If you are not a fan of PWA (progressive web apps), the Microsoft is bringing good news. Windows Insiders are getting a new version of the Copilot app for Windows 10 and 11 which replaces the web-based application with a new native version.
The old app (or current app if you are not a Windows Insider) is a Progressive Web App which limits some of the Windows control such as quick view that is available in native Windows Apps. recently ChatGPT published their Windows App into the Microsoft Store and this latest update from Microsoft now makes the Copilot a real app too!
With this update, the previous Copilot progressive web app (PWA) is replaced with a native version. After installing the Copilot app update, when you run Copilot, you will see it appear in your system tray.
Microsoft Windows Insider Team
Whilst it’s hard to notice immediately differences, after installing the updated version (1.24112.123.0) Copilot on Windows is now a “proper” app rather than a WebApp.
This also means that Quick View can be used now with Copilot which lets you move the quick view window and resize it to suit your workflow. By default, the Copilot app in Windows uses the RegisterHotKey function and sets Alt + Space keyboard shortcut to open Copilot in Quick View mode which can be used to open and close Copilot’s quick view whenever you need it.
If you need to switch / flip back to the main Copilot app window, then this can be done by clicking the icon at the top left corner of the quick view window.
Devices with the dedicated Copilot key will open the Copilot app up the main window.
As Microsoft prepares to end support for Windows 10 on October 14, 2025, users have a critical decision to make. They must either migrate to Windows 11 or pay for extended security updates (ESU). Microsoft will offer distinct options for consumer (home) customers. They will also offer options for commercial customers who want or need to continue using Windows 10 after this date.
Consumer Pricing for ESU
We know that commercial enterprises were going to have the “cost” option of paying for extended updates while they “complete” they migration / move to Windows 11, but in the first time in history, Microsoft have also announced that consumers can will also have the option to purchase a single year of Extended Security Updates (ESU) for a one off $30 (£25) cost.
Commercial Pricing for ESU
Pricing to commercial customers will be based on tiered pricing options with pricing set-out at
$61 per device per year for the first year
$122 per device for the second year, and
$244 per device for the third year.
Organisations needed or wishing to pay for ESU for their devices for 3 years will therefore incur costs of $427 per device.
Extended Security Updates: A Temporary Solution
Microsoft’s ESU program will provide a lifeline in helping any organisation or consumer unable or unwilling to upgrade to Windows 11 before October 14th, 2025, (when Windows 10 enters end of support).
Bear in mind though that these ESU updates are just security and zero-day updates. There will be no new features, bug fixes, or technical supportincluded.
These are, of course, optional, but there are huge risks for continuing to use Windows 10 devices without protection from security exploits or newly discovered vulnerabilities.
This is especially true for commercial organisations. They lack protection from security and vulnerability updates.
The Risks of Running an Unsupported OS
Running an operating system without security updates poses significant risks, both for consumers and businesses including:
Increased Vulnerability to Cyber Attacks: Without regular security patches, systems become prime targets for hackers. Vulnerabilities that are discovered post-support will remain unpatched, leaving systems exposed to malware, ransomware, and other cyber threats.
Compliance Issues: For businesses, using unsupported software can lead to non-compliance with industry regulations. It can also lead to non-compliance with standards. This may result in hefty fines and legal repercussions. This can also affect security certifications. These include Cyber Security and Cyber Security Plus. It also impacts trust from customers and business partners.
Operational Disruptions: Security breaches can cause significant downtime, disrupting business operations and leading to financial losses. For consumers, this could mean losing access to important personal data and services.
Higher Long-Term Costs: While the initial cost of ESU might seem manageable, the long-term financial impact of a security breach can be devastating.
The best approach is to start planning the move to Windows 11 now. There are just over eleven months to do this. For consumers, this could mean upgrading. It could also mean replacing their devices with ones capable of running Windows 11. Windows 11 was released and started shipping on new devices in 2021.
Will my device run Windows 11?
Microsoft have a useful website which show the minimum system specifications for Windows 11 which you can access –> here <-
In reality any device newer that 4-5 years old should have no problem running Windows 11, , but in short, you need a device with at least:
Processor: 1 GHz or faster and min of 2 core.
RAM: 4 GB or more.
Storage: 64 GB or larger storage device / HDD / SDRAM – you’ll much more in reality.
System Firmware: UEFI, Secure Boot capable.
TPM: Trusted Platform Module (TPM) version 2.0. (this is important)
Graphics Card: Compatible with DirectX 12 or later with WDDM 2.0 driver.
Display: High definition (720p) – must be greater than 9” diagonally.
Tools to check compatibility
Another really easy way to check your device (if you are a consumer of want to check a couple of devices) is to the use the PC HealthCheck App. This can be downloaded from https://aka.ms/GetPCHealthCheckApp if it’s not already installed on your Windows 10 device.
When you run the tool, you get one of three outcomes. If you device passes, you’ll see a “meets requirements” message, and if it fails, you’ll receive a “doesn’t currently meet”. Coprate devices may see a message stating that “your organisation manages updates” and as such check with IT department (though I suspect they are already on it!)
Commercial Customers IT departments can easily check Windows 11 eligibility using Microsoft Intune or System Centre.
Conclusion
The decision to stick with Windows 10 and not migrate to Windows 11 should not be taken lightly. While ESU provides a temporary solution, the risks associated with running an unsupported OS far outweigh the benefits.
The risks of not updating (or paying for extended security updates) are too high. It is only acceptable if your device is never connected to the internet. Additionally, you should avoid using external sources such as USB devices.
Upgrading to Windows 11 ensures continued security. It also provides access to the latest features and support. This makes it a wise investment for both consumers and businesses.
Q&A
What about my anti-virus applications? In reality these will still work as will any application you are running on your machine. You will need to check with the antivirus provider to check that they will still support Windows 10, but as long as they do and you pay the subscription to them, it shouldn’t impact these anti-virus signature updates.
What about other software like Office Apps? Well Office 2016 and Office 2019 also go end of support in October 2025. You’ll need to upgrade these too if you want to get feature updates and security updates and fixes. You will likely find other software vendors like Adobe will also stop supporting Windows 10 (as many did with Windows 7). You’ll need to check with the software provider.
Can I upgrade the hardware in my device to get compliant? That is also an option. After running the compatibility checker, you may find that upgrading your hard drive, adding more memory or swapping other components may “get your device compliant”. In most cases this isn’t cost effective.
Microsoft is building new Windows security features to prevent another CrowdStrike incident and are in talks to enable them to do to more to allow them to better protect the core of their OS to prevent outages and widespread impact like the CrowdStrike incident which impacted more then 8.5 million devices and is estimated to have caused more than $10b financial impact.
Fighting against the anti monopolies commissions.
In an ideal world, Microsoft would have right to protect their core kernel code and prevent any third parties interfering or accessing it.
Today, however, law is preventing them from doing this to ensure they adhere to the anti monopolies and anti compete laws in many parts of globe. Instead Microsoft are doing all they can to further harden security around the kernel and Windows security in general.
Their goal is of course to find a comprised way to protect Windows from software issues caused by security vendors to ensure OS integrity without killing third party security vendors but to avoid them needed kernel level access in the first place…
Enhancing Security without Kernel Access
Since July, Microsoft has been in talks with leading security vendors, including CrowdStrike, Broadcom and Sophos, to develop a new security platform in Windows that still allows security vendors to do their thing, but without Microsoft having to expose full kernel access.
Then last week ( September 10th, 2024), Microsoft, CrowdStrike, and many other security partners who provide endpoint security technologies got together to discuss ways to boost resiliency and protect our mutual customers’ critical infrastructure. Aidan Marcuss, Corporate VP of Microsoft Windows and Devices said “Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.”
The goal is to prevent incidents similar to the CrowdStrike outage and enhance the overall security framework of Windows without monopolosing the endpoint and XDR markets.
Benefits to Consumers
For everyday users, this would promises a more secure and stable computing experience in a world where attacks on identity and data theft are increasing at pace. By further reducing the risk of security breaches and system outages, whilst reducing the risk of third party apps and services causing system failures, Microsoft is ensuring that consumers continue to trust them to protect their personal data and maintain smooth operation. Enhanced security measures mean fewer disruptions and a safer online environment, which is crucial in an era where cyber threats are increasingly sophisticated.
Benefits to Business Users
For commerciall/business users, they of course would gain significantly from these new security measures. With sensitive corporate data and identity consistency at risk from attack or breach, Microsoft’s enhanced security framework will provide businesses with greater peace of mind and further increase the trust they already have with Microsoft to protect their data, applications and emails.
Of course, reduced risk of breaches and downtime caused by third party apps and services also translates to increased choice (without fear), and lower costs associated with security incidents and system outages incidents.
Whilst this should enable businesses to focus more on their core operations, knowing that their IT infrastructure is robust and secure, it doesn’t remove the need for full business continuity planning….
Microsoft’s Perspective and Benefit
For Microsoft, this move is a strategic step to reinforce its commitment to security and reliability. Arguably, Microsoft is the biggest security company in the world and with over a billion devices running the Windows operating system, they have a duty to continue to protect their products from outages caused by, well things out of their control, such as the CrowdStrike update fail!
By working closely with security vendors and regulatory bodies, Microsoft is not only positioning itself as a leader in the cybersecurity space, but also as a partner that works with its software houses (ISVs) and customers to ensure they still have choice over the aspects of Windows they use (or subscribe too) and the third party vendors they choose to work with.
So what about the third party security vendors then?
Security vendors like CrowdStrike, Broadcom, Sophos, Cisco, and Trend Micro also benefit from this collaboration by being part of a more secure and standardised platform. This partnership allows them to continue to innovate and develop advanced security solutions without the complexities and risks associated with kernel access..it also. Means they will continue to get support and help from Microsoft (as a Isv partner) in developing and supporting their products.
Potential Concerns and Regulatory Involvement
Naturally, there are concerns about potential monopolistic practices. Vendors (and those less. Involved in their initiative) may fear that Microsoft might restrict kernel access for third-party products while retaining it for its own, which could limit their ability to compete effectively, pushing customers to jump. Ship and just adopt Microsoft security products and services.
To address such concerns and ensure transparency, Microsoft has involved US and European government officials in discussions. This move is aimed at addressing regulatory concerns and demonstrating Microsoft’s commitment to a fair and secure computing environment. While the initiative is largely seen as positive, it is crucial for Microsoft to maintain an open and competitive landscape for all security vendors.
