Understanding Windows as a service: What’s new Michael Niehaus Director of Product Marketing Microsoft mniehaus@microsoft.com @mniehaus John Marcum Managing Consultant Coretech US PJM@coretechus.com

Michael Niehaus John Marcum @mniehaus Survived 13 years at Microsoft IT: 1990-now. MS: 2004-now. Cookies

Why Windows as a service? MS Story 5/22/2018 4:47 AM Why Windows as a service? Let’s start with a simple definition: Windows as a service is a new way of staying up to date with Windows 10. But let’s start off by exploring first why we wanted to do this. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Becoming Agile with Microsoft PRISM FY16 5/22/2018 4:47 AM Becoming Agile with Microsoft Delivering new value, features and capabilities on a faster cadence Deeply integrating cloud services, both to add functionality and to simplify the process of staying current Providing unmatched flexibility and control Continually improving security, reliability, and performance Simplifying deployment and management This transformation is occurring all across Microsoft, not just in Windows. But all of our product teams have the same goals: Deliver new value and features faster (especially when it comes to ensuring the best security and simplest deployment and management possible). Integrate cloud capabilities directly into all products, to enable new scenarios (and to simplify the process of staying current). Provide the flexibility that organizations need, both “slow” and “fast,” flexibility that only Microsoft is able to deliver based on our deep understanding of enterprise needs. Staying ahead of the bad guys through significant investments in security. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Staying Secure with Windows 10 MS Story 5/22/2018 4:47 AM Staying Secure with Windows 10 Attackers take advantage of periods between releases Stay ahead of the attackers with continual Windows 10 improvements Capability Protection Gap We also need to look at changes to the overall security landscape. We used to be able to have a release of Windows every few years that established a strong security baseline – it would be patched if any security issues were found, but there would be no new security features added until the next release. That gave hackers the ability to take advantage of a protection gap between releases – they can continue to try to find vulnerabilities in the design. This protection gap is especially problematic in this age of more sophisticated attacks being perpetrated by very large hacking organizations – it’s not just “script kiddies” in basements trying to cause havoc, it can be hundreds or thousands of people making a concerted effort to steal information (or worse). But now with more frequent releases, that protection gap shrinks considerably, almost disappearing. We’re releasing new security features with each new Windows 10 feature update, in our ongoing quest to stay steps ahead of the bad guys. This makes it very hard for the bad guys – so much so that they will likely seek out easier targets (for example, users who can be tricked). Time Product Release Threat sophistication © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Improving Productivity with Windows 10 MS Story 5/22/2018 4:47 AM Improving Productivity with Windows 10 Continual improvements: New features twice per year, adding value and improving productivity Minimized end-user disruption by having less change with each release Of course Windows 10 is also important for the productivity of the information workers who use it for their day-to-day jobs. We always strive to add features to Windows 10 with each release – by doing releases more frequently we can deliver improved productivity frequently. Compared to our previous “every few year” release schedules, we also deliver these new productivity features incrementally, and as a result we can minimize the end-user disruption that can result from large changes [and potentially eliminate the need for expensive end-user training for each release]. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Supporting Hardware Innovation with Windows 10 MS Story 5/22/2018 4:47 AM Supporting Hardware Innovation with Windows 10 Hardware is changing rapidly Integration Performance Battery life Software is a key piece Power management Performance tweaks New hardware features to leverage Windows 10 is enhanced with each feature update release A few years ago, the interfaces between Windows and the hardware that it was running on were abstracted as much as possible. Add a new set of drivers and you’d be set to go. But with the current pace of hardware innovation, and the change in the nature of that hardware, that’s all changed. Now, in order to get the best performance, battery life, and overall experience from new devices, there is often a need to make enhancements to Windows itself. With the ability to release new Windows 10 feature updates every six months, we can continue to make the necessary tweaks to Windows 10 to offer the best experience. [This is the crux of our Windows silicon support policy: New Windows releases are needed to support new generations of processors.] © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Simplifying Deployment with Windows 10 MS Story 5/22/2018 4:47 AM Simplifying Deployment with Windows 10 No more big, disruptive deployment projects Easy, automated deployment process Exceptional application compatibility Deploying previous Windows releases usually required that organizations undertake big, disruptive deployment projects. With Windows 10, we’ve greatly simplified that process, moving to an automated deployment process that leverages in-place upgrades to automatically migrate all apps, data, and settings to the latest Windows 10 release. At the same time, we maintain extremely high levels of application compatibility, greatly reducing the amount of application testing that needs to be performed. