Deploying Windows 8 within Microsoft

This is a guest post by Patrick O’Rourke, director within the strategy, planning and communications team in Microsoft IT.

If you’ve read this blog before then you know that one of the roles of Microsoft IT is to be the first customer of Microsoft’s commercial products and services. Through this program the IT department manages a phased, employee adoption of early versions of Microsoft products and services. We call this “dogfood” in that we’re eating our own dogfood. This program enables the IT department to help Microsoft’s product teams deliver higher quality products and services to customers, both near-term and long-term.

We’re currently “dogfooding” several products and services, but the most interest is with Windows 8 and IE 10 Release Preview. As of mid-July we had more than 30,000 systems and nearly 30,000 employees running Windows 8 and IE10.

I’ll highlight three areas from Microsoft IT experience deploying Windows 8 and IE 10 Release Preview: support, security and user experience.

Support model for early adopters

The Windows 8 Release Preview deployment was fully supported by Microsoft IT through multiple support channels, to include self-help, help desk and an online community. This strategy is important so that Microsoft IT can collect diverse feedback for contribution back to the product group, and to meet the support needs of worldwide employees.

To ensure a smooth transition for Microsoft employees, the Microsoft help desk was regularly updated on the deployment process, they were provided readiness training that contained the key differences between Windows 8/Internet Explorer 10 and previous versions, and they were provided information about the new features and a troubleshooting guide with tips and tricks on how to resolve common issues.

In terms of online community, we adopted a social networking model by creating a channel for support. We created //pointers as a moderated forum that could address the top feedback from employees. The web application is real-time, dynamic and content is searchable. Perhaps more important, it proved to be a valuable collaboration and knowledge sharing tool between IT and employees worldwide.

When reviewing the site traffic to //pointers, we saw that site visits greatly exceeded the number of unique users.  We interpreted this site traffic as positive; the site is sticky and employees are coming back to it. In addition, the volume of recognition badges indicated that, once driven to the community, employees tend to contribute in helping others.

Following are some of the key learnings from //pointers:

• It provides an easy-to-use, friendly interface where users can locate the information that they are looking for and ask questions when they cannot find the answer.
• It’s expandable to accommodate increased volume and support new programs and services.
• It creates and fosters new habits that encourage people to come to the community and become (part of) the community.
• It provides recognition, which in turn increases motivation and personal satisfaction. Badges were one way that we helped drive users back to https://pointers.
• It maintains a high level of responsiveness. In the community space, responsiveness drives credibility for the end user, which increases user participation.

 

Security

As indicated by press reports, security is a valuable part of Windows 8 deployments. There are many new features that Microsoft IT needed to validate for the enterprise.  I’ll highlight some of the features we deployed.

• Trusted boot helps protect the boot process and is designed to eliminate the possibility for malware to hijack the boot process or hide from antimalware software.
• Microsoft IT is performing a pilot on approximately 1,000 machines to evaluate changes in the way DirectAccess works, including validating virtual smart cards that usea machine’s Trusted Platform Module (TPM) chip—a chip that supports BitLocker and, in Windows 8, protects the virtual smart card certificate’s private key.
• Measured boot enables the reporting of machine health in a secure way that is measured by hardware at boot time. Microsoft IT plans to use a remote health attestation like measured boot via a network-based
  custom system health agent to ensure security health of managed Windows 8 DirectAccess systems.
• Microsoft IT needed to make sure that Microsoft BitLocker worked on Windows 8. BitLocker drive encryption can protect data on mobile devices that include a TPM chip. Microsoft IT is also validating a new BitLocker feature called Network Key Protector Unlock that allows BitLocker to automatically unlock a drive when the machine is plugged into the corporate network.

User experience

End user adoption is very important for our “dogfood” deployments so that we have enough employees providing feedback on the software. At the same time, we need to keep these employees productive. Therefore we dedicate significant resources to user experience during our “dogfood” deployments, and Windows 8/IE 10 was no different.

The experience starts with installation. Microsoft IT used IT Easy Installer to streamline the install experience by automating everything for the user to migrate to Windows 8. We cut the install time in half, which included the Office image. I’ll highlight some of the key components of the tool:

• Hardware compliance and guidance scans the employee’s machine and confirms if the system meets the Windows 8 minimum system requirements, provides Microsoft IT recommended configuration for each
  requirement, checks if the system is a Microsoft IT standard hardware, checks if Trusted Platform Module (TPM) is available for provisioning Windows 8 DirectAccess (DA), provides driver coverage information for the standard and non-standard hardware by displaying the missing driver information, and provides Windows experience index scores.
• Software guidance scans the employee’s machine for all installed software (Microsoft products and third party) and provides Windows 8 compatibility guidance for each installed software.
• Line of Business application guidance provides guidance on compatibility status of the business critical and widely used internal line-of-business websites that are tested by Microsoft IT and allows employees to report new applications that can be considered to be tested.
• Data migration solution allows employees to migrate their data and settings, and provides options to migrate during installation (in-place) or migrate to local or network storage provided by Microsoft IT prior to the installation and restore afterwards.
• Install Windows 8 provides integrated installation experience that interfaces with all operating system deployment delivery channels and automatically selects the best delivery channel based on the user’s connectivity profile and location.

[ Sept. 4 update: I was asked about tools we used in our Windows 8 deployment. It’s discussed a bit in the IT Showcase materials. For context it’s important to remember that the tools used to deploy Windows 8 Release Preview were for our early deployment (aka, dogfood) phase. In this dogfood phase, we have to be opportunistic to help our early adopters any way we can while we work on setting up our long-term System Center infrastructure, which we’ll use for the company-wide deployment. You can expect to read about this company-wide deployment later this year. But, for the Windows 8 Release Preview to early adopters, we used Microsoft Deployment Toolkit (MDT) 2012 Update 1, and System Center Configuration Manager in small pockets. MDT is a solution accelerator available for OS and application deployment. It can be used as a stand-alone installer, and there’s a version integrated with System Center 2012 Configuration Manager, which we’ll use to simplify and automate our company-wide Windows 8 Enterprise deployment process .]

A new OS feature, called Windows To Go, allows Windows 8 desktop to boot and run from a USB flash drive. Windows To Go is self-contained on a USB device, and can also take advantage of any devices
made available on the host computer, or across the enterprise network. A Windows To Go workspace works with most host desktop or laptop computer, including tablets and slates.

Microsoft IT provisioned 75 devices with Windows To Go and made them available to senior staff, engineers, and architects. Windows To Go scenarios include providing a managed corporate desktop when the host computers are unmanaged or not domain-joined. This deployment allowed different machines (slate, laptop, and desktop) with different configurations of screen, keyboard, and touch to have a machine-specific experience that was highly transportable between host machines.

Finally, to provide a complete data migration and protection strategy for employees, Microsoft IT used File History. This is a new, built-in feature that protects user files by periodically scanning the computer’s file
system for changes stored in libraries and in the user's Desktop, Favorites, and Contacts folders and copying them to a Microsoft IT-managed network drive configured as their backup storage area. Enterprise customers will be able to customize this solution for their own environment.

You can read more about Microsoft IT deployment of Windows 8 on Microsoft IT Showcase here. Expect to see more posts about line of business application experience and application development with Windows 8 and IE10 on this blog in the coming months.

Last week Microsoft announced that we had reached the release to manufacturing (RTM) milestone of Windows 8 [see here], which means we’ve completed the product development and testing of the product and have started handing off the final code to our OEM partners.

Leave a comment or question, and don’t forget to download Windows 8 Release Preview here.

Patrick O’Rourke