Demystifying Windows as a Service – wake up! please.


TL;DR; (“too long; didn’t read”)

There are some people who don´t have the time to read the whole text – if you are familiar with the topic the text in bold includes the most important points and is just for you.

Disclaimer: This is a recommendation article for Enterprise Customers to adopt WaaS in the most adequate way to benefit from the changes in a long-term scope. I don´t want to discuss on the WaaS topic in general (though I explained the most obvious arguments for it and as a former software development I am really standing behind this transformational movement) and I also left out the consumer area. The article for "only" the mentioned purpose is just extensive as you can see.

WaaS is a transformational change and WaaS comes with Windows 10. I also want to quote Jeffrey Snover - "The easiest way to fail in a transformational change is to treat it as an incremental change." You should get to know, what WaaS means and how you should prepare for it. You need to spend a of lot time in the preparation phase to be ready to adopt it. The better you have prepared the less you will run into surprises. Take a look at the WaaS Adoption Cycle and validate if you and your company really understand what stands behind WaaS. In most of my engagements I see a big gap.

 

As you can see with this post - there is a huge amount of information regarding WaaS and what you need to know. (and this is even not everything) I only can advice you to take some time and reading this article. There is no deeply and clear structured information how YOU should handle WaaS. But one thing is for sure - you have to prepare for it and consider deep and impacting changes. I am trying  to give the best advices - some work for different customers and some do not. I try to share my current experience with you and would also be glad to receive your opinions regarding this topics. How do you handle it? Have you failed? Do you need assistance? What blocks you?

 

Starting with the Summary for the hotfooted:

  • Understand WaaS and the changed mindset - understand the impact
  • Spread the word --> share the new mindset (the agile model)
  • Go through the WaaS Adoption Cycle with all 4 phases as described previously
  • Communication, Communication, Communication!
    • IT / Infrastructure
    •  Application holder
    •  Management
    •  Client Team
    •  IT Security
    •  Data Privacy Team
  • Automate as many things you can --> DevOps
  • Take a look at the upcoming changes regarding WaaS for Windows Server and evaluate the options LTSC and the Semi-annual Channel
  • Applicaton Compatibility
    • Inventory in adequate manner by having full information lists
    • Create an action plan for Application Compatibility / Incompatibility
    • Involve Application Holders

 

My opinion always is - it is better to work proactively than reactively. If you need to work reactively - it is good to have complete control what the worst outcome could be. This is why the whole preparation regarding WaaS is so important!

 


Introduction

As you probably know my name is David das Neves and I work as Premier Field Engineer for Microsoft Germany. One of my favorite topics is WaaS and I am working on this topic with many enterprise customers in workshops and in the longterm scope. After I have seen the movements regarding WaaS in the Windows Server area I saw a real need for this article. (Server Semi-annual ChannelIn a regular base I just see nearly every customer treating this topic completely wrong. By wrong this often means, that WaaS is just simply ignored and Windows 10 is treaten like Windows 7. For those who find themselves in the last sentence you should read this article with care.

This article is a wake-up call which I do in a regular base in my workshops. WaaS changes everything and the customer himself has to change and prepare wisely to adopt WaaS. Many IT departments understand the timelines and also mostly the technical parts - e.g. how Feature Updates can be deployed and so on. But I created a WaaS Adoption Cycle to demonstrate what is missing and where you need to initiate action. First of all I start with the most simplified explanation of WaaS.

 


 

What does WaaS really mean?

Windows as a Service means that you have predefined timespans which look like this:

This is actually it. Every change and preparation can be simplified to this little information - Windows 10 needs to be upgraded in a more frequent manner. By speaking of more frequently this should be 2 times a year and every new Windows Version comes also with new and modified features. Why did we change this? Well there are dozens of arguments, but I will state the most obvious ones. This is actually nothing new - it is simple agile software development. Agile software development will result into higher quality. (agile software development is a status quo today - the only change here is that Windows is an OS) We will be able to react on customer needs much faster - this also means that security features, which will be a reaction to current threats can be integrated into the OS just in time. Another point (for discussion) is that the migration costs and workload can be integrated into the operating and daily work (if WaaS is handled correctly):

You might find similar slides in the internet. I corrected them slightly. We had big migrations in the past time - coming from Win NT to XP or from Win XP to 7 or probably even from Windows 7 to Win 8.1. Every migration often comes with a migration plan, a project manager, hardware costs by doing a replacement migration and dedicated project costs. With WaaS the target must be to integrate the 2 migrations per year into the operating workload. Just handle WaaS en passant. But here comes the crux - this is only possible, if you adopt WaaS correctly. You see in this slide that I increased the first workload a lot and added a big bunch called "WaaS Prep". This means that you don´t only have to handle a typical migration coming from Win 7/8.1 up to 10 - you have additionally to prepare yourself for WaaS. You need to increase the automation level! DevOps. Another buzzword....

 


 

The Mind Change

But when you are coming from the old release thinking model and moving to the agile development (or better agile deployment) this is a huge change of the mindset.

Let´s take a look at this - this is the old model:

I still see many customers trying to handle Windows 10 and WaaS like this. They might be successful with the first release(s), but at some time they will just get overwhelmed by the increased workload and I saw many customers running into this problems. You need to change your mindset into the agile model:

And this change is a tough one. This is because you are not the only one in the company, who needs to adopt this and is affected. WaaS is affecting everyone - the management who needs to know about the preparation workload and the changed deployment techniques with possible reactive failure approaches regarding application compatibility; the Support Desk who needs to have the most current information about upgrades and roadmaps every time; the user who needs to know what a feature update means and how they should handle it - why the looks may change and that change is an ongoing process [...] and many more.