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing Windows as a Service PRISM FY16 5/22/2018 4:47 AM Introducing Windows as a Service A brand new way of building, deploying, and servicing Windows Building Continual, ongoing development Deliver new features twice per year In the open, to enable and encourage feedback Deploying Stay current with simple, automated update process Unmatched application compatibility Flexible timelines, methods, tools Servicing Simplified process, to ensure consistency, stability and reliability Delivered using cumulative updates Eliminate platform fragmentation for all Windows-based devices So what exactly is Windows as a service then? With Windows 10, we’ve introduced a brand new way of building, deploying and servicing Windows – three very distinct changes, but it’s important to understand each one separately. First, we are building Windows differently – we are always working on new features, and making those available to anyone interested so they can follow along with our development process and provide feedback, well before we ship these features. Next, we are moving to a new simple update process that automatically preserves all apps, data, and settings, making it easier than ever to deploy new releases. At the same time, we’re ensuring that application compatibility is great, and that we can provide choices in tools and deployment timelines. And finally, from a servicing perspective we are simplifying the processes that we use for patching Windows each month – we want to make sure that we maintain the best possible stability and reliability for all customers. [ It’s important to note that we’re not talking about “Windows as a subscription” here. Windows as a service is not at all related to licensing or existing offerings like Windows E3/E5 subscriptions. Instead, it’s all about the three changes we just mentioned. ] © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

+500M DEVICES RUNNING WINDOWS 10 +50M IN BUSINESS “WITH THE ‘WINDOWS AS A SERVICE’ MODEL THAT’S BEEN INTRODUCED WITH WINDOWS 10, WE HAVE REDUCED OUR OPERATING SYSTEM DEPLOYMENT TIME BY 75%.” DOROTHY STEPHENSON, DIRECTOR, ITS, KIMBERLY-CLARK We have astounding numbers of PCs already running Windows 10, even in businesses – Windows 10 is the natural path forward for customers, and they are moving forward quickly. When it comes to Windows as a service, it’s important that even the process of staying up to date with twice-per-year releases is easy. We’ve been working with our early adopter customers to see how this process is working for them, and as we can see from Kimberly-Clark, we’ve made a lot of progress. But we don’t see this as a “mission accomplished” – rather, it’s a starting point that we can continue to improve with each Windows 10 feature update that we release.

What is Windows as a service? MS Story 5/22/2018 4:47 AM What is Windows as a service? So let’s dig deeper so that everyone understands what Windows as a service really means – for building, deploying, and servicing Windows 10. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service A new way of building Windows MS Story 5/22/2018 4:47 AM Windows as a service A new way of building Windows Engineering builds Broad Microsoft internal validation Microsoft Insider Preview Branch Millions Daily builds, installed immediately by the engineering teams Frequent internal self-host builds (often multiple times per week) for broader feedback Insider Preview builds (often weekly) for external validation and feedback 10’s of thousands Users Let’s talk more about how we build Windows. Each day, we will produce a new engineering build with the latest code check-ins. And each day, thousands of engineering team members install this new build, so they are always “living” the latest and greatest. Every so often, one of these daily builds will be broadly deployed to 10’s of thousands of PCs inside Microsoft for broader feedback. Only then will we consider making it available externally via the Windows Insider Preview program, where millions of people will install it and provide their feedback. This whole process continues to repeat for about six months [ corresponding to the twice-per-year goal for releasing new Windows 10 features ]. Once we’ve completed the new features and are satisfied with the overall quality of the release, we’ll then release it more broadly. Time ~6 months © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service A new way of deploying Windows MS Story 5/22/2018 4:47 AM Windows as a service A new way of deploying Windows A simple, reliable process Works for upgrading from Windows 7 or Windows 8.1, as well as staying up to date with Windows 10 Automatically preserve all apps, data, and settings Ensures a great starting point for the new OS Clean OS, with apps and settings migrated into it Check device Verify hardware requirements Check app, driver compatibility Prepare new OS Save old OS just in case Deploy new clean OS version Migrate apps, data, settings Install drivers Restore apps and settings Migrate user data and settings When it comes to deploying Windows, we have implemented a very simple, reliable upgrade process to make it easy to migrate from Windows 7 to Windows 8. 1 while automatically preserving all apps, data, and settings. Because this process worked so well for upgrading from earlier versions of Windows, we also use the exact same process to stay current on Windows 10 – each new Windows 10 release uses the same process. [While some have expressed concerns that this might result in a less-stable Windows 10 installation, we can assure you that this is not the case – the new Windows 10 operating system installation is just as reliable as a clean installation. The old operating system is left behind, with only apps, settings, and data migrated forward – fully protecting the OS in the process.] © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service A new way of deploying Windows MS Story 5/22/2018 4:47 AM Windows as a service A new way of deploying Windows Engineering builds Broad Microsoft internal validation Hundreds of millions Microsoft Insider Preview Branch Several Million 10’s of thousands Users Pilot Broad Deployment Looking at the entire timeline, from the earliest engineering builds through the final devices in an enterprise-wide deployment, you can see that we’re talking about a process that spans almost two years: Six months of active development, followed by about four months of pilot deployments, before starting broad deployment throughout the entire organization – and of course, then using this particular Windows 10 feature update until it’s time to repeat the process. Notice the “rings” defined in this picture: This is our recommended way of performing the deployment of each Windows 10 feature update, with each ring representing a group of PCs. First using a small number of pilot groups to ensure everything works as expected, then a number of broad deployment rings (primarily