liveness” with a simple right click. I find the Windows Store live tile distracting and unhelpful, so I made it so it’s static.) I do wish I could customize the Start menu more, though. The list of apps listed as Most Used feels random to me. (Example: How can Notepad not be in my most-used list? Me, the Queen of Notepad! C’mon guys!) Now that I have pinned my documents and photos to my live tile group, I can use the new Start menu more like I’m accustomed to with Windows 7.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
Microsoft has made search a lot more discoverable for average users by embedding a very visible Cortana bar right next to the Start button. Instead of expecting normal users to know they could just start typing anywhere on their home screens to search, Microsoft has provided Cortana as a visual cue. Using Cortana to search, users get a mix of local and Web search results. But by clicking on a My Stuff tab that pops up at the bottom of the Cortana pane once a user starts typing a query, users can refine
Microsoft officials love to use the “making pizza for 1.5 billion users” analogy when talking about the many ways users can
their results to local or Web.
configure and use their
And for those of you who, like me, have considered Cortana
Windows machines.
more a fun gimmick than a useful tool, try thinking of her/it as
28
a way to send yourself reminders while you’re in the middle of other tasks. Being able to type “Remind me to put those Heady Toppers on ice at 2 p.m. for later” when I remember while heads-down on writing a new post (while dreaming of craft beer) is pretty darn handy. The new Edge browser is more my style than Internet Explorer is/was. It’s more minimalist. It starts up faster. It is relatively snappy in opening the sites I frequent. It has an easy-to-access Read Later option. It desperately needs a working pop-up blocker, however. I have a pop-up blocker turned on in my settings, and ads still are managing to pop up on many sites. Microsoft officials have said they will be making extensions for Edge available later this year. Until then, I’m probably going to keep using Chrome as my main browser. (IE 11 is also installed as part of Windows 8 on PCs and tablets, but I’m not a big fan, and none of the sites I visited triggered its opening in place of Edge for backward-compatibility reasons.) I am ecstatic that the dual Windows Desktop/Metro world is no more, as of Windows 10. Universal/modern apps can run in windows, as can desktop apps, on the unified Windows 10 desktop. A PC/laptop user not in tablet mode should never have been forced into TileWorld, as happened with Windows 8. Those too-easily-triggered and confounding Windows 8 Charms are gone (huzzah!), but the contracts behind them, enabling users to do things like quickly share content via email or messaging, are still around. Here’s where I’m hoping to see more improvements. Microsoft officials love to use the “making pizza for 1.5 billion users” analogy when talking about the many ways users can configure and use their Windows machines. While it’s good to have options, sometimes having too many choices makes things confusing. There are many ways users can access Settings on Windows 10. There are multiple ways to get to Power. And for some reason, on my machine, there are many Document folders, which are mostly, but not entirely, in sync. Speaking of sync, OneDrive is “in transition” at this point. Users who found the placeholders offered by OneDrive in Windows 8.x to be handy are likely to be disappointed with the removal of this feature in Windows 10. I didn’t
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
29
think I’d care, but then I realized I had gotten used to being able to easily access my documents and photos stored in OneDrive without having to jump through a bunch of extra hoops. I configured Windows 10 to sync my cloud documents with my locally stored ones, but the syncing seems to happen at random times—sometimes fairly quickly, sometimes seemingly not for hours. Microsoft is planning to bring a bunch of OneDrive’s partially implemented and/or missing features back to Windows 10, but not until later this year (at best). One of my biggest letdowns, while we’re talking customization, is in the new Mail client that comes free with Windows 10. At first glance, it seemed so much better than the one that was bundled with Windows 8/8.1. But then I realized users have no way to opt out of Conversation view, the automatic grouping of email by threads. I know I am not the only Conversation view hater. I am used to seeing my mail arranged sequentially in my inbox. Conversation view, to me, is confusing. But there is no way to turn it off. So much for giving me the choice of how I want to work (or pineapple slices on my pizza). As long as this option is missing, I will continue to use the Outlook Web app client and never touch the Mail client. Microsoft is touting a number of features as key differentiators in Windows 10 that I personally don’t care about, but your mileage may, and no doubt will, vary, given that I’m just one of the 1.5 billion Windows users on the planet. Being a non-gamer, I don’t care that I can now stream games