For IT, Microsoft 365 shows what still matters about Windows

By:  Mary Branscombe

For most businesses, Microsoft 365 is just the simplest and cheapest way to buy Windows and Office (along with some mobile security services), especially if they want to make first-line workers (as Microsoft calls your customer-facing employees) part of their digital business workflows. But Microsoft 365 is more than just an updated version of a Microsoft Enterprise Agreement; the real point for businesses is reducing the cost and complexity of device and user management in a world where Windows is just another piece of business software (though still an important one).

That perspective makes the updates to Microsoft 365 that the company announced last week more than just a grab bag of new tools.

After all, Microsoft doesn’t really need to put out a new version of Office to ship new features; Office 365 customers (including Microsoft 365 customers) already get new features every month, along with cloud versions of Exchange and SharePoint that get regular improvements. Office 2019 is coming out this year, but it’s for customers who aren’t comfortable with the idea of subscription payments and regular change.

Windows customers don’t even get the choice; every six months, there’s a new update for Windows 10 — in part because it’s just too risky to let users languish with older versions of Windows, since the majority of attacks use vulnerabilities that were patched months or years ago.

But if you’re looking for the key new business features in Windows, Microsoft 365 (and its regular new updates) is where you’ll find them. Users might want new Windows features, but what business IT wants is control — without the time-consuming, fiddly setup that usually requires.

More than anything, Microsoft 365 is an attempt to make the regular adoption of new releases easier for businesses and IT teams to cope with. They’re used to Windows and Office migrations being painful, multiyear processes fraught with compatibility issues. (Many have chosen to delay migration as long as possible, but with Windows 7 and Office 2010 losing extended support in January and October 2020, respectively, you should be thinking about it sooner rather than later.) Microsoft 365 includes tools to make it easier to migrate to Windows 10 and Office 2016 or 2019, tools such as Windows AutoPilot for remotely upgrading PCs, applying policies and settings, and installing apps automatically. New PCs from Lenovo and Dell come already set up for AutoPilot (and Toshiba, HP and Fujitsu will ship PCs with AutoPilot enabled this fall).

Using images to deploy and manage Windows and apps is a tedious manual process and one of the most expensive things most IT teams do. AutoPilot relies on Azure Active Directory (also included in Microsoft 365) to let users set their own PCs up in minutes — the way they do with their smartphones and iPads and Chromebooks — instead of the hours IT would spend deploying a new PC or upgrading an old one. You can even flip existing PCs into Windows S mode instead of having to buy new devices, if you want to give first-line workers more controlled systems.

If that sounds suspiciously easy, it’s because IT teams will have used Microsoft 365 tools such as the Readiness Toolkit for Office and the new Application Health Analyzer tool to check that Office macros, add-ins and internal line-of-business applications work with the new versions. Application testing has always been the slowest part of upgrade preparation, and these tools give IT teams a better chance of knowing in advance if any key apps will need rewriting. You can also use System Center Configuration Manager — which the majority of enterprises manage their PCs with — to control phased deployment rings that update groups of PCs to the latest Windows and Office versions only after you have confirmed that they work properly on your first deployment group.

But the day-to-day management tools have shifted to the Microsoft 365 portal, which now brings together what were separate sites for managing Office 365, Azure AD, Intune, and the cloud security and analytics tools in EMS (Microsoft Enterprise Mobility + Security). That’s a single place to set up everything, from users’ email accounts to the applications they’re allowed to install to when they need to use 2FA to sign into file libraries to which countries their cloud data can be stored in. If you want, you can use it for MDM for your iOS and Android devices, too. And it’s also the place to see reports of suspicious behaviour on your network or control how employees can share business files with partners and suppliers.

Businesses are no longer putting in PCs to improve productivity or turn paper processes digital; cloud services and mobile devices (including the IoT and sensors) are where organizations turn for that kind of transformation these days. But they’re not getting rid of PCs and Office either, because there are plenty of tasks they’re still useful for, sitting alongside those cloud and mobile systems. To make that manageable, businesses want to cut the time and money they spend managing Windows and Office, and all the other desktop business software they rely on, and on staying on top of the Red Queen’s racetrack of regular patches, updates and improvements.

That’s what Microsoft 365 is for, and it’s why Windows lost its place of honor inside Microsoft in the recent reorg. At least for the enterprise, modern Windows is just another thing to manage.