to reduce risk, e.g. don’t deploy the whole Accounting department at once). Time Pilot Ring IT Pilot Ring QA Pilot Ring Early Adopters ~6 months Broad Deployment Ring I Broad Deployment Ring II Broad Deployment Ring III Broad Deployment Ring IV 18 months (minimum) *Conceptual illustration only © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service A new way of servicing Windows MS Story 5/22/2018 4:47 AM Windows as a service A new way of servicing Windows With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality What customers are running What we are testing When we talk about changes to the way to servicing (or patch) Windows, it’s important to first understand how things worked with Windows 7 and Windows 8.1. Each month, we release somewhere between 1 and 20 individual fixes for each one – some security updates, some non-security updates. Most organizations deploy the security fixes right away. But the non-security fixes sometimes aren’t deployed at all. The result is that each organization ends up with their own unique Windows configuration, defined by the set of patches that they have installed. Compare that to the configuration that we test: Fully-patched PCs that have all the updates ever released installed. For each new update, we verify that there are no adverse effects on these fully-patched PCs. But we’ve seen instances where these new updates cause issues on partially updated PCs (often with specific combinations of updates) – we can’t possibly test all these different possible combinations. And affected customers wonder why we didn’t catch these “simple issues” when we did our testing. So we decided that to improve the overall quality of Windows, and to reduce the overall complexity of the patching process, we would rework the patching process altogether with Windows 10. Let’s explore these changes in more depth. Y YY Typical Windows 7 PC: Selectively Patched Windows 7 Test Lab PC: Fully Patched © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service A new way of servicing Windows MS Story 5/22/2018 4:47 AM Windows as a service A new way of servicing Windows Quality Updates Feature Updates A single cumulative update each month Security fixes, reliability fixes, bug fixes, etc. Supersedes the previous month’s update No new features Try them out with Security Update Validation Program (SUVP), other Targeting twice per year with new capabilities Minimum of 18 months of servicing and support for each feature update release Very reliable, with built-in rollback capabilities Simple deployment using in-place upgrade, driven by existing tools Try them out with Insider Preview First, it’s important to understand that we have two different types of updates with Windows 10: Quality updates, released each month with no new features to resolve security and non-security fixes, and feature updates, targeting twice per year with new features added. For quality updates, each month we will release a single update, containing all the new security and non-security fixes (but with no new features), as well as all the existing fixes from previous months. As a result, there is only ever one update that needs to be installed on a Windows 10 device for it to be completely up-to-date. We’ve learned that the servicing changes introduced with Windows 10 have tremendous benefits, so we’ve taken some of these changes back to Windows 7 and Windows 8.1 too, adjusting the monthly patching process. Changes made for older Windows releases as well, to adopt learnings from Windows 10 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Compatibility in Windows 10 PRISM FY16 5/22/2018 4:47 AM Compatibility in Windows 10 Outstanding compatibility means a smooth migration from Windows 7 or Windows 8.1, while also simplifying the process of staying current with Windows 10 Desktop apps Web sites Modern apps Hardware Organizations are observing compatibility rates above 99% High compatibility achieved through: Minimal changes to Win32 APIs Insider feedback during development Telemetry Internet Explorer 11 included (unchanged) for backwards compatibility New Microsoft Edge browser for modern HTML5-based web sites Enterprise Mode features to ensure proper use High compatibility achieved through: Validation of Windows Store apps Insider feedback during development Telemetry Significant investments, enhancements in each release Windows 10 supports all devices capable of running Windows 7 and above Identical hardware minimum requirements as Windows 7 Strong driver compatibility, with updates delivered as needed through Windows Update As customers have told Microsoft, application compatibility is a key pain point in the OS deployment process. So with Windows 10, we are doing everything we can to make sure that existing apps “just work.” Microsoft understands the challenges that many organizations experienced as part of their Windows XP to Windows 7 migrations, and is working hard to ensure that compatibility between Windows 7, Windows 8 and Windows 10 is excellent. This also applies to hardware: Windows 10 is designed to have the same overall hardware requirements as Windows 7 and Windows 8, making it possible to run Windows 10 on your existing devices. For desktop apps, compatibility will also be very good, with a significant percentage of apps that “just work” on the new OS. (We would expect this to be in the high 90’s, percentage-wise. We can’t guarantee that all apps will work, as developers can always find a way to cause things to break, but this should be the exception. Our experience with customers that have moved from Windows 7 to Windows 8.1 has shown very good desktop app compatibility, and it should be just as good when moving to Windows 10.) We know that web app compatibility has also been a challenge for organizations, which is why we invested in Enterprise Mode IE to support older web apps being used in an organization. These Enterprise Mode capabilities were originally included in Windows 7 and Windows 8.1, and carried forward to Windows 10 to ensure that that it’s easy to move to Windows 10 – IE doesn’t change, so the web apps “just work.” We’ll continue to support Internet Explorer on Windows 10 for a long time, while at the same time continuing to add new browser features through the new Microsoft Edge browser. For existing Windows Store apps, including modern line-of-business apps, these should just work as well. (As we make changes to the Windows Runtime environment that these apps run in, we can try out existing apps from the Windows Store to ensure we don’t break anything. As a result, we know pretty quickly if we’ve introduced any issues, and we can quickly resolve these before an organization even sees the issue.) