Modernize PC Management: Windows 10 Migration Blueprint

Modernize PC Management: Windows 10 Migration Blueprint

This post was originally published on this site ---

The migration to Windows 10  is a top-of-mind concern for organization’s today. More than just a new version of Windows, Windows 10 is a completely different platform. Part of what makes it so different is its approach to management and security. Designed to use modern IT primitives, Windows 10 makes traditional management practices obsolete. As such, Windows 10 migration brings in a new age of device management and security.

Windows 10 Management Overview Video – AirWatch

Traditional vs Modern PC Management

Supporting productivity for highly mobile end-users shifts apps and data into the cloud, expanding the traditional definition of PC management.

Traditional PC Management

Traditionally, only domain-joined devices that were connected to the corporate network could receive policies, updates, configurations, and software. These locked-down devices provided  a poor end-user experience, and slowed OS patching, leaving them vulnerable to zero-day attacks.UEM

Modern PC Management

In comparison, modern management with VMware AirWatch’s Unified Endpoint Management uses a cloud approach. The cloud enables instantaneous delivery of the same configurations, apps and updates to the device, without any network or domain dependency.

Modern PC Management for Windows 10


Windows 10 Migration Blueprint

Today’s post provides a Windows 10 migration blueprint for modernizing PC management with VMware AirWatch Enterprise Mobility Management. The blueprint includes:

  • Overview of migration challenges
  • Prescriptive migration instructions
  • Resources to assist your digital transformation

Migration Schedule Planning

As a general rule of thumb, it’s best to perform the easiest migrations first. However, the devil is in the details. In order to create a schedule for migration that scales in complexity, you must evaluate your user base. Use the following variables to evaluate users in your organization, and identify your starting point:

  • User’s Technical Aptitude – Start with a more technically savvy user group to increase the likelihood of initial success. Typically, the internal IT department provides a technically competent sub-set of users.
  • Existing Hardware – There are two paths to getting users onto Windows 10: upgrade existing hardware, or replace older hardware with net new devices. Of the two options, migrating net new hardware is easier. Identify devices due for an upgrade, and plan to transition them first.

    Learn More

    Windows 10 comes with many new usability and security features that may require specific hardware. Two common examples include:

    • Unified Extensible Firmware Interface (UEFI)
    • Trusted Platform Module (TPM) chip

    Assess the current state of your hardware to see if it meets these requirements. If your current hardware does not meet these requirements, consider a hardware refresh to make the most out of all of the modern security features.

    To upgrade, use your existing Operating System Deployment tool to embed the VMware AirWatch Agent into the image. Use the IMAGE=Y option for command line enrollment to imbed the image. For assistance with the migration of apps and data on the existing end-user’s devices, use 3rd party app and data migration tools and services.

  • Business Impact – Identify which users or groups present current with your existing management tools, such as remote workers who are highly mobile and seldom on the corporate network or contractor devices.
  • Device Model – Identify a single device model to work with.

Once identified, use this initial set of end users to create a template for success that can scale to the rest of your organization.

At this time, no tool or technology completely removes the need for human interaction. Set aside time to create user-facing documentation, and dedicate man-hours to the actual migration process.

For additional assistance in planning your migration from a project management perspective refer to solutions like MigrationStudio or SysTrack Desktop Assessment.

Application Assessment

In addition to hardware, you need to assess your environment’s apps. Use a tool like SysTrack Desktop Assessment to determine application compatibility with Windows 10. If that doesn’t tickle your fancy, Microsoft’s

Application Compatibility Toolkit (ACT) is another option.

Since you’re already evaluating apps for Windows 10 compatibility, consider using the SysTrack Desktop Assessment or the Microsoft’s Application Compatibility Toolkit (ACT) to determine which apps your organization actually uses. Cleaning out apps that no longer require support, simplifies the migration process. It minimizes unnecessary app issues, and removes the cost of licensing and repackaging unused apps.

Another way to eliminate unnecessary complexities is to stop using proprietary tools to handle OS updates, device encryption, anti-virus protection, etc. Instead, use the native functionality built into Windows 10 and AirWatch Enterprise

Field reports indicate that post-migration, some organizations reduced the number of apps they supported by 75%.

