In conversations with customers like you, one-on-one or at events, we're often asked to help you choose between Windows 10 Enterprise or Windows 10 Pro. Specifically, we're asked to help clarify the differences between the two editions, and the impact those differences might have to your organization. With that in mind, we decided to take a closer look at these conversations—and the key considerations when it comes to deciding between Windows 10 Enterprise and Windows 10 Pro for your organization—by talking with two Technology Solutions Professionals specializing in Windows deployments who talk to and help customers on a regular basis.
Nick Moseley focuses on all things deployment, management, productivity, and, especially, security. He helps organizations see the vision for Windows as a service, develop strategies, and build out the necessary architecture to support it. He has over 15 years of experience in IT, ranging from corporate IT to consulting, primarily around systems management and desktop engineering. That background provides great perspective, enabling him to collaborate and build the right vision, businesses cases, and strategy for his customers.
Shawn Porter has more than 25 years of industry experience, helping customers realize a strategy to modernize in their organizations. He previously held enterprise architecture roles for a large educational provider in Canada, working across more than 200 sites with greater than 140,000 units. He also has more than 10 years of experience in corporate IT as a systems management consultant, working with organizations on Configuration Manager and OS deployments. As a Technology Solutions Professional, he notes, "I've been doing Modern Workplace type stuff before it was even considered modern!"
In your travels with customers vis-a-vis Windows 10, where does the discussion around Windows 10 Pro versus Enterprise usually come in? Is it rooted in the organization's migration from Windows 7 to Windows 10? When is it that customers become most interested?
Nick: In my experience, it most often isn't customer-initiated; instead, it's more often when we review the value and benefits of Windows 10 as a whole and when the customer is in a good position to deploy—as well as when they're ready to manage devices in a modern way with regards to security implementation. When I engage with customers, I collaborate with them to uncover areas where they might struggle, and discuss how they might overcome challenges by harnessing capabilities in Windows 10 Pro or Enterprise. It's through this discovery of their business challenges that we can collaborate to help find the right solution.
Shawn: It's rare that a customer will come forward with a desire for one or the other unless they’ve done some extensive discovery themselves. It may occur when we're engaging in security conversations and the customer shares how they've seen attempts to compromise their environment. There may also be scenarios where they're moving forward with the Microsoft 365 suite of products, at which point we'll educate them on how Windows 10 Enterprise management tools and capabilities may benefit them in ways they didn't previously consider. Further, if they're evaluating costs, we can work with them to find the right fit, making them aware of what's fully included in their choice.
A key differentiation between Windows 10 Pro and Enterprise comes down to security. Do customers really understand the differences between offerings?
Nick: The thing that can confuse customers is that they believe that Windows 10 is simply a new interface with just a few new "bells and whistles" without fully understanding the differences. In Windows 7, there were only a handful of differences update over update. With Windows 10, we now have all kinds of scenarios for security and/or management needs and a Pro versus Enterprise discussion provides substantive value. We have features that span across Pro and Enterprise, but that can be leveraged further when you consider use of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). To your point, we talk about Windows Defender Exploit Guard, which is made up of 5-6 key components that span Windows 10 Pro and Windows 10 Enterprise E3.
Shawn: Over the last several months, we've seen some of our key security features made available with Windows 10 Pro to ensure all our customers have great capabilities when it comes to security. The management of those features, though, is better realized with Windows 10 Enterprise and, ultimately, Microsoft Defender ATP for all-in-one management.
Do you think customers realize the intrinsic value necessary to determine whether or not to purchase Windows 10 Enterprise?
Nick: For me, that value is recognized when we start discussing an organization's business needs and/or challenges. Once we have a clearer picture through assessment and analysis, we're often able to tie their needs to functionality that may only be available in Windows 10 Enterprise. As they move forward and flesh out business use cases, they can see how the Enterprise edition can provide some real benefits to their organization.