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Compatibility in Windows 10 MS Story 5/22/2018 4:47 AM Compatibility in Windows 10 Get links to Windows 10 ISV support statements Get usage information for every app version, and use that to target testing http://www.readyforwindows.com We are actively engaged with ISVs, to ensure full support for Windows as a service Of course organizations also often want to know whether ISVs support Windows 10 with their applications, so we’ve been working with ISVs to create a new web site, ReadyForWindows.com, that has links to the detailed support statements for many of the apps that you use, making it that much easier for you to perform your due diligence to ensure Windows 10 support for key critical apps. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

(previously Upgrade Analytics) Introducing Windows Analytics A suite of tools to reduce deployment and support costs Upgrade Readiness (previously Upgrade Analytics) Update Compliance (In Preview) In Development It’s important to understand that Windows Analytics is a suite of tools, expected to grow over time. Today, that suite includes two tools: Windows Analytics Upgrade Readiness (which used to be called Windows Upgrade Analytics), which helps organizations plan for Windows 10 upgrades by helping identify and resolve app and driver compatibility blockers. [This is now generally available.] Windows Analytics Update Compliance, designed to ensure update and antimalware compliance with reports showing status for all your devices, what devices might need attention, and more. [This is presently in preview.] Additional tools are currently in development. Plan upgrades by identifying devices that are ready and identify and resolve app and driver compatibility blockers. Ensure update and antimalware compliance with timely reports for all your devices (even those on the road). Watch for additional analytics solutions currently in development.

MS Story 5/22/2018 4:47 AM Windows Analytics Upgrade Readiness A free tool for guiding you through the process Pull together key information Telemetry-based app and device inventory App and driver compatibility details App usage and support info from Ready For Windows Establish a process Prioritize apps Identify issues Remediate using provided information Drive deployment Identify machines that are ready to deploy Integrate with Configuration Manager and similar tools We are also working on additional tools that can help with various parts of the upgrade process. One of those is Windows Analytics Upgrade Readiness, which leverages telemetry from the PCs in an organization to see exactly what’s going on with the apps and devices in your organization. When combined with lists of known issues that we keep track of, we can not only show you which devices have issues, but we can also suggest remediations that can be performed ahead of time to resolve those issues well in advance of the actual upgrades. This free tool is available today, from http://www.microsoft.com/en-us/WindowsForBusiness/WindowsAnalytics. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Web App Compatibility A dual-browser strategy 5/22/2018 Switch back to Microsoft Edge automatically for all other sites Use Microsoft Edge as a safer, faster, more productive default browser Switch automatically to Internet Explorer 11 for approved sites on the Enterprise Mode Site List Provides support for web apps designed for Internet Explorer Supported on Windows 7, Windows 8.1, Windows 10 Upgrading web apps to modern standards is the best long-term solution, but you can use Internet Explorer 11 for backward compatibility and upgrade web apps on your own schedule © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Windows 10 Enterprise LTSB Designed for special purposes Provided for two different audiences Windows 10 IoT Enterprise LTSB For VARs, system builders, and OEMs building special-purpose devices (limited use license) Windows 10 Enterprise LTSB For enterprise organizations with similar special- purpose IoT-like needs (unrestricted use license) Designed when absolutely no feature changes can be tolerated for the life of the device Industrial or medical control PCs, ATMs or self- checkout devices, etc. 10-year servicing and support lifecycles, with no new features for the entire duration Self-updating features and those driven by cloud services are removed: Microsoft Edge, Cortana, Store, and all in-box apps Releases expected every three years Silicon support policy applies (new Windows release needed to support new processor generations) Not intended for information worker PCs It’s important to note that we do have another Windows 10 Enterprise “long term servicing branch” (LTSB) release, designed for special-purpose devices. This is often delivered preinstalled on devices created by device manufacturers (often referred to as “embedded” devices), but it’s also available to enterprises with Windows 10 Enterprise E3 or E5 subscriptions. It’s important to understand what we mean by “special-purpose device”: It’s those devices that can tolerate no feature changes of any kind for the life of the device. Devices used by information workers, e.g. devices running Office 365, would be considered “general-purpose” devices, and those devices are much better served by the normal twice-per-year Windows 10 releases. While these LTSB releases have longer (10-year) servicing and support timeframes, there are some features are not included because the features themselves are self-updating with new functionality that makes them incompatible with the idea of LTSB. Microsoft Edge, Cortana, the Windows store, and all of the in-box apps (even the Calculator UWP app) are removed. We expect to have new LTSB releases approximately every three years. Note that the Windows silicon support policy applies to LTSB releases too, meaning that new releases are required to support new processor generations. [Today, Windows 10 Enterprise LTSB 2015 supports up through Skylake processors, while Windows 10 Enterprise LTSB 2016 supports up through Kaby Lake processors. New processors release will be supported by the next LTSB release, which is expected in 2019.]

