What’s the (end)point? Overview of Windows 11, Windows 365 and Microsoft Endpoint Manager
What’s the piece of tech that people at your org spend the most time with? A laptop or desktop. From an IT Operations perspective, we call these endpoints. So in this recent webinar, we talked all about endpoints. Specifically, the future of Windows and the power of managing your endpoints in the cloud!
As you may have heard, Microsoft just announced a free upgrade to Windows 11 that will become available later this year. If you remember back to previous updates from Microsoft, you might recall their track record with new OS releases are hit or miss. From what we’ve seen there are some exciting updates that we look forward to sharing with you. We also briefly cover the recently announced Windows 365 virtual machine and cover use cases and what you need to know.
Microsoft Endpoint Manager is a gamechanger for managing, deploying, and securing your endpoints in the cloud. You can even manage users, apps, and devices without disruptions to existing processes. Add in the opportunity for automating processes, and all a sudden your org is running more efficiently than ever.
Let’s dig into this webinar, please reach out if you have any questions!
Rebecca Zaagman:
Hello everyone. Welcome to a Worksighted NXT webinar.
Adam Devereaux:
Hello everyone!
Adam Devereaux:
We got a little bit of a different set up here today, we’re doing remote, so Rebecca and I will be talking about endpoints and all what’s new in that world of endpoints and we’ll explain exactly what we mean by that. But for those of you that haven’t been to a Worksighted NXT webinar, we’re here to kind of talk to you about what’s going on in the industry trends, things that we think that are important and interesting for you guys to learn about. And of course we love to be interactive so we’re going to have the Q&A and polls. So if you have any questions go ahead and put it in the Q&A, we’ll try to answer some as we go along and then also we will have time at the end to answer more questions.
Rebecca Zaagman:
Yes definitely. Actually, our teammate Chris De Alvare will be hanging out in the chat to help answer as well if we can’t get to it right away. He’ll be included some links to what we’re talking about and just being generally helpful like he is. So looks like we still have some people joining here, thanks everyone for coming on. And yeah, we’re excited to have you here. So we’re talking about endpoints, and what do we mean by endpoints Adam?
Adam Devereaux:
Well, it’s a term that’s used for computers, right? So laptops, desktops, tablets, phones, it’s really kind of any end user device that is accessing services and software platforms in the cloud and blah blah blah, right? So it’s the end device that’s in people’s hands, and how do we get them there, right? That’s really kind of the core topic is, how do we get the devices into the user’s hands and make sure that they can get to what they need to get to in a secure and efficient way?
Rebecca Zaagman:
Efficiency, yep. We’ll be coming back to that a lot. Nobody likes when they’re trying to work on a document or find something and it takes them three minutes to do it, right? We want that to be as quick and as efficiently as possible. So as usual, we’re going to be keeping that end user experience in mind as we talk about technology. We’ll be talking a lot about cloud journey today as well, so this is one piece of your larger cloud journey is endpoint management. So we want to take you back. We’re gonna start off by taking you back a little bit.
Adam Devereaux:
Yeah, let’s talk about let’s say 1999.
Rebecca Zaagman:
1999. What was happening in 1999 for you Adam?
Adam Devereaux:
Well, I graduated high school in 1999, so I’m date myself there. And also was canning food, prep for the Y2K bug with the parents, there was a lot of concern about that back then. But yeah, a lot of notable stuff happened. Let’s say, how far do you think away the first iPhone was in 1999? How many years would you have to wait to be able to buy the first iPhone?
Rebecca Zaagman:
1999. Well I think it came out my senior in high school, so 2007-ish?
Adam Devereaux:
Yeah, that’s right
Adam Devereaux:
So eight years, we were still eight years away in 1999 from the first iPhone. Cell phones were not ubiquitous at that point but a lot of people had them but if you remember what your cell phone was like back then, it was a clunky little thing, well, they were usually pretty rock solid and the batteries lasted for days, but aside from that, they couldn’t do much, let’s put it that way. And here’s a little picture of what computers look like, right? That they were the beige machines and you’ll note, Apple’s iBook, the first iBook came out and that was kind of a battle against the beige boring looking computers.
Rebecca Zaagman:
Battle against the beige, that sounds like a nice rock concert or something.
Adam Devereaux:
Yep exactly.
Rebecca Zaagman:
We also probably came up with that in 1999, battle against the beige.
Adam Devereaux:
The TiVo was first released because it was revolutionary, we could pause live TV and rewind and skip commercials and it was a whole different world, right? I think it’s easy to forget how different things were 22 years ago and the technology that was in place at that time in the business computing world was you had a desktop computer in a cubicle or at your office and it was physically wired to a server, right? So that one other notable thing happened in 1999, that’s the main reason I’m bringing this up is Microsoft introduced Active Directory, and it was designed around that world, right, it’s designed around the concept of computers in buildings having direct network access to the Windows Server that’s in that building.
Rebecca Zaagman:
And why does that matter?
