We have delivered an overhaul of a clients existing Windows 10 laptop build for one of our North West housing sector clients by delivering a fully automated Windows 10 laptop solution complete with Windows 10 VPN, thin application delivery, hard drive encryption and all installed base applications.
The requirement was created by the impending deprecation of the Microsoft Direct Access Solution as discussed here on Microsoft Technet.
The client's previous Windows 10 environment was based on Windows 10 1703 and depended on Microsoft Direct Access (DA), unfortunately DA was also held back by the limitations of IPv6 support only hence was hampering the clients efforts to deliver the Windows 10 rollout.
A4S worked with the client and in particular an extremely capable senior infrastructure engineer who we regard extremely highly and showed no limits in terms of his capability and work ethic to deliver an upgrade to Windows 10 version 1809.
The client's Windows 10 laptop solution was designed to enable mass home working and has since become invaluable as IT teams strain to provide home working capability for their large number of users.
The main features of the laptop build include its versatility to provide the same user experience when on and off premise, and the extremely high levels of usability as the user simply needs to connect to an external wifi solution, lift the laptop lid and input their sign on information.
A prerequisite of the upgrade was that all steps of the upgrade would be centrally managed and be as unobtrusive as possible without the need for a user to return the laptop back to the client IT teams, to that effect the upgrade was broken down into 4 steps, these were:
VMware UEM update to support the later Windows 10 OS.
Imprivata SSO agent update to support the later Windows 10 OS.
OS Upgrade from 1703 to 1809 to support Windows 10 User and Device Tunnel VPNs.
Migration from Direct Access to Windows 10 VPN.
A4S and the client IT team devised the above upgrade strategy which would be performed completely remotely and impact the user at little as possible, during the actual software updates the user would be advised to stand back from the laptop and not create any interruption, we also ensured progress indicators were used to provide feedback to the user and set expectation in terms of durations to reduce frustration.
Steps 1 and 2 were delivered using traditional GPO driven installs, they were required as the Windows 1809 start menu failed, this was traced back eventually to the two mentioned pieces of software.
Step 3 was only delivered once steps 1 and 2 were completed, this was triggered using WMI queries that would make sure the WSUS drive OS and windows updates would only begin once the necessary compatible software was installed.
Step 4 was also initiated using WMI filters and was delivered using GPO provided XML scripting as per Microsoft guidance, at this stage Direct Access was retained as a fall back position in case of issues with the new solutions.
Additionally; the team at A4S ensured the defective WSUS environment was replaced with a working solution, we also ensured the MDT sequence parsed the WSUS server to ensure any new builds were aligned to the current operational estate patch level.
Another new addition to the environment by A4S was the on-premise Office 365 software update solution, we created dev, test and live deployment environments to ensure the client has complete control on new deployments, also we must point out how slick the Office updates process is and that is create almost no user interruption, in particular we were impressed how the update process appeared to handle reboots and log offs without error or any annoying user messages before seamlessly moving into a very quick Office update.
The main intended outcome of this project was to ensure the clients laptop estate moved away from a deprecated VPN solution to better support their business applications, however in the process A4S resolved a multitude of issues and delivered some major improvements, end users were also delighted with the outcome.
Moving onto our other clients, we are in the process of deploying the same mobile laptop solution but will be layering on additional security and functionality technologies as per below:
Windows Hello for Business - Will improve security and improve user experience using multi-factor biometrics.
Azure MFA - A simple MFA solution built into the clients Azure AD to provide the user with an intuitive and usable MFA experience.
As always, if you have any questions about this deliver or just want to learn more on this and related topics, give me a shout at: firstname.lastname@example.org or 07415 897953.
Maybe not right now... but in the future if you want to meet up for a coffee (mine's a Latte) please get in touch!