So - how can you test, if you are on the right way? For this I created a very simplified WaaS Adoption Cycle as mentioned before.

 


 

WaaS Adoption Cycle:

It is easy - we validate the current adoption level of your company regarding WaaS. This cycle in a generalized way looks like this:

This is obvious and actually not something new - it is actually a cycle which you would run through for most of your projects. But here I see the first errors made at many customers. Technicians tend to solve problems as soon they got to know about them. The Client-Admins now read about the coming WaaS model, which is the phase 1. They don´t like it (this is for sure - at least in the beginning - many people don´t like changes and this is a devastating one) and they just skip over to implementation and try to just implement it somehow with SCCM or they postpone this to some time in the future. This is one of the biggest mistakes you actually can make! I will run now through the different phases to show you, what is really standing behind it. The first phase is explanation:

So this is the information which the technical people read in the news and blogs and they got informed by their Technical Account Managers (MSFT). You will speak about the timeline/timeframes and that they are much too short for your company and your processes; about the different branches and that you only want to use CBB (second big error) and how you plan to manage this all - probably with SCCM. This phase is actually the best adopted phase at any customer. But right afterwards they miss the most important step:

The "Awareness" phase is mostly completely ignored. Application Compatibility for example is a complex topic in this whole change and customers are just pushing Windows 10 out and trying to ignore it. You have to show the new complexity and the new mindset of the agile approach throughout your whole company. In addition you have to validate your current processes and evaluate huge procedural changes which will need management involvement. And - communication is a crucial necessity in this whole change. The client team has to speak with the IT-Management and the Server-Team to set up adequate roadmaps to adopt upcoming features in Windows 10 which come along with technological requirements. Doing this phase in a good manner should result into the preparation itself:

You have done a lot of communication in the last phase, which should have resulted in a lot of decisions. These decisions need to be addressed in this phase. How do you want to deploy Windows 10? (getting into this after the adoption cycle) What tools are going to be used? How do your roadmaps look like for technological and procedural changes? Do you have an application list or do you need to extend it? How do you handle application incompatibilities? Do you have an action plan for this? And this all then results into the implementation itself:

And now ask yourself, if you have done all these steps? Think also from different point of views. As a point of view from the IT Client Team you have done the first phase "Explanation" very well and sometimes also a little bit Awareness. But how does the Awareness look like when you change the point of view to Management / Users / Security Team / Application Holder / Data Privacy Team / Workers Council ? For most of my engagements the resulting evaluation will look like this:

How does this look like in your company? Similar?

 


 

WaaS Deployment Assignment

So - how should you adopt WaaS with what Branches? To demonstrate this I will add the following circle diagram (knowing that the terminology changes its names - but the meaning will keep the same):

 

You should create such a diagram for your company before pushing out any Windows 10 devices. LTSB needs to be considered only, if you really have machines for this kind of usage. As you can see you really should adopt also the Insider Preview version and the Current Branch version. Why? You need to get the information as soon as possible. Information about possible application incompatibilities and other side effects. But also to get to know, what changed and how the user should be informed regarding the changes. (UI changes / technical changes)

 

There is also a big point here:
Thinking of testers - who do you think are the best testers? Yes - people who actually work with the operating system / application. Coming with Windows as a Service you should plan for an automated distribution of the most current Feature Updates to retrieve the most current and most representative information directly from the field itself. Therefore you have to place the Windows Insider Version into your early adopters user groups and the Current Branch into your your production. Do you need to place hundreds of machines there? Yes. But you should plan for intelligent rings. Coming with Windows 10 (Server 2016) you have always the possibility to roll back to the previous version, which will take 30 to 60 minutes. (technical information here) So in the Insider Preview you want to evaluate the coming new features and probably test your most important applications - called Line of Business Applications. You define the upcoming client and set the roadmap for the upcoming technological requirements, which you have to discuss with the Server Team / Management and so on. You will start with small numbers for the deployment of these "testing" deployments. So you will always have the complete control, what the biggest failure rates could look like. Starting with small numbers and increasing them upwards to the mentioned ~10% for the new Windows Version (in CB state). You also should take a look at the applications. You should test every application by deploying the new Windows versions to machines which make up the best cross-section for all applications. The recommendation is too easy. The earlier you test the applications with new Windows versions - the earlier you can react on problems. Therefore the very first deployments in the CB state should consider all applications used in the field. If you encounter any problem you can just roll back the impacted devices to regain usuability and investigate the problems. (and pause the further deployment regarding the issued problems)

 

Sounds easy? Unfortunately it isn´t. The problem is that customers are freaking out when it comes to ITIL and always want ITIL certified people working in their environment - but the reality shows that the most basic recommendations of ITIL are often ignored - because they produce "unnecessary" work.

 


 

Migration and Application Comptability - the complexity raises.

In one of the first sections i mentioned that two different migration parts are coming with Windows 10. The recommendation here is to split the workload and always keep it at simple as possible. Don´t miss something out, but also don´t overengineer this too much.
Speaking of the two parts - one is the simple migration which you have done before coming (for example) from Windows XP and migrating to Windows 7 and the other one is the preparation for WaaS. I will show this with the upcoming slides:

WaaS is something new - and there is no ultimative recommendation out there today. Every customer has to dive into this topic by their own and I will provide some hints/information to avoid the typical problems.

We have experience in this one - this is something we (as a Client Team) know how to handle.

 

This is new and for this we need to prepare.

