#HASMUG16 Automate Securing Windows 10 – It starts with UEFI -Compelling events

No comments
Shaun Cassells speaking at HASMUG 2016 about getting to Windows 10 with UEFI and Secure Boot

Today I had a wonderful time speaking at HASMUG.  One of the biggest issues is getting to Windows 10 securely which starts with UEFI configured and Secure Boot enabled.  I will write a blog post about the need for that security shortly.  This post are the links to resources about compelling events to go to Windows 10.

Windows 10 Compelling events

I am going to skip all the obvious reasons like W10 is better than previous versions.  Lots of posts on that elsewhere.

Windows 7 goes End of Life (EOL) Jan 14 2020 (less than 38 months)


Like the end of XP support you will have to migrate soon.  Better get off Windows 7 before it goes EOL Jan 14 2020.  How long did you W7 project take … 2 years?  You need to start in January 2017… in 3 months.

Products Released Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Windows 7 Service Pack 1 2/22/2011 1/13/2015 1/14/2020


Microsoft Modern Lifecycle Policy


Previously you would do a major OS upgrade every 5-7 years (NT > 2000 > XP > W7).  With the Modern Lifecycle you are now doing a full OS upgrade at least once per year.   Microsoft is talking about 4 OS updates cadence a year by 2018.  1E can make the change from W7 to W10 an automated process with SCCM.  And every current branch afterwards.


Came into effect Aug 25th 2016.  Short version: The official verbiage that Microsoft only supports supported versions (usually less than 1 year time frame) and you must be paying money to get support.  Much faster than the old 5 + 5 Model.  Change is coming fast and furious.  What is this Change Control you speak of?

  1. Customers must stay current as per the servicing and licensing requirements published for the product or service.

    • Nothing surprising here, except almost always less than 1 year now.  Just look at LifeCycle dates.
  2. Customers must have the rights to use the product or service.

    • You have to own / pay for it.  This is usually now monthly SAAS models versus perpetual
  3. Microsoft must currently offer support for the product or service.

The FAQ document defines Staying Current:

To stay current, a customer must accept all servicing updates and apply them within a specific timeframe, per the licensing and service requirements for the product or service. The requirements may be found under the Notes column when searching by offering on theMicrosoft Product Lifecycle Search page.

What happens if a Roll-up Patch breaks apps… how do I Stay Current?

Generally, customers may contact Microsoft for support for products within their lifecycle if they encounter an issue with an updated product in their environment. If a customer rolls back a patch due to an issue related to it, Microsoft will work to fix the problem so the customer can stay current. If a customer calls about something unrelated, Microsoft will help them install the patch and then will try to resolve the new issue.

Microsoft Applications that are relevant to this post

  • Microsoft System Center Configuration Manager (SCCM) Current Branch
  • Windows 10 servicing model
  • Office 365 (O365) – Online Services support Policy


Windows 10 Embracing Silicon Innovation


All new hardware only supports Windows 10 and will not support Windows 7 nor 8.1


At the release of Windows 10 (1507) Microsoft partnered with all the silicon manufacturers to reduce cost and increase innovation.  Okay…so?  Well they did it by stating that all future silicon will NOT support Windows 7 or 8.1 operating systems.  Also that Intel Skylake (6xxx) CPUs would be the last silicon to support Windows 7 or 8.1.  This is a big deal as in the past year AMD and Intel have released new silicon.

Future silicon platforms including Intel’s upcoming 7th Gen Intel Core (Kaby Lake) processor family and AMD’s 7th generation processors (e.g. Bristol Ridge) will only be supported on Windows 10, and all future silicon releases will require the latest release of Windows 10.
Read more at https://blogs.windows.com/business/2016/08/11/updates-to-silicon-support-policy-for-windows/#yIdxcdjvkSkH55HT.99

Wow, no longer able to downgrade.  You are going to W10 if you buy new hardware.  You’re welcome.


Are you ready to go to windows 10?  A free assement tool for hardware, software, and security. – https://www.1e.com/intelligence

1800 – on average applications an enterprise manages


1E Nomad

How 1E Nomad Works – A Video

1E Nomad reduces the need for servers and network impact

This CoreTech Article is great at showing measured real world network savings by 1E Nomad.

This means not only do we only use available bandwidth via ReverseQOS but we also only elect a single master to go across the WAN on SCCM deployment (unlike Peer Cache which only shares after a client has everything).  Great for Azure hosted or Cloud DPs to save tons of money (Transfer data once if not already locally available – no servers)

Comparing BIOS to UEFI Solutions


Preparing for Windows 10 and UEFI at Microsoft Ignite: Full Presentation


1E Support Policy is 30 days after OS or SCCM CB releases (requires customer login)


View from the Stage

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s