Nero Blanco > Blog > What are Windows and Surface as a Service?

What are Windows and Surface as a Service?

What are Windows and Surface as a Service?

by Twan van Beers, 16th September, 2016
,

In recent months you may have come across the terms Windows as a Service and Surface as a Service. What exactly do they mean? How can they be of benefit? This blog aims to explain those two terms in detail

Windows as a Service

The term Windows as a Service first started being used with the introduction of Windows 10. In short the idea with Windows as a Service is that machines will not only get security patches but will get feature updates to keep all Windows 10 machines as close to up to date as possible.

Of course as a customer you can still avoid updates or features from being installed however you will become unsupported much faster than before.

More recently Microsoft announced Windows 10 Enterprise E3 and E5, which are a subscription based Windows 10 Enterprise activation with additional features including:

  • Direct Access: The ability for Windows 10 to automatically always be on the corporate network, even via an Internet connection
  • Windows To Go Creator: Create a Windows 10 image on a USB or external drive to allow re-imaging of a machine
  • AppLocker: Control who can run what software on Windows 10
  • BranchCache: The ability for Windows 10 machines to act as cache devices for software and patch distribution
  • More GPO Management: Additional areas where GPOs can be used (very vague I know) It includes things like the Start Menu, and kiosk mode types of settings.  See this TechNet article for more detail but be aware that Microsoft are moving more from Pro to Enterprise over time
  • Credential Guard: Requires UEFI v 2.3.1.c or higher and TPM 2.0, provides protection against pass the hash and pass the ticket attacks, which is the current number 1 attack vector for hackers
  • Device Guard: Requires UEFI v2.3.1.c or higher, provides secure boot and uses a whitelist software list to allow/deny software to run.  You can combine this with AppLocker to also control who can start what software
  • App-V: Application virtualization allowing applications to be streamed rather than installed
  • UE-V: User Experience virtualization allowing user experience settings to be captured and stored on a file share and then applied when users log on
  • Long Term Service Branch: Cut down version of Windows 10 with very few updates, used in places where the machine must not be patched/rebooted but still be supported by Microsoft

The Windows 10 E3/E5 licenses do require a pre-existing, activated Windows 10 Pro installation which must have had the anniversary update installed as well. You assign a Windows 10 Enterprise E3/E5 license via the Office 365 portal, and once assigned the machine that this user logs into will be updated to enable the Enterprise features mentioned above. The client machine does NOT need to be joined to the Office 365 Azure AD domain, it just needs to be logged into by the user who has been assigned the E3/E5 license. A single user can activate up to 5 client devices, when they activate a 6th it will automatically cause the 1st device to be reverted to Windows 10 Pro. Microsoft are aware that there is a need to be able to manage this a little more carefully and no doubt we’ll see enhancements to the Office 365 portal in the future to allow just that.

An activated Windows 10 Enterprise device will need on going Internet access. The reason for this is that it will re-check if it should still be activated periodically, and if it can’t validate this for 90 days then it will deactivate the Enterprise features and revert back to Windows 10 Pro.

You can combine the Windows Enterprise E3/E5 with a device lease from companies like Dell, Lenovo, etc. that way you don’t have to pay for the full hardware cost up front and you can more easily upgrade as newer hardware becomes available. We’re happy to help you work through this

Surface as a Service

The term Surface as a Service (or now renamed Surface Membership) is again a recent addition, and it allows you to lease a Surface Pro or Surface Book from a Cloud Solution Provider who is also an authorised device reseller, such as Nero Blanco. That way instead of paying for hardware up front, you can pay with monthly payments.

As well as the device you can lease additional accessories, and they come with a Business Complete Extended Warranty which covers accidental damage too.

The leasing contract itself would be between your business and the tier 1 device distributor, but it is arranged by a Cloud Solution Provider like us.

Summary

There are claims that leasing can save you up to 24%, although unfortunately I’m not accountant savvy enough to understand exactly how that claim is founded. Here is the IDC document for reference

I hope this makes the terms Windows as a Service and Surface as a Service a little bit clearer. If you are interested in finding out more about either of these please contact us

 

,
Twan van Beers

Twan is a senior consultant with over 30 years of experience. He has a wide range of skills including Messaging, Active Directory, SQL, Networking and Firewalls. Twan loves to write scripts and get deep and dirty into debugging code, in order to understand and resolve the most complex of problems.

Related posts:
Blog home