between my Windows 10 PC and Xbox One, though plenty of folks will. I’m indifferent about using facial recognition to unlock my device, and I don’t have the right hardware to do so anyway. Because I’m using Windows 10 on a PC, not a two-in-one or convertible, I don’t require Continuum, the feature that makes moving between PCs and tablets more seamless. So far, I’m not thinking I’ll use Virtual Desktops much, if at all. And I admit, even though Microsoft has done work to make snapping apps easier and more intuitive, I just am not a snapper. But again, it’s good that I don’t have to be, now that windows run on Windows, as Bill Gates and the other Windows gods intended. Don’t forget: The servicing piece of Windows 10 is as big, if not bigger, than the set of features in the OS itself. Microsoft plans to continue to make regular feature updates, ongoing fixes, and security patches to users of Windows 10 via various servicing branches. While users will be able to block and hide updates using a tool Microsoft recently made available, regular patching and updating isn’t going to be optional, officials have said. (“For rare cases, Microsoft has provided a tool to delay an update as a temporary measure, but the tool is not intended for ongoing usage,” a spokesperson recently told me.) Windows 10 began rolling out on July 29. To me, this was a soft-launch, as the OS still is lacking some of the functionality and apps that are needed to make it feel “done.” The “real” Windows 10 launch will come this fall when Microsoft delivers more Windows 10 features and can tout new first-party and PC-partner-made Windows 10 machines.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
30
10 things SMBs need to know about Windows 10 By Conner Forrest In a historic move, Microsoft released the latest iteration of its Windows OS, Windows 10, as a free upgrade for existing users. This eliminates at least one barrier to adoption among businesses, and it could be particularly advantageous for small to midsize businesses (SMBs), helping Microsoft stay competitive in the SMB space against Apple and Google—which are ramping up their efforts for this audience. The Windows 10 release signifies a shift in direction for Microsoft as its new leadership gains traction. However, it also brings many changes to the product itself. Here’s what your SMB needs to know about the latest Windows release.
1: The upgrade has an expiration date The official release date of Windows 10 is listed as July 29, 2015. But there’s some fine print. According to Gartner vice president Steve Kleynhans, it’s essential that you do your research to determine whether it is a good deal for your company within the timeline. “Certainly it is nice getting the upgrade to Windows 10 for free, but it requires that you move in the next 12 months,” Kleynhans said.
2: Windows is now a service Software upgrades was a major source of revenue for Microsoft in the past, but with Windows 10 comes a new model. Users will receive updates to the OS as time goes on. “Windows 10 will be a ‘final’ upgrade that receives three to four upgrade packs a year that include new features,” said JP Gownder, a vice president and principal analyst with Forrester. “Windows as a service means you won’t be stuck with some 10 year old OS, as many were with XP, but it does require a little rethinking of resources, even these upgrade packs require some testing along the year.”
3: You have to be ready for the updates As you consider whether to upgrade, it’s important to consider if you can handle the deluge of service packs that will come your way in this new system, Kleynhans said. You won’t have much time to “settle” into the new service packs before the next one comes. “It will constantly be moving forward,” he said. “You need to monitor it and test to see how it performs in your environment and decide when it is ready to fit into your environment.”
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
31
4: You can only upgrade from certain versions To qualify for the Windows 10 upgrade, you must be upgrading from a Windows 7 or Windows 8.1 device. The availability of the upgrade for Windows Phone 8.1 varies by manufacturer, carrier, and operator. You’ll also need to have Windows Update enabled. Many enterprise versions are excluded from the upgrade offer, so be sure you check whether yours is compatible.
5: There are different versions of Windows 10 Depending on your starting OS, you will get a comparable version of Windows 10 when you upgrade. Windows 7 Starter, Home Basic, Home Premium, and Windows 8.1 (4) will yield Windows 10 Home. Windows 7 Professional and Ultimate, and Windows 8.1 Pro and 8.1 Pro for Students, will yield Windows 10 Pro.
6: It’s important to follow best practices for deployment Just because Windows 10 is a new model for the OS doesn’t mean that it won’t entail some of the standard deployment pains you may have faced in the past. Make sure you time everything properly to minimize the number of problems you run into. “OS upgrades, no matter how good, are disruptive,” Kleynhans said. “Don’t roll out Windows 10 right before your busiest selling season, or in the middle of implementing a new accounting system.”
