This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
2. - Windows 8 features for security: Read more in this section
- Mind the gaps left by Windows 8 security features
- Group Policy settings alter Windows 8 configuration, user interface
- Windows To Go USB drives need Windows 8 BitLocker to secure data
- Windows 8.1 biometrics support increases security, but do you need it?
- Q&A: Microsoft's Erwin Visser on Windows 8.1 updates, security
- Top five Windows 8 security features new to Windows 8.1
- Windows 8.1 security, management enhancements entice enterprise IT
- Bring some control to cloud file sharing with Windows 8.1 Work Folders
Explore other sections in this guide:
Microsoft has begun previewing new Windows 8.1 features for IT admins to consider in their next operating system upgrade strategies.
TechTarget chatted with Erwin Visser, general manager of the Windows commercial division. Visser, who holds a degree in computer science and started his career as a developer, discussed the Windows 8.1 features for enterprises coming out at the end of this month, as well as Windows 8 security and how Microsoft will help IT pros keep pace with faster update cycles.
One of the issues that came out of the TechEd keynote is the new, faster update cadence. For enterprise IT shops, how can they keep up?
Erwin Visser: One of the things we are focused on with Windows 8.1 is to make it easier to upgrade systems. If you traditionally look at large enterprises, typically what they do to deploy a new operating system is they wipe a lot of systems. They extract the user information, then they wipe the system, and they pull down the big corporate image on the device, and then they bring in the user information again.
It's a process that works, but it's a hefty process for deploying new OSes. Our commitment is that we want to make it easier for customers to stay current.
One of the things we are advising with Windows 8.1 is for customers to update their OSes through upgrade bits instead of wipes and loads. This means that we are confident the upgrade process of the OS is created with Windows 8.1, and it will be much more lightweight for customers to deploy Windows 8.1 at least.
Taking also into account the ability to drive apps and hardware, we believe for Windows 8 customers to upgrade to Windows 8.1, it will be a relatively lightweight process -- much closer to downloading or deploying a service pack than an upgrade.
But that is from Windows 8 to 8.1. What about all those who are not on Windows 8?
Visser: For those customers, it's more of a historical deployment [method]. For Windows 7 customers … going to Windows 8 or Windows 8.1, they will still use wipe and load technologies.
Windows 7 had 44.85% of the overall desktop OS market share as of May, while Windows XP still held 37.74% and Windows 8 had 4.27%. The remaining market share was shared by Windows Vista, Mac OS X and other environments, according to NetMarketShare.
For Windows XP customers, will they go to Windows 7 first, deploy Windows 8, or will they just go straight to Windows 8.1?
Visser: There are not a lot of customers out there that are end-to-end XP and haven't started their deployment projects yet. There are still a couple in the world, but the majority of customers started to deploy away from XP a year or two years ago. That engine process has already started.
What we can say to customers because of the priority to get off XP by April 2014, don't stop that engine, [or] they will probably not be ready in time. Continue your Windows 7 deployment, but at the same time, we want to encourage them to also look at Windows 8 for specific needs like business tablets.
We have seen [that it is] relatively easy to use Windows 7 and Windows 8 in the same infrastructure. Contrary to folks with other tablets, you don't need to build a separate management infrastructure or buy separate tools. The same technology you use to manage Windows 7 PCs you can use to manage and secure your Windows 8 tablets.
What about support? If companies are slow to upgrade these faster updates every quarter, every year, is it going to be a problem for support later on? Will the gap become bigger and bigger between technology and support licensing?
Visser: With XP, it's a support question. In most of the OS upgrades, it's less of a support question.
We encourage customers not to think monolithic anymore about their user base. If you go back five, six years, maybe 10 years, customers decided on one OS, one image for all their employees, from the CEO to their task workers, and they deployed them through the organization and tried to stabilize them for the next three years.
We think in the new world, where innovation comes faster and business can be generated faster, it would be good for customers to start segmenting their user base. [There] will be pockets of people that they want to upgrade faster than they have in the past.
If you think about salespeople, business decision makers, your marketing department, your executives -- they may want to have the latest every two years. At the same time, there is potentially a group of task workers that don't have to be upgraded and have a different cycle.
We encourage people to use the tools today to enable and manage the multiple environments much more easily in the same enterprise. The tools become better so that they save the cost by being more agile ... it comes down to building the business case for customers to show that there is value in upgrading my sales force faster because it makes them more productive.
Does the new cadence encompass all Microsoft products, or is it just Windows 8?
Visser: I do think that there is the demand from the market for our customers to deliver innovation fast, and we respond on that request.
Is the story for Windows 8.1 security there for the enterprise? Is security what will push IT to be quicker in adopting Windows 8?
Visser: You can argue that we didn't get all the recognition from the market yet from the work we did for Windows 8. We made a substantial investment in Windows 8.1.
We believe that security is crucial, and a lot of customers went down a path that [may not be in] the right direction because they didn't really think through how the lack of security could impact their business. We have seen all those stories of leaks from, say, state espionage to malware and how to protect their businesses.
Does that security go across all devices -- from the smallest to the largest device? With Windows 8 and 8.1 and future versions, are there different security pieces within the devices?
Visser: The breakthrough for us with Windows 8 is that we made the step [for security], but we didn't think about securing Windows as ... an OS [specific issue] because we have it integrated with the hardware. So we start to use the UEFI -- the new hardware standard of having secure access to an OS boot -- as well as the TPM chip, as a way to improve the security of the platform overall.
We're improving it further with modern authenticators like improved support for fingerprint readers. [We were] making jokes about it yesterday with the lifeless checking mechanism. It's the MI-4 scenario [where someone's finger gets chopped off], so the new biometrics will detect that. I don't think I will chop off my finger to get access to my PC [laughs].
If you talk to defense companies, that is something they think about -- the authenticators as well as other elements of security. In this release, how can we secure personal devices? What are all the steps we can do? When someone brings in a personal device and he wants access to corporate data, how can we improve the security?
There are things like selective wipe and the fact that you can manage enterprise data and personal data. We can now put a virtual smart card on your personal device. You can put a virtual smart card on your personal device, which improves two-factor authentication, and single-factor authentication decreases the security.
Now [we offer] Workplace Join, where you identify the device to make sure [that] before it sends any confidential information to your personal device, it checks [that] device [too]. It has incremental check mechanisms. Those are scenarios to improve the mobile device usage.
Part two of this interview continues the discussion of Microsoft's mobile device strategy.
Associate site editor Jeremy Stanley contributed to this report.