Conclusion
Microsoft’s new security measures would represent a significant step towards a safer Windows environment. By working closely with security vendors and involving regulatory bodies, Microsoft is striving to create a secure and fair platform for all users making kernel acess more controlled than it is today. This promises numerous benefits for consumers, business users, and security vendors alike, while also addressing potential concerns about competition and transparency.
Read more. The Register has also covered this story in depth of you want to read more here.
Microsoft is reviewing their options and looking to push for significant changes to their Windows security architecture in the after math of the major outage caused by a “faulty” CrowdStrike update last a couple of week back. The impact of the faulty update, is thought to have afftected around 8.5 million Windows devices and services when the faulty update caused Windows devices to reboot and enter their protected recovery mode.
Microsoft acknowledges the inherent ‘tradeoff’ kernel-level cybersecurity solutions pose and confirms the root cause of the global outage.
This has prompted Microsoft to reassess the level of control that third party security vendors have over the deepest parts of their operating system and they are considering limiting kernel- level access for these vendors.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience“. | John Cable | Microsoft see blog post,
Time to bring control back?
John Cable, Microsoft’s VP of program management for Windows servicing and delivery, discussed passionately their viewpoint in a blog post named “Windows resiliency: Best practices and the path forward.” In this post, he emphasised the need for “end-to-end resilience” and discussed potential changes Microsoft are reviewing that could mean restricting kernel access for third party security vendors such as CrowdStrike.
Snipit from John Cable’s blog post | July 2024
The CrowdStrike update bug, which resulted in widespread system crashes, has clearly highlighted the risks associated with allowing third-party security apps and services to operate at the kernel level – a new approach is needed.
Privileged access, though advantageous for detecting threats, can result in disastrous failures if mishandled. Microsoft is investigating alternatives that circumvent future kernel access issues, including VBS enclaves and the Azure Attestation service. Employing Zero Trust methodologies, these solutions aim to bolster security without incurring the dangers inherent in kernel-level operations.
Why do Microsoft let third parties access the kernel?
In short, they dont have much choice (see below).
While Microsoft may be looking to further restrict access to its Windows kernel going forward, they have used this event to explain why third-parties antivirus and security vendors to access the “core of Windows” the first place.
The Windows kernel is a deep layer of its operating system. Kernel-level cybersecurity lets developers do more to protect machines, can perform better, and can be harder for threat actors to alter or disable.
When a kernel-level cybersecurity solution loads at the earliest possible time, it gives users (and companies) the most data and context possible when threats arise and also ensures protection can kick in at the earliest stage of the Operating Systems boot up stage rather than waiting for the OS to load and then running as a normal system process.
The EU may prevent changes over anti-trust claims
Whilst this makes common sense to most, after all why shouldn’t Microsoft be able to restrict access to ensure stability of an operating system used by more than a billion users, their push for change is likley to face resistance from both cybersecurity vendors and regulators.
Back in 2006, Microsoft tried to restrict kernel access around the release of Windows Vista, but was met with opposition and a ruling that preventing them doing this, citing anti compete. In contrast, however, Apple successfully managed to lock down their kernel level access in macOS in 2020. The market for Windows software is of course far larger than Apple’s MacOS and Microsoft is an open platform for developers to build upon so any changes will need to be done in a way that make this possible without preventing developers software doing what they are supposed to do!
Microsoft has attributed part of the CrowdStrike outage to the 2009 European Union antitrust agreement, which mandates that Microsoft must provide kernel-level access to third-party software vendors. Conversely, Apple started to phase out kernel extensions in macOS in 2020, encouraging software vendors to adopt the “system extension framework” due to its reliability and security advantages.
It is not the first and wont be the last time either that the EU have played the anti-trust card. Microsoft has recently had to decouple Teams from Microsoft 365 as a response to competitors such as Zoom citing Mcirosoft have an unfair advantage. They have had recent claims against them with Internet Explorer and Edge.
Zero Trust Kernel Protection mayt be the way forward
The blog post indicates that Microsoft is not proposing a complete shutdown of access to the Windows kernel. Rather, it highlights alternatives like the newly introduced VBS enclaves, which offer an isolated computing environment that doesn’t necessitate kernel mode drivers for tamper resistance.
“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access…We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community vendors”. John Cable | MicrosoftWindows VP
Trade off between “anti-compete” and stability.
Microsoft acknowledges that the tradeoff of kernel-level cybersecurity products is that if it glitches out, it can’t be easily fixed, saying in their blog that. “all code operating at kernel level requires extensive validation because it cannot fail and restart like a normal user application.”
As such companies have to demonstrate strict quality and testing controls over their software. The CrowdStrike issue occurred since this wasn’t a new product but” simply” and software patch by CrowdStrike that… well, went wrong.
Microsoft can’t vet every patch and every update released by their “trusted” ISVs/third parties, especially when it comes to security updates which these security vendors need to roll out requently.
“There is a tradeoff that security vendors must rationalise when it comes to kernel drivers. Since kernel drivers run at the most trusted level of Windows, where containment and recovery capabilities are by nature constrained, security vendors must carefully balance needs like visibility and tamper resistance with the risk of operating within kernel mode.” | Microsoft
What ever happens – businesses still need to have backup and remediation processed in place.
In response to the CrowdStrike incident, Microsoft deployed over 5,000 support engineers to aid affected organizations and provided continuous updates via the Windows release health dashboard. They rapidly developed recovery tools to assist companies in their recovery efforts, while emphasising the significance of business continuity planning, secure data backups, and the adoption of cloud-native strategies for managing Windows devices to bolster resilience against future incidents.
Further whitepapers and guidance will be released in the coming months and I expect this will lead to Microsoft, and their third party vendors releasing more recovery tools and guidance.
Summary
Microsoft “confirmed that CrowdStrike’s analysis that this was a read-out-of-bounds memory safety error in the CrowdStrike developed CSagent.sys driver,” Microsoft explained in their technical analysis of the crash and why the impact was so huge in a technical paper published last week.
Reviewing the security architecture and access to the kernel is definately needed, but their approach and desire to prevent future issues with third party glitches will likley be at the brunt of complaints from third party security vendors and the EU anti-compete regulators.
Apple “seem” to have a much easier ride when it comes to doing what they want – they say “jump” and developers say “how high”. Microsoft repeatedly have to “please” regulators far more – this recent huge global impact, may work in Microsoft’s favour however, to bring some control and governance in the name of system and business stability which I am sure will get the backing of everyone and every organisation impacted.
One thing is for certain -Microsoft wont take this sitting down. They will work hard to continue to protect their OS which is run on billions of devices and used by almost all coporations, education and crititical infrastrucutre. Change will happen!
We have seen social media frenzy this morning following a triple whammy of issues impacting Azure Virtual Machines (running Windows 10 and Server 2016) and Windows devices across hundreds of organisations where devices are rebooting to the Windows Recovery Screen issue on Windows 10 devices and Server running older versions.
19/7/24 11:00am: The impacts of the issue are still on-going although the root cause is known and CrowdStrike and working with Microsoft on getting a patch out…
19/7/24: 15:00: CrowdStrike have updated their sites to take accountability of the issue (Microsoft still helping) that has impacted devices due to a “bug” in their software update which caused the BSOD. They have pulled and fixed the update and are working with their customers to remediate the impact. Microsoft have also offered guidance on what can be done to reverse the issue – links to this below.
29/7/2024: 18.00: this is not a Microsoft problem (yet I imagine they will be blamed) but it affected millions of Windows systems… Read to the bottom to see why.
Summary
Since the early hours of the morning, several media companies, airlines, transport companies, tech companies, and schools / universities are reporting a Blue Screen (actually a safetyrecovery screen) issue Windows 10.
The issue is impacting Windows 10 devices that are using CrowdStrike Falcon agent – their flagship Extended Detect and Response (XDR) Security platform.
Impacted devices are crashing following this Falcon Client update and then getting stuck at the “Recovery” screen due to a critical system driver failure that is preventing the device from starting back up.
CrowdStrike and Microsoft are actively working on this to drive a permanent fix, workarounds are available which require manually preventing this service from starting on affected devices.
The issue is not known to be affecting devices running Windows 11 and Server 2019 and beyond.
What is CrowdStrike?
CrowdStrike, a cybersecurity firm based in the US, assists organisations in securing their IT environments, which encompasses all internet-connected resources.
Their mission is to “safeguard businesses from data breaches, ransomware, and cyberattacks” and they position themselves as having leading offerings that compete with other vendors including Microsoft themselves, SentinelOne, and Palo Alto Networks. Their client base is extensive and includes legal, banking, finance, travel firms, airlines, educational institutions, and retail customers.
A key offering from CrowdStrike is their Falcon XDR tool, touted on their website for delivering “real-time indicators of attack, hyper-accurate detection, and automated protection” against cybersecurity threats.
Root Cause
Information available from CrowdStrike and Microsoft state that the issue is caused by a “faulty” version of the csagent.sys file which is key system start-up file needed by CrowdStrike’s new sensors update for their Falcon Sensor agent. It is this file that has been responsible for the BSOD errors on Windows 11 and many servers running older Windows Server OS running in private and public data centres such as Microsoft Azure. .
George Kurtz, the CEO of the global cybersecurity firm CrowdStrike, stated that the issues were due to a “defect” in a “content update” for Microsoft Windows devices.
“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”
Impact
Windows 10 devices are primarily affected.
Devices running Windows Server 2016 and older in Azure are also impacted if they run the CrowdStrike Falcon agent.
Limited/less impact on devices running Windows 11 or Windows 2019 and later.
Note: Windows 10 enters end of support in October 2025.
Is there a fix?
Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.
The formal advice if this issue is affecting your organisation is to contact your CrowdStrike Support representative – CrowdStrike and Microsoft are actively working to address the issue both as a response to the issue and preventative to ensure more devices are not impacted.
Since the issue is known to be caused by the csagent.sys file, there are ways to manually prevent this file being loaded, allowing the device to load. There are a couple of ways to do this.
Use Safe Mode and delete the affected file:
Boot the device to Safe Mode
Open Command Prompt and navigate to the CrowdStrike directory which should be C:\Windows\System32\drivers\CrowdStrike
Locate and delete the file matching the pattern C-00000291.sys* – you can do this using the by using a wildcard dir C-00000291*.sys.