So - first of all we will take a look into the Pre-WaaS part and show what needs to be done for all the applications (cleaning this up at this current timepoint is a good recommendation):

But what does Inventory really mean? How does good Inventory look like and who should have the possibility to modify information? You should involve the support desks and the Application Holders. Actually you should have a complete Application Lifecycle Management just in place, if you are working on ITIL standards. Do you? To show a very complete example I divided the inventory into 3 sections:

 

Now let´s dive into these three areas:

The first one is plain information regarding the application and the accountability for it. Contact data regarding the application holder is a big important advice here. In many environments these people are even not more existent. But you need to have contact data, if something goes wrong with the application to introduce a good action plan.

 

This sections is about importance. You have to validate the importance of the applications to know what LoB Applications are and when you should test them.

 

And this is the complete new information. You need to think about when to test the applications and how to handle errors and problems. (manual error handling is a bad thing)

With this informaton in petto you may create Servicing Plans (described below) and set up new processes:

By using Decentralized Testing and involving Application Holders you will delegate/spread the workload. But keep in mind that such models only can work, if you set up the right communication levels. (Feedback)

Additionally you may want to evolve actions plans - when an error occurs this workflow is automatically triggered. The best would even be, if automated emails and information articles would be created after such an occurrence:

This all are some of the current approaches how you could handle it and prepare for it. My opinion always is - it is better to work proactively than reactively. If you need to work reactively - it is good to have complete control what the worst outcome could be. This is why the whole preparation regarding WaaS is so important!

 


 

Deployment Technology

After having this you should think about how to adopt WaaS technically. Many of my customers are running SCCM and pushing the first upgrades with Upgrade TaskSequences - which is totally ok. But think of the changes coming with ESD and delta ESD and the resulting reduction of network load by reducing the load for one image to a half. (~ 3,8GB --> ~1,9 GB) For this you should prepare to use the Servicing Plans. Set up correctly you never have to recreate your Servicing Plans for different branches and you can easily adjust them. (more information here and here)

A neat way to do this is by creating the Servicing Plans with Powershell. I like the following implementation very much and wanted show you this one:

You just enter all the data into an Excel file and run the script which automatically creates all the rings.

This implementation from Kaido Järvemets can be found here.

 

Additionally to this you should also think about a caching technology. Our recommendation is that you use at least one caching technology - Branch Cache (BITS), Delivery Optimization - Peering, Peer Cache (SCCM), Third Party Tools

 

Take also a closer look at Upgrade Readiness (former Upgrade Analytics) which is the perfect tool to adopt WaaS and Application Compatibility by using telemetry and OMS. If you don´t  have any policital discussions on sending the telemetry data at the basic level this solution will help you a lot!

 


 

Procedural Changes

You should also think about procedural changes - how can you improve your change requests. How can processes be optimized/automated? Automatically sent emails? Action plans regarding different timeframes / on different events? To demonstrate you this I show you one of my simplified slides - you should create such an action plan for your company with the affected "User Groups":

This all will keep work in progress for the next few Feature Updates (Upgrades) and grow within time. Think every time of the very simple recommendation: The more you automate - the less you have to do manually.

This changes are affecting all the areas regarding ITSM and ITIL.

 


 

Knowledge Management

This topic is very often totally underestimated. But this topic will become one of the most important ones in the future. How can you share information or make information gatherable for every group and user? How can you share the information between teams to enforce decisions? What technology is used? Sharepoint / OneNote / Internal KM / Third Party Tools / Feedback Hub

One recommendation from our side is to use Webinars/Skype Sessions for Users. These sessions are personal because one person is speaking live and reaching out n Users. You can also set up informational webinars monthly to reach out to all the users. Keep also in mind that a recorded webinar may not be accepted from the users, because it is not more personal then. This are things which your company needs to test and validate.

A personal recommendation is to test OneNote for sharing technical information - for example over all the teams like Client Team / Server Team / Support Desk. You can work in parallel on the information and get the updates asap. Also the search engine of OneNote nearly beats everything out there.

Additionally take also a look at the Toast notifications - you probably could even push them with Powershell.

 


 

WaaS for Windows Server

You may have read the changes coming for Windows Server:

The Windows Server release model is offering a new option in order to align with similar release and servicing models for Windows 10 and Office 365 ProPlus. If you've been working with Windows 10 or Office 365 ProPlus, these improvements might already be familiar to you.

There will be two primary release channels available to Windows Server customers, the Long-term Servicing Channel (LTSC), and the new Semi-annual Channel.

The Semi-annual Channel will be available to volume-licensed customers with Software Assurance, as well as via the Azure Marketplace or other cloud/hosting service providers and loyalty programs such as MSDN. (Azure Hybrid Use Benefit)

As explained the model for Windows 10 - the Server model is completely similar and will need the same considerations. (and even more)

 


 

Feedback

Coming with Windows 10 1703 Windows Insider for Business is introduced. The earlier you test the new builds - the earlier you can address any problems and also validate the new features and speak with the infrastructure teams in case of depending technologies / OS etc. like Server 2016 / ADFS 2016 / AD schema 2016 / PKI with NDES etc.

And now you can just add an organizational account as insider preview account:

  1. Navigate to insider.windows.com and go to Get Started.
  2. Sign-in with you desired account.
  3. Enroll your device --> Settings

One of the benefits of submitting feedback using your AAD account is the addition of a page to the Feedback Hub for your organization.

Simply click the My Company page in the feedback hub to see and upvote all feedback submitted by other Insiders in your organization. By this you could set up a testing and feedback environment out of the box.

 


Windows Server previews coming soon to the Windows Insiders Program. 

While Windows Server has always evolved to meet the changing needs of our customers, the next phase truly depends on you. This new model provides more opportunity than ever before for you to influence the direction of Windows Server. We are looking forward to your feedback and partnership as we deliver the next generation of OS technology to support the applications and infrastructure innovation you need!

