Microsoft's IT department today in a blog post offers some of its own tips and tricks and the lessons learned from its internal roll-out of Windows 8 and IE 10 Release Preview-- highlighting three areas from its deploying experience: "support, security and user experience."
Written by Patrick O'Rourke, director within the strategy, planning and communications team in Microsoft IT, the post revealed that the company now has over 30,000 employees who are already running Windows 8 and Internet Explorer 10.
"We're currently 'dogfooding' several products and services, but the most interest is with Windows 8 and IE 10 Release Preview. As of mid-July we had more than 30,000 systems and nearly 30,000 employees running Windows 8 and IE10," Patrick stated in the blog post.
To help the whole spectrum of employees learning the new OS, Microsoft IT created a new, internal moderated forum/Web app called //pointers, designed to address feedback and requests for help more quickly.
"When reviewing the site traffic to //pointers, we saw that site visits greatly exceeded the number of unique users," O'Rourke noted. "We interpreted this site traffic as positive; the site is sticky and employees are coming back to it. In addition, the volume of recognition badges indicated that, once driven to the community, employees tend to contribute in helping others."
Here are the highlight of some of the security features deployed:
- "Trusted boot helps protect the boot process and is designed to eliminate the possibility for malware to hijack the boot process or hide from antimalware software.
- Microsoft IT is performing a pilot on approximately 1,000 machines to evaluate changes in the way DirectAccess works, including validating virtual smart cards that usea machine's Trusted Platform Module (TPM) chip--a chip that supports BitLocker and, in Windows 8, protects the virtual smart card certificate's private key.
- Measured boot enables the reporting of machine health in a secure way that is measured by hardware at boot time. Microsoft IT plans to use a remote health attestation like measured boot via a network-based
custom system health agent to ensure security health of managed Windows 8 DirectAccess systems.
- Microsoft IT needed to make sure that Microsoft BitLocker worked on Windows 8. BitLocker drive encryption can protect data on mobile devices that include a TPM chip. Microsoft IT is also validating a new BitLocker feature called Network Key Protector Unlock that allows BitLocker to automatically unlock a drive when the machine is plugged into the corporate network," informs Patrick.
Other features deployed include:
Microsoft provisioned 75 devices with Windows To Go and made them available to senior staff, engineers, and architects. "Windows To Go, allows Windows 8 desktop to boot and run from a USB flash drive and can also take advantage of any devices made available on the host computer, or across the enterprise network."
A Windows To Go workspace works with most host desktop or laptop computer, including tablets and slates.
And, to provide a complete data migration and protection strategy for employees, Microsoft IT used "File History," a new, built-in feature that protects user files by periodically scanning the computer's file system for changes stored in libraries and in the user's Desktop, Favorites, and Contacts folders and copying them to a Microsoft IT-managed network drive configured as their backup storage area. Enterprise customers will be able to customize this solution for their own environment.
During the deployment Microsoft used a tool called "IT Easy Installer" that allowed for rapid deployment and automated the install of Windows 8 to its employees. Here are some highlights of the key components of the IT Easy Installer tool:
- "Hardware compliance and guidance scans the employee's machine and confirms if the system meets the Windows 8 minimum system requirements, provides Microsoft IT recommended configuration for each requirement, checks if the system is a Microsoft IT standard hardware, checks if Trusted Platform Module (TPM) is available for provisioning Windows 8 DirectAccess (DA), provides driver coverage information for the standard and non-standard hardware by displaying the missing driver information, and provides Windows experience index scores.
- Software guidance scans the employee's machine for all installed software (Microsoft products and third party) and provides Windows 8 compatibility guidance for each installed software.
- Line of Business application guidance provides guidance on compatibility status of the business critical and widely used internal line-of-business websites that are tested by Microsoft IT and allows employees to report new applications that can be considered to be tested.
- Data migration solution allows employees to migrate their data and settings, and provides options to migrate during installation (in-place) or migrate to local or network storage provided by Microsoft IT prior to the installation and restore afterwards.
- Install Windows 8 provides integrated installation experience that interfaces with all operating system deployment delivery channels and automatically selects the best delivery channel based on the user's connectivity profile and location," explains Patrick.
In another blog post, Brendon Lynch, Chief Privacy Officer at Microsoft, stated that "Do Not Track (DNT) in the RTM of Internet Explorer 10 will be enabled in the "Express Settings" portion of the Windows 8 set-up experience."
There, "customers will also be given a "Customize" option, allowing them to easily switch DNT "off" if they'd like," he said.
In the Windows 8 set-up experience, "customers will be asked to choose between two ways of configuring a number of settings: "Express Settings" or "Customize." By providing a simple experience that allows customers to set their preferences, we've sought to balance ease of use with choice and control. The recommended Express Settings are designed to expedite and streamline the overall set-up process, and, if selected, generally improve a customer's privacy, security, and overall experience on the device," explains Lynch.
So when you install Windows 8 and choose the 'Express Settings' during setup, rest assured, Microsoft will enable Do Not Track for you. However, if you want the option to choose, simply select 'Customize' during the Windows 8 setup.