Remove or rename the file.
Use Registry Editor to block the CrowdStrike CSAgent service:
Boot to Safe Mode
Open Windows Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent
Change the Start value to 4 to disable the service.
Dan Card, of BCS, The Chartered Institute for IT and a cyber security expert said: “People should remain calm whilst organisations respond to this global issue. It’s affecting a very wide range of services from banks to stores to air travel.“
He also said that whilst the cause is now known, it is still causing worldwide issues and impacts on consumer services, banking, healthcare and travel and will take some time to remediate.
“Companies should make sure their IT teams are well supported as it will be a difficult and highly stressful weekend for them as they help customers of all kinds. People often forget the people that are running around fixing things.”
Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.
Conclusion
CrowdStrike has acknowledged the issue and is investigating the cause. Users can follow the above steps to resolve the recovery screen issues and boot their PCs normally.
Crowdstrike and Microsoft worked tirelessly to resolve this issue and prevent further widespread impact.
“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”
Devices running Microsoft’s latest Operating Systems seem to be less impacted (though information still being collated).
How did Microsoft allow this to this happen?
How did this happen? Many people are asking why Microsoft are shifting blame to Crowdstrike (who have admitted fault) asking why and how did Microsoft allow this?
In short, it’s not their fault and there really wasn’t anything they could have done to prevent it…. Here’s why..
Many Security products such as XDR products made by Crowdstrike, Palo Alto, and even Microsoft’s own XDR product defender, are what is known as “kernel mode products” . Whilst this issue affected Windows the same “hiccup error with the update” could have equally of affected other OS such as MacOS and Linux since they are kernal extensions.. This means is they had made the same mistake on the updates for these OS’s the same product mess up would have occurred.
In an ideal world all applications and services would run in user mode rather than Kernel Mode, but with many security and AV products, these have a need (a legitimately one) to monitor at the lowest levels of the OS in order to detect attacks… This is not possible if running in user mode as the kernel is protected.
The Blue Recovery Screen (which was mistaken by most as the Blue Screen of Death (BSoD) which it actually was not is actually the Windows OS safety net.
As such, there is not much more Microsoft can do here. These are third party applications not managed or developed or controlled/updated by Microsoft. If Microsoft were to manually vet every update and change to an application, Microsoft would be classed as control hogs and the world will crucify them for it!
Microsoft cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.
The outage is awful and has impacted so many organisation including crutiic services, but it’s also not fair IMO that Microsoft and Windows have been dragged through the dirt simply because it’s their OS that was impacted by the poor updates and issues another third party application caused.
It’s not the first time this had happened…to other OS’s
According report by Neowin, ” similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company”s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.
In April, a CrowdStrike update caused all Debian Linux servers in a civic tech lab to crash simultaneously and refuse to boot. The update proved incompatible with the latest stable version of Debian, despite the specific Linux configuration being supposedly supported. The lab”s IT team discovered that removing CrowdStrike allowed the machines to boot and reported the incident. “
What this shows it the vital importance on update testing and deployment rings.
Microsoft have announced (quietly) that all Surface devices shipped from 2021 onwards will now receive firmware updates for six years (two years more than initially committed).
The documentation states that all Surface devices shipped after 1st January 2021, will receive six years of firmware updates. Devices that shipped prior to this date will continue to receive update for four years.
What Surface devices will receive six years of updates?
Any Surface device shipped after Jan 1st 2021, the following devices will now benefit from the extended firmware support cycles.
Surface Pro 7+ onwards.
Surface Go 3 onwards.
Surface Laptop 4 onwards.
Surface Laptop Studio 1 onwards.
Surface Studio 2+ onwards.
What about older Surface Devices?
In their documentation, Microsoft states they reserve the right to extend the firmware support cycle for any device where necessary. For example, Microsoft have already extended the firmware update life cycle with the Surface Studio 2 despite this shipping in 2018. This already has a six support file until later this year (2024).
It is worth noting that firmware updates are different to the Windows Operating System updates that devices receive through Windows Updates. Firmware updates are software updates that are applied to the hardware components of a device, such as a motherboard, a hard drive, or a graphics card. Firmware updates can improve the performance, stability, security, or compatibility of the device. Firmware updates are usually provided by the device manufacturer and can be downloaded from their website or through Windows Update.
Firmware updates are sometimes needed to fix driver compatibility issues, known bugs or security vunerabilities and may also be required (or recommended) for major OS upgrades, but are not always necessary. As such there is no issue continuing to use devices that are beyond the firmware lifecycle end date.
What do firmware updates do?
Firmware updates are software updates that are applied to the hardware components of a device, such as a motherboard, a hard drive, or a graphics card. Firmware updates can improve the performance, stability, security, or compatibility of the device. Firmware updates are usually provided by the device manufacturer (in this case Microsoft) and can be downloaded from their website or are delivered/offered directly via Windows Update.
Firmware updates are sometimes needed to fix driver compatibility issues, known bugs or security vunerabilities and may also be required (or recommended) for major OS upgrades, but are not always necessary. As such there is no issue continuing to use devices that are beyond the firmware lifecycle end date.
Firmware updates are important for Surface devices because as well as fixing bugs or vulnerabilities, they also optimise and “tune” the device’s compatibility with Windows and drivers. Typically a firmware update can improve stability, enhance the battery life and improve/tweak performance of the device, and sometimes they can introduce or activate new Windows features. Therefore, it is beneficial to have firmware updates for your Surface devices as long as possible so this extended support cycle is welcomed.
The Future Of Surface
With the departure of Panos Panay last year, many have questioned what the future will look like for Surface. We know there will be some major updates this year to the Surface Pro and Laptop lines (I’m sure you’ve seen some of the “leaks”) as they continue to press forward with updates to Windows (and the next version) which will see more AI goodness throughout the OS.
This coupled with the longer support lifecycles for their older devices also suggests a commitment to continue to innovate and lead the future vision of the Windows device eco system.
Just like with Windows 7, Microsoft are introducing a new “Extended Support Updates” (ESU) program for Windows 10 which will be available after the end of support date in October 2025.
When does Windows 10 go end of support?
Windows 10 goes end of support on October 14th, 2025.
What does Windows 10 end of support mean?
When Windows 10 reaches end of support, Microsoft will no longer provide bug fixes for issues, security fixes for vulnerabilities, time zone updates, or technical support for problems that might occur.
As noted on the Windows 10 release information page, version 22H2 is the final version of Windows 10. All editions of Windows 10, version 22H2 will remain in support with monthly security updates through October 14, 2025. Beyond that date, customers will need to pay for extended support updates if they wish to continue to receive security and bug fix updates.
What is the Windows 10 ESU Programme?
The ESU programme for Windows 10 is an extended support subscription, that will ensure that customers that choose to run or have technical / operation reasons why they can’t move to Windows 11 can continue to receive security updates and critical fixes for Operating System for three years beyond the October 2025 end of support date.
Whilst the ESU programme for Windows 7 was for commercial customers only, the Windows 10 ESU will instead be open to everyone. This means that consumers or organisations that allow employees to personal Windows 10 devices at work (BYOD) will also be able to pay for continued support beyond October 2025 if they don’t want to or can’t upgrade to Windows 11.
No pricing has been made available yet, but they did confirm that consumers and commercial, public sector, charity and education organisations will all be able to sign up for the ESU programme which will be available and charged for annually
If you are an individual consumer or an organization who elects to continue using Windows 10 after support ends on October 14, 2025, you will have the option of enrolling your PC in the paid Extended Security Updates (ESU) program. The ESU program enables PCs to continue to receive Critical and Important security updates through an annual subscription service after support ends. More details including pricing will be provided at a later date. The ESU program provides individual consumers and organizations of all sizes with the option to extend the use of Windows 10 PCs past the end of support date in a more secure manner.
Microsoft
Microsoft have said that they remain committed to the end of support date for Windows 10, with no plans to extend it beyond the current date of October 14, 2025. The paid-for ESU programme which will be available from November 2025 will ensure Windows 10 devices can still receive vulnerability patches, bug fixes and security patches for up to three years after this date.
ESU means Security Fixes but No new features
Microsoft made it clear that the ESU program will only provide security updates, meaning that there will be no new features or active development beyond 14th October 2025. Whilst available for consumers, the ESU program is most beneficial for commercial organisations unable to upgrade their devices to Windows 11 before support ends.
The ESU is of course optional – and customers will not be forced to pay for ESU. Windows 10 will continue to work beyond October 2025, but organisations will be at increasing risk since there will be no security updates to devices unless covered by the ESU subscription. .
Options for commercial customers around planing for Windows 10 end of support are in essence
Move to Windows 11 on physical or virtual desktops
Stay on Windows 10 and pay for extended support for up to 3 years
Repurpose Windows 10 devices and use in conjunction with Windows 365 Cloud PC
Benefits of moving to Windows 11
Windows 11 is the newest version of Windows, and it’s one of the best Windows versions released. Windows 11 has several key differences compared to Windows 10. This is not covered extensively in this blog but some of the highlights include:
Most secure version of Windows ever with security that runs from Chip (silicon) through the OS and to the Cloud (Chip to Cloud).
Faster Boot timeand Instant On – Windows 11 features instant on technology and boot time improvements of around 40% – saving on average 30 seconds.
Embedded AI features – from features like Copilot for Windows (also available in Windows 10), Windows 11 has many native apps with AI support. This is also a key development focus for Microsoft so expect more native AI embedded in Windows 11 through 2024.
Better application performance and muti-tasking management making Windows 11 faster. Microsoft say that Windows 11 does a lot of work in memory management to favour the app windows you have open and running in the foreground. This should ensure that they get more CPU power over other system resources. Windows 11 also suspends some data in RAM while your PC sleeps, helping it wake from sleep 25% faster than Windows 10.
New fluid UI which is modern, adaptive and well suited for new form devices, two-in-ones, multi-screen devices and for use across home, creativity, gaming and of course work.
Can run Android apps natively from the OS
Huge multitasking improvements that improve user focus and system performance with Snap Layouts that group your Windows and save them to the taskbar.
Improved docking experience – Windows 11 remembers how you had your windows on your external monitor(s) and brings them back to the same state when you disconnect from a monitor and then plug it back in – great for hybrid work set-ups.