Becoming a part of the Windows Insider program will give you the opportunity to test pre-release code, provide feedback, and really influence how we develop our products. You can also join the discussion on the new Windows Server Tech Community, where you can ask questions and share ideas with other customers and experts, including Microsoft engineers and MVPs.

You can read more on this new more frequent release cadence as well as details on how to sign up for the Windows Insiders program at a new article published on our website: Windows Server Semi-annual Channel Overview.

 


 

Summary

If you have come this far I am really proud of you.

Let´s recap again what the most important points are:

  • Understand WaaS and the changed mindset - understand the impact
  • Spread the word --> share the new mindset (the agile model)
  • Go through the WaaS Adoption Cycle with all 4 phases as described previously
  • Communication, Communication, Communication!
    • IT / Infrastructure
    •  Application holder
    •  Management
    •  Client Team
    •  IT Security
    •  Data Privacy Team
  • Automate as many things you can --> DevOps
  • Take a look at the upcoming changes regarding WaaS for Windows Server and evaluate the options LTSC and the Semi-annual Channel
  • Applicaton Compatibility
    • Inventory in adequate manner by having full information lists
    • Create an action plan for Application Compatibility / Incompatibility
    • Involve Application Holders

 

My opinion always is - it is better to work proactively than reactively. If you need to work reactively - it is good to have complete control what the worst outcome could be. This is why the whole preparation regarding WaaS is so important!

 

This all is a huge change and a big chance to make the first steps into digital transformation by pushing the transformation itself with Windows 10 and Windows Server 2016. I only can recommend you to do this now, because Windows 10 is going to be the "last" Windows version and afterwards the new Windows Versions will be pushed out two times a year. The Security topics become more and more important and this all plays together by the ongoing change. 

 

I hope this was helpful and I cleared up WaaS a little bit and demonstrated hopefully also the importance of this topic! Leave any feedback or questions -

David das Neves

Premier Field Engineer, EMEA, Germany
Windows Client, PowerShell, Security

 

 


 

Additional Links:

Configure Delivery Optimization for Windows 10 updates

Configure BranchCache for Windows 10 updates

Manage updates using Windows Update for Business

Manage Windows 10 updates using Windows Server Update Services (WSUS)

Manage Windows 10 updates using System Center Configuration Manager

Windows Insider for Business

Get started with Upgrade Readiness

Server Semi-annual Channel

Delivering continuous innovation with Windows Server

Comments (31)

  1. Matthew Newberry says:

    Microsoft is risking losing a lot of desktop customers over this “philosophy” of WaaS. Business wants stability. Yes, new feature are nice, but the stability and consistent user experience outweighs new features (i.e. Cortana) by a long shot.

    1. Hi Matthew,

      actually most of the coming Features are Security-oriented and Administration/Management-oriented. (e.g. Application Guard)
      Take a look here for the most current changes:
      https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1703

      David

      1. Susan Bradley says:

        And please don’t forget your pro only sku customers. Not everyone runs Enterprise.

        1. Hi Susan,

          there aren´t too many differences between Pro and Enterprise regarding WaaS. (but i wouldn´t recommend Pro for bigger customers because of the lack of the important security features)
          Here you have the differences in detail:
          https://www.microsoft.com/en-us/WindowsForBusiness/Compare

  2. Israel Pastor says:

    WaaS is perfectly fine. W10 is not, and that is the problem. You blame customers for not being ready to jump into WaaS, just as you blamed PCs for not being ready for Windows Vista. The truth is that both Vista and 10 leave a lot to be desired when compared to, for example, W7.

    1. Hi Israel,

      what pain points do you have with Windows 10?

      Windows 10 is evolving in much shorter time frames and the Feedback is heard by our product teams and devs. If you are having any specific problems you should always communicate this directly to our TAMs/PFEs onsite or opening up a support case.

      Additionally to this you could enter the problems into the Feedback App, which will be consilidated with AI – and coming with the most current Windows Version 1703 you can just use the added capabilities: https://docs.microsoft.com/en-us/windows/deployment/update/waas-windows-insider-for-business#sharing-feedback-via-the-feedback-hub

      David

      1. Israel Pastor says:

        In no particular order:

        1. Uninstallable apps (photos, xbox, etc.)

        2. Settings – Control Panel travesty

        3. Limit of 7 pinned elements in Start menu list

        4. Forced updates and restarts

        5. Lack of control (Photos creates albums and there is no way to disable the “feature”, need to log in xbox app to disable some stupid default settings like game recording, no way to disable the intro screen before logging into the system, etc. )

        And more that I simply don’t remember right now, and all for no visible improvement over W7

        1. Andreas Erber says:

          Forced restarts? What kind of Windows are you running? There are no forced restarts if you configure it properly and use WSUS oder SCCM or another 3rd Party deployment solution.

  3. M.Hase says:

    Hi David,

    thanks for the very interesting blog post. At the moment I am tasked as well with designing a Windows 10 based client for our organization, which is in the public sector. Many of the solutions and technologies you describe sound like they require more or less unchecked internet access. Unfortunately, due to IT and data security regulations, more that a WSUS Services proxied through several instances is not available to me. How, if at all possible, can I still move forward with implementing WaaS?

    On another note, I can confirm the state you find at most customers. Application inventory is a big issue at our organization. There are several lists with more or less current data maintained by different entities scattered across the organization. But at least the issue was identified and work is in progress to address it.

    Greetings from Germany,
    Martin

    1. Hi Martin,

      there are different technologies to adopt WaaS – starting from Internet-based technologies like the standard Windows Update Agent / managed with GPOs, which will end up in Windows Update for Business, over to WSUS standalone or WSUS with SCCM or WSUS with a Third-Party-Tool.
      (Table 1 in https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview )

      Without having Internet and a WSUS in place it would be hard to get the Feature Updates pushed out in an adequate way. Did you also validate WSUS configured as upstream / downstream server? Take a look here: https://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx

      You surely can upgrade with the ISOs itself, but I wouldn´t recommend that in any way (in an enterprise environment).