Shawn: The organizations that have kept with Pro don't necessarily believe they are looking at a lower security posture. Many of them leverage third-party security solutions based on the security capabilities that were available in Windows 7 and Windows 8.1. They've built teams around servicing these older products and third-party solutions, so it's where they're comfortable. These third-party security solutions often have agents that need to be installed and managed, which may reduce performance on the systems and add complexity and increase user impact during feature setup updates as they typically require the use of task sequences to support the deployment. Even if we have a comparable product in Windows 10 Enterprise, the opportunity shifts, as the teams responsible for servicing aren't the security teams and, while they may work together, their efforts are often separate. This includes purchasing discussions, and it makes it so that both desktop and security teams need to be present to recognize performance improvements from using built-in products that are designed to work efficiently together and the cost benefits that span those efforts.
One thing we've seen with customers is that security can profoundly impact environmental performance. As the security and servicing teams function independently, they don't often fully understand the performance impact of, say, boot times. How do you build the opportunity for both teams to join the conversation?
Shawn: From my perspective, it often ends up being two conversations, one for those managing endpoints, where we'll work on the security value, and another with a deeper dive workshop to comprehensively discuss security capabilities.
Nick: Having security teams included in the conversation is a critical success factor. There are still quite a few companies developing their cybersecurity strategies, often with the endpoint teams coming to the party last. Therein lies a great educational opportunity for everyone (myself included) to inclusively discuss capabilities they already have, and what is contained with Windows 10 Pro and Enterprise. We can help them chart a roadmap towards adoption, rollout, and implementation in such a way that it ultimately gets them on a modern deployment and management path. For example, there's security enhancements that can be accomplished (in a simplified deployment) using Microsoft Intune and Azure AD Premium to provide those services, as opposed to setting up on-prem services to secure their environments.
Would you say that a prerequisite for organizations to embrace and adopt Windows 10 Enterprise would be to get modern management in place first?
Nick: While not necessarily a prerequisite, I would say getting modern management in place in parallel with upgrading from Windows 7 to Windows 10 will be advantageous. In fact, some of my customers are just beginning their Windows 10 upgrades and they're often going back to traditional modes of trying to understand how they can use the Microsoft Deployment Toolkit (MDT), or integrate MDT with System Center Configuration Manager. I often have them pause and reflect that they might instead be in a good place to begin considering modern deployment scenarios such as Windows Autopilot, which can, thus, enable them to be more secure.
Shawn: Moving to modern management can mean many things to different organizations. I think it’s important that, as customers are looking at modern approaches, those approaches can be obtained by using what they already have in place today – like Configuration Manager. Moving to co-management using Configuration Manager as your jumping off point is a great place to start.
When CIOs ask you if Windows 10 Enterprise is really worth the cost, what do you tell them?
Nick: When a CIO asks about cost benefits, it's not simply a straightforward yes or no; instead, we need to evaluate transparently against the needs and goals of their business. Microsoft has a cost calculation tool that customers can use themselves to vet what's right for them. There's also analysis from Gartner and the Forrester Consulting Total Economic Impact tool to help in the cost assessment.
Shawn: From a security perspective, there are great tools in Windows 10 Enterprise that organizations can harness. It does depend on business need, but organizations should also consider the focus on management features. Having Group Policies and MDM policies to help manage end user experiences in a way that suits the business is a tremendous benefit.
Based on your conversations with your customers, what are the key considerations you run into most often when it comes to Windows 10 Enterprise vs. Windows 10 Pro?
Shawn: Access to the long-term servicing channel (LTSC) for specialized systems or use cases, as well as MBAM (Microsoft BitLocker Administration and Monitoring)...
Nick: …and of course security and management Group Policies! A big focus for most customers is being able to enhance the end user experience. Customers looking at virtualization and Device Health can gain a greater sense of depth in their environments, and learn how they can advance the experience to boost satisfaction, while reducing support calls. This also includes reducing the time necessary to provision devices with solutions like Windows Autopilot or offloading the deployment workload to Microsoft with the use of Windows Update for Business!
When it comes to staying current with the feature sets, do you think customers fully understand the value proposition for every feature update so that IT pros and their users can get the most out of them?