Redesigned tablet mode experience – when you switch your device to tablet mode (for example on a Surface Pro), the device transforms and bring new gestures for opening the Start menu, dismissing windows, and more and the icons and other settings adapt to work better with touch and pen.
Deeper pen functionality – bringing support to “ink anywhere” in any text box and app, as well more native support in-app for pen and ink.
App Compatibility – customers can leverage App Assure – a Microsoft progtame that ensures and assists customers with applicatyion compatibility testing for migrations from Windows 10 to Windows 11.
Benefits of leveraging the Windows 10 ESU Programme
The key benefits to an organisation subscribing to Windows 10 ESU after the October 14th, 2025, end of support date are:
Continuation of security updates and patches for Windows 10 PCs for three years after Microsoft stops supporting the operating system on October 14th, 2025. This can help protect the organisation from potential cyberattacks and vulnerabilities that may arise after the end of support date.
More time for organisations to plan and execute a smooth transition to the next version of Windows or to move to Windows 365 Cloud PC – This can reduce the risk of compatibility issues, employee training and legacy application compatibility testing that can occur (and need to be tested) when upgrading to a new operating system.
Avoid the cost and hassle of upgrading or replacing their existing Windows 10 devices before they reach their end of life if needed. This can save the organisation money and resources, as well as minimise the disruption to their daily operations and productivity.
Benefits of using Windows 10 with Windows 365 Boot
To help more organisations transition or take advantage of advancements in Windows 365 (Microsoft’s CloudPC technology), Microsoft also announced that commercial customers will have the ability and option to “transform” Windows 10 devices that are ineligible for Windows 11 into a Windows 365 Cloud PC that can stream Windows 11 from the Microsoft cloud. Whilst this can be done today on Windows 11, this feature, known as Windows 365 Boot, will be extended to Windows 10 devices, allowing them to be reprovisioned by Intune (Microsoft’s Endpoint management platform) to boot directly to Windows 365. As part of this, the underlying Windows 10 OS will automatically be enrolled into the ESU program at no cost to they continue to receive security updates.
This option is only available for commercial customers, as Windows 365 is currently not available as a consumer subscription service.
At Ignite 2023 last week, which was heavily centred about AI and Microsoft Copilot which is going to showing itself in pretty much every OS, app and service in the next twelve months, Microsoft also announced that Copilot in Windows (which is in preview on Windows 11) will also be coming soon to Windows 10…. And if you are in Insider you can get it now.
Copilot (preview) in Windows 10
Copilot in Windows 10 is about inclusion.
Microsoft have said that they are revisiting their approach to Windows 10 and will be “making additional investments to make sure everyone can get the maximum value from their Windows PC including Copilot in Windows.”
Whilst the migration effort from organisation to shift to Windows 11 continues as rapid pace, there is still hundreds of millions of devices out there (partuckaurly in the consumer world) that are still running or not able to run Windows 11 due to age or incompatible hardware (see below).
Microsoft have said that Copilot in Windows will be available in the coming weeks for Windows Insiders on Windows 10 in the Release Preview Channel for eligible. This requires those devices to be patched and running Windows 10, version 22H2. It will come to commerical customers first.
Once testing and feedback is complete (the role of the Windows Insider community and the product group), Copilot in Windows will then be rolled out more broadly to consumer level devices running Windows 10 the Home and Pro (version 22H2). This roll out of Copilot in Windows for non-managed Home and Pro devices will be via the controlled feature rollout (CFR).
When will Windows 10 get Copilot?
For supported versions of Windows 10 22H2, with Enterprise, Pro or Education editions that are managed by organisations will get for information when the updates are ready. This will be when the initial testing phase is complete.
Windows 10 users enrolled in the Windows Insider Program can get this now… So head over to Windows Update and download it now.
What are the hardware requirements for Copilot in Windows?
For Windows 10 devices to support Copilot, the following minimum hardware requirements exist.
Memory: 4GB minimum
Display Adapter: 720p minimum resolution
Microsoft put a safeguard hold on your device receiving Copilot if they detect an issue, such as an application incompatibility until further testing with more devices (part of their app assure policy) have been tested and the issue resolved.
Conclusion
There has been huge demand and moans from users that can’t or haven’t been able to move to Windows 11 and with Copilot front and centre of everything a Microsoft it’s great to see it here.
Personally, I love that Copilot is coming to older devices. We have a could of older devices in the family household and whilst they are happily using a Bing Chat (Copilot in Edge), giving older (but perfectly happy devices) a new lease of life with Copilot is welcomed….
P. S – About the AI created title image
I’m getting more impressed by Bing Image Creator every day. What prompt did I use?
“Create me an image showing Windows 10 with Copilot and AI. Make it look like Windows 10 getting a new lease of life!”
I love the image and especially the R2D2 theme it added…..
Windows 365 now supports (Dec 2022) the creating of Azure AD Cloud PCs that use single sign-on. Previously this required a dual-sign in step.
This is a big improvement, and now means users only have to logon once to the Windows 365 Cloud PC app – from here on in, their CloudPC desktops will seamlessly sign-in (subject to any specific conditional access polices you may have applied of course.) It even works with passwordless sign-on . You can see the user experience below.
Windows 365 Cloud PC SSO Demo
Enabling the SSO setting
To enable SSO, administrators can update their existing Cloud PC provisioning profiles or create new Cloud PC policy with the “single sign on” setting enabled.
Enabling SSO for Windows 365 Cloud PC
Note: Existing Cloud PCs will not automatically support SSO – these will need to be re-provisioned, which can be done from the device pane in endpoint manager as show below.
Windows 365 has just celebrated its first birthday – but what is it and why is Microsoft betting big on Windows 365 to help improve the employee experience, tighten security, and provide better agility for employees?
Businesses globally are once again being hit head on with challenges unrivalled in recent business history. Employee churn-rates are at record levels presenting unique business challenges, whilst the continuing shift in the workforce from centralised offices to home working has increased the number of “work locations” exponentially. Combined with the on-going global supply chain shortages, and logistical difficulties in procuring, preparing, and shipping new devices to employees makes onboarding new employees more challenging than ever. The continuing need to provide employees with a secure, professional, corporate desktop environment is pressuring IT to make decisions that can impact process, security, governance and above all employee satisfaction.
Microsoft are betting big with Windows 365, since it can help organisations significantly reduce the time it takes to provide new employees with access to their corporate desktop environment from days or weeks to minutes without compromising security. What’s more, unlike traditional on-premises Virtual Desktop Infrastructure (VDI) environments, Windows 365 (which is a new category of cloud computing, known as Cloud PC, simplifies the entire provisioning process and user experience.
In conjunction with the Enterprise Security Group, Microsoft recently carried out a TEI study which found that by leveraging Windows 365 Cloud PC, organisations can significantly lower the cost of providing access to an organisation’s end user computing environment whilst improving security and employee satisfaction. The ESG report also revealed that Windows 365 can provide a “typical organisation” with an overall annual benefit of up $7,271 per user for small businesses and up to $6,765 per user for companies with over 1,000 employees.
What is Windows 365?
In short, Windows 365 unlocks a new category of hybrid personal computing, called “Cloud PC” that delivers Windows from the cloud. It aims to provide a hybrid approach to providing client computing by utilising a cloud service that is not tied to any specific hardware.
Image (c) Microsoft
Windows 365 combines the power and security of Windows 10 or Windows 11 with the scalability and versatility of cloud to provide a personal, reliable, and familiar work/desktop environment on any supported physical device. If want to see it in action, you can head over to Microsoft’s YouTube video here.
Similar in concept, but different to VDI technology, Cloud PCs are one of the newest Microsoft cloud solutions to come to market. Cloud PCs are optimised for business and user agility, are highly secure, persistent to the user and are billed on a per-user, per-month model that simplifies the cost and infrastructure complexity of client computing environments and on-premises VDI solutions.
The report by ESG validated that Windows 365 provides capabilities that address nine of the ten business challenges identified by IT leaders.
Source: ESG Complete Survey Results, End-user Computing Trends, February 2022.
SIMPLE, COST EFFECTIVE, POWERFUL, SECURE – Windows 365 works by giving each user a dedicated Cloud PC (of a chosen specification) that runs their own individual Windows 10 or Windows 11 desktop environment while providing an extremely simple-to-manage ecosystem all managed via Microsoft’s Endpoint Manager toolset which is used to manage the rest of the physical desktop or laptop estate. For users, this means they can bring their existing device and instantly be presented with a familiar and powerful end-user computing experience either while they “wait” for their replacement or physical device or instead of waiting for IT to procure, provision, and image a new corporate device. In turn the ESG report finds that Cloud PC technology provides an effective solution for organisations of any size and sector, which are working to meet the complex needs of a hybrid or remote workforce.
Benefits of Windows 365 Cloud PC
Cost Predictability
The ESG report, concludes that Windows 365 delivers a combination of lowered costs, eliminated costs, and a predictable fixed cost model which can provides significant financial benefit in several areas.
Lower costs: Shifting to Windows 365 lowers and eliminates costs in several areas, including VDI licensing, server operating systems, remote desktop licensing, storage, management, power and cooling, license management, VDI management, procurement, and end-of-life costs.
Fixed-price model: Windows 365 Cloud PC pricing is based on a simple per-user, per-month model which that allows organisations to match computing and storage needs to individual user requirements. There is value in being able to project costs in business. Most VDI pricing models are based on consumption, which, while this may initially seem like an advantage, most organisation often find that their monthly charges extend far beyond projections when usage spikes unexpectedly.
Ability to cross-charge services: Organisations that charge internal or external business groups fees for licenses, hardware, or services will find that the Windows 365 predictable cost model makes it much easier to allocate specific costs in a granular and predictable way, especially when compared to the capital-intensive purchases needed to facilitate on-premises VDI or DaaS.
Business and User Agility
With employee churn-rates are at record levels, continuing delays in supply chains and with more employees, contractors and temporary staff being permanently remote, getting new employees up and running as quickly as possible is a big challenge. Windows 365 allows companies to provide highly secure Cloud PCs running Windows 11 on their device within minutes verses hours, days, or weeks.