      Additionally to this you have always the choice to use LTSB instead. (https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#servicing-branches)
      There you would have much longer timeframes for support and no necessity for upgrades. The downside would be, that you will lack the new Features, which are highly Security-focused and also lacking the possibility to support always the newest hardware.

      David

  4. Fred Jones says:

    Wow……someone had a bad day. Maybe you should spend some time at a real business for a bit. Maybe then you could understand why some of the points you are making are the polar opposite of how reality works.

    1. Hey Fred. Thank you for your comment – what points are you refering to?

  5. Luka says:

    “Agile software development will result into higher quality.”

    Unfortunately this is not a case for Windows 10 which just like Windows 8.x alienated Windows user base. This Windows as Service is an attempt of Microsoft to compete iOS and Android and get chunk of the market they will never have. As a result Windows 10 brings horrible user experience on PC not to mention bugs and instability issues. I tested all SKUs for Windows 10 and the only one which is worth looking at is Windows 10 Enterprise LTSB which is not available to wider audience. It seems that entire philosophy behind Windows 10 release is get the features out without actually fixing problems. There is quite irony in it because Windows 10 ECO system ended up fragmented where lot of people just disabled Windows Update once they managed to have system stable. With all due respect, the current management of Windows Division at MS. is bottom line clueless. When i give advice to people i tell them to run Windows 7 because all the greatest and latest software and hardware works on it and it works well. As far as i know and maybe i am mistaken it took 800+ days for Microsoft to develop and release Windows 7, and Windows 7 by far is the best, most stable operating system ever released. Windows Vista was great too, in fact Windows 10 doesn’t even deserve credits as much as Windows Vista Service Pack 2 does, not to mention superior user interface has over Mobile like UI of Windows 10 no one likes and no one ever wanted. If Microsoft keeps pushing Windows 10 in the same direction, soon Windows is going to be rather irrelevant in other words you will lose market completely.

    I hope someone fires entire Windows Division and all the managers along with it and hire actual people who care about computing.

    1. jerry smith says:

      Thanks David for this great article on WaaS. For the App Compatability section, a great FREE tool customers can use to see if their apps and drivers will migrate smoothly is the Windows Analytics tool – https://technet.microsoft.com/en-us/windows/mt743627.aspx

      1. Luka says:

        You can do clean install, Win 10 -> is still broken OS. I think you didn’t understand a point i wanted to make but thanks for trying.

    2. pdxITgirl says:

      I’m hoping I’m simply not understanding a few things, but if I AM understanding them correctly, I foresee Microsoft losing their dominance completely, and moving into a more niche market share. Having been in IT for 25 years, I have seen a lot and worked with every OS that supports a network, and many that don’t. From what I can tell, some of the issues I see are:

      – Constantly changing interface. Both home users over a certain age and business/enterprise customers rely on a predictable, usable interface because it’s very time consuming to learn a new interface each time. The newer mobile-style interfaces are atrocious for many desktop/laptop users who do not use touchscreens. They are bad enough, a good many will remain with Windows 7 (which can be secured pretty well if you know what you’re doing).

      – Focusing so heavily on new “features” that many do not want. I know a huge, huge chunk of us just want stability and not have everything change drastically every version. There are few legitimate new features most average home users and business/enterprise users need. Many only upgrade due to lack of support or security updates. Things like Cortana are not enough to justify this upgrade.

      – Taking away control. Every new version seems to dumb down the interface and take away more control. Why? Computers are understood by most in the western world now. We don’t need dumbed-down interfaces, and certainly don’t appreciate having things shoved down our throats or being prohibited from doing things. There’s no reason for it.

      – Over-reliance on Cloud. Many of us have no use for Cloud, and for a variety of reasons (security, privacy, lack of reliable Internet, etc etc) do not use it in any large degree. Fact is, you cannot guarantee you won’t be hacked, and our own government digs through whatever it wants within the Cloud. So there’s no point in storing anything there for many of us, who can manage files much safer and less expensive locally. Cloud has its uses, but Microsoft is way, way too reliant on it, breaking so many features if you don’t wish to use THEIR Cloud product. We must have more than one way of doing something.

      Those are just a few important things that I am concerned with, and I hear about a LOT from others, both consumer end-users and the enterprise IT world. In a time when Linux and macOS offer stable, consistent operating systems that don’t drastically change everything every version and don’t have any of the issues I’ve mentioned here, and is free – there are fewer and fewer reasons to use Windows. Enough people will get tired of this strong-arming everyone that more products will become compatible with Linux/macOS and those WILL become the new standards.

      You guys are shooting yourselves in the foot. Basically telling people to “accept it, you’ll enjoy it” and forcing it on us when we have very valid reasons for resisting is not ok. You gloss over everything but never can address these very valid concerns. So yes, I see WaaS significantly reducing your marketshare, especially as Win7 machines get to where they need to be replaced. They will be replaced more likely with macOS.