Adam Devereaux:
Well, it’s very different world we live in nowadays, right? We’re interconnected, ignoring even what’s happened the last 18 months or so. The reality is that we have a very different expectation for the way that our technology works because there’s been this whole kind of cloud computing revolution, everything’s gotten faster and smaller. And the big change too is connectivity, right, we did not have internet connections. My internet connection in 1999, you had to listen to about 30 seconds set the modem screeching at each other before you were connected and then you would go on Napster and hope that the two songs that you’re trying to download overnight would actually complete before your connection dropped.
Rebecca Zaagman:
You actually did a great rendition of the dial up sound, did you want to share that really quick?
Adam Devereaux:
I’m sure you could find a YouTube video if you’re interested Yeah exactly, so the problem is that ubiquitous connectivity, the world of the internet and the ability to connect at high speed and people to work remotely and where work takes place all those other things. A lot has changed but yet in many ways we’re still deploying devices as if it was 1999, right? So Active Directory has been awesome, it’s enabled a lot of really cool things for businesses, and it’s really that first user identity location that’s where the computers are joined to the domain, you log into that computer and they’re talking to that domain controller.
Adam Devereaux:
But it has a lot of limitations in the modern world and it leads or still kind of stuck in that world and stuck in that mindset and leads to problems, right? Computers are difficult to deploy, take a long time to deploy. Somebody has a problem with a computer, getting them a new computer can take a while. And part of that means that that particular computer that you’re using is really important, right? And we’ll talk a little bit more about the larger industry trends, a little educational side of it. But when you think about the user experience on other devices, I just got a new iPhone not that long ago right and I really didn’t have to worry much about getting my stuff transferred over to my new iPhone. Apple has multiple ways of doing that, it’s really seamless, and I just signed into my new device and ultimately everything got synchronized to it.
Adam Devereaux:
And if I lost this device or if it was destroyed. I was at the beach and if I dropped in the water and then floated away, I am confident in the fact that if I get a new iPhone and I signed into it, my iCloud backup everything will synchronize down and my photos will be there for maybe the last few that I took and things like that, right? So that’s a very different user experience in many ways than what we’ve come to expect for Windows based business devices.
Rebecca Zaagman:
Right. Yeah, so there’s an opportunity here to modernize the process that we use to deploy PC to even how PCs function in your company, there’s a new way to do it. So that’s what we’re talking about today, we’re gonna cover Microsoft Endpoint Manager which helps with that deployment and managing process, especially when done in the cloud. And then we’re going to cover Windows 11 which was recently announced, new operating system from Windows, and whether or not you should upgrade right away, should we wait, what are the factors you should consider? And then another thing Microsoft announced this past, I think, week or two weeks is Windows 365 is another way to do virtual desktop in the cloud. So we’ve got a lot to cover today. We’ve tried to keep it super simple but if we lose you please make sure to shoot a message in the chat or post questions, we want this to be super relevant to your organization. So yeah, make sure you do that. So let’s dive in. Up first is going to be Microsoft Endpoint Manager.
Adam Devereaux:
Yeah, so we’ll use the word modern a lot and part of that’s because it is a term that new Microsoft is using, and it fits because I’d say that a lot has modernized in the last two decades and there’s a new way of managing these endpoints, unified endpoint management, that allow you to manage not only Windows based devices but iOS and Android and Mac devices using this Cloud Management Platform.
Adam Devereaux:
And we’re shifting to a different world where now users have multiple devices, they want to able to access their business resources from multiple places and really we should want them to because that’s where this concept of efficiency comes in. And we’re using that two different ways, one is efficiency on the user experience side and the other is efficiency or IT operations and what happens when a user at home’s computer goes down and how long does it take us to get them a new computer, and how much work and effort, human time, goes into prepping that new device?
Adam Devereaux:
BYD is more of a factor than it’s ever been before. The applications and the information, typically they’re cloud based SaaS applications and really modern IT is about automation and enabling self service for the users and proactive management and replacement of devices.
Rebecca Zaagman:
Right, one think we talked about was, especially with remote work, if my PC goes down, what am I going to do? Do I have to wait a couple days for a desktop to come in and then it has to go to Holland to get a prepped and then I have to drive there, that leaves me for a couple days without a PC. So this modernization also could impact that as well which is really important for a lot of hybrid workplaces these days.
Adam Devereaux:
Yeah, and how do you deal with potentially people that are getting hired quicker now, how long does it take to get something ready for a new person? How long does it take to get all of that new account set up and everything else? That really impacts more than just the topics we’re talking about right now but focusing in on the endpoints, using the term modern desktop and what I mean by that is really Windows 10, or now Windows 11 based devices, combined with Microsoft 365, combined with endpoint managers, so Microsoft Endpoint Manager and Azure AD join devices. So those two things go hand in hand. So Azure AD join devices that are enrolled in Microsoft Endpoint Manager that combined together is really modern desktop.
Adam Devereaux:
So that means that instead of using on prem AD, instead of using GPOs, instead of using all of those ways of managing a device and also providing that security because one of the biggest achilles heel, the biggest problems with classic AD and joining devices classic AD is I need to maintain line of sight from my computer to a domain controller somewhere. And from a security standpoint, the more you get away from that, the more you realize how problematic that is because that is unfortunately a source of a lot of bad cybersecurity attacks on organizations with ransomware getting into the server environment, that’s a liability ultimately, right?