7: You should upgrade for security Especially for SMBs, protecting your assets is critical. If you’re already a Windows shop, upgrading could bring some added security to your company. “Security threats are only growing, and Windows 10 has some inherent application containerization that makes it more secure than its predecessors,” Gownder said.
8: It doesn’t (technically) require new hardware While you will need a certain set of specs to run Windows 10, and a set amount of hard drive space, you probably won’t need to update your hardware. However, Kleynhans said you might need new hardware to make use of new features such as Windows Hello or the advanced security capabilities. Unfortunately, in many cases, that hardware won’t ship until later this year.
9: It’s a new user experience One of the most contentious aspects of Windows 8 was its tile-based design. Some loved it, but others switched back to the standard desktop view immediately. Gownder said that Windows 10 provides the best of both tiles and the standard desktop and is optimized for mobile.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
32
“If you have a detachable keyboard—say, on a Surface Pro 3—the OS will default to desktop mode if the keyboard is attached, and to tile mode if it isn’t,” Gownder said. “So, it’s smart about desktop vs. mobile usage.”
10: The ecosystem might not be perfect It’s still early days, and it’s important to remember that although the OS might be ready, the ecosystem may not be. As an SMB, you might need additional support. Given the newness of Windows 10, you might have trouble finding someone to provide the support right away, Kleynhans said. Also, just because your key software or application works on Windows 10, that doesn’t always mean your vendor will provide Windows 10 support. “They might need some time to complete some testing and make some tweaks,” Kleynhans said. “Talk to your software and service providers and understand their plans and timeline as your develop yours.”
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
33
When should businesses upgrade to Windows 10? By Steve Ranger Business customers can often be years behind the state of the operating system art. Right now most businesses are still running Windows 7, launched back in July 2009, having shown limited
Companies should wait
interest in Windows 8, which arrived in August 2012.
until it’s clear whether
Even when they buy new PCs, most companies today still
the line-of-business
downgrade them to Windows 7, so it’s usually home users who are first to take the plunge with the new software. However, businesses may be significantly faster to adopt Windows 10 than
applications they use work happily with Windows
previous versions of Microsoft’s operating system.
10 and whether they can
One reason for the change was the public testing process—five
find enough expertise to
million testers strong—that preceded the Windows 10 launch. As a result, the standard policy of waiting for the first service pack to arrive before rolling out a new OS is now longer the right one, said
make sure any rollout is a smooth one.
Stephen Kleynhans, research vice president at Gartner. However, that doesn’t mean firms should be full steam ahead with upgrades. “I’m not one who believes there is a need to rush to a new operating system. You want to let the ecosystem around the operating system mature a little bit before you jump right in,” he said. Companies should wait until it’s clear whether the line-of-business applications they use work happily with Windows 10 and whether they can find enough expertise to make sure any rollout is a smooth one. “All of that has to build up before you want to jump in and start running it in your production environment,” Kleynhans said. He also said businesses need to spend some time testing out Windows 10 in a controlled fashion: “Bring it into a lab, bring it into a test environment, let some folks run it for the rest of this year. Then, in 2016, get serious about it, start looking at it in a real test environment, start piloting it with some real users to see how it’s performing.” He said that if all goes well companies should be ready to start deployments in the second half of 2016 or the beginning of 2017, depending on how large and complex their IT environment is. “If you’re a large company nothing happens really fast. If you’re a small company the timeline is going to be a lot faster—if you’re testing with 10 people you might be testing with ten percent of the company.” Starting the rollout a year to 18 months after the operating system is launched might seem like a long delay, but that’s still six months to a year faster than with previous upgrades.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
34
