Windows 10 fundamentally changes how PCs and other devices will be used and supported in enterprises. These are the key items that CIOs and senior IT managers need to know about the OS.

Windows 10 is the next release of Windows after Windows 8.1. It hits the market on 29 July 2015 after 10 months of previews as part of the Windows Insider program. It is positioned as both a continuation of the familiar Windows legacy and a starting point for a new era for Windows platforms. 

Microsoft is using Windows 10 to both bridge with the past (by ensuring much improved levels of legacy compatibility) and as a platform for its future (by changing the relationship with its customers and how the OS is monetized and supported). Much of the initial marketing will focus on consumer-friendly features, such as the Cortana virtual personal assistant and Xbox integration.

However, senior IT managers, planners and even CIOs will find there is a lot they need to understand about the OS as they begin planning end-user computing environments for the next three to five years.

1. Windows 10 Returns to a More Familiar User Experience - On PCs, the user experience feels more like Windows 7 than Windows 8, and is better-suited to the vast majority of users who rely on a mouse and keyboard to use their PC. The new experience returns the start menu (albeit with some additional customizations), and can be navigated using just a keyboard and mouse, like Windows 7. Applications once again all run in a window and have familiar controls. However, Windows 10 also brings forward many of the better elements of Windows 8, including support for live tiles, lightweight mobile-style apps and touch   friendliness. Windows 10 will be far less disruptive to Windows 7 users than Windows 8, and should not require any significant user training to get users up and running. At the same time, it lays the foundation for the desktop and mobile environment for the next decade. Enterprises should begin working with Windows 10 to understand how it can fit into existing rollout plans, particularly those involving  tablets and hybrid PCs (see "Windows 10 Is About Experiences, Not Operating  Systems").
2. Windows 10 Is a Single OS That Runs Across a Range of Devices, With the Same Applications - At its core, Windows 10 is a single OS that runs on PCs, smartphones, game consoles and even Internet of Things (IOT) devices, enabling Microsoft to focus its OS development efforts on a single codebase. While it is the same OS, the user experience is customized for each device, and indeed will adjust if the device is multimodal. (For example, two-in-one PCs will alter the user experience when switching between laptop and tablet modes of operation, based on the user's   preferences.) More importantly, this single OS enables all Windows 10 devices to run a common set of applications. Universal Windows apps are the evolution of the Metro or Modern applications from Windows 8, with much richer functionality. These lightweight, touch-friendly apps are designed to operate like smartphone or tablet applications on other platforms, are delivered through a customizable store, and are automatically kept up to date. A Universal Windows app will run on any Windows 10 supporting device, automatically adjusting its user experience to match the device. While this works well for simple applications, more sophisticated ones will still require significant customizations for different interaction models on different devices. Aside from the portability, Universal Windows apps are also more secure, are easier to deploy and maintain, and represent Microsoft's strategic direction for future native application development. While enterprises should focus development on HTML5-based Web apps, when native PC applications are required, Universal Windows apps should be favored over legacy Win32 applications.
3. Windows 10 Introduces New Ways of Securing Devices and Corporate Data - Windows 10 introduces new technologies and techniques for securing devices and the data on them. To this end, it includes new means for authenticating users, new technologies for securing and isolating corporate data on devices, and new methods for hardening devices against  attacks. Microsoft Passport replaces basic passwords with more secure multifactor authentication techniques that can use local PINs, or biometrics plus a device (your PC or mobile phone) for authentication that is aligned with the Fast IDentity Online (FIDO) Alliance specification. Windows Hello adds biometric support to Microsoft Passport in the form of face recognition and fingerprint or iris scanning. Ultimately, these techniques will provide protection against phishing attacks that attempt to steal user ID/password combinations across the Internet, as they require physical access to something users would have locally, or, in the case of biometrics, their faces or fingers. Windows 10 enables automatic encryption of corporate files on devices. This encryption ensures that employees on registered corporate devices can read the data, but others can't. It also restricts what users can do with certain types of data. It can prevent copy-and-paste operations to non-corporate locations, and can protect files when they are copied to removable storage devices. Also, when combined with rights management services, the protection can travel with the files if they leak outside of the corporate environment, as the information will remain encrypted. Windows 10 also moves to harden devices against tampering by leveraging a secure boot process that ensures that only the approved device firmware and OS can be loaded, and that once it is running, only approved applications and services can be started. Additionally, certain sensitive portions of the OS have been moved to a hardware-based secure execution environment using virtualization to further protect them from attacks, even if the Windows kernel has been compromised. This additional level of security is optional and can be adjusted based on enterprise needs. It also requires the Enterprise edition of Windows 10 and has some hardware dependencies (e.g., UEFI 2.3.1 with Secure Boot, virtualization extensions and Trusted Platform Module [TPM] 2.0). Together, these changes secure devices in a fundamentally different way than PCs have traditionally been dealt with by most enterprises. While the techniques have significant promise, they still need to be battle-tested in the field. Furthermore, not every enterprise will be ready to adopt them.Making these security features part of your daily processes will take careful planning and may be most easily implemented on new hardware. Companies should review what Microsoft has introduced, and evaluate which pieces fit their needs and in what time frame. Enterprises will also have to determine how to best integrate these new capabilities with existing security technologies.
4. Windows 10 Is Another Microsoft Product That Will Drive You Toward Azure Active Directory - One of the issues with Windows 8 was the need to provide all users with a Microsoft account in order for them to access the Windows Store. Without this, many applications included with the OS wouldn't update and users could not download new applications, limiting the usefulness of the device. With Windows 10, Microsoft has added the option for enterprise users to authenticate to the store using an Azure Active Directory (AD) account. This may be a significant change; while syncing your on-premises Active Directory with Azure AD is straightforward, it is an additional tie into Microsoft's cloud services infrastructure. Customers who are already moving to Office 365 or Intune will have taken this step, but others may not have been considering it. It will be possible to run a production Windows 10 environment without the links into Azure AD, but it will be more difficult to manage and limit some capabilities. Azure AD is becoming inevitable for organizations that wish to use Microsoft's enterprise products and services.
   