Adam Devereaux:
So if my devices in the modern desktop world, just need an internet connection, right? So as long as they’re on the internet, they’re talking to Endpoint Manager they’re talking to Azure AD, and I can make those policy changes, I can reset somebody’s password wipe the device do all those things. Like if you have experience with MDM systems, let’s say MS360, MDM with iOS or Android devices, you can kind of think of Microsoft Employee Manager as MDM for Windows 10 devices, but it’s a full MDM platform for a variety of devices. Now, when we say modern workplace it’s really focused on fully adopting Microsoft 365, storing your files in Teams, OneDrive and SharePoint, utilizing Teams and a lot of good a platform capabilities within Microsoft 365. Plus you add modern desktop on top of that you will get to the powerful place.
Rebecca Zaagman:
Yep. Right, so let’s dig into the Endpoint Manager a little bit. Why is it powerful, Adam?
Adam Devereaux:
Well, I think what it enables, right, is this concept where the device you’re using as a portal to access your information and your settings like your work experience, your user experience, but that particular device doesn’t matter, right? I think I’ve used the term that the individual computer is a fungible asset at that point, right? Meaning that you can swap them out really quite easily and interchangeably and still get to the information that you need to get to. And Microsoft Endpoint Manager is a cloud native endpoint management system that really is fully integrated into the rest of the Microsoft 365 stack and it can be tied into the security policies like your conditional access policies.
Adam Devereaux:
It feeds into a zero trust security model where I can access the status and condition of the endpoint, whether it’s a known device or a corporate managed device, along with the user identity factors, and it allows us to do a huge variety of things. And actually, I think now would be a good time to kind of demonstrate one thing. One thing I want to do here is that Config Manager is something that some of you may have experience with and Intune and Config Manager can be integrated together, Configuration Manager, to offer you more power. But even if you aren’t using Configuration Manager, Microsoft Endpoint Manager gives you capabilities that you may not already have or unifies those capabilities in a way that’s really quite powerful.
Adam Devereaux:
So let me share my screen. This is in a demo tenant. So unfortunately, there’s a lot of active devices or there are not any active devices in here but I want to start with showing me how to get to Endpoint Manager. So this may be what you see right now or if you log into the Microsoft 365 Admin Center, you can show all. There are more Admin Centers in here but the Endpoint Manager is the key one here that want to click on.
Adam Devereaux:
And then over on the left, we’re going to see a variety of kind of favorited sections in here. There are other services as well to get into, but really the key ones I want to focus around are devices, apps, endpoint security. So this is where, if you want to get started with it, there is some complexity here, but this is where you would go in and enable your enrollment. So if you go into Devices, Windows, you want to make sure your MDM user scope, and your MAN user scope are set to all.
Adam Devereaux:
And then you also need enable your Windows For Business settings if you want to. But that’s really the key thing is this automatic enrollment. What that means is, is that when the device is added to join to Azure AD, then it will also get automatically enrolled in Endpoint Manager. Now, we haven’t really talked a lot about Azure AD in this meeting thus far, or this webinar thus far, but we have previously, essentially it’s the new version of AD. Azure AD is not a direct replacement, but it is a new system like Active Directory, Azure Active Directory, that was truly built for the world that we live in now, the cloud native, the kind of open public internet type access, right, is something that you can access just by being on the internet. You don’t have to connect the VPN to your private server environment.
Adam Devereaux:
And it’s different, has a whole set of new capabilities, they’re certain things that it doesn’t do that AD did before but for most organizations, you can meet not only your business objectives but have new capabilities and improve your endpoint management capabilities by moving in that direction. And there is possibility of hybrid enrollment, right, so that’s kind of a case where if you need to still, for a variety of reasons, you may still need to have your device be AD joined and Azure AD joined and that’s possible as well.
Adam Devereaux:
But we’re going to be focusing a bit more on the Azure AD join. There are a lot of things that we’re going to talk about you can do if your hybrid join, but it also doesn’t limit a lot of the automation or the convenience around that automation. So this area under Devices and Windows is also where we can set, for example, configuration profiles. So let’s say that I am using a group policy object to control some aspect of the device settings, right, like maybe I want the screensaver to come on quickly, maybe there’s particular settings or preferences that I want to put in place, could be even around printers or other areas like that.
Adam Devereaux:
If I go into the admin templates here, then you’ll see a lot of familiar settings, right? So not only is this essentially a duplication of Group Policy capabilities, you actually can load ADMX type objects in and there are other ways that you can do more custom controls as well. But a lot of the things that you would see within group policy, you can control from within here as well. But again, the awesome thing here is this is a applicable to the device without me having to get it to talk to a domain controller and get that policy to update. I can [crosstalk 00:19:04] scripts, compliance policies, and a compliance policy is something along the lines of saying that you need to make sure that antivirus is in place that you maybe require BitLocker.