How to do Windows as a service MS Story 5/22/2018 4:47 AM How to do Windows as a service So what needs to be done to implement Windows as a service? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service Moving from project to process MS Story 5/22/2018 4:47 AM Windows as a service Moving from project to process Plan and Prepare Windows Insider Preview Channel Pilot Semi-Annual Channel Broadly Deploy Semi-Annual Channel Prepare for new release by evaluating new features Provide feedback on changes, any issues encountered Validate apps, infrastructure, and hardware to prepare for broad deployment Lab machines, some IT devices, developers Early adopters, volunteers, IT Information workers General population Looking at the bigger picture, we recommend that all organizations have a small number of PCs participating in the Windows Insider program, for a couple of reasons: Certainly we want you to try out new features and provide feedback on those. But we also want to make sure that your apps continue to work – out goal is to have as close to perfect compatibility as possible. [ While we wouldn’t necessarily suggest testing all apps with the Insider Preview builds, since they are changing frequently, it is often useful to try to go about your normal tasks using a preview build. ] Once we have completed the development process, we’ll release the new feature update to the Semi-Annual Channel [a logical name, since we plan to have releases every six months]. Initially, we would expect organizations to use this new feature update for pilot deployments, great for validating apps, infrastructure, devices, and more prior to the broad deployment. For most organizations, a pilot deployment to perhaps as little as 10% of the devices in the organization could be sufficient. [ Ideally those 10% of PCs would cover a wide variety of workers, so that 80-90% of apps are validated just by those people doing their normal jobs. ] After a period of about four months (during which time the apps, infrastructure, and devices have been validated), the feature update should be ready for broad deployment to the remaining PCs within the organization. To help organizations with their validation efforts, Microsoft also goes through a “ready for broad deployment” declaration process to signal to organizations that broad deployment can begin. This declaration process is made based on the feedback from a variety of OEMs, ISVs, and organizations – we won’t make the declaration until we are truly confident that the feature update is ready for broad deployment. [Of course every organization is different, so some may begin deploying broadly earlier, while some may wait longer – the “ready for broad deployment” declaration is just meant as a guideline to help organizations make that call.] NUMBER OF DEVICES Time Release © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service The process of a release MS Story 5/22/2018 4:47 AM Windows as a service The process of a release New Windows 10 Semi-Annual Channel Release Windows Insider Preview Channel Evaluate new features Provide feedback on changes, issues Deploy to pilot audiences Validate and prepare for broad deployment Deploy to all audiences, in waves to reduce risk Before we look at specific timeframes or cadences let’s start by looking at the phases of the release lifecycle. We’ve been listening to your feedback about the release cadence and time you need to evaluate new updates. We have meet with many IT leaders to hear their thoughts first hand. As a result, we have made some changes to make it easier for you to be adopting ongoing Windows releases. Each individual release lifecycle starts with a Plan and Prepare period, using the Insider Preview Channel builds. Here you have time to evaluate the product for about six months before release and let us know what you think, what works, and what doesn’t. You can get early looks at the product to give us this feedback by signing up for the Windows Insider program or the Windows TAP program. After the development and stabilization efforts are complete, a new Windows 10 Semi-Annual Channel feature update will be released. After release, we expect organizations to begin Piloting, starting with smaller groups of devices and expanding out to validate on a broader scale, in order to ensure that all apps, infrastructure, and devices work well with the new release. After 4 months most organizations will be ready to begin broad deployment and the Deploy/Use phase begins. Each Windows 10 feature update will be serviced for a period of 18 months, starting from the Semi-Annual Channel release date. [Click] Of course this process repeats itself, with a new cycle starting immediately after the Semi-Annual Channel feature update release. 6+ months of active development ~4 months 14 months 18 months to validate, deploy, and use each release The process repeats… © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a Service Predictable and clear timeframes 5/22/2018 Windows as a Service Predictable and clear timeframes 2017 2018 2019 2020 Windows 10 1703 Windows 10 1709 Windows 10 1803 With the changes that we recently announced (https://blogs.windows.com/business/2017/04/20/windows-office-align-feature-release-schedules-benefit-customers/#wjrxZzfBJ4PW0Edz.97), Windows 10 feature updates will now be released twice per year, around March and September. [The exact dates can be variable, as we won’t release before we are confident that the necessary quality levels have been achieved.) Each of these releases will be serviced for 18 months from the date of release. This regular rhythm ensures predictability – you will always know when to expect a new Windows 10 release and when older releases are going to be retired. [Also note that these releases will be aligned with releases of Office 365 ProPlus. The Semi-Annual Channel releases of Office 365 ProPlus will also happen twice per year, around March and September, and just like Windows 10 each release will be serviced for 18 months from the date of release. System Center Configuration has also extended their servicing timelines for each ConfigMgr current branch release to ensure 18 months of servicing and support for each.] Windows 10 1809 Plan & Prepare Pilot Broad 18 months for each release MICROSOFT CONFIDENTIAL © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Windows as a service Changing the process MS Story 5/22/2018 4:47 AM Windows as a service Changing the process It’s probably fairly obvious that the traditional Windows deployment project, which organizations would typically do every 3-5 years, needs to change. These changes are need to reduce the overall effort to something that can reasonably be performed twice per year. Let’s drill into the differences between old and new to understand how to do this. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MS Story 5/22/2018 4:47 AM What needs to change Total costs over 3-5 years of WaaS needs to be the same or better than the traditional deployment project cost Application testing and validation Infrastructure remediation, upgrades Deployment itself All need to be reduced by nearly an order of magnitude Imaging costs can be eliminated Resource requirements are balanced and consistent over time See Microsoft’s own Windows 10 deployment case study at http://www.microsoft.com/itshowcase/Article/Content/668 When we look at the breakdown of the traditional deployment project, we can see that it is composed of four major components: Application testing and validation The deployment process itself Infrastructure updates Image creation process To reduce the overall effort, each one of these needs to be reduced by nearly an order of magnitude: For apps, we need to reduce the number of apps that we test. For infrastructure, we need to reduce the dependencies between Windows 10 and other infrastructure components, and in cases where these dependencies can’t be eliminated, make it easier to update the infrastructure. For the deployment process, we need to shift from traditional wipe-and-load deployments to in-place upgrade. And since we’re using in-place upgrade, we don’t need custom images at all. Of course customers want proof that this can be done, and we’re working on customer case studies that explore this in greater detail. In the meantime, it’s worth noting that Microsoft’s own deployment took only a few weeks – see the IT showcase whitepaper for more information. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What needs to change Plan and Prepare with Insider Preview MS Story 5/22/2018 4:47 AM What needs to change Plan and Prepare with Insider Preview Pilot with the Semi-Annual Channel release Broadly deploy the Semi-Annual Channel release Feature implementation So what does this look like operationally? Let’s explore the typical tasks that need to be performed: Plan and prepare with Insider Preview. Key IT personnel (often architects or other high-level IT personnel) follow the development of each Windows 10 release through the Insider Preview process, providing feedback on the new features, while at the same time investigating new features. Pilot starting as soon as the Semi-Annual Channel feature update is released. A group of IT personnel need to begin the deployment of a new Windows 10 release throughout the organization, to make sure that it’s ready for broad deployment validating apps, devices, infrastructure, etc. and responding to user feedback. After the pilot deployments have validated that the apps, infrastructure, and devices are working well, broadly deploy the feature update to the rest of the organization. Typically the same group of IT personnel performing pilot deployments will also manage the broad deployment of that release. Because this broad deployment can overlap with the piloting of a brand new release, it’s common for this group to be working on more than one Windows 10 release at a time. Feature implementation. Some Windows 10 releases may have new features that require some extra implementation steps – the Windows 10 release can be deployed without those features enabled, so separate IT personnel can take care of enabling the feature outside of the ongoing deployment process. Time © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MS Story 5/22/2018 4:47 AM What needs to change Creating teams responsible for implementing the process Plan and Prepare Team Working with Insider Preview builds Providing feedback on features and compatibility Identifying needed feature implementation teams Deployment Team Performing business-critical app validation Conducting initial pilots for each release Driving broad deployments of each release Reacting to issues encountered Feature Implementation Teams Formed as needed to implement new features Can be done synchronously with the deployment of a release or later Pilot Broadly Deploy Implement Features Plan and Prepare It’s useful to think of the described tasks as being performed by “teams” whose responsibilities map closely to the tasks described previously: The “Plan and Prepare” team gets ready for what’s next. The “Deployment” team performs pilot and broad deployments. “Feature Implementation” teams are formed as needed to implement new Windows 10 features. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How to validate applications MS Story 5/22/2018 4:47 AM How to validate applications Create and maintain an app portfolio Prioritize, identifying critical apps Validate business-critical apps Leverage pilots for broader validation Complete list of apps and web pages used throughout the organization Business and IT experts identified IT works with the business to eliminate duplicates, define supported versions Business critical Managed Supported Unsupported Blocked Structured testing, using predefined test plans executed with business and IT experts Automated if possible Target small percentage of apps IT pilot, to gauge infrastructure, environment, and business productivity app readiness Business pilot, targeting the broadest set of applications possible Broad deployment using rings, to minimize risk Let’s explore how to validate applications with Windows 10. Remember that we’re starting from a position of very