Kleynhans said that it took most big companies 18 months of testing and remediation work before they were able to start rolling out Windows 7. In contrast, most companies will get Windows 10 testing and remediation done in less than six months. He said that some organizations were keen to get moving as soon as Windows 10 was available—such as those that are still using Windows XP or that have plans to deploy hybrid PC devices. But for most companies, this will be too soon. “There are pieces of the operating system targeted at the enterprise that we really haven’t had a chance to try out yet. You can’t consider significant production rollouts even in the most aggressive cases until later in the fall.” He cited Windows Update for Business as a new tool that small and medium-size businesses will want to use but that wasn’t part of the tech preview. There are also some other security components that haven’t been as broadly tested or available during the tech preview. As Ed Bott noted, other missing features include the new unified sync client for OneDrive (the consumer cloud storage service) and OneDrive for Business (the cloud storage service for business Office 365 subscriptions). He predicted that these will be wrapped up by late October, in time for Windows 10 PCs to hit the retail channel for the holiday season. Other factors to consider: At a prosaic level, the upgrade will inevitably cause disruption, so don’t plan it for a busy time of year. If you’re in retail, starting the upgrade in November or December might be a career-limiting decision for the CIO. The state of your current infrastructure is another element to take into account. Gartner said that companies planning Windows 8.1 deployments should instead redirect their efforts toward earlier deployment of Windows 10. “In almost all cases, enterprises currently planning to deploy Windows 8.1 should switch to Windows 10. Enterprises that already have Windows 8.1 deployed should continue with those deployments for the time being. Customers on Windows 7 with no plans for Windows 8.1 should begin evaluating Windows 10 for deployment in 2H16 or later,” the analyst firm said in a research note. And for some, the upgrade may never take place. David Gewirtz has no plans to upgrade any of his Windows 7 devices to Windows 10. “They work, they’re rock solid, and all their drivers are perfectly tuned to the hardware they’re running on.” However long it takes enterprises to take the plunge, Windows 10 is likely to become widely adopted, if only because most firms will need to move off of Windows 7 eventually, while the relatively few who moved to Windows 8 will also update sooner rather than later. The pressures that forced companies to migrate off Windows XP and onto Windows 7 will eventually make them move from Windows 7 to Windows 10. “Windows 7 comes to end of life in January 2020. That’s only four and half years away so you’re going to see the same sorts of pressures mount to get off of Windows 7. They need to go somewhere and they’ll go to Windows 10,” he said.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
35
How fast can Windows 10 grow? By Ed Bott If you make an upgrade free, easy, and compelling, people will say yes. That seems to be the lesson of Windows 10, which has come out of the gate at full speed. Microsoft announced that 14 million PCs were running Windows 10 only 24 hours after the official launch on July 29. Less than a day and a half later, Daniel Rubino of Windows Central reported that an anonymous source inside Microsoft told him the total was up to 67 million. If that’s true (I’m skeptical), it would mean that Microsoft increased the pace of upgrades dramatically based on the success of those early upgraders. ZDNet’s analytics confirm that Windows 10 is being adopted at an unprecedented pace. In the week before the upgrade began, after the Windows Insider program had released the final build to registered testers, about 1.8% of the visitors to this site were using Windows 10. After a full day of upgrades, that percentage had soared: In the 24 hours beginning at midnight July 30, a day after the official launch, 8.3% of all traffic to ZDNet was coming from PCs running Windows 10. Lowell Hedding, who runs the popular How-To Geek site, also reported big increases in traffic from Windows 10, sharing this graph on Twitter:
A partial explanation for the bump in traffic here and elsewhere is extraordinary interest in Windows 10. ZDNet’s traffic in the day after the launch was up roughly 50% compared to an average weekday.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
36
But it’s also clear that Microsoft is delivering an unprecedented number of upgrades. That total of 14 million upgrades in a single day is higher than any desktop operating system ever—and now the question is how long can that sizzling pace be maintained? What we are seeing in the first week or so is enthusiastic early adopters. More than 72 hours after the rollout began, I have test systems that are still waiting for the upgrade to arrive, and reader emails say there are plenty of others in a similar situation who reserved an upgrade and are also still on hold.
