Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Windows 10 hardware requirements take security head on

IT pros should follow Microsoft's guidelines for optimal Windows 10 security, but they should also take a look at what those guidelines signal moving forward.

Microsoft's official guidelines for Windows 10 hardware requirements for optimal security that fully complies with Windows standards might not hold any groundbreaking information, but it does offer some hints about where the OS is going.

The Windows 10 hardware requirements include specifications such as what the minimum processor generation should be and that the hardware should include features such as the Trusted Platform Module and platform boot verification. The list is fairly logical and unsurprising, but it clearly denotes the end of a few old computing standards.

Most notably, these developments show that legacy basic input/output systems are out, as are 32-bit OSes. In different terms, Unified Extensible Firmware Interface is the only viable boot technology going forward, and only 64-bit versions of the OS have a future in the world of Windows.

Another unsurprising development is that Microsoft recommends Windows 10 S on hardware that complies with these security hardware requirements. Windows 10 S is Microsoft's stripped-down, simplified version of Windows 10, and it is also the most secure version.

Anyone can look at Windows 10 hardware requirements for optimal security and see what their systems need. What's really important is understanding what the requirements mean and how they might affect the future of the OS.

What does it all mean?

One clear message Microsoft has sent with its Windows 10 hardware requirements for optimal security is that buyers should only purchase secure, state-of-the-art PC hardware to run Windows 10. Furthermore, they should get that hardware from authorized original equipment manufacturers, such as Dell, HP Inc. and Lenovo.

In addition, buyers should purchase laptops and computers with Windows 10 S preinstalled and use Microsoft Intune and Windows AutoPilot to deploy company software. Instead of Enterprise or Pro volume licenses, all users should move over to Microsoft Office 365 subscriptions.

This forward-looking approach comes with some issues. For one thing, Windows 10 S cannot join an on-premises domain, which suggests that Microsoft wants business users to move from local domains to join Microsoft Azure Active Directory (AD) instead.

A Windows 10 S system tutorial

Using Intune and AutoPilot then becomes a simple procedure; IT orders a new laptop for the end user and sends it directly to where it needs to be. IT does not have to physically access that device. Instead, it can set up a company store and register the device in Intune. Then, the end user takes the machine out of the box, boots it and signs in using her company Azure AD credentials. The user gets a customized Windows desktop experience set up by IT.

She is unable to install or use any legacy Win32 applications; only preapproved Universal Windows Platform (UWP) applications run in this deployment. Because Microsoft Office is now available as a UWP application suite, this plan is sound, as is moving corporate users to secure hardware, Microsoft 365 subscriptions, Azure AD and Windows 10 S.

The bottom line

Microsoft has chosen a reasonable and valid evolution path with its Windows 10 hardware requirements for optimal security. A Windows 10 S deployment through Intune and AutoPilot couldn't be easier for end users. They can simply boot a new PC for the first time, sign in with their Azure AD credentials and they're done. There's none of the hassle involved in joining a domain, and the out-of-the-box experience is fully automated. As a result, the end user winds up with a desktop where everything is set up as if IT configured it.

Business decision-makers should back this plan. They should buy every user and device a Microsoft 365 license, set up a corporate store with preapproved UWP apps, and use Intune and AutoPilot to manage that deployment. With all of this infrastructure in place, IT only needs to give an end user a new laptop and tell them to sign in to Azure AD. Everything else happens on its own like clockwork, and this delivers a predictable and reliable end-user experience.

Microsoft has chosen a reasonable and valid evolution path.

This not only makes it easier for users, but it also makes IT's work much more predictable, simple and easy to control.

In today's threat-filled world, it is nearly impossible to keep all users and devices secure. Still, running Windows 10 S on devices that meet Microsoft's security requirements, joined to an Azure AD domain, is as secure as things get nowadays.

Dig Deeper on Windows 10

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How do you go about keeping Windows 10 as secure as possible?
Great if your line-of-business apps can be moved to the cloud. Otherwise, a useless strategy except to make more money for Microsoft. Also, will have a bad effect on companies who sell "white boxes" which have high quality components but not the "approved" company logo on the outside. Microsoft doesn't seem to realize the impact eliminating staff has on the entire economy and this strategy will definitely eliminate IT jobs. If 1 million IT workers lose their jobs and they get $100,000 a year in salary and benefits, that is a $100,000,000,000 hit to the economy. Increasing the numbers only makes it worse. Also, what happens when the Internet gets taken down, possibly by a successful terrorist attack? We will be back in the days of the mainframe computer where loss of the system means no work.