      1. Hi and thank you for your comment which is really very often the very first feedback from many of our customers I am discussing with and I totally understand this.
        I am also not saying that your arguments are not valid by any mean. Therefore I would like to go through the points in detail (keep in mind – I am speaking for WaaS for (Enterprise) Customers and not Consumers) :

        Constantly changing interface
        The interface is changing not too much as we saw in the last feature updates – but yes – there will be continuous innovation which assists the user or administrator. It is important to have a knowledge management for this topic to train the employees. Comparing to other products – this is nothing new. Think of iPhones which are receiving new iOS versions and changing their look & feel completely. I see people and companies getting afraid of this point because it has been done differently in the Windows environment for the last decades. But this was not very effective. Holding to an UI which has been set before years just limitates the OS to this functionality and does not allow any innovation or improvements. There are people out there which don´t like changes. But a different word for change is transformation. All the companies are speaking about Digital Transformation and how to adopt it. But now as Microsoft is aligning their OS strategy to this Digital Transformation we just get the feedback back “Hey – Digital Transformation is great – but not so much transformation.”. And comparing to the other OS possibilities out there we are just the very last ones to adopt this kind of model. (will get into this in the last part)

        Focusing so heavily on new “features” that many do not want.
        Most of the new features – I would even say more than 70% of them – are just Security Features and Features to assist administrators. You can take a look at the release notes for 1703 for example which shows this in very detail. And as you know with the latest news with WannaCry and NotPetya it is necessary. Adding Credential Guard to the OS which just prevents Pass the Hash attacks or removing SMBv1, adding Exploit Guard or Windows Defender Application Guard is a thing that Enterprise Customers want. (at least the security departments)

        Taking away control.
        We are actually adding control with every new version by bringing in new GPOs and so on. Could you be more detailed here? – may be I am just missing something.

        Over-reliance on Cloud
        Yes – Cloud is a point for discussion. I would say it is a topic for itself. Just one argument here – Speaking in terms of security as I have seen at some Enterprise Customers I would say that the usage of cloud would have been MUCH MORE secure than setting it up on-premises. In the most cases this is just a psychological thing and discussion. The computers and servers which are below my desk or in my range MUST for sure be much more secure than some computer somewhere in the cloud. Speaking technically and explaining the Cloud in detail this is just not true for the most cases. But yes – the world is changing – Customers are moving into the Cloud – Services are moving into the Cloud. There have been many companies out there which stated they would never ever take a look at any Cloud features and are pushing them out today. But if you don´t want to move to the Cloud you have all the configuration possibilities not to do so.

        Lastly you say that Linux or MacOs could became alternatives
        – the fact is actually – they are using very similar models as WaaS since years. Here for Linux:

        “Service Packs

        Service Packs are up-to-date product versions which contain enhancements, as well as all maintenance and security patches released since its prior version (if there is one), packaged into a single, convenient, installable image. SUSE generally releases service packs every twelve to eighteen months. Once a new service pack is released, customers have six months to upgrade to this latest service pack, and continue to receive current patches and fixes.
        If you need more than six months to design, validate and test your system upgrades, Long Term Service Pack Support can provide an additional twelve to thirty-six months in twelve-month increments, giving you a total of three to five years of support on any given legacy service pack.”

        “Additional Hardware Enablement and Software Enhancements

        Our forward looking development model enables SUSE to deliver innovation to our customers faster. Customers get new features and functionality faster than if we were to rely strictly on backporting code. Through our SolidDriver Program, we deliver partners tools that make it easier for our customers to use the latest industry standard hardware, and better exploit its capabilities.
        SUSE prioritizes hardware enablement and software enhancements in the earlier years of a product’s lifecycle, to encourage the growth of the ecosystem surrounding our platform. In the latter half of the product lifecycle, SUSE shifts its focus towards optimization and extending the useful life of customers’ existing investments.”

        https://www.suse.com/de-de/support/policy/

        And Apple is also pushing out the updates for MacOs yearly in the last times but also setting dependencies for the newer OS versions to defined hardware. This means that some of the old hardware will even not be supported to get an following updates.

        I hope I could clarify some things

        All the best,
        David

  6. Mike says:

    I have setup a service plan and started testing. 1607 to 1703.
    Just wondering what are the logs i can read to monitor and troubleshoot on the client and server side?

    Also i have notices that after the upgrade custom setting are gone. Custom task bar, branding and registry settings.

    How would you go about retaining those or maybe create a TS with those custom setting and run that?
    Thank you.

    1. Hi Mike,

      take a look here for side troubleshooting (great article! nearly everything included.)
      https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors

      -> Also i have notices that after the upgrade custom setting are gone. Custom task bar, branding and registry settings.
      Je – these may be true – depending to where these settings were sitting. I would go for an upgrade from 1607 –> 1703 with an upgrade TS and adding additional steps.
      Additionally here are more ways described:
      https://blogs.technet.microsoft.com/mniehaus/2016/08/23/windows-10-1607-keeping-apps-from-coming-back-when-deploying-the-feature-update/

      Hope it helps.
      Dave

  7. Karl Leddy says:

    Hi David,

    First off thanks for writing this. It was extremely informative to me.

    While change is not always accepted. I do think in this case WasS has grossly over estimated how a corporate environment works, and asking resources outside of the I.T. dept. to test new and evolved features to provide me feedback with new builds of Win10.. Well enthusiastic is not a word I would be using.

    While I do not want to speak for all SysAdmins. I do find myself spending most of my time either removing-disabling MS features, and supply into my corporate image a bare bones working version of Windows. My mindset going forward has been. This is not a personal use of Windows, and what a corporation needs is their employees to have at their disposal a workstation. Is is sexy? No, but it doesn’t have to be. What the environment demands of me is a uniformed issued workstation with little to none maintenance.

    Patching Windows is never fun for me, or my users. But WaaS seems to me. To take this to a new level of a full time job involving everyone in the enterprise with it.

    I was looking at the LTSB as this is the kind of stability from Windows I think most in enterprises are familiar with. Those silicone checks are indeed a big gotcha from MS, and personally in my opinion greedy of them.

