Since its initial release in July 2015, Windows 10 has had four major feature updates released with a fifth one pending next month. In addition, monthly cumulative updates have been released along the way to address bugs and any performance issues that have cropped up in the OS. Whether you agree with the pace of these releases or not, Microsoft has embraced this agile development approach and it appears to be locked in as the norm for the foreseeable future.
The first big milestone for the Redmond company is to get all Microsoft commercial customers migrated over to Windows 10 -- yes, we’re talking about enterprises, businesses, and other organizations. Microsoft has made some significant investments to support this goal with the development of multiple tools, services, and other resources to ease customers’ planning and execution of Windows 10 migrations.
Timing is everything in this process, because the official lifecycle of support for Windows 7 ends just 21 months from now, and the last thing Microsoft wants to see is a repeat of the slow migration from Windows XP to Windows 7.
I recently interviewed Craig Dewar, the Senior Director of Product Marketing for Microsoft 365 Windows Commercial. We discussed several aspects of the migration work with Microsoft commercial customers, including why Microsoft decided to extend feature update support for those already on Windows 10, and what has surprised the company about this migration to Windows 10.
You recently extended support for three Windows 10 feature updates. What made the company realize they needed to do this?
It’s all sort of grounded in the change of culture that’s going on in IT as they move from the old way of doing things in a Windows environment, these large monolithic upgrades every five to seven years to more of that service model where they’re doing small and more iterative kinds of things.
The analogy I use for it is if you think about the change that’s going on in the developer landscape; think about moving from a waterfall-based development methodology to an agile based development methodology. That same cultural change is going on right now in IT.
Since it is a cultural change, it takes a while for customers to shift.
And if you think about how you’d have to operate in a Windows as a Service world, where we’re releasing feature updates every six months, and you have an 18-months support window for that release, you have to be able to turn your estate over in an 18-month period. And most customers have processes tooled to do that in a much slower fashion.
So we started off with, maybe, a slightly too aggressive of a window for people and we had feedback directly from a number of customers who had implemented 10 and they said, “We’re rolling on this model but we just need a little bit longer on these few sets of releases as we think about changing over to new tooling.
There are less than two years of support left for Windows 7 – how does this countdown and migration period differ from the XP-to-7 experience?
There’s two things that are significantly different. The first one is the reason to move in the first : All around security posture.
If you look at what happened in the XP to 7 world, that kind of meme was not out there in the same way. Most [Microsoft commercial] customers who have already began their journey to Windows 10, the primary reason that they saw it is they want to get to a better security posture. And you see this from very large government entities like the Department of Defense who came out and said that, all the way down the chain.
And what’s really interesting about that is if you look back at the historical Windows upgrades they were aligned by industry. You would see the early people that went in the previous releases, so like XP to 7 tended to be things like professional services companies. They want to put the latest tools on the hands of their consultants, they’re not regulated, they have the ability to move and shake a little bit easier than, perhaps, some other industries. So they would always go first.
Then you would have sort of a lagging set of industries that were always driven by an end-of-support cycle and they took a long time to go there. They were financial services, healthcare and government, for the most part.
Now what you see in the Windows 10 world is – of course, the professional services companies have still gone fast. And so, like our largest public story we’ve told around deployment is Accenture and how they are doing. But in parallel, the people who have usually been the slowest have got the most at stake from the [improved security] point of view. That’s the DoD, it’s the oil companies, it’s financial services. So you understand how that’s different than any time that it happened before.
We’ve spent a ton of time with the teams there helping with those projects and making sure that they’re going to be super successful with them. So that’s a big difference. And when you add those things together and you look at run rate which you were doing the math on, the run rate was already one and a half times faster than the previous one, so people are moving much more quickly.
Point two that’s different is application compatibility. When we moved from XP to 7 there was so many framework changes and all kinds of stuff like user account control (UAC). If you think about all of that stuff it was a dramatic change that broke huge classes of apps.
When you look at 7 to 10, with a very small number of exceptions we can talk about, if you’ve got a Win32 app that runs on 7, it runs on 10. It’s like 99.9% from the data that we collect that shows apps are compatible.
Where you have exceptions typically tend to be deeply integrated security products, like if I’m an antivirus vendor that has gone outside the documented APIs and have done interesting memory reading in the kernel and I’ve gone outside of the Sandbox and I should really be in it. Those things do have problems and we have to work with them. We did some work with a large Swedish furniture company and they had a portfolio of close to 5,000 applications and they had just 10 of them that didn’t work.
So there’s this mindset again, typically, you find in IT where those people that live through that transition have a belief that application compatibility would be poor and that they will have to test every single application exhaustibly before they do anything. And those customers that are jumping in are finding that’s not the right assumption. It’s dramatically simplified on the application compatibility side.
What did you learn from the XP-to-7 migration and customer pushback and how has that shaped the way you work with customers to migrate to Windows 7?
A big thing to note on that is because we run Windows as a Service for consumers and SMBs and directly upgrade them, we’re upgrading 650 million machines every six months, we better not break anything because then that’s on us, right?
Whereas in the past we would sort of leave that to the end user, “We’ll ship you the new CD -- and good luck.” Now we’re doing that better.
