The migration to Windows 10 is a top-of-mind concern for organization’s today. Windows 10’s approach to management and security makes it more than just a new version. It is a completely different platform. Designed to use modern IT primitives, Windows 10 makes traditional management practices obsolete. As a result, a Windows 10 migration brings in a new age of device management and security. Today’s post provides a Windows 10 migration blueprint for modernizing PC management with VMware AirWatch Enterprise Mobility Management.
Traditional vs Modern PC Management
Today’s workforce includes a number of highly mobile end-users. Supporting them shifts the traditional definition of PC management.
Traditional PC Management
Traditionally, only domain-joined devices connected to the corporate network could receive policies, updates, configurations, and software. These locked-down devices provided a poor end-user experience, and slowed OS patching, leaving them vulnerable to zero-day attacks.
Modern PC Management
In comparison, modern management with VMware AirWatch’s Unified Endpoint Management uses a cloud approach. The cloud enables instantaneous delivery of the same configurations, apps and updates to the device. However, it removes network and domain dependencies.
Windows 10 Migration Blueprint
Today’s post provides a Windows 10 migration blueprint for modernizing PC management with VMware AirWatch Enterprise Mobility Management. The blueprint includes:
- Overview of migration challenges
- Prescriptive migration instructions
- Resources to assist your digital transformation
Migration Schedule Planning
As a general rule of thumb, it’s best to perform the easiest migrations first. However, the devil is in the details. In order to create a schedule for migration that scales in complexity, you must evaluate your user base. Use the following variables to evaluate users in your organization, and identify your starting point:
- User’s Technical Aptitude – Start with a more technically savvy user group to increase the likelihood of initial success. Typically, the internal IT department provides a technically competent sub-set of users.
- Existing Hardware – There are two paths to getting users onto Windows 10. You can upgrade existing hardware, or replace older hardware with net new devices. Of the two options, migrating to Windows 10 on net new hardware is easier. Identify devices due for an upgrade, and plan to transition them first.[learn_more caption=”Learn More”] Windows 10 comes with many new usability and security features that may require specific hardware. Two common examples include:
- Unified Extensible Firmware Interface (UEFI)
- Trusted Platform Module (TPM) chip
Assess the current state of your hardware to see if it meets these requirements. If it does not, consider a hardware refresh to make the most out of all of the modern security features.
To upgrade, use your existing Operating System Deployment tool to embed the VMware AirWatch Agent into the image. Use the IMAGE=Y option for command line enrollment to embed the image. For assistance migrating existing end-user’s devices, use 3rd party app and data migration tools and services.[/learn_more]
- Business Impact – Identify which users or groups currently challenge existing management tools. For example, consider highly mobile remote workers that seldom use the corporate network or contractor devices.
- Device Model – Identify a single device model to work with.
Use this initial set of end users to create a template that can scale to the rest of your organization.
[box type=”info”] At this time, no tool or technology completely removes the need for human interaction. Set aside time to create user-facing documentation, and dedicate man-hours to the actual migration process.[/box]
For additional assistance in planning your migration from a project management perspective refer to solutions like MigrationStudio or SysTrack Desktop Assessment.
In addition to hardware, you need to assess your environment’s apps. Use a tool like SysTrack Desktop Assessment to determine application compatibility with Windows 10. If that doesn’t tickle your fancy, Microsoft’s [three_fourth]Application Compatibility Toolkit (ACT) is another option.
Since you’re already evaluating apps for Windows 10 compatibility, consider using the SysTrack Desktop Assessment or the Microsoft’s Application Compatibility Toolkit (ACT) to determine which apps your organization actually uses. Cleaning out apps that no longer require support, simplifies the migration process. It minimizes unnecessary app issues, and removes the cost of licensing and repackaging unused apps.
To eliminate unnecessary complexities, stop using proprietary tools to handle OS updates, device encryption, anti-virus protection, etc. Instead, use the native functionality built into Windows 10 and AirWatch Enterprise Mobility Management.[/three_fourth][one_fourth_last]
Field reports indicate that post-migration, some organizations reduced the number of apps they supported by 75%.
