Microsoft's official guidelines for Windows 10 hardware requirements for optimal security that fully complies with Windows standards might not hold any groundbreaking information, but it does offer some hints about where the OS is going.
The Windows 10 hardware requirements include specifications such as what the minimum processor generation should be and that the hardware should include features such as the Trusted Platform Module and platform boot verification. The list is fairly logical and unsurprising, but it clearly denotes the end of a few old computing standards.
Most notably, these developments show that legacy basic input/output systems are out, as are 32-bit OSes. In different terms, Unified Extensible Firmware Interface is the only viable boot technology going forward, and only 64-bit versions of the OS have a future in the world of Windows.
Another unsurprising development is that Microsoft recommends Windows 10 S on hardware that complies with these security hardware requirements. Windows 10 S is Microsoft's stripped-down, simplified version of Windows 10, and it is also the most secure version.
Anyone can look at Windows 10 hardware requirements for optimal security and see what their systems need. What's really important is understanding what the requirements mean and how they might affect the future of the OS.
What does it all mean?
One clear message Microsoft has sent with its Windows 10 hardware requirements for optimal security is that buyers should only purchase secure, state-of-the-art PC hardware to run Windows 10. Furthermore, they should get that hardware from authorized original equipment manufacturers, such as Dell, HP Inc. and Lenovo.
In addition, buyers should purchase laptops and computers with Windows 10 S preinstalled and use Microsoft Intune and Windows AutoPilot to deploy company software. Instead of Enterprise or Pro volume licenses, all users should move over to Microsoft Office 365 subscriptions.
This forward-looking approach comes with some issues. For one thing, Windows 10 S cannot join an on-premises domain, which suggests that Microsoft wants business users to move from local domains to join Microsoft Azure Active Directory (AD) instead.
Using Intune and AutoPilot then becomes a simple procedure; IT orders a new laptop for the end user and sends it directly to where it needs to be. IT does not have to physically access that device. Instead, it can set up a company store and register the device in Intune. Then, the end user takes the machine out of the box, boots it and signs in using her company Azure AD credentials. The user gets a customized Windows desktop experience set up by IT.
She is unable to install or use any legacy Win32 applications; only preapproved Universal Windows Platform (UWP) applications run in this deployment. Because Microsoft Office is now available as a UWP application suite, this plan is sound, as is moving corporate users to secure hardware, Microsoft 365 subscriptions, Azure AD and Windows 10 S.
The bottom line
Microsoft has chosen a reasonable and valid evolution path with its Windows 10 hardware requirements for optimal security. A Windows 10 S deployment through Intune and AutoPilot couldn't be easier for end users. They can simply boot a new PC for the first time, sign in with their Azure AD credentials and they're done. There's none of the hassle involved in joining a domain, and the out-of-the-box experience is fully automated. As a result, the end user winds up with a desktop where everything is set up as if IT configured it.
Business decision-makers should back this plan. They should buy every user and device a Microsoft 365 license, set up a corporate store with preapproved UWP apps, and use Intune and AutoPilot to manage that deployment. With all of this infrastructure in place, IT only needs to give an end user a new laptop and tell them to sign in to Azure AD. Everything else happens on its own like clockwork, and this delivers a predictable and reliable end-user experience.
This not only makes it easier for users, but it also makes IT's work much more predictable, simple and easy to control.
In today's threat-filled world, it is nearly impossible to keep all users and devices secure. Still, running Windows 10 S on devices that meet Microsoft's security requirements, joined to an Azure AD domain, is as secure as things get nowadays.