One of the defining characteristics of the modern digital workplace is a PC on every desk and a smartphone in every pocket. The ability to centrally discover, provision, deploy, update, and troubleshoot these devices is, without doubt, essential.
Discussing this topic at a recent vendor briefing uncovered the thought that the Windows PC is, by its very nature, a rooted/jailbroken device. Thus, in its current form, the PC constitutes a significant potential security risk to those organizations that use them, even with added protections.
The only route to a Microsoft-verified secure PC
You’ve probably never considered rooting your Android device or jailbreaking your iPhone, but they’re common enough activities among curious tech enthusiasts. While different in approach, both activities usually result in the user of the device being able to do things that the device maker never intended.
Rooting an Android device gives you access to the entire operating system, while jailbreaking an iOS device enables you to run custom apps rather than just those in the App Store. If you use a Windows computer these capabilities sound unremarkable, right? However, managing these “capabilities” across a large desktop estate requires constant effort and vigilance, even with endpoint protection tools and configuration management solutions.
Mobile device management (MDM) products and enterprise mobility management (EMM) solutions can detect and restrict compromised smartphones and tablets from accessing corporate data and applications, but the Windows computer continues to present additional challenges. There are plenty of tools to help IT departments secure and protect PCs, but they inevitably add some level of cost, complexity and user dissatisfaction. So, what’s to be done?
We can all see that Windows 10 is slowly but surely turning into a modern mobile operating system, but legacy application compatibility issues are likely to prevent total transformation. So, if verified security is what you’re after, and with Windows 7 reaching end-of-life in January 2020, now’s the time to start seriously considering the pros and cons of Windows 10 in S-mode.
Evaluate the pros and cons of ‘S-mode’
S-mode is a locked-down, enhanced security mode of Windows 10. It constrains users to apps from the Microsoft Store, the Microsoft Edge web browser, and Azure Active Directory Domain Services. You can switch to “regular” Windows 10 (free of charge) if you buy a computer supplied with Windows 10 in S-mode and find it too restrictive, but this is currently a one-way street.
Enabling the switch back to Windows 10 is understandable during this introductory phase, but I’d like to see a feature that actively encourages organizations and individuals to explore the world of S-mode and the Microsoft-verified security capabilities it offers. A sensible location for this option would be under the ‘Reset this PC’ settings.
S-mode isn’t going to be compatible with everyone’s IT requirements, but there are many business and user scenarios it could suit. If you’re heading down the Microsoft/Office 365 route, and use Microsoft Office, web applications and virtualised apps, then it’s probably worth looking at what Windows 10 in S-mode has to offer. Be sure to let us know what you think.
Originally published on Freeform Dynamics’ Computer Weekly Blog – Write Side Up