    Again thanks for insight into this, and posting it.
    Karl

    1. Thank you, Karl. Je I am seeing a lot of customers facing this problems and there is a high resource demand in the beginning of WaaS – this is definitely true. Though – what my aim with this extensive curriculum was – to show that it does not need to be high resource-demanding for all the upcoming time. If set up correctly you would even reduce resource costs in comparison to the OS upgrades which are planned every 3-6 years for every company, which very often come along with new hardware.

      By my opinion LTSC is NOT a solution for “normal desktops”. LTSC has its right to exist for dedicated and high sensitive machine, but machines with an internet connection should always be revalidated against SAC/SACT because of the evolving security features. (to mention only one argument)

      Thanks for the feedback,
      David

  8. txfurry says:

    WaaS is a way smart move for MS. It’s forced my company to buy two licenses for everyone. One is a Win10 license for an internet-connected “junk” machine for email/browsing etc. (who cares if it gets trashed by a WaaS update, we just re-image it), and the other is a stable Win7 VM behind a firewall where we do our “real” work without worrying. pdxITgirl nailed it in her comments…we have the same problems here. Stability is important. Cortana and other goofy “how may I steal your private information today?” apps/features/whatever are bogus.

    “Agile software development will result into higher quality.” This is NEVER the case. Trust me, I use Agile every day. The working definition of Agile is “the least amount of work to make the customer go away at the end of the sprint.” If you’re not doing that, you’re not doing Agile. You can’t bake in quality when you’re sprinting – stuff doesn’t get architected properly, other stuff gets dumped, and refactoring/cleanup…heh…well, my current Windows10 directory on this machine as I’m typing is 22.9GB. That’s just insane, and doesn’t include all the other OS crap stuffed into little holes elsewhere.

    Let me tell you how WaaS SHOULD be: MS provides a basic no-frills “get it booted” image, and the user gets to pick and choose what features are wanted. Security for non-installed features becomes a non-problem (i.e. no surface area). Cloud connection and ANY telemetry gets logged and presented to the user on demand, after they’ve initially signed off on allowing it.

    I’ve never had a Linux installation pop up a window and say “Linux is a service and we’re going to poop on your machine now.” I’ve also never had a Linux system UNINSTALL user-installed software during an update. WaaS has done that to me at least twice now…along with trashing various drivers. I don’t see fixing stuff like that getting easier.

    1. We have set up extensive blogs how GPOs etc. should be managed to control Telemetry.

      Agile Development: https://magenic.com/media/2045/mgnc_fstr_agile_360.pdf

      Linux has actually a very similar servicing working. All IT companies are moving into the agile approach – the most current ones are Oracle with Java.

  9. Jakub Drobiński says:

    After having read all that, I feel informed and very overwhelmed. To say the least. Saying it’s is a revolutionary change, not evolutionary is huge understatement. For our company at least. I only assume it’s truee for most of companies, since perfect environments do not exist.
    I can picture myself 3 years into the future for now, with new knowledge and experience, with whole thing working more or less efortlessly… and I see myself now. The problem is getting from here to there. Especially in my position. Switch to Windows 10 is forced by changes to hardware, with new processors, chipsets dropping support for Window 7. I already planned and executed one migration XP -> 7 which was kindof nightmare for me, as I had to push all ideas and solutions upwards the chain of corporate command, with no decision-making power whatsover on my side. I had thought that with those experiences I will be able to plan W10 better and push it more easily… I did hear of WaaS before, but i failed to recognize an issue here, thought of it just as information of W10 being last OS. Did not expect that. And I found myself surprised with need to push this change to all IT deppartaments in my company, to make everyone understand, accept and introduce it. Not to mention having users test stuff, on a tight schedule… same users that in my company quite often can not distinct between turning a computer off and logging off. I can alraedy see that great feedback “it doesn’t work” dripping down from all places.
    In my eyes that is the biggest problem – some people are incapable of working when ICON of a program changes, because they don’t recognize it, and we want them to provide feedback about what and how does not work?
    That is why most companies stick to one OS, one software version, uniform environment for as long as it is possible. Because change hurts average user and adopting to new program/interface/procedure takes time and in the end – costs money by increasing downtime. And now it will happen every 6 months.
    I was dpressed for 2 days after reading all that, I still can not see whole process of adapting WaaS as happening at all in my company. It is not a technological problem – tech-wise we’re ready. It’s a psychological problem of chaning mindset of WHOLE COMPANY in a finite ammount of time. I kindof think that this aspect was lost somwhere when developing WaaS, that this real-life scenario was dumbed down to a perfect company with perfect employees and perfect environment.

    1. Thank you for your very valuable comment and I need really to agree with you:

      “It’s a psychological problem of chaning mindset of WHOLE COMPANY in a finite ammount of time.”

      We see these changes everywhere – take a look at all other IT companies or even just OS manfuacturers. Continuous updates are placed everywhere. These mind changes will come – that´s for sure.

      We can have a personal talk and help to assist you to get over the frustration and setting up a plan how WaaS can be adopted in your company.

      The first step to adopt WaaS is to recognize its impact. Afterwards you have to start your transformation step by step.

      One example:
      Though Microsoft has very often and transparently communicated how long the support times for the Windows 10 releases are, there are a lot of companies now getting into time problems to push out a newer OS Version to their Windows 10 1511 machines, because the date for end of support Oct. 10th is – apparently – arriving faster than thought. That´s what happens if WaaS is not properly understood, communicated and planned and this kind of problems is completely mitigable.

      If this all is set up once, it is just an easy workflow. Technically it can be accomplished in less than a week, as long you have all the information needed.