We don’t have any metrics yet on how satisfied people are with Windows 10, but based on anecdotal evidence the upgrade process seems to be working well. I’ve received a scattering of problem reports from people who experienced issues with the upgrade, but the number seems low compared to the scale of this launch. That suggests that Microsoft’s nine-month-long Windows Insider program did its job successfully, with preview builds shaking out most of the problems the public would see at launch time. One other statistic from ZDNet’s analytics is worth noting here. Despite the bump in Windows 10 traffic, visits from PCs running Windows 7 didn’t decline at all, holding steady at 33.3% of all visits to this site. Of course, that could be a reflection of Microsoft’s strategy for delivering Windows 10, which is prioritizing upgrades on newer PCs that are most likely to have a good upgrade experience.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
37
Still, it’s reasonable to hypothesize that individuals and businesses that have stuck with Windows 7 over the past three years are skeptical of Windows 10 and see little reason to upgrade, even if it’s free. Over the next few months, Microsoft’s OEM partners will gradually be replacing their inventory of PCs with new models running Windows 10, and the supply of Windows 8.1 PCs will dry up. That already happened with Windows 8, which has largely disappeared thanks to the free Windows 8.1 upgrade. Here at ZDNet, traffic from PCs running Windows 8.1 makes up 15.9% of all visits, with machines running the original release of Windows 8 down at 1.1%. For the long term, Microsoft’s dream is to see Windows 10 running on a billion devices worldwide, with those new customers getting a steady stream of updates and never again having to deal with a version upgrade. In that world, Microsoft would end up supporting large numbers of Windows 7 machines, most of them in businesses, and a steadily increasing number of Windows 10 devices, with Windows 8.1 declining to negligible numbers in a year or so.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
38
Windows 10 will win yesterday’s battle, but what about tomorrow’s war? By Steve Ranger The newest version of Windows, which launched at the end of July, won’t do a couple of the things you’d normally expect a new operating system to do as standard. First, it won’t immediately make Microsoft a lot of money from licences, because it’s going to be a free download for the majority of consumers. And second, it won’t provide a much-needed shot in the arm for PC sales either, because many existing PCs will be able to run it, sparing consumers the need to buy a new machine to use the latest OS. Windows 10 is the clearest illustration yet of how much the business model around Windows has changed in just a few years. What Windows 10 will do, however, is fix many of the perceived problems that made Windows 8 so hard to sell. Even now, three years after its launch, Windows 8 has has scraped together only a 13% share of the PC market. By contrast, Windows 7 (51%) and Windows XP (24%) still outrank it, according to NetMarketShare. With Windows 8, Microsoft was generally considered to have put too much emphasis on making the OS look good on a tablet and not enough on making it work well on a PC, which is where it would mostly be used. This upset and confused Microsoft’s loyal customer base. Windows 10 walks that back, at least a bit. Microsoft’s ambitions still reach beyond the PC, however. It eventually wants one billion devices to be running Windows 10—including smartphones and tablets, as well as PCs. From that point of view, Windows 10 is not about selling Windows licenses or PCs, but something far bigger and broader. The problem with that ambition is that there are already operating systems for smartphones and tablets that are doing a sterling job, namely Android and iOS, and it’s not clear that there’s enough in Windows 10 to unseat either of them. “Microsoft will face a long road ahead to gain Windows share in mobile,” said Forrester analyst Frank Gillett in research on the new OS. “While it will win a growing share of enterprise tablet purchases, the plans for Windows 10 don’t show enough potential to create a differentiated mobile experience that will draw developers and customers away from iOS and Android.” That’s an issue because, while the PC market isn’t going anywhere soon, it isn’t growing fast either. Much of the growth in hardware around the world is likely to come in the form of tablets (perhaps hybrid PCs) and smartphones—and maybe even wearables. Windows 10 does address all those form factors, but Microsoft doesn’t have as much momentum in those areas as its rivals.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
39
Still, Windows 10 is likely to strengthen Microsoft’s position in the PC world. A free upgrade means that most consumers will take the plunge, followed eventually by businesses. That standardization of so many customers onto one version of Windows should make it easier for application developers to reach more customers more quickly. And because it should be much easier to make Windows 10 apps run on tablets and smartphones as well as PCs, that consolidation might just create, over time, the critical mass of apps Microsoft needs to reignite its mobile ecosystem. Equally, its rivals have an enormous head start that it is hard to see Microsoft overturning any time soon. By getting it right where Windows 8 went wrong, with Windows 10 Microsoft may well win the battle it lost in the past—but it remains to be seen whether it can win the war it must fight in the future.
Copyright ©2015 CBS Interactive Inc. All rights reserved.
WINDOWS 10: THE ESSENTIAL GUIDE FOR BUSINESS PROFESSIONALS
40
About Tech Pro Research Tech Pro Research provides the information that IT leaders need to make informed decisions and solve today’s toughest IT problems. We encourage you to explore all we have to offer: Original, in-depth research reports on global IT trends Analyst briefings on the latest tech from industry experts Ready-made, time-saving policies, templates, and tools Comprehensive ebooks compiled from the best of TechRepublic and ZDNet (our award-winning sister sites) Visit us at www.techproresearch.com.
Copyright Š2015 CBS Interactive Inc. All rights reserved.