The initial preview release of Windows 8.1 was for home and small office users using Windows 8 Pro. Like the initial preview releases of Windows 8, the consumer 8.1 doesn’t have all the business features of its Enterprise counterpart; features that IT professionals will want to evaluate before deploying the update in their networks. So it wasn’t surprising that Microsoft recently rolled out a second Windows 8.1 preview, this time of its Enterprise SKU.
Available only to businesses with Windows Software Assurance, Windows 8.1 Enterprise builds on the consumer Windows 8.1 with a selection of additional enterprise tools. These include the USB-bootable Windows To Go, secure remote access to corporate networks with DirectAccess, and support for VDI installations. If you’ve deployed Windows 8 Enterprise you’ll find many of the same features in 8.1, with performance and user interface tweaks.
In the past Microsoft has added new features with each release that required additional testing before businesses could deploy the new OS to their device fleets. With Microsoft moving to a yearly cadence for operating system releases, it’s hoping to encourage rapid roll out of updates by focusing on improving what’s already in place, rather than adding extra features. It’s an approach that also means that some updated features won’t be back-ported to Windows 8; as a result we don’t expect IE11 or PowerShell 4 to be supported on Windows 8 – even though they will be available on Windows 7.
We used a 8GB USB stick for a clean install of Windows 8.1 Enterprise on a test PC, in practice you’re likely to be building your own images and using the new 2013 release of Microsoft’s Deployment toolkit to integrate apps and applications, before deploying to a selection of test machines over a network. As we’ve come to expect with recent Microsoft OS releases, installation from USB was quick, and we quickly joined our test machine to a Windows Server 2012 domain, as well as linking domain accounts to Microsoft Accounts for use with the Windows Store.
It’s clear that the preview release of Windows 8.1 Enterprise is intended for IT professionals building test images from scratch; as it’s only available as an ISO, and it can’t be used for a seamless update to an existing Windows 8 Enterprise installation. If you’re planning an update installation you’ll need to make a bootable USB of the ISO, and you’ll only be able to keep files and settings – applications are not migrated to the preview. If you’re worried that users will update their own PCs to Windows 8.1, volume licensed PCs won’t be offered the update from the Windows Store – and you can lock things down further with group policy for domain joined PCs to prevent small business and consumer machines in your network from upgrading until you’ve finished your testing.
Managing Windows 8.1 Enterprise
If you’ve started working with the consumer Windows 8.1 preview, then you’ll find Windows 8.1 Enterprise very familiar. You get the new Start Screen, and it’s button, as well as Internet Explorer 11 and support for small screen devices. That shouldn’t be surprising, as after all, it’s all the same Windows 8.1 under the hood. Where things get interesting is when you start using the improved management tools, like Start Screen Control, to manage your desktop and mobile device fleet. With Start Screen Control, a PowerShell cmdlet exports the start screen layout on a pre-configured PC as an XML file. This can then be delivered via a group policy to user PCs, ensuring a consistent tile layout. The resulting Start Screen Layout can be locked down, and tied to any sideloaded apps.
Start Screen Control may seem relatively trivial, but it’s actually key to effective delivery of Windows 8.1 Enterprise images — especially when you’re using those images to deliver a suite of approved desktop and Windows Store applications. Windows Store apps can be built into an image using standard deployment tools, or sideloaded via PowerShell and a sideloading key. With a common Start screen layout users will find tiles in consistent places, allowing them to quickly pick a new device; or start a new VDI session. Different users and groups can have different Start screen layouts, to go with different suites of tools, and you can also give some users customisation rights, while others are given a fixed layout that can’t be changed.
Consumerise your enterprise
With Microsoft’s increased focus on BYOD and on consumer services, getting group policies right is going to be very important. If you don’t lock down devices appropriately, then as soon as a user connects their domain account to a Microsoft Account, they’ll automatically be using the consumer SkyDrive service for storage. While a new Group Policy Object disables Windows 8.1’s SkyDrive integration, you may want to take advantage of the new Work Folders synchronised storage to automatically sync users’ files to your own servers.
That consumer focus in Windows 8.1 is a big issue for organisations deploying new Windows devices. Users will expect business services to work just like the consumer services they use at home and on their personal devices. Windows 8.1 Enterprise lets you lock down task worker PCs even more tightly than before (with the option of using Assigned Access to allow only one Windows Store application to run on a managed PC, with everything else locked down and inaccessible).
Features like Branch Cache and DirectAccess depend on Windows Server 2012 (and on Windows Server 2012 R2 for the latest features), while others like the AppLocker application whitelist are controlled via Active Directory. With key features depending on Microsoft’s servers and services, Windows 8.1 Enterprise needs to be part of a Microsoft-centric network if you’re going to get the most from it.
While the Software Assurance-specific features haven’t changed that much, Microsoft’s added enough to the core Windows platform to make it a compelling upgrade. While many of those features, like Workplace Join, are focused on BYOD scenarios, others, like Work Folders, are as useful in fully managed devices. They’re not the only improvements to the OS, and Microsoft has also addressed key developer issues in Windows 8.1. If you’re developing in-house tools and software, improved APIs mean it’s easier to write Windows Store apps, including support for external devices like Point of Sale systems.
That reliance on Microsoft’s servers and management tools is one of the most important features in Windows 8.1. Many of the features that Microsoft highlights in its blog posts are already part of Windows 8 Enterprise, and the real benefit to businesses with the new release is the tight integration between Windows 8.1, Windows Server 2012 R2 and the System Center 2012 R2 management tools (as well as the cloud management tools in Windows Intune for BYOD device fleets). It’s becoming much harder to separate the pieces of Microsoft’s enterprise offering, and it’s sometimes easier to think of Windows 8.1 Enterprise as the managed endpoint in what Microsoft calls its CloudOS.
Time to bite the Windows 8 Enterprise bullet?
The only real question is: are the extra features worth the subscription to Software Assurance? With many of the features – like the BitLocker disk encryption tools – Microsoft reserved for Windows 7 Enterprise now part of Windows 8.1 Pro (and in the case of Bitlocker automatically applied on newer hardware), it’s a question that needs to be asked.
If you’re not running Microsoft’s latest servers and management tools, then you’re probably best staying with the Pro release (and perhaps using Windows Intune as a management layer). Things are very different if you’re already committed to Windows Server and System Center, where Software Assurance simplifies the upgrade cycle for the complete set of enterprise tools and servers, and where you’re more likely to be managing large fleets of PCs, inside and outside the office, and where Windows 8.1 Enterprise features like DirectAccess and AppLocker become increasingly important.
As part of the first set of deliverables in a new cadence, Windows 8.1 Enterprise is much more than a service pack. With a consumer look-and-feel (and support for smaller screen tablets), it certainly manages to hit most of the IT professional sweet spots: it’s manageable, flexible, and easy to control through System Center and through group policies. That’s long been the Windows promise, and the impending end of support for Window XP should make you consider upgrading your network to a newer version of Windows as soon as possible – and Windows 8.1 Enterprise looks very much like a contender.