With its 2015 launch of Windows 10, Microsoft set out to put a more modernized — or mobilized — spin on what it had always done best, effectively bridging the gap between Office productivity applications workers have come to love and the smartphones and tablets they prefer to use on the go.

The buy-in from mobile workers has increased just as the benefits have become harder to ignore. Maybe they sprung for the Cortana voice assistant and text analyzer. Perhaps they wanted the two-in-one touch screen devices with detachable and transferable keyboard capabilities.

Even more likely, they’ve sought a device that enables them to navigate via the same Start button they’ve used since Windows 95. The Start button is retro indeed, but by no means obsolete. Microsoft tried to take it away in Windows 8.1, but that didn’t go so well. Now it’s consolidated across all Windows 10 devices. No matter what their reasons may be, more employees are choosing Windows 10.

The Future of Workplace Mobility

By unifying all devices under a single, speedy operating system (OS) with a familiar, app-based layout, Windows 10 reduced the gap that traditionally existed between the mobile OS and its PC counterpart. Now running on over 400 million devices, it has emerged as a platform that can pave the way for the future of mobility in the workplace. This gives rise to the question of how well it can compete with its mobile predecessors.

As the years have progressed, both Apple iOS and Google Android have found their place in the enterprise, releasing new, work-relevant features on an ongoing basis while becoming easier to manage and secure with enterprise mobility management (EMM) solutions.

Microsoft’s aim for Windows 10 was not to provide the smartphone of choice among mobile workers, something that both iOS and Android have done so well. Instead, it’s differentiating with Continuum, preserving a consistent computing experience across all device types, irrespective of location. By offering a user interface developed for continuity, Continuum allows users to take advantage of a familiar style of operation across all their devices, which can now be considered endpoints with the rise of Windows 10.

Those in enterprise IT who have yet to begin honing their efforts on Windows 10 may be questioning how effectively these can be enabled, managed and secured in comparison to the iOS and Android mobile platforms that came before them. Windows 10, however, has not only kept up with the pack, but is leading by example.

Managing Windows 10

Joining the other major mobile platforms on the market, Microsoft has made it possible to manage Windows 10 at the device level for PCs, smartphones and tablets.

Offering support for Windows 10, IBM MaaS360 makes it easy to secure and configure compatible devices for enterprise use. On the security side, administrators can configure and enforce use of passcodes and place restrictions on how devices are used. They can, for example, permit or decline use of hardware level functions, such as the camera. If Windows 10 devices are lost or stolen, they can be wiped remotely with a click of a button to preserve corporate data.

To ensure mobile users can get access to email, internet and intranet, administrators can configure ActiveSync settings and Wi-Fi or virtual private network (VPN) profiles directly via the mobile device management (MDM) policy in the EMM platform.

If you have yet to update your entire environment to Windows 10, you are not alone. Rest assured, MaaS360 offers additional support for Windows XP SP3, Windows Vista, Windows 7 and Windows 8+. We understand that your migration can take time — the transition from Windows 7 to Windows 10 is a process that cannot be accomplished overnight or even over a weekend. For the time being, you can take advantage of consistency of information and actionable intelligence across all your Windows devices with MaaS360.

Windows as a Service in Four Flavors

In an effort to provide mobile users and IT organizations with easy, instant access to the latest features, functionality and security upgrades, Microsoft announced Windows-as-a-service for:

  1. Insiders who get access to the latest features pre-release to help prepare developers for a successful launch;
  2. Enterprise IT employees, who, like insiders, get early access to the next available version and test out enterprise use cases prior to general availability;
  3. Regular Windows 10 users who are willing to wait until the formal release but have full access to all new features the day they’re made available; and
  4. Organizations with specialized devices, such as those used at the point of sale (POS) or ATMs, who may not need anything but the latest available security settings.

No matter how these users or organizations come to acquire the latest software, Microsoft has gone the extra mile to ensure that the developments they’re making are easy to pull down to devices early and often.

Better Out-of-the-Box Security

To protect personally identifiable information (PII), preserve data security and uphold data privacy, Windows 10 devices are being shipped with built-in security functionality to meet the demands of mobile users and IT departments.

On the device level, manufacturers are shipping devices with trusted platform module (TPM) technology to improve hardware-level security, as well as Unified Extensible Firmware Interface (UEFI) Secure Boot to ensure that the Windows 10 devices in use are running trusted software. To protect against viruses, malware, spyware and other advanced threats, devices are shipped with complimentary Windows Defender antivirus technology, which features real-time defense and automatic updates. On the app level, IT can use Device Guard to specify which applications are trusted and permissible for use within the organization. Any other apps simply won’t run.

Native settings, such as Windows Hello, use biometric authentication to ensure only the right people are permitted access to devices and their content. Support for BitLocker Drive Encryption protects sensitive data in the event that a device is lost, stolen or compromised. For IT looking to provide security, Azure AD provides seamless, secure single sign-on (SSO) access to enterprise apps, such as Office 365, Salesforce and Dropbox.

Diverse Application Support

As far as applications are concerned, Windows 10 has all the bases covered. Mobile users can leverage the traditional Win32 applications or visit the Windows Store for the most up-to-date productivity apps available for download.

For organizations choosing to develop cutting-edge applications to address specific mobile use cases within their industry, Microsoft has opened up Universal Windows Package (UWP) to developers who can quickly churn out applications that function across the entire Windows 10 ecosystem. MaaS360 makes it easy to push out UWP enterprise applications to your entire Windows 10 fleet, including any desktops, tablets and phones enrolled within the EMM platform.

Extending its level of support for Windows 10 devices, MaaS360 recently unveiled a UWP app, MaaS360 Secure Browser for Windows 10, to safeguard the web browsing experience through category URL filtering and limitations on specific website types. To ensure that mobile workers can gain access to mission-critical enterprise resources — such as web, apps and content — remotely at any time, the Secure Browser allows admins to configure bookmarks to key websites and grant access to corporate intranet without requiring a VPN session using the MaaS360 Gateway for Browser.

Watch the on-demand webinar: The 7 Wonders of Windows 10

Information Protection

Enabled through Windows Information Protection (WIP), Windows 10 devices are built for data leak prevention (DLP). In the event that a device is compromised, the device and its data will remain secure. Enterprise apps and data on Windows 10 devices can be safely contained, keeping proprietary information separated from nonwork-related content, and restricting apps and users from gaining control over it. WIP also works to protect data in the event that a user attempts to share it externally.

MaaS360 simplifies the management of Windows 10 WIP policies across desktops, laptops, tablets and smartphones in several ways.

Data can be protected across vectors, including the network (e.g., specific domains or websites accessed for work), documents and apps. These could be UWP apps downloaded from the Windows Store or those with .exe or .msi extensions. So all data remains secure even when the user is inactive, administrators can enforce WIP when the device screen is locked.

In terms of sharing, administrators can silently encrypt enterprise data within UWP apps and audit the external sharing without intervening or notifying users. Override capabilities provide the same data encryption level, but allow users to turn the content into personal content, noting that their administrator may keep track of such activity. Lastly, administrators can block users from sharing specific content across non-corporate resources.

Learn More About Windows 10

To learn more about MaaS360’s support for Windows 10, watch on our-demand “The 7 Wonders of Windows 10,” featuring a demo. I will dive deeper into each of these themes and provide best practices for enterprise adoption of Microsoft’s latest mobile platform. I’ll also delve into the deep impact of Windows 10 across all other mobile computing platforms, which give rise to the need for unified endpoint management (UEM) capabilities in the enterprise.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read