Microsoft Planning To Simplify Windows 10 App Deployments
Microsoft announced Windows 10 earlier this week and has already highlighted some perks for the enterprise to come, but even more details concerning Microsoft's Windows 10 vision came from an Oct. 1 blog post (now inaccessible) by Oliver Niehus, a principal application development manager at Microsoft.
Niehus provided lots of details to buttress Microsoft's somewhat muted claim that Windows 10 represents something novel, and not just an incremental operating system release. Supposedly, Microsoft skipped the "Windows 9" nomenclature in going with the Windows 10 name because of its advances over Windows 8.1.
He explained that a new "Threshold Windows Store," when combined with Microsoft's current Windows Store, will result in a "converged app store" that will open up new app procurement and licensing scenarios for organizations. Threshold was Microsoft's code name for Windows 10.
Niehus provided a long list of OS improvements in Windows 10. Here are some of the general improvements.
One Windows. Niehus contended that Windows 10 will work across all types of devices in a "One Windows" concept. It will have "one universal app platform, one security model, one management system, one deployment approach and one familiar experience," he wrote.
Easier Federation. Microsoft will do away with organizations having to use Microsoft accounts when using Azure Active Directory, which apparently caused complaints among some Windows 8 users.
Data Protection. Windows 10 also will come with integrated data protection to prevent against disclosures across devices. "Many existing containerized solutions have confusing and hard to support UX [user experience]," Niehus wrote. "Threshold builds data protection into the natural flow."
Per-App VPN White Lists. Organizations will be able to specify which apps can be run on a virtual private network (VPN) with Windows 10. A mobile device management application will be able to maintain a white-list of accepted apps, both Windows Store apps and Desktop apps. These white-lists can be used with Microsoft's "Enterprise Data Protection" platform to allow certain apps on the VPN, Niehus wrote. It's not exactly clear what the Enterprise Data Protection platform is, though. IT administrators will be able to restrict the remote access of apps, including restricting the "specific port/IP address," he added.
Other VPN Improvements. Microsoft will enable "always-on" VPN connectivity to a corporate network after the user logs in. Third-party service providers will be able to create apps to take advantage of the new VPN capabilities. It also will be possible for third-party software makers to create mobile device management solutions that can manage remote VPN access.
Windows Store Improvements
Niehus had a lot to say about the new Windows Store to come. Microsoft has confirmed that it plans to unify its app store experience as part of its "universal Windows apps" concept, where Windows 10 will run on various device types, including smartphones. However, Niehus talked about the new Windows Store experience from an enterprise perspective, including how it will work with a "Volume Purchase Program" (VPP), which seems to be something new. Here are the highlights from Niehus' deleted post.
Volume Purchasing Program. Organizations will be able to buy apps in bulk with the VPP and will be able to manage the licenses, including reclaiming licenses when an employee leaves an organization.
Curated Stores. Organizations will be able to create their own store within the public Windows Store. They can add both public apps and line-of-business apps into these stores. Both Active Directory and Microsoft accounts will work with this scenario to enable access to apps. Niehus later explains that a Microsoft account still will be needed to install apps from the public Windows Store on a device, so this point is kind of unclear. "They [end users] can acquire apps from the public store, but installing those will continue to require an MSA [Microsoft account]," he wrote.
Enterprise App Store. Organizations also can also build their own app stores or company portal, but doing so requires sideloading the apps or "deep linking" to them using URLs. He added that it will be possible to use mobile device management (MDM) solutions to this end. "In this scenario, the MDM service communicates with the Volume Purchase Program, letting the Windows Store take care of more of the 'heavy lifting': it installs the apps and acquires a license for the user," Niehus wrote.
Desktop Apps Support. The new Windows Store will support Desktop apps (Window 7-style apps), not just "metro" or "modern" apps, Niehus contended.
Business-to-Business App Provisioning. "We will also support business-to-business transactions, enabling ISVs [independent software vendors] to provide apps directly to another organization, leveraging the Windows Store and VPP capabilities for distribution and license management," Niehus wrote.
Niehus explained that much of the new Windows Store management will be accomplished through MDM solutions (Windows Intune, System Center Configuration Manager or third-party apps). In the case of enterprise app stores, the MDM solution would "instruct the VPP to perform the installation" of apps. He also described an imaging process for distributing apps under this scenario.
"Once the IT administrator has acquired the apps through the VPP portal and downloaded the installation files, they can add these to the OS image using PowerShell, DISM, or other tools," Niehus wrote.
When this image is deployed in the enterprise app store, users get automatic app installation when logging onto their machines, and the licensing is automatically applied via the VPP, Niehus explained.
Windows 10 is still at the preview stage and the new Windows Store isn't yet available. Perhaps, that explains why Niehus' blog post got pulled.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.