• Let’s start by taking a look at the different editions and availability for Windows 10.
  • We’ll go through the various offerings within Software Assurance (SA) and I’ll provide an overview on licensing Software Assurance per device or per user.
  • Windows as a Service… monthly subscriptions? Definitely not, see our article on how these changes will affect your business.

There will be four editions of windows available from Systems Assurance but lots of ways to license them!
Windows 10 Home is the mainstream consumer-focused edition of Windows 10, offering a familiar and personal experience that will be updated with the latest security features on an ongoing basis. Windows 10 home will come pre-installed on new devices as well as be available through retail channels.
Windows 10 Pro is designed for small and medium businesses and enables organizations to manage their devices and apps, protect their business data, facilitate remote and mobile scenarios as well as take advantage of the cloud technologies for their organisations.  Windows 10 Pro devices are a good choice for organisations supporting CYOD programs and “prosumer” users.  Customers with Windows 10 Pro devices will take advantage of the latest security and feature updates on an ongoing basis, while having an ability to install new feature updates after those have been validated in the broad market.  Windows 10 Pro will come pre-installed on new devices, be available via retail channels, and is available in volume licenses as an upgrade license. 
Windows 10 Enterprise builds on Windows 10 Pro by adding more advanced features designed to address the needs of large and mid-size organizations.  Examples include advanced protection against modern security threats, broadest range of options for OS deployment, update and, as well as comprehensive device and app management.  Customers with Windows 10 Enterprise devices will be able to take advantage of the latest security and feature  updates on an ongoing basis, while having an ability to choose  the pace at which they adopt new technology.  Windows 10 Enterprise will be available exclusively through Volume Licensing.
Windows 10 Education builds on Windows 10 Pro, adding features designed to address advanced security and comprehensive device control & management needs. Available to staff, administrators, and students through academic Volume Licensing, it is built to simplify deployment by providing a direct path for multiple devices to upgrade from Windows 10 Home or Windows 10 Pro to Windows 10 Education, without the need to wipe and reload the OS.  Windows 10 Education will be available exclusively through Volume Licensing.
Windows 10 Mobile provides great productivity, security and mobile device management capabilities.
Windows 10 Mobile Enterprise will be available to our Volume Licensing customers and includes additional support for a flexible and enterprise friendly way to manage updates on mobile devices.
Upgrades

Now, you have probably heard a lot of chatter about Windows 10 being a free upgrade. And for many of you that will be true for the first year.  Windows 7 and 8.1 Enterprise Edition is not included in the free upgrade offer.  Additionally, to apply the free upgrade the device must be connected to Windows Update.

Windows 10 Pro Licensing
So let’s start by taking a look at Windows 10 Pro in Volume Licensing

Windows 10 Pro is sold only as an upgrade license in Volume Licensing and does require a qualifying underlying Operating System license, typically a professional version of Windows.

This means that Windows 10 Pro will be primarily purchased in Volume Licensing by customers who are looking to move their existing PCs running either Windows XP Professional, Windows 7 Professional or Windows 8.1 Pro to Windows 10 Pro.  Although many commercial customers will take advantage of the limited-time free-upgrade offer for Windows 10 Pro, any customers on Windows versions prior to Windows 7 will need to purchase an upgrade license.

You can get standalone upgrade licenses through the Open and Select Plus programs.

Some organizations do need additional functionality that Pro does not provide.  This is where Windows 10 Enterprise can be beneficial, so let’s take a look at what the Enterprise edition includes.


Windows 10 Enterprise Licensing
The Enterprise edition gives you a lot of additional functionality but for even more, many customer customers look at Software Assurance or SA.  SA has been greatly expanded since its original introduction and with SA for Windows 10 we have continued down this path of providing increased value for our customers.

Software Assurance can be added to any Windows 10 Enterprise upgrade purchase in VL and is automatically included in agreement programs like EA and Open Value.

Note that benefits are valid while SA coverage is active and that you can move your Enterprise upgrade license to a new device while you have active SA.

You can acquire the Enterprise edition as a standalone upgrade in the Open License and Select Plus VL programs: this option ONLY provides access to the LTSB, and does not provide the Enterprise Edition Current Branch/Current Branch for Business.

Windows 10 Enterprise edition includes all features of Windows 10 Pro, Windows 8.1 Enterprise edition, and new innovations such as:

Granular UX Control, in which IT is able to customize and lock down the user experience of a Windows device for task-workers, kiosks, IoT/ embedded type functions (including education settings  for EDU  organizations) using device management policies in order to perform a specific task (ie check in kiosk at the airport).

Hardware Credential Protection (using hardware based isolation): Ability to store derived credentials (i.e.: NTLM hashes and Kerberos tickets) and the process that manages them (i.e.: Local Security Authority Subsystem Service (LSASS)), in a Hyper-V protected environment that is called a “Virtual Secure Mode (VSM)”. The VSM provides hardware based isolation and protection of derived credentials and prevents them from being stolen or misused even in the event that the Windows kernel is fully compromised. This capability prevents Pass the Hash (PtH) attacks which enable an attacker to impersonate a user on the network.