Adam Devereaux:
You want to set a minimum OS version that require a password to unlock the device, encryption to be required. And a compliance policy is not necessarily the thing that creates that to happen, but it instead says a device in this category, I want to be compliant to the standard. Oh and I forgot, one other thing, when you look at a configuration profile, this is just a high level, right, there’s a lot more to talk about. The assignment is really key right, so this is where you can say, I want this policy to apply to all devices or I want to add specific users and specific devices in different groups.
Rebecca Zaagman:
So that can be really powerful to really speed up the process of deploying a new user or a new computer, right?
Adam Devereaux:
Exactly.
Rebecca Zaagman:
You’re automating a lot of that process, you do at one time and then you can mirror it on a lot of different configurations.
Adam Devereaux:
And a lot of the way, to Chris’ question about, how is this different from group policy? It’s a great question. In a lot of ways, you’re using it to accomplish the same things that you would accomplish with group policy. But group policy is something that lives in the classic Active Directory or legacy Active Directory world, where now Endpoint Manager this applies without that having to be in place.
Adam Devereaux:
That’s kind of the simple answer, right? So I’m going to jump into another whole functional area and that’s really about app management on these devices. And you’ll note, again, it’s not just windows, it’s iOS, macOS, android devices. But let’s say that I want to add an application of all of my computers, right? So there’s enough here. One is the Microsoft 365 app, so this is basically your office applications, right? This is when you can set up and it pushes whatever release version of the Office application’s looking for. It can be an app that’s in the Microsoft store, you can install the latest version of Edge. But you can also install really any application. So, quite simply, I can start with something like an MSI file. So let’s say that I want to install the new remote desktop client or maybe I want to install the PuTTY app on every computer or maybe a subset of computers. So I’ve picked the MSI, I can put in some details around it. Let’s say it’s new remote desktop.
Rebecca Zaagman:
Can you clarify what a MSI is?
Adam Devereaux:
Yeah, a lot of people probably familiar with an EXE, right? So an executive file. And MSI is an installer, right, it’s a type of file that you download to install an application on your computer.
Rebecca Zaagman:
Right.
Adam Devereaux:
And then again here you can add groups, right, so this is looking at Azure Active Directory groups. These can be groups of users, groups of computers. These groups can be dynamic groups that are being created based off from user attributes, they can be assigned groups like what we’re normally used to where we say, “Alright this is now the marketing group,” and I say “Alright, well I want everyone in the marketing group to get this client so I can add a particular group to it.”
Rebecca Zaagman:
So in the past, Adam, would you this have looked like to be able to do this? Would this be a complicated process? Time consuming? Impossible?
Adam Devereaux:
To be honest, if you could install applications via group policy. But it was complicated and kind of hit and miss, in part because again, the computer has to be talking to the domain controller at the time, so that your policy update comes into play. Or you’d use third party app distribution systems or what you could just manually installed. During the prep for that computer you’ll run that program installer and install that application for somebody, right? But the power of this is that I get to push apps out to my existing computers just by adding an application and adding an assignment to it. I can basically set up an array of programs that will automatically get installed when a computer gets added to Microsoft Endpoint Manager. And that is really where we get to this idea that I can log into the computer with my Azure AD account as a user, right? It gets automatically set up in the security policies everything else get applied to the device by OneDrive client gets installed and configured so my desktop and my documents automatically synchronized to the new computer. We can use Enterprise State Roaming plus application push edge roaming as well or let’s say we push Chrome and then the user signs into Chrome and so all their bookmarks everything applied through.
Adam Devereaux:
The combination of using policies and apps through Endpoint Manager is what gets us to a device nearly automatically or through touch list right where I don’t even have to get the computer first I can just get it right to the user. They sign into it and then all of that stuff synchronizes now. It’s not immediate, it’s a little bit like getting that new iPhone, right? When I got my new iPhone, it took about an hour or so for all of my apps to be loaded in, I can see that they would have popping in over time and things are synchronizing, it took a little bit but then it was there and I was good to go without anybody having to prep that for me
Rebecca Zaagman:
Wow. And that could be huge to think about new employee coming on board. I know we’ve even struggled with, when is of my computer gonna be here and how do I set it up, and yeah, if you think about it from the employee experience this can be a really powerful tool. There’s also some automation tools right, in terms of automating the deployment process from a new software all the way through. Can you talk about that a bit?
Adam Devereaux:
Yeah, so I think there’s two parts to that right, one is, we’ve mentioned this before in other webinars and something that we’ll probably dive into more in a future one is around HR driven user provisioning, the ability to have user accounts get created automatically through an integration to your HR platform. It can be complicated to get there but when you have that automation happening, there’s a lot of power there, but the automation of computer assignment to your organization is really powerful. So, if you’ve done a lot with iOS devices might be familiar with Apple’s DEP programs, D-E-P. And that’s really where when, let’s say and iPad is purchased, it is assigned at Apple to your company, right, so that serial number, that device, Apple knows that that is your device. And in the Windows world that’s called autopilot, where you can basically claim a device, and then even if a user let’s say completely reinstalls windows, it’s still going to be connected to your enterprise, your organization and enforce and require them to only be able to sign in with that Azure Active Directory.