high compatibility for both desktop and web apps. As a result, it’s counter-productive to test everything, especially since we’ve observed that even the best testing doesn’t find many issues – you still need to use the apps in the “real world” to confirm that they really work. So we need to do things differently. All organizations should already have (and be actively maintaining) an app portfolio – the complete list of apps and web pages that are used throughout the organization. This portfolio needs to be rationalized – eliminating duplicates, older versions, etc. So we’ll start with an assumption that you’re already managing this as a best practice. Once you have the app portfolio identified, it can be prioritized: Business critical apps are those that are needed for the business to function; managed apps are those actively maintained by IT; supported apps may not be IT-managed, but IT still provides active support for them. Unsupported apps might be tolerated, but IT takes no responsibility for ensuring they work. And blocked apps are considered detrimental, so IT actively tries to keep them out. With that prioritized list, the focus should then be on the business-critical apps – typically 10-20% of the total application portfolio. For those, proactive testing makes sense – ensure everything works before most pilot activities. This testing is typically done with written, predefined test plans, and often automated to make it easy to do (leveraging business and IT experts to define what should be tested). Once those business critical apps have been validated (and remediated, if necessary), then the goal is to leverage additional pilot deployments, often called “rings”. The goal is to identify a relatively small group of PCs that covers the broadest set of apps – often 10% of the PCs can cover 90% of the apps used in an organization. But this isn’t about formalized testing – the goal is for the participants in the pilot rings to just go about their normal day-to-day activities. If they happen to encounter an issue (which is expected to be fairly rare), then they can contact the IT helpdesk to see what remediation steps can be taken. This is basically a reactive approach to broad app verification – assume apps will work, wait for proof that indicates otherwise. Once the pilots have completed and any issues encountered have been remediated, then broad deployment can begin – at this point, it’s primarily just a risk reduction exercise, targeting subsets of populations (e.g. only do a third of the Accounting department at once), expanding to new rings reasonably quickly, as long as no new issues are reported. This is definitely a departure from the traditional “we must validate everything” approach that is often used today. But it’s this type of change that is truly necessary. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identifying a tool to use PRISM FY16 5/22/2018 4:47 AM Identifying a tool to use Windows Update for Business Windows Server Update Services System Center Configuration Manager Windows Update Cloud Upgrades installed as they are released (subject to throttling) Delivery optimization for peer-to-peer distribution Only option for Windows 10 Home Cloud Upgrades can be deferred Builds on top of Windows Update Uses Windows Update for content On-Prem Upgrades are deployed when you approve them Content distributed from WSUS servers Requires KB3095113 BranchCache to reduce bandwidth On-Prem Choice of task sequence- based upgrades or (with vNext) software update capabilities Content distributed from ConfigMgr DPs BranchCache to reduce bandwidth We have a variety of tools that can be used by organizations to implement Windows as service. Fortunately, most organizations are already using one of these tools, so as long as you are using a reasonably current version of them, you’re already got what you need. The simplest possible tool to use is Windows Update: just point all PCs to the Windows Update cloud service and let them update themselves as new feature updates are released. Most organizations probably want more control over that process, and we’ve provided those controls as part of Windows Update for Business, an additional layer of control that sits on top of the Windows Update service to provide more advanced capabilities. For organizations already using WSUS or ConfigMgr, both have built-in capabilities for managing feature updates. For more details on these tools, see the Windows 10 content that we have published on http://technet.microsoft.com/Windows10. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Addressing Challenges MS Story 5/22/2018 4:47 AM Addressing Challenges So what needs to be done to implement Windows as a service? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows as a service Optimizing feature updates Expected twice per year Minimum of 18 months of servicing for each release Deployed over an extended period of time, allowing traffic to be spread out (unlike quality updates which often have short deadlines) Complete set of operating system files ESD files are about 30% smaller! Highly recommended to use ESD files (provided by WU or WSUS) instead of media (through ISOs) Deployed like an update, performs an in-place upgrade Takes 30-90 minutes, depending on hardware While quality updates are released every month, features updates are only expected a couple of times per year. Organizations will deploy these over a period of months, starting with pilots before expanding to broad deployment. [These are installed like an update, but behind the scenes an in-place upgrade is performed. This can take 30-90 minutes, depending on the PC’s capabilities.] So how big are these? If you look at the Windows 10 media, the size is about 3.5GB for Windows 10 64-bit and 2.6GB for Windows 10 x86. But if you are using Windows Update, Windows Update for Business, WSUS, or ConfigMgr’s Windows 10 servicing feature, they all use ESD files instead, and these are smaller: The 64-bit version is only 2.5GB, while the x86 version is 1.9GB – that’s 30% smaller. So using a ESD-based approach is highly recommended.