Device Guard: Device Guard offers game changing malware defense on devices running the Windows desktop operating system. Device Guard is a hardware and Windows based configuration that that locks down the device such that it can only run trustworthy executable code (e.g.: .exe, .dll) which means that they are signed by a trusted authority. Apps signed by Microsoft and made available from the Windows store are inherently considered trustworthy however organizations add any signature to the devices trust list.  Device Guard can be used in combination with AppLocker. In this case Applocker can be used to define which apps from a vendor who’s signature has been added to the trust list can be run on a device.

MDOP
SA now includes the full features and capabilities of MDOP.  MDOP is a set of products to help with virtualization, management and restore capabilities.  With the Windows 10 launch, MDOP is now included as an SA benefit, and is no longer a separate add-on.

Companies can enable users to change their device while keeping their experience by implementing a user state virtualization solution that delivers a personal Windows experience, is easy to deploy, and integrates into existing infrastructure with Microsoft User Experience Virtualization (UE-V).  Microsoft Application Virtualization (App-V) helps businesses provide their end-users with access to virtually any application, anywhere without installing applications directly on their computers, while Microsoft Enterprise Desktop Virtualization (MED-V) virtualizes Windows removing the barriers to Windows upgrades by resolving application incompatibility with Windows 7.

Additionally, MDOP helps manage, monitor, and deploy key Windows features.  Microsoft BitLocker Administration and Monitoring (MBAM) simplifies BitLocker deployment and key recovery, centralizes provisioning, and minimizes support costs, while Microsoft Advanced Group Policy Management (AGPM) enhances governance and control over Group Policy through change management reducing the risk of widespread outages due to policy based misconfigurations.

Finally, the Microsoft Diagnostics and Recovery Toolset (DaRT) helps shift desktop repair planning from reactive to proactive, saving time associated with troubleshooting and repairing system failures.

Flexibility and foundational benefits
SA also provides greater flexibility for how customers use Windows.  SA provides exclusive access to the Enterprise Edition Current Branch/Current Branch for Business.  SA can be purchased per user, expanding access to Enterprise edition and SA benefits across all of a user’s devices.

Finally, all of this comes with the core Readiness and Support Resources to allow customers to better plan, deploy, and manage their use of Windows – through things like, 24×7 Support, Extended Hotfix Support, and end user and IT training through E-Learning and Training Vouchers.

MOBILE Enterprise is a new version designed to support IoT scenarios. The purpose of this version is to facilitate the use of the Windows 10 mobile OS on handheld vertical or “kiosk” devices such as POS devices, inventory/warehouse devices, etc. Customers who need this edition can purchase this upgrade through volume licensing and do an in-place upgrade.

The Mobile Enterprise product provides control over timing of updates: Mobile Enterprise gives customers the ability to switch off automatic updates and use a management tool to apply updates.

Licensing the Primary Device
Up until now we have spent a lot of time talking about licensing the primary device with Windows Enterprise and SA.  However there is another way to license the primary device using the Windows VDA license.

In most organizations we usually see two types of devices used, PC’s and Thin Clients.  PC’s are typically licensed with Enterprise and SA as we have talked about and have a qualified OS on them and need local install rights.  The thin client on the other hand has no qualified OS and you don’t need local install rights as these devices will typically be used to connect to a VDI infrastructure.  For these devices we offer the VDA license.

Key Points

Windows SA per User puts users at the center of their devices and offers them a premium Windows Experience across their devices

There are a few aspects of Windows SA that are worth highlighting:

  • All of the user’s devices are covered through Windows SA per User – including those running iOS and Android operation systems
  • Only the user’s primary PC needs to be running a qualified OS (i.e. Windows Pro)
  • Windows Enterprise Edition can be delivered across the user’s devices
  • You have flexibility to deliver Windows Enterprise across devices through local install, Virtual Desktop Infrastructure (VDI), or Windows To Go
  • This provides simpler license management by allowing you to count just users with primary PCs, instead of every single device and enable new scenarios

Key Points:
Traditional Per Device Model:
Traditionally Windows VDA is license per Device and is available for devices that do not qualify for Windows SA (such as thin clients).  With this license, you do not get local install rights of Enterprise Edition, and VDI rights are from a single device.
New Per User Model:
Starting Dec 1, 2014, customers can license Windows VDA in a new way, per User. This license is available as an add-on or a full USL. Windows VDA per User is for customers who do not have users with primary devices running Windows Pro (or a qualified OS). VDA per User does not require the primary device to have a qualified OS. 
With the Windows VDA per User license you can:
  • Install Enterprise edition on any Windows Pro device or less than 10.1” Windows tablet
  • Access Windows Enterprise across all the users’ devices with VDI and/or Windows To Go
This enables true per User licensing in line with Office 365 and EMS, potentially eliminating the need for device counting
Additional Notes: 
*For customers who do not have Users with primary devices running Windows Pro (or a qualified OS), there is VDA per User available. VDA per User does not require the primary device to have a qualified OS.
The same
Windows SA per User Add-On can be used to license a user with a primary device
licensed for Windows SA (per device) or Windows VDA (per device).



Windows as a Service…what’s this all about? Check out our article for more info.

For more advice and help on deploying Windows 10 and the various licensing models, please contact your Systems Assurance Account Manager or call 0114 292 2911.