Adam Devereaux:
So you can provide your autopilot information to an OEM and have those essentially drop shipped, and automatically assigned to your org, without a lot of hassle. Another area is around security they have these kind of security baselines, but allows you to manage what your antivirus or just encryption, this is a powerful one. Let’s say for Windows 10 I want to make sure BitLocker is encrypted and set up. Maybe I want to make sure that there’s some income protection requirements.
Adam Devereaux:
So things like turning on Prudential guard, enabling the use of security he’s here and he’s policies will update the security settings on that device but you know I brought up the fact that you can use it with conditional access. And that’s really a lot of the power of this as well, right, where let’s say this is an example one, Exchange Online requires a compliant device. So we said, “Here’s a compliance policy that checks for these things to be in place, and if I set a policy that says, all right Rebecca, your computer has to have BitLocker enabled.” Well, this policy, and you can think of conditional access is a little bit like a firewall for cloud access, right? It’s like an ACL or an access control list type program where I can say, “For these users, who are trying to access this application, this condition has to be met.
Adam Devereaux:
Right? Require the device to be marked as compliant. So that means that, in this instance, with this policy in place, they wouldn’t be able to get to this cloud application without using a workplace managed device that’s joined to Azure AD, joined Endpoint Manager is pointing to policies that are put in place.
Rebecca Zaagman:
So from security perspective, it’s revolutionary.
Adam Devereaux:
Yeah, it really allows significant granular control over what scenarios and somebody can access what content within Microsoft 365. Sorry, one other area I just wanted to talk about in apps, that’s really powerful as well, which is about app protection policies. So what we’ve been talking about prior to is really about when you’ve got corporate devices that are enrolled in Azure AD and enrolled in Microsoft Endpoint Manager and can be applied to iOS and Android devices, macOS devices, if they’re fully enrolled, right? But what do you do if you don’t want to fully enroll and manage devices, you might be dealing with BYOD mobile devices or maybe they’re even corporate managed devices but own devices that you don’t want to fully enroll them in MDM. Well, that’s where something called MAM comes into play or mobile application management. So a combination of kind of conditional access policies plus these app protection policies, I can say, “All right everybody, in order for you to access your work content on a mobile device, you need to have Outlook or one of these other policy manage applications.” So there’s a variety of policy management apps that are third party that we just focus on like the Microsoft ones, and say, Edge, Excel, Outlook, OneNote, OneDrive, Office, Teams, Word.
Adam Devereaux:
So I can put protections in place and I’m not going go through all of it but the simplify the way to think about it is that with mobile application management, you can enforce or require your users to use these policy management apps such as the Outlook app, and the other Microsoft maps or policy managers as well. And then your information, your work information is kind of sandbox in those applications. You can restrict the ability to take the information out of those applications. You can say that you can receive data, right, so I can copy information let’s say out of Safari and paste it into Word, but I can’t copy information out of word and paste it into the Notes app on the phone so I can also require all the encrypted on the device. I can say that, that they have to have a pin on the device, and that can also say that they have to have a pin to get into that app. So for example, every time I launch outlook on my phone. It requires my face ID in order to get into it.
Rebecca Zaagman:
So there’s a lot in here, it’s really powerful. Kind of bring it back to the ground a little bit, Adam. The problem that was solves is the fact that they’re remote workers, right, people are more spread out than ever, we’re bringing in our own devices and I prefer to work on my iPad Pro sometimes but I want to be able to like was easy to quit but to sit out on my patio and bring my iPad out there and do a quick meeting. In the past we weren’t able to manage that right, I’d could go rogue and find it in a browser but that would kind of be outside of the company’s control and this kind of helps with that. That is a true statement or way to put it?
Adam Devereaux:
That is a true statement. But I think that and more because it’s that we now what we’re moving more information into our platforms, whether it’s software cloud software that’s third party you know inside of Microsoft’s ecosystem for more information into Microsoft, Microsoft 365 And we want to have assuredness that that information is secure, that we understand how users are accessing it and we’re kind of controlling liabilities, but still enabling people to get into the information that they need in a convenient way that kind of meets their needs and their expectations for the way that services work nowadays.
Rebecca Zaagman:
Definitely, which I think is a nice kind of segue into Windows 11, which is built to better integrate with the cloud with Microsoft 365. So as we think about the modern desktop and this move toward power of Microsoft 365 With Azure and Endpoint Manager managing their devices and moving towards the Windows 11. So should we give them tour of Windows 11, Adam?
Adam Devereaux:
Sure. So one of the first things we want to talk about with Windows 11 is, it was a little bit surprise, I think a lot of people thought that they were going to stay with Windows 10 and then there’s the incremental changes in Windows 10 which has happening, right, the windows 10 that you’re using now is not the same as the Windows 10 that came out before. But they announced Windows 11, and it’s a new version of the operating system, and it’s still in pre-release, it’s still in beta essentially.
Adam Devereaux:
So, first of all, it’s fun to deploy that or install that on a device, maybe a personal device or something that’s a secondary device. We not recommend installing it on your business device at this point. There are bugs, there are weird behaviors and crashes and things that it does not really provide the reliability that a business, that you need. And aside from the fact is that, we’ve been down this road before. Every new version of Windows that comes out, you kind of have to validate that applications can work on that. Now if you’re truly all your apps are cloud based and anything else, this may not be that much of a factor, but a lot of us still have some piece of software that we have to install, and it’s uncertain, you have to go through a period of time to understand or testing to validate that that will indeed work in Windows 11 and whoever made that software will support it on Windows 11.