Time to employee enablement: The time from when a new employee, temporary worker, or contractor is hired to when they are fully onboarded with their corporate device often takes time, leads to the employee getting a second-hand device, or means it delays their onboarding time. Leveraging Cloud PC technology can, however, means that organisations can now provide new starters with a new Windows desktop is under an hour, allowing them to security access their work environment from any supported device that the new worker wishes to use, even if it is only a temporary situation.
Enablement of temporary/seasonal workers – The cost in both money and time to empower short-term workers with a company work environment is often high, and either inhibits an organisation’s willingness to employ temporary works or worse, means they are forced to compromise on security due to the time to procure and provision a device. With Windows 365, temporary workers can quickly be provisioned so they have immediate access to the corporate environment while safe in the knowledge that all intellectual property stays secured within the corporate environment, and that the Cloud PC can be immediately removed at the end of the contract period.
Efficient IT Management – When compared to the effort required in procuring, preparing, and delivering laptops to users or even configuring and deploying virtual desktops with traditional VDI platforms, deployment of Cloud PC technology like Windows 365 can result in a 46% reduction in IT effort.
Ability to use any device – Windows 365 allows IT to provide workers with a highly secure, Windows 11 desktop on any supported device even though the host device may not be capable of natively running the OS. This is also great for “Bring Your Own Device” (BYOD) scenarios for employees who may just be starting or have shifted to working from home or short-term workers such as interns, contractors, and consultants.
Increased ability to react quicky to seasonal demand – The ability to get a secure, corporate desktop to users quickly is one of the barriers to rapid enablement. Windows 365 Cloud PCs empower businesses to immediately create and decommission desktops to react to opportunities that might be ignored in other DaaS or VDI environments.
Equality with the employees – The mindset of the workforce has changed from “May I have a job?” to an attitude of “What are you willing to do to keep me as an employee?”. Treating all employees as equals and providing them with a premium, professional-grade work environment is two of the key criteria for ensuring employee satisfaction. With Windows 365, employees can access a highly secure, personalized Windows 11 work experience through their Cloud PC, regardless of location or available device.
Merger and acquisition (M&A) scenarios – Mergers and acquisition events take months, even years, to align the separate work environments that result in an M&A to the same access and security postures. This limits potential cooperation between the entities and delays the full realization of value for the event. The ability to rapidly assimilate the new entities to the existing EUC solution accelerates the time to value and reduces the cost and risk of running parallel environments. The time to combine these two work environments into one can be significantly reduced by using Windows 365 Cloud PC.
Improved Security Posture
Employees and contractors today are working outside conventional environments and often on hardware that was never intended to be on corporate networks. The result is an increased risk of security breaches and data loss and, in many cases, missed business opportunities. ESG has found that organizations that adopt Windows 365 can help enhance their security posture in the following areas.
Inclusive, Secure, yet Flexible remote work – Cloud PCs can enable a hybrid workforce in a highly secure manner, even if those workers sometimes or always do their work on devices that aren’t expected to have direct access to corporate networks. Windows 365 Cloud PCs offer a layer of isolation that provides strong protection for the work environment and helps prevent data leakage or loss, with configurable options for how the Cloud PC interact with available physical device.
Business continuity and governance – As we know, COVID-19 forced almost every business to suddenly rethink, re-shift and re-prioritise their approach to remote work in a matter of days – doing all they could to get devices, repurpose old kit, leverage employee’s personal devices and ramp up VDI deployments, VPN and remote access tech to enable their people to work, often at the expense of usability, security and governance. As the future of this now unfolds into the hybrid workplace we see before us, technology like Windows 365 becomes a viable BC/DR solution. In short, Windows 365 could now be a vital cornerstone of a business continuity strategy and one that minimises disruption, maintains security and governance and provides a smooth transition for users.
Immediate on-boarding and offboarding of employees/contractors – The cost of PC recovery in the event of an offboarded employee or contractor is high and can take weeks in today’s expanded work environment. Interestingly, IBM estimates that 44% of breach events are caused intentionally by disgruntled employees who have been terminated but still have access to company hardware and resources. One of the benefits of Windows 365 is that as well as near instant provisioning, it also allows for the immediate removal of access to the Cloud PC along with all company data.
Protection of company data – the FBI estimate that 1 in 10 laptop devices will be lost or stolen during their lifetime, with the risk and financial exposure per event estimated to be between £25,000 and £45,000. Since Windows 365 Cloud PC devices store no data on the host device, a lost or stolen Cloud PC can be limited to the cost of the hardware and can be instantly accessed on another device, meaning no loss of productivity and no risk or loss or theft or corporate data.
What’s your experience of Windows 365?
As always, I’d love to hear your experiences, thoughts, and feedback on this – please leave a comment in the boxes below.
Microsoft Defender for Endpoint has just received top marks for the latest Advanced Threat Protection Test carried out by AV-Test in Feb 2022.
The report (which tested many of the top products including Microsoft Defender in both the home and commercial space) found that it was best-in-class in terms of its ransomware detection and blocking.
The Advanced Threat Protection tests provide vendors and users with substantial findings as to how securely a product can protect against ransomware in real-life scenarios.
… All the products have to successfully defend against ransomware in 10 real-life scenarios under Windows. The test involves threats such as files containing hidden malware in archives, PowerPoint files with scripts or HTML files with malicious content.
AV-TEST
Top Marks
The tests were carried out amongst 14 of the top anti virus and endpoint protection products in the consumer and commercial space including:
Acronis
AVG
Avast
Bitdefender
Kaspersky
F-Secure
McAfee (Trellix)
Microsoft
Symantec
Whilst Microsoft came out joint top for all the tests in the corporate space, the lowest of the scores were McAfee / Trellix who AV-TEST claim were unable to fully block ransomware attacks in multiple different attack scenarios:
Microsoft Defender AV-TEST ransomware tests 02-22McAfee AV-TEST ransomware tests 02-22
You can access the full reports from AV-TEST here.
Good news for consumers and corporate
In short this should be good news for corporate customers that use Microsoft Defender (which is built into Windows 10 and Windows 11) as well as consumers.
Consumers in particular are often sold additional third party antivirus and anti ransomware products when they buy a new computer, buy software or through advertising and whilst there may be good reasons to buy additional products, these results should demonstrate just how good Microsoft are at protecting consumers and corporate clients who use their products.
Defender is part of a much bigger family
In the corporate space at least, Microsoft Defender is a an entire multiplatform, multi vendor platform suite of. Integrated services for protecting corporate systems and data from attack, breach, ransomware and theft. Their product suite extends across Identity (Defender for Identity), Cloud, Endpoint, IoT and Office 365 to name just a few.
You can find out more about the Microsoft Defender suite of products for corporate customers here.
Microsoft also annouced last month the release of Microsoft Defender for individuals which provides enterprise grade protection for Microsoft 365 consumers and family users. Microsoft Defender is a cross-device security app that helps individuals and families protect their data and devices, and stay safer online with malware protection, real-time security notifications, and security tips. You can read more here.
Microsoft has unveiled a new “software updates” dashboard in the Microsoft 365 admin center that enables IT to get a simple, unified overview of the installation status of Windows and Microsoft 365 app updates across all their devices. This is currently in preview.
Software update tab in Admin Centre
“Keeping devices current with the latest security updates is an important part of an IT admin’s role. The software updates page in the health section of the Microsoft 365 admin center provides a high-level summary view that informs you of devices that may be behind on taking the latest updates released by Microsoft. “
Microsoft
The software updates page now has a new tab that shows Windows update status and end of service statistics. These charts provide information about all the Windows devices running unsupported versions of the Windows as well as those that reaching the end of support.
There is a separate tab which provides update status for Microsoft 365 Apps.
This new dashboard currently only provides update status for Microsoft 365 apps and the core Windows OS, but they plan to expand this in the future to cover critical on premises servers such as Exchange.
There is currently no ability to drill down into the non compliant devices. To do this you need to head the Security pane or Microsoft Endpoint Manager but I suspect this will be linked by the time it comes out of preview.
Windows Autopatch, a service to automatically keep Windows and Microsoft 365 up to date in enterprise organisations, has now reached public preview. When officially released (GA), it will be included Microsoft commercial customers with a Windows Enterprise E3 license or higher.
In short, Windows Autopatch automatically allows organisation to shift the management and deployment of Windows 10, Windows 11 and Microsoft 365 Apps including quality and feature updates, drivers, firmware to Microsoft.
What’s the purpose?
Essentially this aims to take the nightmare out of the age-old “patch Tuesday” and promises to be a great time saver for IT admins. With Autopatch, IT can continue to use their existing tools and processes for managing and deploying updates to devices OR can look to phase in or replace this in entirety and with this new “hands off” approach and let Windows Autopatch take care of security, driver and firmware updates.
“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations. By joining the public preview, you’ll be able to get comfortable with Windows Autopatch and ready your organisation to take advantage of the service at scale”.
Lior Bela | Senior Product Marketing Manager | Microsoft
The main purpose of Windows Autopatch is moving the update orchestration burden from the IT department to Microsoft. Once deployed, configured and tested, Autopatch should allow the entire effort around planning and managing the Windows Update process (sequencing and rollout) to be taken away from IT freeing up time and resources.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate,” Bela added.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate.”
Lior Bela | Senior Product Marketing Manager | Microsoft
How to enable Autopatch
Windows Autopatch devices must be managed by Microsoft Intune for this to work and Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.
As you’d expect, there are a handful of steps needed to enable the preview and to enrol your Microsoft 365 tenant into the Windows Autopatch public preview:
Log on to Endpoint Manager as a Global Admin and navigate to the Windows Autopatch blade which is under the Tenant Administration menu – this will only be visible if you have the right licenses deployed.
Using an InPrivate browser window, redeem your Autopatch preview code
Run the readiness assessment, add the required admin contact, and add the devices you want to enrol in the service.
Tick the box, to allow Microsoft to manage updates on behalf of your organisation.
Allowing Microsoft to manage updates for your organisation
Microsoft also provides detailed instructions(and video) on how to add devices to your test ring and how to resolve the status of “tenant not ready,” or a status of “device not ready” or “device not registered.”
https://youtu.be/gu4bpXYiAd8
Microsoft YouTube video on enabling Windows Autopatch
How Autopatch works
The Windows Autopatch service automatically splits your organisation’s device estate into four groups of devices described by Microsoft as “testing rings”.
Test Ring: Contains a minimum number of devices for test purposes
First Ring: Contains ~1% of all endpoints (think of this like the early adopter ring)
Fast Ring: Contains ~9% of devices
Broad Ring: Contains the rest of the devices.