5. Windows 10 Will Support Lighter-Weight Management of PCs, but You Will Probably Need Intune for Now - Windows PCs have always been tough to manage, mostly because of the complexity, fragility and open nature of the Windows application environment. Ensuring that business applications would work reliably and securely typically required a lot of intrusive control of the PC. In Windows 10, the Windows Store can be used to deliver both commercial and internally developed apps to users, supporting self-service approaches on both corporate and personally owned devices. The store can deliver not just Universal Windows apps, but also Web apps and even many traditional Win32 apps, provided you are willing to do some packaging work. Windows 10 also introduces the concept of Provisioning Packages, which can be used to take an OEM image and customize it for corporate deployment, significantly reducing the need to reimage machines, and the associated image management issues. Although Windows 10 will integrate with existing management tools and even third-party enterprise mobility management (EMM) solutions at launch, Microsoft's Intune will offer a more complete solution (including managing Office) sooner. Enterprises should begin looking at how Windows 10 and the Windows Store could be integrated into current PC management and application delivery processes.
6. Windows 10 Introduces a New Servicing Model for Windows That Enterprises Can't Ignore - Microsoft has somewhat confusingly taken to referring to Windows 10 as a service. This isn't accurate in the strictest sense, particularly when compared to services like Office 365 or Salesforce. What Microsoft means is that once a customer has Windows 10 installed on a device, keeping the OS up to date will be handled automatically, including not just security fixes, but also new features and capabilities. In that sense, Windows 10 is the last major upgrade of its type and future "upgrades" will happen automatically, as smaller updates evolve the functionality of the OS on a regular basis. While many of the changes coming with Windows 10 are somewhat optional and don't need to be addressed immediately, this is not the case for the new servicing model. It will impact every organization rolling out Windows 10, and requires some evaluation and rework of internal processes related to testing and deploying software.
7. Windows 10 Won't Be as Difficult a Migration as Windows 7 - The migration to Windows 7 from Windows XP marked a massive change and a rearchitecting of fundamental portions of the OS. As such, the Windows 7 migration introduced significant compatibility issues, necessitating an extensive testing and remediation effort. Indeed, many organizations reported taking 18 months or longer just to get to the point where they could start serious piloting. Fortunately, Windows 10 will not introduce that level of incompatibility. We expect that, outside of minor issues with security tools like VPNs or encryption drivers, most organizations will find compatibility issues will be minimal and some may see no substantial compatibility issues. As such, many organizations will find that the preparation phase will be quite a bit shorter, and for many could take less than six months, including piloting. However, the fact that an application seems to run fine on Windows 10 does not mean that its developer/independent software vendor (ISV) will support it running on Windows 10. Organizations that require ISV support should begin discussions with their critical app suppliers immediately about both support for Windows 10 and ongoing support for continual Windows 10 updates. Enterprises should use this extra time to dive a little deeper into the security and management changes coming with the OS, and to understand how they might be leveraged either as part of the rollout or after. They should also investigate the new in-place upgrade functionality, which should simplify the actual migration process. While it is improved from what was provided in the past, companies will still need to develop a comfort level with it through piloting.