Rebecca Zaagman:
THere’s definitely some factors to consider and whether and when to upgrade, our kind of stance on it right now is, not yet. Hold off, if you want to explore it kind of fun because it looks different, you want to try it out, do it on a personal device, but we don’t recommend you upgrading yet. And I think, Adam, you can actually set that as a corporate policy that users can’t do it on their own, right?
Adam Devereaux:
Correct. Both with group policy, you can restrict the ability for users to enroll in the insider program, and the way that you do that is essentially in your settings, right? So if I go into my settings here, updates and security. Down at the bottom here we have this Windows Insider program, right> And so, you as a user have to be able to join the Windows Insider program and as an administrator, whether you’re using the policy or Microsoft Endpoint Manager, you can control whether or not people have the ability to do this. And in fact if you’re working on Azure AD join devices you can actually have to kind of administratively enable that through enrolling your organization in the insider program. Well, let’s say you do that. Right now, you have Windows 11, this is what it’s going to look like.
Rebecca Zaagman:
This is what it looks like.
Adam Devereaux:
Yeah, this is a virtual machine running on my computer at the moment so it may be a little bit slow at times but one of the biggest things that people see immediately is the fact that the taskbar and start menu is in the middle of the screen right, it looks very Mac like a lot of people are saying and I think that’s true. That’s certainly a common user interface element. Now, if you hate that you can actually change that you can set it to be aligned to the left side of the screen so you can say, “All right I want this over here in the left corner again.
Rebecca Zaagman:
There’s definitely some UX experience changes.
Adam Devereaux:
I think that’s really some of the biggest… You’ll note that the Start menu is different, there’s a recommended section now based on files that you’ve used previously. Now this is how you get to your all apps, search is powerful. And more and more if I were accessing these things, and you’ve got like your pinned and frequent applications right here. You’ve got your lock, sign out settings in here, and then your power and shut down restart.
Rebecca Zaagman:
And you have your widgets up?
Adam Devereaux:
Sorry, go ahead?
Rebecca Zaagman:
Widgets? That’s what you’re going to show next?
Adam Devereaux:
Yep. Widgets, that another one. Essentially they took the widgets out of the Start menu, it was kind of annoying, a lot of people don’t like that you’ll run into these weird widgets in your Start Menu. This is really where you have more power inside of this where you got news widgets, calendar, to do, and you can kind of like adding and control those widgets as well so you could say, “All right, I want, let’s say the to do Calendar, traffic other things to be included in that automatically.”
Rebecca Zaagman:
Underneath the surface, Adam, that is going to feel different for people?
Adam Devereaux:
I think the biggest thing, and there’s a lot of controversy around this is that Microsoft has at new version of Windows, there’s a new set of hardware requirements, right? And while the system requirements aren’t that serious in terms of the amount of RAM and CPU everything else, at this time, it only supports fairly new processors, right? So processors that have basically been released in the last four or five years. And it also requires the presence of a Trusted Platform Module or TPM module to be within your computer. Which if you have like a business OEM computer, HP, Dell, Lenovo, Surface, device, they’ve all had TPMs for quite a while, but if it’s like a home built device may not have installed one or may not have a TPM 2.0 module. And it’s really limited the number of computers you can run on right now, it really does have to a newer device, your six or seven year olds computer, it’s not going to be one that you can install it on right now.
Rebecca Zaagman:
Yeah, that can be one of those big factors to consider. Do you want half of your users to be at Windows 10 still or half of them on Windows 11. So you were saying, Adam-
Adam Devereaux:
A couple of more things too is the further integration into Microsoft 365 or your Microsoft account, the way that you have your windows that are patented, you can send your layouts and things that look, a lot more that synchronizes over. Teams was another one that was the kind of integration activity included baseline is kind of like a replacement for Skype Personal. This version of Windows 11 that installed for whatever reason doesn’t have that consumer Teams client installed, so maybe it’s because I’m on the beta instead of the dev version but the other thing on the back end is that they have kind of chopped off some of the older legacy things, it’s kind of continuing again that’s sort of a newer version of Windows, newer capabilities and focusing on those newer capabilities and some legacy capabilities.
Rebecca Zaagman:
It’s not a giant jump from Windows 10 because Windows has been kind of updated incrementally like you talked about. So a lot of those updates obviously flow over to Windows 11. So it feels fresh, but it’s not gonna be huge leap from Windows right?
Adam Devereaux:
Yeah. And to be honest, Windows 10 has going to be around for a long time, right? They came out with the long term service branch. As far as new versions of Windows, I think you may be seeing those coming out for yet some time, and if you’re on a newer version of Windows 10 like 180 or newer, it’s going to continue to be supported for years and years to come by Microsoft.
Rebecca Zaagman:
Okay, cool. Awesome.