Mobility Management. While proprietary tools worked fine in the past, previous versions of Windows only pushed OS updates every few years. With Windows 10, Microsoft pushes out an OS upgrade every six months, making apps that offer duplicate functionality a maintenance liability.

Application Migration

You can use the Windows – SCCM App Migration Tool to export most of your apps from Microsoft System Center Configuration Manager (ConfigMgr) to AirWatch Enterprise Mobility Management. This script dynamically pulls over apps using Microsoft PowerShell and AirWatch Enterprise Mobility Management REST APIs.

For more challenging app migrations, consider porting apps over to VMware Horizon. Horizon 7.1, powered by the Just-in-Time Management Platform, extends virtual desktop delivery to include published applications from Remote Desktop Session Hosts (RDSH).With a tightly integrated stack, fewer components, and easy maintenance, Just-in-Time Apps use VMware Instant Clone Technology to dramatically simplify deployments For more information on how to get started, refer to Just-in-Time Apps with VMware Horizon.

Common App Migration Challenges

  • Legacy apps with compatibility issues
  • Graphic intensive apps
  • Bleeding edge hardware

Group Policies Assessment

Analyze your current Group Policies (GPOs), and place them in one of three categories:

  • Removing – Once again, consider the migration to Windows 10 as an opportunity to remove unnecessary policies. Carefully evaluate your key use-cases, and only keep the GPOs imperative to supporting them.
  • Matching – Use the MDM Migration Analysis Tool (MMAT) to determine which of the remaining Group Policies have an MDM equivalent. The VMware AirWatch Windows 10 UEM Reviewer’s Guide explains how to access BitLocker encryption, Windows Information Protection for data loss prevention (DLP), Health Attestation for compromised detection, per-app tunneling and more through AirWatch Enterprise Mobility Management.
  • Mapping – Use AirWatch Enterprise Mobility Management product provisioning functionality to import GPOs and deploy them from the cloud.The How to Import and Export Group Policy sample project provides guidance on exporting group policies from devices and importing them into AirWatch.

Windows 10 Migration Blueprint for In-place Upgrades

While migrating net new devices is the recommended practice for Windows 10, in-place upgrades remove the need to back up data, are faster, and more cost effective. Therefore, you will probably upgrade existing software during Windows 10 migration. Prior to recent enhancements to Windows 10, enterprise in-place upgrades were not feasible. The MBR2GPT tool built into the operating system for Windows 10 v1703 and above makes in-place upgrades possible.

Devices running Windows 10 require UEFI to take advantage of all of the enterprise and security features

  • Prior to converting the device from BIOS to UEFI, convert MBR to GPT. You can even use BitLocker encryption to convert an MBR disk.
  • BIOS to UEFI is more complex since this is unique for each hardware vendor (OEM). Reach out to your vendor for the best practices in converting their hardware from BIOS to UEFI.

In-place Upgrades for Dell Devices

For Dell devices, use the In-Place Upgrade of Windows 7 or 8 to Windows 10 for Dell devices sample code to migrate to Windows 10. These Dell specific configurations prep the device (MBR to GPT, Legacy BIOS to UEFI, etc.) for Windows 7 or 8 to Windows 10 migration. These configurations also automatically onboard devices into VMware AirWatch Enterprise Mobility Management.

In-place Upgrades for Other Devices

For other devices, use your existing PC Lifecycle Management solution to automate required OS migration tasks. Pair command line enrollment with your PCLM tool to automatically onboard devices into VMware AirWatch Enterprise Mobility Management. For more information regarding the different supported Windows 10 onboarding methods please refer to the VMware AirWatch Windows 10 UEM Reviewer’s Guide.

Windows 10 Migration Summary

Taking the cloud-first, modern management approach for the enterprise provides positive outcomes for businesses. AirWatch Enterprise Mobility Management uniquely combines traditional requirements with modern efficiencies. This enables instant cloud management for all Windows 10 endpoints, apps, and use cases.


The post Modernize PC Management: Windows 10 Migration Blueprint appeared first on VMware End-User Computing Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.