While proprietary tools worked fine in the past, previous versions of Windows only pushed OS updates every few years. With Windows 10, Microsoft pushes out an OS upgrade every six months. This makes apps that offer duplicate functionality a maintenance liability.
You can use the Windows – SCCM App Migration Tool to export most of your apps from Microsoft System Center Configuration Manager (ConfigMgr) to AirWatch Enterprise Mobility Management. This script dynamically pulls over apps using Microsoft PowerShell and AirWatch Enterprise Mobility Management REST APIs.
For more challenging app migrations, consider porting apps over to VMware Horizon. Horizon 7.1, powered by the Just-in-Time Management Platform, extends virtual desktop delivery to include published applications from Remote Desktop Session Hosts (RDSH).With a tightly integrated stack, fewer components, and easy maintenance, Just-in-Time Apps use VMware Instant Clone Technology to dramatically simplify deployments For more information on how to get started, refer to Just-in-Time Apps with VMware Horizon.[box]
Common App Migration Challenges
- Legacy apps with compatibility issues
- Graphic intensive apps
- Bleeding edge hardware
Group Policies Assessment
Analyze your current Group Policies (GPOs), and place them in one of three categories:
- Removing – Once again, consider the migration to Windows 10 as an opportunity to remove unnecessary policies. Carefully evaluate your key use-cases, and only keep the GPOs imperative to supporting them.
- Matching – Use the MDM Migration Analysis Tool (MMAT) to determine which of the remaining Group Policies have an MDM equivalent. The VMware AirWatch Windows 10 UEM Reviewer’s Guide explains how to access BitLocker encryption, Windows Information Protection for data loss prevention (DLP), Health Attestation for compromised detection, per-app tunneling and more through AirWatch Enterprise Mobility Management.
- Mapping – Use AirWatch Enterprise Mobility Management product provisioning functionality to import GPOs and deploy them from the cloud. The How to Import and Export Group Policy sample project provides guidance on exporting group policies from devices and importing them into AirWatch.
Windows 10 Migration Blueprint for In-place Upgrades
Migrating net new devices remains the recommended practice for Windows 10. However, in-place device upgrades do offer a number of benefits over net new device migration.
[box] Benefits of an in-place upgrade:
- Remove the need to back up data
- Upgrade more quickly
- Spend less money[/box]
Therefore, you will probably upgrade existing software during Windows 10 migration. Prior to recent enhancements to Windows 10, enterprise in-place upgrades were not feasible. The MBR2GPT tool built into the operating system for Windows 10 v1703 and above makes in-place upgrades possible.
[box type=”info”] Devices running Windows 10 require UEFI to take advantage of all of the enterprise and security features
- Prior to converting the device from BIOS to UEFI, convert MBR to GPT. You can even use BitLocker encryption to convert an MBR disk.
- BIOS to UEFI is more complex since this is unique for each hardware vendor (OEM). Reach out to your vendor for the best practices in converting their hardware from BIOS to UEFI.[/box]
In-place Upgrades for Dell Devices
For Dell devices, use the In-Place Upgrade of Windows 7 or 8 to Windows 10 for Dell devices sample code to migrate to Windows 10. These Dell specific configurations prep the device for Windows 7 or 8 to Windows 10 migration. These configurations also automatically onboard devices into VMware AirWatch Enterprise Mobility Management.
In-place Upgrades for Other Devices
For other devices, use your existing PC Lifecycle Management solution to automate required OS migration tasks. Pair command line enrollment with your PCLM tool to automatically onboard devices into VMware AirWatch Enterprise Mobility Management. For more information about the onboarding methods for Windows 10, see the VMware AirWatch Windows 10 UEM Reviewer’s Guide.
Summary of the Windows 10 Migration Blueprint
Taking the cloud-first, modern management approach for the enterprise provides positive outcomes for businesses. AirWatch Enterprise Mobility Management uniquely combines traditional requirements with modern efficiencies. This enables instant cloud management for all Windows 10 endpoints, apps, and use cases.