(Updated: This article was updated in March 2018 to reflect the latest changes. Please also note that Microsoft has extended support for versions 1511, 1607, 1703, and 1709 for an additional 6 months for all enterprise and educational customers. Click here for an extensive overview of all Windows 10 Servicing related topics!)
You probably heard about the malware attack WannaCry 2 just a few weeks ago that held 200,000 computers in more than 150 countries, including devices at the Britain’s National Health Service, at ransom. The thing is, this attack was entirely preventable — and I am not speaking about the NSA or WikiLeaks. Microsoft issued a fix for this vulnerability days before it spread like wildfire.
Unfortunately, cybercrime and data breaches are becoming the norm. According to the Global Economic Crime Survey, 32% of companies said they were the victims of cybercrime in 2016. Because we are relying more on data and connectivity, the consequences of cybercrime are severe — costing us up to $2 trillion by 2019. These increased security threats have affected Windows 10 in two ways:
To maintain Windows-as-a-Service, Microsoft releases new feature releases twice a year and monthly quality updates which are managed by servicing channels.
(Image Credit: Juriba, This graphic was updated Sept. 18th, 2018)
Most large businesses will take about seven months to roll out a new Windows 10 version across their entire estate, while Microsoft ships new updates every six months. Although Microsoft has now extended support for new versions to 30 months for all feature updates released in the fall, skipping upgrades isn't a great idea as you are missing out on the full benefits the fast cadence of updates brings.
Theoretically speaking, if you start your upgrade process the day a new version comes (e.g., March 10th) out and you take seven months to upgrade, you will be finished around October 10th. Microsoft will by then have already released the fall update in September, putting you already one month behind. If you skip this update and now start the migration process with the spring update, the first update will be end-of-life based on Microsoft's planned 18-month support timeline BEFORE you have finished migrating all of your business users. And for most larger enterprises, a seven month migration timeline is very optimistic.
As a consequence of these frequent updates, IT faces an increased frequency of application and hardware testing as well as a larger need for transparency on application dependencies and application compatibility.
To be able to support this faster velocity of PC upgrades in a sustainable, timely, and economic manner, enterprise IT organizations need to adopt a lifecycle management framework that enables the aggregation of application dependencies and compatibility status (including hardware, software, and other IT components). Additionally, the process needs to consume and support testing results, device allocation, scheduling and, of course, the initiation of the upgrade itself.
A Windows 10 Servicing Readiness Tool will allow your organization to:
First and foremost, your Windows 10 Servicing Readiness Tool must provide you with extensive data collection capabilities. You will need to load data from existing sources via industry standard connectors and also manual imports leveraging a pull and push approach to complete your data warehouse.
Data collection should be automated on a defined schedule and interval based on the specific data source. If needed, the data needs to be augmented using a data warehouse that supports a multidimensional data model. Only then will you be able to automate downstream activities and reporting, taking all inter-dependencies into account.
The following data types will need to be collected for a successful process implementation:
Upgrading to the latest Windows 10 version can be seen as a mini-migration that is most effectively done by assigning users and their devices into deployment rings or waves. To execute a migration with this approach, you will need to know your capacity limitations, and all relevant inter-dependencies. There are two steps in this process:
The tool you are using should offer the following capabilities:
To avoid business disruption due to the incompatibility of devices receiving an upgrade, it is essential to track the readiness of your applications, hardware (device model and hardware configuration), and other pre-conditions.
Hardware Readiness. The hardware readiness status is based on the minimum required hardware configuration for the next Windows release version, be it drivers or enough free space to accept the upgrade. Since IT needs to define appropriate conditions and exceptions to determine hardware readiness, individual custom rule-based approach should be available within the tool. In addition, you should have a data source containing (in)compatibility data for those hardware conditions in relation to the next Windows version.
Application Readiness. After performing an in-scope application inventory, you will need to determine which apps are on which devices and match that data against your database, including your Windows 10 compatibility information. This will allow the tool to populate or update the readiness status. However, this will often create millions of data rows that are impossible to filter through manually. You will need to apply data filtering and rationalization to eliminate irrelevant apps (e.g., hotfixes, language packs). In addition, an appropriate rule-based approach allows you to define the conditions and exceptions.
Other Pre-Conditions. Since all upgrades will be automatically delivered over your network, you will need to track your network conditions amongst other items including departmental or country approval, SCCM upgrade readiness and other items. These pre-conditions should be defined and managed within the tool, setting the appropriate status at the deployment ring level.
Once all three types are deemed ready, the device would receive a “green” status (see screenshot below) to receive the upgrade. Additionally, all readiness information is overlaid with organizational information such as department/business unit/country to ensure organizational readiness.
In order for the “Readiness Dashboard” to be sustainable, the mapping of the interdependent data should be able to form a basis for automated task execution designed through a workflow interface. The business logic of the workflows should be implemented by means of a “rule-book” which is customizable and includes formula fields (ability to automatically generate a new value based on multiple values from original source data) and conditional statements.
What type of communications can be and are typically generated? Any logic-tree/event driven triggers that can be configured? End user communication should be automated and the content should be relevant to the appropriate phase a user’s device is in. The primary communication channel would typically be through email, although advanced organizations may wish to create a desktop application that hooks into the readiness dashboards to remind the user to action the upgrade.
At Juriba, we are working closely with customers, technology partners (including the Microsoft Readiness team) and industry experts to help define best practice methodology and tooling to help organizations manage the complexity of frequent mass Windows 10 updates. If you are considering implementing an IT Transformation Project Management Tool like Dashworks to manage your Windows 10 migration and/or Windows 10 Servicing Management, download our buyer's guide to learn more about the full scope of Dashworks and how it can accelerate your IT Transformation by up to 65%.