The updates are deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period in which the system and IT can monitor device performance and compare it to pre-update metrics through End Point Analytics.
Autopatch rings. Image (c) Microsoft
Autopatch also features a nifty, feature called “Halt and Rollback” that block updates from being applied to higher test rings or rolled back automatically. This is key for critical dates or projects which may be impacted by updates or where quality errors are detected in the Test Ring updates.
What about Patch Tuesday and Critical Updates?
Microsoft will continue to deliver monthly security and quality updates for supported versions of the Windows on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date. These will be delivered by Autopatch also.
For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.
Any updates addressing a critical vulnerability, such as Zero Day threats, will be expedited by Windows Autopatch with a aim to patch all devices immediately.
Microsoft provides further info in the Windows Autopatch support documentation, including details on service eligibility, prerequisites, licensing and features.
Microsoft describe their Laptop Studio as a “Portable Device with a Seamless Transition Between Laptop and Canvas…. Your Own Portable Studio with a Large Touchscreen & Top Performing Graphics“.
In this hands-on review, I put one of these devices through the paces for two weeks as my daily device, to see how this new form factor device, which blends the best of Surface Studio 2 and Surface Book performed.
Spec Tested: Surface Laptop Studio – 14.4″ Platinum | 11th Gen i7 | 32GB RAM | 1TB SSD
My First Impressions
Being a long-term user/fan/enthusiast of Surface, then the first thing I was presented with when un-boxing the Surface Laptop Studio is how familiar, yet unique and different at the same time it is. Laptop Studio is a natural modern evolution of all the best things that makes a Surface a Surface and they have done a great job putting together their latest flagship devices. Its simply a thing of beauty with grunt and muscle to go along side the good looks.
At first glance you’d be forgiven for thinking it is simply a bigger, slightly chunkier Surface Laptop that has been given the Windows 11 “rounded edges” treatment. But it is not. Then there is the fact there are many similarities not only to Laptop 4 but also to Apple’s latest MacBook Pro range. From the rounded corners, layout of the keyboard and ports and the large trackpad, these are all similar to that found on Apple’s MacBook Pro (after all both have been borrowing design ideas and innovation from each other for years).
Surface Studio Laptop in ‘Laptop Mode’
Microsoft are known for setting the design standard through innovation when it comes to their products. If it wasn’t for Microsoft Surface the 2-in-1 or ink driven UI may never have been born after all!
Laptop Studio is no different so when you look a little closer you notice that’s much more than meets the eye.
Blending the best of Studio and Laptop
Whilst Laptop Studio can be used just like a a normal clam-shell laptop, you can fold down the screen to turn the laptop into a tablet (aka Studio mode) for drawing and sketching.
Surface Laptop Studio in “Studio Mode”
There’s also a half-way house, where by you can simply just pull forward the screen into “Stage Mode” to use it as an angled touch canvas for taking notes, annotating work, playing games and watching films or box sets.
Surface Laptop Studio in ‘Stage Mode’
This is all made possible thanks to what Microsoft is calling a “Dynamic Woven Hinge,” which feels sturdy and makes it easy to flip the screen into its various modes of use.
Who is Laptop Studio designed for?
In all the promotional videos around Laptop Studio, Microsoft showcases digital artists using the screen in its various positions to draw on it in flagship apps like Adobe Creative Studio. They also show it being used flat when docked to a monitor, mouse, and keyboard for a complete hybrid experience of digital note taking and conventional computing.
Laptop Studio is clearly an evolution of what Microsoft had developed with Surface Book. With Laptop Studio, Microsoft have made it easier to change between modes and there’s no need to separate the screen from the base unit, though I did often find some advantages in that since I could separate tablet component and move around leaving the base connected to a monitor and dock.
Surface Slim Pen 2
Ok, some personal advice. Do not buy, test or be given (you never know) a Surface Pro, Book, Studio or Laptop Studio without a Surface Pen. To me, the touch screen and ability to use digital ink is what stands Surface out from the crowd. Inking is it’s thing and with Surface Laptop Studio and Surface Slim Pen 2 – that experience just got even better.
Surface Slim Pen 2, is of course a must-have for graphic designers or just the more artistic users but for me (who’s been using Surface since the days of Surface RT) it’s still a must and I’d say that it’s a necessary extra for anyone buying a Surface.
Surface Pens have always been great with their 4096 levels of pressure sensitivity and inter-changable nibs, but the best thing about Surface Slim Pen 2 that is now has haptic feedback which works in a growing number of apps – from drawing and inking in Whiteboard or OneNote you now get distinct vibrations which mimic the resistance felt when using different types of pencils, pens, markers and highlighters. The haptic feedback makes it feel much more like you are drawing on a real sheet of paper or canvas that a screen and their is remarkable improvement when comparing the canvass feel I was used too on my Surface Book 2.
Like I said, Surface Pens are not just for artists. I see the pen as a vital tools for taking notes, marking up documents or making quick edits to Office docs. The pen can also double up as a more natural tool for reviewing, editing and presenting. As an example, in Microsoft Word, you can use the pen to delete sentences by simply crossing them out, in PowerPoint you can simply ink and draw on the slides and with Edge you can write and draw directly on web-pages or use the pen to annotate notes etc. You can also program the pen to launch apps on a click and of course you can use it as a trust PowerPoint clicker in presentations.
Surface Pens are also designed to work with well known third-party programs including the Adobe Creative Suite, Sketchup and many others.
Surface Pen Slim 2 storage and charging
Surface Slim Pens are magnetic and charge wirelessly. On the Laptop Studio the pen is designed to be stored under the front lip on the keyboard area where it magnetically sticks nicely sticks and charges.
Ports and Charging
The Laptop Studio is actually also pretty slim on ports, with just two Thunderbolt 4 USB-C inputs, a headphone jack and Microsoft’s proprietary Surface Connect port for using the included charger. You can, however also charge the device via the USB-C port with a compatible power cable). The latest Thunderbolt 4 USB-C ports are ideal for connecting to 4K monitors and for connecting to external files from hard drives.
Keyboards and Touchpad
The Keyboard on the Surface Laptop Studio is probably the best they have ever made, and Microsoft keyboards (even on the Laptop Go) are really good. The keyboard has great depth and travel and is responsive with the keys well spaced. As you’d expect it has the usual back-lighting which can be customised or tuned off and you get all the usual volume and media controls above the function keys.
The haptic touch pad brings another similarity from the MacBook Pro. Haptic touchpads, uses a touch-sensitive pad that vibrates to simulate a click instead of buttons that sit beneath the trackpad. I found the trackpad worked really well, with everything from clicking links and browser tabs in edge to pinching to zoom into webpages or office documents felt responsive and natural. Just like a traditional click-based trackpad, the haptic touchpad responded well to our inputs no matter where on the touchpad I clicked or pinched.
Microsoft provide the ability for you to adjust the intensity of the touchpad rumble. It isn’t a killer feature by any means, but it is a nice upgrade which I hope becomes standard on Surface devices moving forward.
Screen and Multi-Media
The display on the Surface Laptop Studio is simply a thing of beauty. As well as looking modern and sharp, the colours are vibrant, blacks black and detail is crisp and sharp whether you’re working in Office apps, inking or drawing or watching a film or box set on Netflix.
The screen is a 14.4-inch, 2400 x 1600 resolution, 120Hz display with the usual Surface 3:2 standard aspect ratio, which means you can comfortably watch 8K films or National Geographic documentaries on Disney Plus! The 120Hz does wonders for image quality and smoothness since the 120hz refresh rate is double that of most mainstream laptops and non-gaming monitors, which essentially means the display is twice as responsive.
It’s not just gaming and film watching though that benefits from a 120Hz display. I noticed that when scrolling through webpages or word documents or using a digital graphics apps like Microsoft Whiteboard, the display felt much more responsive and smoother that it does/did on my Surface Book 2 which is standard 60Hz display like most mainstream laptops.
Laptop Studio also has an impressively high quality set of quad Dolby Atmos speakers which is far from what you’d expect on a laptop! From watching StarWars films, to playing games and listening to Spotify, the audio was loud, crisp and clean with no distortion or tinny sounds/vibrations at full volume.
In usual day to day Microsoft Teams Calls, audio comes through clearly and colleagues gave no complaints about my own audio when using the built-in dual microphones.
Power & Performance
Microsoft position the Surface Laptop Studio as Microsoft’s most powerful Surface yet, and based on using the device for 2 weeks, I wont argue with that statement!
I’ve been using this device for pretty much everything this past two weeks and it has handled everything I threw at with ease with no slowing down or performance drag. The device I have been using is equipped with an 11th Gen Intel Core i7-11370H processor and 32GB of RAM and was running the GA build of Windows 11.
In the two weeks I had the device – I used it every day and didn’t reboot it once. Most days I had at least 8-10 apps open including Microsoft Teams, PowerPoint, Word, Excel, PowerBI Desktop, Power Automate Desktop, Paint3D, Camtasia and Edge (with far too many tabs open). This was connected to my Surface Dock where it also powered a ultra-wide 4K screen and allowed me to switch seamlessly between the apps without any signs of struggling or slowdown. I also managed to do some graphics rich editing in Camtasia with the other apps running in the back-ground without any effort at all.
I managed to spend an evening (once the kids were in bed) using Laptop Studio as a mini gaming station by pairing my son’s Xbox controller via Bluetooth and using the device in its’ “stage mode”. It was a real pleasure to use and something I could easily get used too.
Battery Life
Given the amount of power in the Surface Laptop Studio, you’d think the battery was going to let it down. It doesn’t.
I spend a day in our London office last week and risked not taking a charger with me. I’m never one to believe the claims made by manufacturers around battery life, but in my “day out”, the Laptop Studio lasted me just over 8hrs 30 mins of usage which was spend mainly in Office apps and Teams video meetings (webcam on), on a wireless internet and with my Poly Voyager Focus 2 Bluetooth headphones connected.
This is felt was pretty impressive when you consider that kept the device in its default 120Hz mode and was connected to Wi-Fi all day too with my web-cam on for a good 2-3 hours.
In my experience, the Laptop Studio’s runtime is just a tad less than on the Surface Laptop 4 and was about the same as the Surface Book 2 (which is nearly 3 years old now). Surface Pro X (which runs ARM) has been my personal best so far consistently giving me over 9 hours of continual use.
