What Windows 10 means for the enterprise
Microsoft has introduced a new way of buying and maintaining the OS
The Pro and Enterprise versions of Windows 10 come with security and management improvements that will be appealing to enterprises, but the new approach to licences and keeping Windows 10 current is a major shift.
For consumers and small businesses, the way Windows 10 gets security updates and new features without ever having to upgrade to a new version of Windows is ideal. Larger businesses may need more control, especially for devices that have critical functions, so with Windows 10 enterprises get a choice of how to keep Windows up to date which also includes the choice of how you want to pay for it.
Windows Enterprise is the only edition that includes the option of the Long Term Servicing Branch (LTSB) – a version of Windows that won't get changes other than security updates and will be supported for five years. If you want to stay on the same LTSB version, you don't need to have Software Assurance, but if you do buy SA then you will be able to get a new LTSB version every two or three years – and you get ten years of support for each version.
For most PCs in the office, Windows Enterprise with the Current Branch for business that gets regular feature updates the way Windows 10 Home and Pro do (just some months after they've been released to Windows Insiders and consumers) is the right choice. To get that, you'll need both a Windows Enterprise volume licence and Software Assurance – without SA, the Current Branch of Enterprise edition won't stay current and if you want to get the new features that come with Windows as a Service, you'll have to buy a new licence to update.
Beyond passwords
Windows 8 pushed the idea of logging into Windows with a cloud account that could link multiple devices, but many enterprises were uncomfortable with that being a consumer Microsoft account. For Windows 10, as well as local and domain accounts, users can log in with Azure Active Directory accounts. And if they log in with both an Azure AD and an AD domain account, they'll get the single sign-on to services like Office 365 and Windows Store without having to type in their password every time.
The new FIDO-compliant credentials in Windows 10 should be a lot more secure than passwords – they're a key pair or a certificate that you can provision from Active Directory or Azure Active Directory, stored securely on the PC that users unlock with a PIN or, better yet, with biometrics like fingerprints or face and iris logon using Windows Hello.
They can also use a phone as a mobile credential for two-factor authentication – just having the phone nearby on Wi-Fi or Bluetooth makes it work like a smartcard, without the expense of a physical smartcard.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The user access tokens that are generated once users authenticate using their credentials are also protected; the logon process in Windows Enterprise runs in a Hyper-V container so hackers can't extract them to impersonate your users on other systems.
- Read more about Windows 10 migration on our sister website, ITProPortal.com
Mary (Twitter, Google+, website) started her career at Future Publishing, saw the AOL meltdown first hand the first time around when she ran the AOL UK computing channel, and she's been a freelance tech writer for over a decade. She's used every version of Windows and Office released, and every smartphone too, but she's still looking for the perfect tablet. Yes, she really does have USB earrings.