Adam Devereaux:
Sorry I also suspect that they will kind of like they were getting with Windows 10 towards the end, where they were really pushing people to try to upgrade. I think we’re going see some of that as well where because it’s something that can be installed through a Windows Update. I think they’re going to really try and get a lot of users and companies to just do an in place upgrade to Windows 11.
Rebecca Zaagman:
And when does it release? October?
Adam Devereaux:
Supposedly. I guess we’ll see.
Rebecca Zaagman:
October, we’ll see. Stay tuned.
Adam Devereaux:
Exactly.
Rebecca Zaagman:
All right, so that was Windows 11. Now for another kind of confusingly named Microsoft product. Take Windows and Microsoft 365 smash them together and you’ve got those Windows 365. So I’ve got a quick video I can show really quick, does that work?
Adam Devereaux:
Yep, let’s run through it.
Rebecca Zaagman:
Awesome, here we go.
Rebecca Zaagman:
(silence)
Rebecca Zaagman:
Windows 365.
Adam Devereaux:
That simultaneously made me want it and explained nothing all at the same time.
Rebecca Zaagman:
Made me feel good though.
Adam Devereaux:
Yeah so, I think what’s interesting is, this gets a little bit complicated, but I think what’s interesting to me because I mentioned when I graduated high school, right, I’m kind of an old nerd at this point. And my first computer was an Apple II. And when we start talking about Windows 365 and also Windows Virtual Desktop for us but now calling an Azure Virtual Desktop, I have a lot of experience with remote desktop service, terminal servers VDI, and it reminds me or really this is a part of a larger almost philosophical or like paradigm of computing clash and pull that’s been a part of the beginning right because in the old days, and I’ll share a really crude…
Rebecca Zaagman:
Oh, an Adam…
Adam Devereaux:
…. diagram.
Rebecca Zaagman:
Adam diagram, here we go.
Adam Devereaux:
Yeah. So let’s go back to 1980 ish, right, around the point that personal computers first came out and they first were a thing. I’m not gonna go too long in this, let’s see if we can avoid the 10 minute rabbit hole here. But really there was the computing paradigm or the mainframe paradigm that’s how computers were for first really available for people to use at university or business, there was these massive computers that took up a room. And you had terminals, right, literally dumb terminals that you had a monitor and keyboard but you were doing nothing on that device, it was connected by wires back to the mainframe and all the computing and information storage was on that mainframe, right?
Adam Devereaux:
And really with personal computers, you can say, first it was really just the personal computer, right? Let’s say an Apple II, an Amiga, a Tandy and all of these personal computers, it was a revolution because the idea that you have personal computer in your house and this computing and storage and everything was happening on that device, you could use it for whatever purpose you wanted to. And then we got to the client server architecture for business requirements where we have a server, a dedicated computer that’s storing information on it, maybe running applications and doing things as well, like your files and databases and everything else would live. And then you still used a personal computer to run software on that device, right? So that is where computing kind of occurred within this place here, right? Let’s just say computing, for the most part, was occurring for you as the user, the client software was installed on your PC and then how to connect and talk to the server. And you had some file storage may be a split either it could be on a server or it could be on your device.
Adam Devereaux:
And this was a thing that was going on for a long period of time and we really haven’t necessarily gotten out of that. Look at what’s happened is it’s been kind of an evolution where now we have these cloud services like iCloud and Microsoft 365 or Google Cloud, where it is where a lot of the information lives, and there’s a lot of computing and things that happen. In many cases, I just need to use a web browser to get to that platform. But even when I’m using a web browser, it still matters how fast my personal devices, how much computing power that personal device has. But there’s a synchronization of the data and information, right? Again, my iPhone gets destroyed today, 99% of my information will still be available on the new device once I synchronize over to it because the cloud service is where a lot of that’s maintained and my individual device is kind of a portal to that information.
Adam Devereaux:
But it’s also where a lot of competing and things actually happen, is like when I watch a YouTube video on my phone or on my computer, the data screen on that progress video and then the decoding and all of that’s happening on my computer. And the reason why we’re still in this paradigm, it goes back and forth, is because computing and storage keeps trending towards zero. I mean, the microSD card can store a terabyte of information now, and they’re astoundingly cheap, Or like, here’s a little ESP32 based computing device that’s dual core processors and Wifi and bluetooth and all these capabilities, it’s kind of astounding.
Adam Devereaux:
But yet there still is kind of this model in which we do have more like the mainframe model right, we’re you run like a terminal server and either thin clients or your computer, you connect into that full virtual desktop environment and you get to interact with it and use it like it’s a computer that you’re on but it’s actually remote to you right?
Adam Devereaux:
And so the reason I mentioned all this is when we look at Windows 365 or Windows Virtual Desktop, it is not either or it’s an accompaniment to this Microsoft 365 platform, but it’s a way for you to have this PC that’s within a data center, essentially VDI virtual desktop or remote desktop, and you can connect to that from a variety of devices and have continuity, right? You’re connecting back into that central thing but then everything you do on it is there, it’s stored there or it’s stored in Microsoft 365 and all of the computing and everything’s occurring within that virtual desktop.