Pricing
Ok – so Laptop Studio is hardly an entry level device but pricing depending on what you desire / need isn’t as bad as you might think, but some of the key models and pricing are illustrated below for business.
Model
Code
Price (Ex VAT)
i5/16GB RAM/256GB SSD
TNX-00004
£1,126.90
i7/16GB RAM/512GB SSD/NVIDIA G-FORCE RTX A2000
ABR-00004
£1,425.42
i7/32GB RAM/1TB SSD/NVIDIA G-FORCE RTX A2000
AIC-00004
£2,239.31
i7/32GB RAM/2TB SSD/NVIDIA G-FORCE RTX 3050
AI5-00004
£2,131.43
Sample Surface Laptop Studio Business Pricing [Feb 2022]
Alternatives – of course, the thinner sleeker Surface Laptop 4 or Surface Pro 8 makes for good alternatives for everyday users who don’t need loads of power but still need and good all-rounder device. Personally, I’d always go Pro over Laptop and I don’t think I could live within pen and ink!
Summary
In my opinion, Surface Laptop Studio is the best Surface device Microsoft has ever made.
Suppose I had better back that statement up right!?
Ok – well, it’s has the perfect combination of style, performance and battery whilst still being one of the best looking devices you’ll ever see or use. It’s sleek and flexible 2-in-1 design combined with (optional) Slim 2 Pen make it an especially great choice for graphics, drawing, inking and sketching and the haptic touch-pad and updated keyboard feels great for everyday use. Finally the super sharp 14.4-inch 120Hz display brings both detail, colour and sharpness to every app or use and really shows its self off when used for digital editing, gaming or watching 4K or 8K movies.
Like the Surface Book they are not the cheapest of the range but for that you have the Laptop 4, or Surface Pro, but here is my top 5 reasons to buy one (or get your manager to buy you one).
Their Best Ever – The 2-in-1 design makes this the best Surface Microsoft have every made and it is a no-brainer upgrade from the Surface Book
Powerful and Sleek – but will still get you through (just) a working day, but supports USB-C charging if you need it,
Simply gorgeous and really turns heads
Can handle anything and everything you through it without compromise.
A true digital canvass – it handles graphics, video editing and drawing apps with a breeze and the Slim Pen 2 turns it into a true digital canvass.
Windows 11 will be the first version of Windows developed under the leadership of Panos Panay.
In final stages of development, tweaks and bug squashes before the official release in October, Microsoft is introducing Windows 11 as the first version of Windows developed for a hybrid work world. Windows 11 will ship with a major UI design overhaul, new start menu, new modern components (though some legacy components still remain) and what is touted to be a much more developer-friendly App Store,
Faster and More efficient
It’s important to also know that there are is also a heap load of important changes under the hood of Windows 11 too.
Microsoft have provided various technical docs along with a new YouTube video from Microsoft Mechanics which detail these various optimisation and performance improvements which you can watch below.
Windows 11 performance improvements
If you watch the video, you will see the Windows Management team explain why and how Windows 11 feels more responsive and faster than Windows 10 on the same hardware due to “a lot of work in memory management to favour the app windows you have running in the foreground so that they’re prioritised with more CPU and other system resources.”.
Unlike Windows 10, Microsoft have ensured that with Windows 11 foreground optimisation now also applies not only to the focus and running apps but also to the Windows shell and open tabs within Microsoft Edge (made possible though Microsoft Edge’s Sleeping Tabs feature).
Microsoft claim that this results in average Memory efficiency gains of 32% and up to 37% for processor usage, which of course therefore equate to faster performance, better mutki taking and more efficient use of battery (longer life).
Microsoft also explains in the video, they have achieved an “almost instantaneous” resume from sleep experience for most Windows 11 users. Microsoft also claim that Windows Hello is now 30% faster also (not that it was slow before).
A word in updates too..
Finally and probably one of the most noticeable things I have found in testing as part of the Windows Insider Programme is that Windows 11 updates are and will be significantly smaller and faster to install.
With the updated Windows Update, the update components only download the necessary files from Microsoft rather than the whole update making updates on average 40% smaller. Thus reducing network bandwidth and increasing update speed. Which is massively noticeable with updates (in testing) taking well under 5 mins.
Read more..
You can read more on this on the Microsoft Tech community here.
Microsoft has annouced and launched (starting today) Microsoft Start, which is a new(ish)/revamped personalised news service which pulls together personalised and targeted news and information from the Microsoft anews Service (MSN) and from “more than a thousand” other publishers.
“Microsoft Start” (image (C) Microsoft)
Microsoft Start will be available via the web at MicrosoftStart.Com, from the Microsoft Edge “new tab” page, Windows PCs, tablets and mobile devices and will provide a consistent yet personalised feed with news feeds and stories coming from a over a thousand selected publishers, which will be fine tuned as users like or dislike content or content types that appear in their feeds as Microsoft Start learns more about the user.
“Microsoft Start brings new technology to content experiences, including Microsoft’s latest advancements in AI and machine learning, coupled with human moderation, to help people stay up to date with information that is personalized for their interests.”
Liat Ben-Zur | Microsoft CVP
You can read the official annoucement from the Microsoft blog here:
Get started with MicrosoftStart
The Start experience currently looks and feels familiar (I’d almost go as far as saying the same) as the existing MSN service. Users can customise Start by clicking on the “Personalize” button which will allows access to managing interests and tweaking the types of news recommendations the service provides.
Microsoft Start seems to be a combination of a number of different Microsoft services, including Cortana and MSN. For example the Cortana app (as it was) was able to use AI and Machine Learning to determine your interests and display the latest “useful” news and headlines in the feed, as well give you travel time estimates based to meetings based on your location.
Microsoft Start has adaptive “cards” similar in some ways to the old “live tiles” in Windows 8-10 and the widgits in Windows 11 today. These cards provide updates to things like local weather, breaking news, finance, traffic, and sports etc.
The experience on Edge is pretty much no different to the current MSN one and the http://microsoftstart.com url even redirects you to https://www.msn.com but I expect this will change over the next few days as the service rolls out.
Microsoft do say though that Microsoft Start doesn’t replace MSN.com, and the dedicated Microsoft News app for Windows 10 and Windows 11 will continue to exist for the time being.
Why the name change?
You’ve got me on this one….
Microsoft haven’t offically revealed why they have brought in a brand new name for the service. Microsoft News Service (MSN) worked for me (like Apple News, or Sky News or BBC news) it was it was and did…
I’m sure we will find out more at somepoint though… There’s always a reason after all..
Available now…..
Microsoft Start is live now at MicrosoftStart.com, and is live on the Microsoft Edge new tab page (try it), the News and interests taskbar thingy on Windows 10, and also in the Widgets app IN Windows 11.
In the coming days, the Microsoft News app on Android and Apple iOS will be updated and rebranded to Microsoft Start (so don’t confuse it with something else!) .
Microsoft have announced a more cost effective endpoint protection plan for Microsoft 365 and Windows customers. Named Microsoft Defender for Endpoint P1 this provides comprehensive threat prevention and protection for any endpoints including those running Windows, macOS, Android, and iOS and will be included for free in Microsoft 365 E3/A5 SKUs.
The existing Microsoft Defender for Endpoints SKU will become Defender for Endpoints Plan 2 and is the version currently included in Windows E5 and Microsoft 365 E5.
Microsoft say that this new solution “will make it easier for more security teams across the globe to buy and adopt the best of breed fundamentals of Microsoft Defender for Endpoint” and will provide generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI are some of the capabilities of this new plan.
Why now?
The endpoint remains one of the most targeted attack surfaces as new and sophisticated malware and ransomware continue to be prevalent threats and it’s not slowing down. Ransomware in particular continues to persist and evolve, financial damage continues to increase, and the impact is felt across numerous industries.
Over the last year, Microsoft have seen more than a 120% increase in organisations who have encountered some form of ransomware attack as shown in the graphic provided by Microsoft.
Image from Microsoft Security
Microsoft are keen to ensure they provide “security for all” and this comes just days after a commitment with Biden to invest more than $20billion in security over the next 5 years.
Microsoft claims they already provide best of breed, multi-platform, and multi-cloud security for all organisations across the globe and their integrated suite of security and threat protection and remediation services provides simplified, comprehensive protection that prevents breaches and enables our customers to innovate and grow.
Microsoft say that “as part of that commitment, we’re excited to offer a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android, and iOS at a lower price in a new solution to be named Microsoft Defender for Endpoint Plan 1 (P1) which will also be included in Microsoft 365 E3 for free.
Licensing and Pricing
The great news is that “Plan 1” will be included in Microsoft 365 E3 /A3 at no addition cost and will be a made available as a low cost add-on for other SKUs. Microsoft 365 E5/A5 will continue to include Defender for Endpoint “Plan 2”.
This is currently in public preview, meaning you can sign-up for it for free for 90 days now. After the 90 days is up, you can buy this from your friendly Microsoft CSP or licensing partner. Customers already of Microsoft 365 E3/A5 will get this for free once released for General Availability (within the next 90 days) and will then be able to enable/user the service.
How to buy Defender for Endpoints Plan 1
Plan and Plan 2 compared
The diagram below shows the extent of the threat protection and remediation services offered by Microsoft Defender for Endpoints.
Microsoft Defender for Endpoint (C) Microsoft.
Plan 1 is aimed at organisations looking for mainly endpoint protection (EPP) where you get best of breed fundamentals in prevention and protection for all your client endpoints. It includes next generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI. Finally, it includes access to the Microsoft 365 Defender security experience to view alerts and incidents, security dashboards, device inventory, and perform investigations and manual response actions on next generation protection events.
Plan 2 is aimed at most larger enterprises who need full endpoint detection and response (EDR). This builds on Plan 1 and provides full EDR capabilities to further prevent security breaches, reduce time to remediation, and minimise the scope of attacks with vulnerability management, endpoint detection and response, fully automated remediation, advanced hunting, sandboxing, managed hunting services, and in-depth threat intelligence and analysis about the latest malware campaigns and nation state threats.
The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.
Image (c) Microsoft.
Getting Started
You can sign up for the preview using the link here, and Microsoft have provided a detailed blog which goes into more detail than have shared above also provide a simple walk-through for admins and sec ops.