8. Windows 10 Introduces a New Browser Platform, but Maintains IE 11 for Legacy Compatibility - Internet Explorer (IE) has proven to be problematic for Microsoft in recent years. Early on, its extensibility enabled companies to develop complex business apps using just the browser. However, over time, it has fallen further behind more modern browsers, and now has inconsistent compatibility with new emerging websites and services. This has driven users to other browsers, such as Google Chrome. With Windows 10, Microsoft has introduced a new default browser named   Microsoft Edge. It is based on de facto Web standards, similar to Chrome. It also sports a number of new capabilities, such as the ability to markup and share a Web page, and to reformat and save a Web page for offline reading, as well as offering portable settings across devices. Microsoft will continue to include IE11 in Windows 10 for legacy compatibility, but the defaults will direct users to the Microsoft Edge browser. IT organizations can change these settings by group policy, and can also set up tables to direct specific websites to one or the other browser. Given that support for all versions of IE before IE11 ends in January 2016, customers should be working to upgrade to IE11 now, easing the eventual migration to Windows 10. Microsoft Edge also marks the end for Silverlight, although Silverlight and ActiveX controls will continue to be supported on IE11.
9. The Free Upgrade to Windows 10 Is Not Really Free for Most Enterprises, and You May Still Want to Purchase the Enterprise Version - A lot has been made about the free upgrade Microsoft is offering to Windows 7 and 8.1 users. However, this free offer comes with strings attached that make it less suited to most enterprise customers. It limits flexibility with regard to imaging rights and deployment options. As such, enterprises should still enter into a volume licensing agreement. Microsoft has been encouraging customers to move toward Software Assurance for Windows by including various exclusives only available with those agreements. One of those exclusives has been the Windows Enterprise version. Many of the more advanced security features and some of the more granular management features are only available with Enterprise. These exclusives will be more compelling to a much broader set of customers than previous Enterprise features, and organizations need to re-evaluate whether to purchase Software Assurance and Windows Enterprise as they plan for Windows 10, because the value proposition has changed significantly.
10. Windows 10 Is Inevitable - To date, the most successful release of Windows ever was Windows 7 which is currently deployed within over 90% of enterprises. Windows 7 will reach its effective end of life when it leaves extended support on 14 January 2020. As experience with Windows XP showed, running an OS after its end of support can be both difficult and costly. Furthermore, we expect that Windows 10 will see significant success across all aspects of the PC market, driven by the free upgrade most consumers and small businesses will take advantage of. This will cause third parties to rapidly shift their support, likely reducing support for previous OSs, including Windows 7. It may, in fact, become difficult to run Windows 7 on new PCs starting as early as 2017, as vendors will chose to not backport their drivers and support utilities to the older OS. As such, all enterprises need to have a roadmap in place that outlines major milestones on the way to removing Windows 7 before 2020 and, at a minimum, be prepared to purchase new machines with Windows 10 starting by 2017, at the latest. Organizations should start purchasing new PCs with Windows 10 immediately and use downgrade rights to continue running Windows 7 until they are ready to move forward.