Adam Devereaux:
And on one hand you can say things like, “Well we can use cheaper devices to access it. Well, a lot cheaper devices kind of suck as far as the battery life in the form factor in the screen quality and keyboard quality and everything else.” So, all that being said, a little more specific on Microsoft or sorry Windows 365, it’s basically Windows Virtual Desktop but it’s managed by Microsoft and it’s priced differently. So that’s where you pay monthly per user and it’s going to be in that 30 to $40 range, we don’t know exactly how much it’s gonna pay for the difference skews, the different specs for your cloud PC. And that’s very similar to like Citrix and what Amazon charge for a per user cost in that regard.
Adam Devereaux:
And a lot of it’s managed by Microsoft, you really don’t have a lot of overhead to spin that up and manage that device, but it is built on Windows Virtual Desktop and the difference between the two is really that licensing scheme and the ability for you to manage that with Windows Virtual Desktop, there’s a lot more control over what type of virtual machine you’re accessing multi user virtual machines. And so you can lead to something that’s much more cost effective in the long run, but it does result in more management overhead, right?
Adam Devereaux:
So why would you want to use either of these? I think, maybe I’m team personal computer, I might be biased, but I think the use cases are probably more limited than what the marketing team at Microsoft may want you to think. And when it works well, it works really well, and it’s things dedicated engineering virtual machine so that you can connect from a basic computer to a really powerful engineering device and you can share that across people. And in any case where you have like a self hosted application that you want to be able to access from anywhere, and not have types of servers in your building, you can host that software in Azure and then use Windows 365 or WVD to access that software.
Adam Devereaux:
But for most of us, if you are already in this space where we’ve achieved the modern desktop and you’ve got a nice computer that’s connecting to Microsoft 365 and you can get to your information through that platform and then also from your other devices, there’s their kind of deal with why add like another PC that you’re going to connect to that has some awkwardness, there’s a performance issues in certain scenarios that you can only use if you have an active internet connection to it. So that’s a lot, but hopefully it made some amount of sense.
Rebecca Zaagman:
Yeah, I’d like to said, I think that Chris put this out there too, that you can try it out. There might be some really specific use cases we talked about, maybe an executive that wants to use iCloud and iPhone, all these things simultaneously or not simultaneously, but what’s the word I’m thinking of?
Adam Devereaux:
Seamlessly.
Rebecca Zaagman:
Seemlessly, yeah, there we go. So no matter what device he or she is on, can have all of their documents, their same settings, the way that it looks and feels the same it is accessible through a web browser. So you might have heard today with Windows 11, Windows 365 and not jumping out of our seats saying these are revolutionary new tools but we are encouraging you to get out of that 1999 mindset from using Active Directory of the past to moving along in your cloud journey, considering Microsoft Endpoint Manager, and taking a good hard look at your endpoint strategy and how you can make these small or big decisions and changes in your organization to modernize that process.
Rebecca Zaagman:
So we do have a workshop coming up specifically around endpoint management that’s going to take all the information we talked about today and help you figure out what it looks like for your organization. So these workshops have been really fun, they’re limited to 10 people and you can come with your questions, your ideas, and we help you workshop them for an hour. Does Endpoint Manager make make sense for you? Should you start with Windows 11 right now because of this specific use case? So we’re excited about that. I’m going to go ahead and up a poll really quick. If you would like to attend, go ahead and select Yes and I will follow up with more information as well as in the follow up email with the recording of this webinar.
Adam Devereaux:
Yeah, I think that there’s a lot more to talk about with Endpoint Manager and the capabilities therein and really unifying your management across platforms. But really the key message we want you to understand is there is a better way that’s available now, there might be a pathway to get there for you and your organization. But ultimately, there are a lot of significant improvements to IT operations, not only the user experience but really for all the people that are responsible for technology to try to free up valuable human time to focus on the more valuable human to human interaction and less focus on the things that can be automated that really are then more consistent even if they’re automated as well.
Rebecca Zaagman:
Yep. All of that focus on enhancing employee experience, right? Helping them get to the stuff they need quicker.
Adam Devereaux:
Exactly. So hopefully this has been helpful, it’s been informative. If not, feel free to tell us as well. If you have any suggestions for any other topics then go and send them our way too. We want to make sure that we’re talking about the things that are important to you and your users in your organization.
Rebecca Zaagman:
Definitely, if anybody has any questions, we’re happy to stay on for a little bit, we’d love to answer that. I’m not seeing any right now, but feel free to pop them in the Q&A or the chat
Adam Devereaux:
There’s couple of ways to follow up with us afterwards too if you’re an account manager, feel free to reach out to them with any questions. Really is this part of like a larger technology strategy for a lot of organizations and help you build out what that looks like for the next year to three years to five years what that roadmap for you looks like to really achieve maximum value for your organization. So yeah, I think with that, thanks again for attending and happy to see you here again, and we’ll talk to you again in another month or so.
Rebecca Zaagman:
All right, sounds good. Have a good day everyone.
Adam Devereaux:
Thanks everyone.
Worksighted Team
We are a team of over-enthusiastic people, ready to help our clients utilize technology to spur growth! We love technology and come to work every day eager to solve problems and find ways to impact our clients.