You can also read the latest Gartner report which details Industry leading security capabilities.
Windows365 is a new service that will let users access their corporate ‘cloud’ PC from anywhere by streaming a version of Windows 10 (or Windows 11 when released) in a web browser. At initial launch, (2nd August 2021), organisations have two edition options – Windows 365 Business and Windows 365 Enterprise – with multiple Cloud PC configurations in each edition based on performance needs.
Designed for the disparate and agile workforce
Windows 365 allows organisations to equip distributed workforces, temporary and seasonal employees, contractors, and employees who have a need for specialised workloads in a flexible and highly secure manner – regardless of their location or device. Windows 365 will allow organisations to add and remove users with secure managed Cloud PCs according to the changing needs of the business and of the individual user, allowing them to scale for busy periods without the logistical challenges of issuing new hardware. Cloud PCs can be scoped, and scales based on the specification/power that best meets the user need and is paid for on a simple per user per month price.
Built on Azure Virtual Desktop – runs on anything
Windows 365 is built on Azure Virtual Desktop but simplifies the virtualization experience and licensing. Organisations that require greater customization and flexibility can of course still opt for Azure Virtual Desktop to modernize their VDI (Virtual Desktop Infrastructure) in the cloud or use a combination of both.
Windows 365 offers a consistent Windows experience, across any device/operating system including Windows, Mac, Linux, iOS, or Android. It promises to support all your business apps such as Microsoft 365, Dynamics 365, Power Platform, line of business apps, and more as well as the Office 365 suite.
It provides an instant-on boot experience that enables users to stream all their personalized applications, tools, data, and settings from the cloud across any device and allow them to pick up right where they left off. The state of a user’s Cloud PC remains the same, even when they switch devices.
Windows 365 Device Support (July 2021)
Consistent Device Management
Microsoft Endpoint Manager is used to procure, deploy, and manage Cloud PCs for their organisation, since Windows 365 is consistent with how they manage physical devices with Microsoft End Point Manager. Cloud PCs are managed alongside physical devices and can apply management and security policies to them in the same way as they do on physical devices. There is extensive monitoring too and IT can change on the fly the specification (processor, RAM, and disk) to adjust the performance of the Cloud PC to make sure the users are getting the best experience. There’s also built-in analytics and performance metrics to look at connection health across network to make sure the Cloud PC users can reach everything they need.
Build on Zero Trust Foundation
Windows 365 is built with a focus on a Zero Trust architecture. It stores information in the cloud, not on the device, and encryption is used everywhere as you’d expect with an Azure service. All managed disks running Cloud PCs are encrypted, stored data is encrypted at rest, and all network traffic to and from the Cloud PCs is also encrypted.
Licensing Information
Unlike other virtualisation services, Windows 365 is priced on a per-user price and are allocated via the Microsoft 365 admin centre portal in the same way as other Microsoft 365 E3/E5 licenses.
Windows 365 will initially come in two flavours – Business and Enterprise, and Microsoft will offer 12 different configurations for both the editions. The Cloud PCs can be configured with a single CPU, 2GB of RAM, and 64GB of storage at the low-end, all the way up to eight CPUs, 32GB of RAM, and 512GB of storage.
A full range of available configuration and example scenarios is available here.
Windows 365 will be officially available on August 2, 2021, and pricing will be announced on the same day, though rumours say we expect pricing to start from ~£25pupm
Windows 11 is new – in this blog I look into some of the reasons why we have a Windows 11 and not simply another update to Windows 10!
In summary, I think Windows 11 is about three main things which I will discuss below…
Taking advantage of the huge surge in demand in hardware.
A new modern and fresh visual UI
The ability to considerably secure and protect users (not just corporates either)
Wasn’t Windows 10 supposed to be the last version of Windows?
That’s what we all thought, since when Microsoft released Windows 10, Jerry Nixen (a former senior technical evangelist at Microsoft) had said “Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10“. This, however, was never really the official line by “THE MICROSOFT”, and was more of a throwaway comment but one that people seem to have remembered (including me!!). Anyway, there is a Windows 11 coming. Period.
To answer the “why”, during the official announcement of Windows 11, Panos Panay said that “You have to step back and consider what’s most important for people right now, and so much has changed over the last 18 months. A lot of the time spent over the last 18 months [within Microsoft] was looking at Windows and what it means to be for what’s next [with hybrid work].”
But why Windows 11 and not Windows 10 2022H1?
“The PC started to move from fitting into people’s lives to shifting our lives to fit into the PC,” said Panos Panay at the announcement of Windows 11 back in June.
Six years after launch, the vast majority of the Windows world is now (finally) running Windows 10. With the surge (ok, like, everyone) suddenly working from home combined with the increase in security threats from phishing and ransomware also combined with the first significant PC growth spurt in more than a decade, Microsoft clearly saw a big reason (and opportunity) to re-invent Windows in a year which has reportedly seen a 75% year-over-year increase in the time people “spent” in Windows.
According to Canlays, “the PC market is expected to remain strong through at least the end of the year and into 2022″ as hybrid working seems set to stay and requires (in most cases) mobile computing which typically have a “refresh” cycle of 3 years (4 at a push). Any Windows upgrade cycle (new version) that Microsoft launch risks causing demand issues (especially with the current silicon shortages), but at the same time, the fact that demand is strong and people are upgrading presents an immediate opportunity.
What’s more important (if you push the marketing and commercial aspect to one side for a moment) is that the devices people are upgrading to, typically support more advanced and modern security standards than the 4 year old devices they are typically replacing!
In short, I think Windows 11 is about three main things
A new modern and fresh visual UI
The ability to considerably secure and protect users (not just corporates either)
Taking advantage of the on-going demand for PCs/laptops.
The new Flashy UI
There is no doubting that the UI in Windows 11 looks different (yet also very familiar). There are a also bunch of new features in the first initial build (with loads more coming in later builds) – you need to bear in mind that there is still at least 5 months of development and refinement to go before Windows 11 is officially launched).
Many of the new features have been shaped around the changing ways in which people have learned, worked and played during the pandemic. As an example,
Universal mute – a new mute button is now present on the taskbar which essentially mutes every app in Windows 11 except your UC app (by that they mean Microsoft Teams), to prevent those embarrassing microphone moments.
Leave my apps where there were mode (ok it’s not officially called that), but Microsoft in Windows 11 finally leaves your apps on the screen you left them when using multiple monitors. In Windows 10, apps are rearranged or moved to single screen when you disconnect or reconnect a monitor. To be honest though – they could have easily (and still could fix this in Windows 10 21H2)
There’s lots more to the UI and reasons why some of the changes (like the centred start menu) are where they are – you can read/watch more about this here
Security, Security, Security
Outside of the cosmetics (which are of course important as it’s what we interface on a daily basis), Microsoft (who by the way invest over $1B in security R&D each year) want to push the market forward to adopt the much needed new security standards. Setting minimum standards around security (rather than just RAM and Processor speed) is of course a good way to this. Again – they didn’t really need a new “version” to do this – after all, Windows 11 is “built” on Windows 10, so with notice and planning they “could” have still achieved the same result in my book, but this way they can continue with Windows 10 (bear in mind that Windows 10 will be supported until at least 2025) but use Windows 11 as the driving force to improve security – something their commercial customers will likely not want to ignore.
Microsoft have been talking about Security from Chip to Cloud with Surface and Windows 10 for about a year now and given the huge demand for new PCs/Laptops, Microsoft should be able to drive a quicker shift towards better security standards. Microsoft sees hardware as a currently security flaw (in many cases) which is why there will be emphasis and requirement on TPM 2.0 for Windows 11 which has been standard in Microsoft Surface for several generations now but has not been a Windows requirement…..until now!
So what is TPM anyway? TPM stands for Trusted Platform Module and even though this technology has existed in new PCs for some years, its only really Microsoft that have talked about extensively. Since TPM 2.0 will be requirement for Windows 11, we will heard a lot more about it from PC manufacturers with Windows 11 certified hardware.
In a recent security blog post from Microsoft’s director of enterprise and Operating Security, they explain in detail the importance of TPM 2.0, along with some other security benefits of Windows 11.
TPM is a chip that’s integrated into a main motherboard on a PC or Laptop and is designed to helps protect sensitive data, user credentials, and encryption keys as well as protect these devices from malware and ransomware attacks, which are becoming ever more common. This, combined with the ransomware protection features built into Windows 11 (and Windows 10) known as “Controlled folder access” will go along way to further protect users and organisation against cyber crime.
TPM 2.0 is a “critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data,” Microsoft explains in their blog.
In addition to the TPM requirements, Windows 11 also provides new built-in security features including:-
Microsoft Azure Attestation, which can enforce Zero Trust policies with supported mobile device management tools like Intune
Support for virtualization-based security, hypervisor-protected code integrity,
Secure Boot built-in, and hardware-enforce stack protection for supported hardware from both Intel and AMD.
Become a Windows Insider and test Windows 11 today
People always ask me “how you download it or get a dodgy build like the one that leaked a few weeks ago”. Its actually really simple and legal to get Windows 11 – but to do so you (or your organisation) need to be enrolled in the Windows Insider Programme. I’ve been a Windows Insider for 6 years now and it’s been a great journey to be (or at least feel) part of the on-going development of Windows moving forward.
I’ve written about what it means to be a Windows Insider before, but you can check out the Real Inside story of Windows 11here.
Watch to learn more about the key design & security concepts of Windows 11
The Outlook extension is in beta (due to be released in July) but is available to download now from the Microsoft Edge add-ons store.
New Outlook Edge add in
What does it do?
The Outlook Edge browser extension enables users to read, send, and manage emails and even receive outlook notifications without the need to open a new tab or flip to the app.
The extension is designed to keep users productive while browsing allowing them to:
Reading an important email
Checking your calendar
Adding a task based on what you’re reading on the web
Fast look up of a contact’s phone number
Referring to info on a webpage while writing an email.
How to get it and set it up
The Outlook extension is in beta but is available to download on the Microsoft Edge add-ons store. You can get it here.
Once downloaded and enabled, an Outlook icon will be added to the Edge address bar. Users will need to sign in with their work or personal account to see their emails, calendar, contacts, and tasks, and more in a pop-up menu while browsing the web.
To use the extension, you of course need to login within your Microsoft or a Microsoft 365 account