      1. Jakub says:

        I believe You see changes everywhere… but bringing in examples of tech companies is not really representative to every business there is. Our isn’t a tech company, and average user is not tech savvy. As I mentioned – simple changes like new icon result in increase in tickets number. Important changes to features every 6 months may result in some serious increase in that regard. Well, that would be in the future.
        Right now planning phase is upon me. I will have to pitch whole thing upwards and sideways in my company to get whole IT, all deppartaments on-board and then trust that they would comply to their parts with equal dedication as I do to mine. As I said, I feel overwhelemed now, not by sheer technical work, but by non-technical aspects of getting everybody on-board.

        But I had also a tech question. I’m thinking which approach would be better:
        To prepare for WaaS, then push one build of W10 once we’re ready with system itself, keep that version (let’s say 1709) throughout upgrade process and only after whole company has switched to W10 catch up to newest build and then continue with WaaS in 6-months cycle?
        Or get everything ready for WaaS. start pushing out W10 (again, let’s say build 1709) and simultanously start upgrading cycle, so that possibly upgrade to new build (like 1803) would start before all machines are migrated, resulting in replacing deployment image for new build and upgrading old builds at the same time?
        What I’m used to tells me I should keep uniform environment and push only one build through whoile migration process and then catch up, possibly skipping one build (for example – deploying 1709 across company and after it’s done, test and deploy current build). Whole concept is still too new to me to reliably judge which approach is better.

        1. I understand your problems – to your question:
          It depends to your number of total clients, but as i have seen from my customer (>10k clients) many went on this road:
          “Or get everything ready for WaaS. start pushing out W10 (again, let’s say build 1709) and simultanously start upgrading cycle, so that possibly upgrade to new build (like 1803) would start before all machines are migrated, resulting in replacing deployment image for new build and upgrading old builds at the same time?”

          It is good to be completely prepared for WaaS, but in reality it is an ongoing process.

          Also the question here is, if you really can manage to upgrade all machines to a dedicated Windows 10 Version in a short timeframe – this is very rarely possible and so you have to prepare upgrades with your Win 10 machines.

          1. Jakub says:

            Yet, once again we approach area of non-technical problems.
            Tech-wise, I am capable of pushing out W10 company-wide in a timeframe of few months. That’s just deployment. Adding to that preparation phase of checking apps compatibility, preparing image and policies, etc, I think I am perfectly capable of achieving that in less than 12 months. That would mean skipping one build in WaaS model. On the other hand, I remember resistance I got from business during migration XP -> 7 and logistic problems. Accounting for that, it is near to impossible to get whole process up and running in timeframe of 18 months, meaning that we would enter area of OS without security updates. Given Your experience, You’re probably right about that, and it puts even more stress on preparation phase.
            After those considerations, I think I would go for scenario of preparing working OS image, with all apps and policies tested. If the meantime new build is released, adopting it would be relatively easy. Then proceed to roll out with OS upgrade at desired tempo. Once the next build comes out, it shall be tested and deployed, regardless of how migration process is advanced. Then it should be only matter of replacing base image in the migration TS (+ or – some steps) and rolling out build upgrade TS on machines that are already migrated. I can see that working in my mind, still this is a big change in my mindset, so it does not feel right.

            From Your experience – do companies manage to introduce WaaS along with migrating OS at the same time without hiring additional manpower? Keeping existing environment up and running, managing OS upgrades and switching to WaaS model at the same time seems very time-consuming. If I am to say to my boss he needs to hire more people I would like to do that sooner than later 🙂

            What I really don’t like is the fact that I am forced along that path. Once we move to W10 it is WaaS wether we like it or not. And It’s impossible to stay with 7 too long, because of hardware dropping support for 7.

            Thanks for Your insights, Your post on the matter is now in my favourites, to remind me of what ideas I have to implement in my colleagues minds very, very soon. Certainly, some interesting times are comming, I hope I will rise up to the challenge.

          2. Hi Jakub, thank you for your comment:

            “From Your experience – do companies manage to introduce WaaS along with migrating OS at the same time without hiring additional manpower?”
            Yes, if they are aware of the preparation steps and plan to do them as soon as possible, but I have seen also some companies raising their resources, because they want to test all applications and doing it the “old way” just in shorter timeframes.

            “Keeping existing environment up and running, managing OS upgrades and switching to WaaS model at the same time seems very time-consuming. If I am to say to my boss he needs to hire more people I would like to do that sooner than later 🙂”
            In the beginning and in the preparation phase I would totally agree to that. But the aim should be to reduce this arriving workloads within the first releases to an lower amount – this can be achieved by “automating” many processes. You can take a look at my follow-up article for this. Unfortunately it intimidated many people, because the companies and especially the mindset of the people has to change a lot.

            If you encounter any problems or have any questions you are free to ask me directly! 🙂
            Dave

  10. M says:

    Thank you, David for writing this informative blog. We are in the design phase of Windows 10 Client for our client. What happens in a scenario where in one of the rings a feature update is deployed and breaks the applications? Is there any documentation available which can help in understanding the procedure to quickly roll back?

    1. Hi M,

      in this scenario you should stop further deployment and roll back the impacted devices (therefore a higher number of rings make sense)

      Roll Back
      You can easily roll back the single computers interactively on each computer. A rollback would take something between 10-60 minutes. Till now there is no way to “Go Back to the Previous Version” by cmd or PowerShell – the Support Desk Engineers or the user himself would need to initate this in the Settings. (Link ) The initiating user needs also to have admin rights to do this, otherwise the button wouldn´t show up.

      Stop Deployment
      Depending what technology you use, you could use either GPOs to configure a defined Pause or you do this within SCCM/WSUS disabling the deployments.

      Hopefully this helps – from my experience there wasn´t a customer who ran in this situation in bigger targetting nor broad deploy groups. So the number of computers impacted were always very small. But even if the worst scenario arises, the maximum impact can always be predefined and the recovery can be accomplished in very short timeframes. (if you configured your rings wisely)

Skip to main content