Windows as a service Optimizing feature updates Support for differential upgrades Determine what files have changed, then only download those Potential savings of about 35% over current ESD sizes Targeting the feature update planned for later in 2017 Management and patching tools will need to be updated to support this new capability End user experience is unchanged Deployed like an update, performs an in-place upgrade Takes 30-90 minutes, depending on hardware We are working more enhancements too, by implementing an differential upgrade capability. By only downloading the files that have changed, somewhere around an additional 35% reduction in the download size can be achieved – that’s well under 2GB for x64, and well under 1.5GB for x86. [Exact sizes can vary due to many factors, so 35% is an estimate. With 35% savings, a 64-bit upgrade would only needto download about 1.6GB, with a 32-bit upgrade only needing 1.3GB.] This differential upgrade capability will be delivered later in 2017 [so not for the next feature update, but for the one after that]. It will also require changes to management and patching tools [like ConfigMgr] to support this. Note: Percentage savings are estimated and can vary due to many factors.

Optimizing quality update downloads using Express Updates Microsoft Ignite 2016 5/22/2018 4:47 AM Optimizing quality update downloads using Express Updates But in many cases, PCs don’t need to download the full update. Instead, through a technology called express updates PCs only need to download the components that changed since the previous update. When using this, each Windows 10 1511 PC downloads around 100MB per month. That’s very manageable, and in line with the sizes that you’ve seen with previous Windows releases. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Optimizing quality update downloads using Express Updates Microsoft Ignite 2016 5/22/2018 4:47 AM Optimizing quality update downloads using Express Updates Requires Windows 10 changes Requires tool changes Will be enabled for Windows 10 1607 and Windows 10 Enterprise LTSB 2016 (and beyond) Enables management and patching tools to leverage express updates Windows changes due in Q2 2017 Delivered as part of a cumulative update Support to be added to System Center Configuration Manager 1702 release New Windows capabilities being documented for use by any management or patching tool Contact the tool ISV for details on their implementation plans and timelines Express updates are already supported by Windows Update, Windows Update for Business, and WSUS. But what about other tools, like System Center Configuration Manager? Due to limitations in Windows, ConfigMgr can’t currently use these. But support for this will be added to Windows 10 1607 (and Windows 10 Enterprise LTSB 2016) early next year. Once that’s in place, ConfigMgr 1610 or later will be able to leverage express updates, getting the same order-of-magnitude benefits as you would see with the other tools. [If the customer has a third-party management or patching tool:] We will also be documenting how third-party tools can do the same thing. Contact the ISV for your tool to see what their plans are for supporting this. Will reduce network traffic by an order of magnitude! © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Distributing content using peer-to-peer MS Story 5/22/2018 4:47 AM Distributing content using peer-to-peer The server and data center are bottlenecks The edges of the network have more capacity Using peer-to-peer technologies shifts the traffic to the edges BranchCache (with WSUS, ConfigMgr) Delivery Optimization (with WU, WU for Business) ConfigMgr Peer Caching (ConfigMgr current branch) Third-party alternate content providers (ConfigMgr) 90% or more of the traffic can be shifted Simple to implement, great for large and small offices Immediate return on investment Wireless Access Point Wireless Access Point Another common concern voiced by organizations is the size of the feature upgrades that we plan to (eventually) release twice per year. These can be in the 2.5-3.5GB range – distributing that much content to thousands of PCs may seem daunting, especially when looking at existing infrastructure bottlenecks – datacenter switches, distribution point servers, etc. But this is not an insurmountable problem – usually there is lots of network capacity at the edges of the network, so the only challenge is how to effectively use that capacity. Fortunately, we have technologies that can help with that. BranchCache, which can be used with WSUS and System Center Configuration Manager, and Delivery Optimization which is used with Windows Update for Business, both support peer-to-peer distribution of content. With these in place, you can shift the majority of the network from the datacenter out to the edges of the network. One client on each network segment can download the complete content, then begin sharing it with other clients. This is highly efficient, shifting more than 90% of the network traffic. (And it’s great for other types of content distribution too, e.g. software updates and app upgrades – really anything distributed from Windows servers using HTTP and BITS.) The best thing about these technologies are that they are easy to implement, and built into Windows 10 Pro and Windows 10 Enterprise (as well as Windows Server for the server-side pieces) so there are no additional costs involved. Router Router Data Center Server Switches Data Center Server Switches Without peer-to-peer With peer-to-peer © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/22/2018 4:47 AM Call to action Understand that Windows as a service requires some changes Begin piloting Windows 10 Implement a Windows 10 servicing process In summary, it’s important to realize that moving to Windows as a service will require changes – moving from big deployment projects every 3-5 years, to much smaller and more streamlined processes twice per year. The first step down this path is to begin piloting Windows 10 – we can certainly help with that. [ Mention the Accelerate program if appropriate for the customer. ] And be thinking about how you want to stay up to date with Windows 10 leveraging one of the servicing tools that we talked about. Thanks for your time. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.