We want to give IT departments the tools to help them do it. We have a thing called Upgrade Readiness. We’re using analytics and actually joining it with the data we have from all of those machines that we’re running. If we see an app in the wild we can tell you, “We know this app works perfectly fine and here’s the data to prove it.” That helps companies focus where they would like to spend their validation time and not have to spend it on things they already know are good. That’s a big change we made.
How will offering the Windows Defender ATP to commercial customers still on 7 and 8.1. going to affect those customers’ migration to Windows 10?
It was an interesting debate internally for a long time. Migrations take time; that’s exactly why we did it. We had a number of customers that were very large, they were saying, “I really love the ATP vision, I love what it will do on Windows 10. I have started my Windows 10 migration, I have 100,000 PCs, I have already got 10,000 of them done. It’s going to take me all the way up till the end of support to finish those 100,000. I’d like to use ATP as my Advanced Threat Protection product of choice, but I can’t. I can’t protect just 10,000 of my machines, I have to have visibility across the whole network.”
ATP is actually GDPR compliant. One of the requirements is the bridge reporting and that’s something ATP can help you with, but you need that for all your devices, not just the Windows 10 machines.
What we’re delivering is not the full feature set that we have in Windows 10. Windows 10 has the ability to do detection, but also now we have the ability to remediate that, and in RS4 this April we’ll ship automated remediation out of the Hexadite acquisition we made in Israel. So in Windows 7 what you get is detection. In the central console, in SecOps you’ll get the alerts, you’ll know what’s going on but you don’t have the ability to fix it remotely. For most people that’s sufficient.
A final point is, given the architectural differences in Windows 10 around security with virtualization-based security, we actually expect that if you’re a company with a mixed environment and you are being attacked by a nation state or some kind of criminal organization with deep expertise, it’s more likely they will penetrate your Windows 7 machines. We expect people will see more events on their Windows 7 machines than their Windows 10 machines.
What are the big hurdles are you all hearing about from customers that companies need to consider when preparing for or executing their migrations to Windows 10?
The two things I’ve already talked about, the cultural change of IT and moving from that waterfall to the agile world and its confidence with the application compatibility story that we have. Two big things we hear over and over so what are we doing about them?
On the first one we’re building these proactive analytics driven tools and making them better. You’re familiar with the Update Readiness Tool. It is being folded into the overall Microsoft 365 capability. We’re bringing in all of the Office stuff so we can understand Office macros and add-ins and making it a holistic tool set. We’re wiring it up into the management tools directly.
If you think about the modern way of deploying, we’d go to a customer and say, “Hey, so what you need to do is, you need to pick one percent of your machines and run Insider builds on those, and you should have the right profile of things on there so that if something goes wrong, we get the data and we fix it all before it ships. You should then take nine percent of your machines and you should put them on an early pilot deployment. If things look good on those then you start rolling out your systems.” So instead of testing everything, you deal with exceptions in these gates before you move on.
So that sounds good in practice but when you go to a customer and you say, “Well, pick 1% of your machines” they’re like, “Which one percent?” Typically, they will pick their IT department but that doesn’t give them the same hardware.
So in analytics, we’re doing things like we’ll show you the right set of machines. It could be even less than one percent that gives you coverage of your devices, your drivers, your applications and the languages you use so that you’ve got a full test coverage pass.
Inside Microsoft, for example, we have 200,000 devices or PCs and when we run this algorithm on our base we have less than 900 machines that we can pick and we know the exact 900 machines to give us coverage of all of that stuff.
Then we can tune that, like, we might look at it and go, “Oh, it’s suggested that Satya is one of the people that should be on the list.” Well, maybe we don’t want him on there, let’s take him of. And so you could sort of whitelist a few things and have it give you some more suggestions. But were using the power of the cloud and big data to help you with the transformation of that IT process.
Why does Microsoft put so much work and effort into accessibility features for their products and services? What is the business case for doing so?
That work probably got started – if you go back in the history of time because of regulation. You can’t sell to certain segments of the federal government and things like that unless you do it. As we saw the changes that it brought for the people that were using it – and I think people just became really excited about it -- that’s the right thing to do. And there’s some really passionate teams and it’s also broader than just product. We are required to make sure that even our websites for marketing purposes meet accessibility laws and we’ve re-tooled everything for that. So it’s something we look at across every area of the company.
What's something you'd like to achieve in Windows Commercial that just isn't possible yet -- and why isn’t it possible yet?
We’ve got to figure out how to bring [high-end security] capability into the SMB world. And we’ve started, we built this Microsoft 365 business product which is really cool for that segment, but it doesn’t yet have some of the more advanced things like ATP and those kinds of things.
You could look at that and say, well those products were built initially for security operations (SecOps) teams – [and SMBs] don’t have a SecOps team. But we’re pushing with artificial intelligence like what we’ve done with automated remediation and Hexadite, perfect for an SMB customer. Like, you don’t need SecOps, we’ll just fix it for you. And we can take all of the knowledge we build up across the whole graph of all those SecOps teams that are working with our product to actually turn it into something that can benefit you. So we haven’t got the product truth there yet, we’re working on the future revisions of the product. Then there’s also a channel component too, like, do you have the ability to reach those customers, tell them what you have and really get them on board?
Today we have this kind of hard schism between commercial services and the home version of Windows. Like, you have to have the Pro version of Windows. So we’re also looking at ways that in a services world we can onboard you regardless of what you have in the right way, and just make it work for you as a small business.