Shawn: We run a number of workshops to show IT pros firsthand the key benefits for their organizations. Customers move at varying cadences and, thus, require attention at different times, but I try to spend time with them and have roadmap meetings, to share the new bits with them as often as I can.
For end users, are there key differentiators for their road warriors and those working at home when we're talking about Windows 10 Pro vs. Enterprise?
Nick: Absolutely. There are two key factors, firstly that of modern management capabilities and co-management of Configuration Manager with Intune, as well as Configuration Manager's capabilities for the cloud management gateway. This certainly allows road warriors to remain patched, up-to-date, and compliant even though they may rarely connect to their corporate network, where the updates are delivered via the Internet. Secondly, Microsoft Defender ATP capabilities in Windows 10 Enterprise E5 can sense and protect devices around the world, even those not on the local network.
For those organizations focused on staying current, we’re making significant improvements to servicing so that it gets easier over time. Is this a key driver for your customers?
Shawn: Yes! My most current customers have adopted Upgrade Readiness and once they see that app compat really isn't the challenge, it gives them more time to evaluate new features and how they might take advantage of them in their own environments.
Are you seeing customers that have embraced Windows 10 Pro, but are making the shift to Windows 10 Enterprise?
Nick: I often see customers on Windows 10 Pro that want the Windows 10 Enterprise experience. Their engineers may be able to create some processes that work, but they quickly find that those processes have a shelf life and that a later fix may impact what they spent time on, and how much. It causes challenges in staying current. We at Microsoft neither support or condone this type of approach as customers quickly find the management overhead, complexity, and inherent risk to the estate far outweigh the benefits of not moving to Windows 10 Enterprise from the start.
Shawn: We saw a customer that was moving forward with Windows 10 Pro, but over time had acquired a few hacks to move them forward. At each update, this created more challenges, like to that of stability and the user experience, which ultimately resulted in conversations about how to move forward more effectively with modern management solutions. For IT to be viewed as an enabler for the business and to contribute to the bottom line, IT needs to deliver a world class service. Delivering a sub-par user experience, fraught with risk, only reinforces the traditional thinking that IT is a necessary overhead.
Spending all that resource-dedicated time on workarounds must prove challenging for customers?
Shawn: Ultimately, we're all still people, doing the best with what we know and what we have. It's hard: you're doing the best you can for your organization with the tools you've been given, but if processes change, IT pros may have a fear about continuing to provide that same level of service. That's understandable. But if you take a moment to pause and evaluate better methods, there's real benefit for both the IT professional and their organizations. I'm seeing that reflection more often now, looking at what processes are changing, why they're happening, and reasons to adopt them. This allows organizations to focus on bigger and better things around service management, change management, and security.
Nick: It's really about three things: First, there's the education aspect, learning about the new features. Second, and particularly around the desktop, while many are moving to the cloud as the future, those managing the desktop are more and more task-oriented towards maintaining an image. This creates an opportunity for us to get them excited about improvements in this area. Third, it's about outreach, and sharing some of the great features that we have.
Any last gems you might have in engaging in Windows 10 Pro versus Enterprise conversations?
Shawn: Instead of focusing on products, focus on the required solution, figure out what you're trying to accomplish as an IT professional for your organization. Nick hit head the nail on the head earlier: map to solutions that address the organization's pain points. Microsoft 365 really does provide a wealth of tools which in turn enables broader conversations across organizations, rather than an endpoint solution.
Nick: I'd also add that there are a lot of stakeholders in an endpoint experience. Everyone from corporate IT, to security teams, to line-of-business owners. Depending on your vertical, that experience can and often does vary. Assessing and understanding each of their needs, then bringing them together, is key to deciding the right product for your environment.
To learn more about the differences between Windows 10 Enterprise and Windows 10 Pro when it comes to intelligent security, simplified updates, flexible management and enhanced productivity, be sure to check out this informative comparison chart. To learn more about Windows as a service, be sure to check out our Windows as a service gateway, as well as the Desktop Deployment Center. You can get the very latest on servicing and delivery by following @WindowsUpdate on Twitter.
