Making Critical Deployment Choices for Windows 10 Success

Published: 09 December 2016 ID: G00309391



As enterprises move closer to Windows 10 rollouts, infrastructure and operations leaders responsible for the project must make a few critical decisions to get the deployment on the right path for success.


Key Challenges

  • Updating existing machines to Windows 10 is more difficult and costly, and may not deliver the best experience when compared to new hardware.

  • Most organizations' PC deployment processes are inefficient and lack good automation.

  • Traditional wipe and reload image deployments are time- and resource-intensive, but often necessary.


To help develop mobile and endpoint strategies, infrastructure and operations leaders should:

  • Shift all new hardware purchases to Windows 10 in 1H17 and adjust hardware refreshes to enable using new machines for Windows 10 where possible.

  • Use the Windows 10 migration as an opportunity to improve PC deployment efficiencies.

  • Consider using in-place upgrades over wipe and reload imaging for select systems.


Although Microsoft has moved Windows to a new model for updating Windows, customers still must run a relatively traditional migration project to get to Windows 10. One of the key areas of focus for customers is how to actually perform the migration for their fleet of systems. While many customers will purchase new machines for Windows 10, few will have the luxury of using only new devices with the new OS, requiring some migration effort for existing hardware. There are several different options for deployment, and most organizations will end up using multiple approaches. According to our migration cost model (see "Optimize Your Cost to Migrate to Windows 10 Using Gartner's Cost Model" ), making the right choices for deployment can reduce migration costs from as much as $445 per system to $155 or even less. Determining where and when to use each option depends on an organization's scale, existing fleet, current management position and expertise.


Shift All New Hardware Purchases to Windows 10 in 1H17 and Adjust Hardware Refreshes to Enable Using New Machines for Windows 10 Where Possible

The hardware requirements for Windows 10 do not differ that much from those laid out by Microsoft for Windows 7 in 2009. However, this isn't really the whole story. Many users have changed how they use their PCs and often place more demand on their systems. As such, we have adjusted our recommended configurations to specify systems with 8GB of RAM and new modern processors combined with solid-state drives (SSDs; see "Recommended Configurations for Notebooks and Desktop PCs, 2016" ). Upgrading the hardware in existing machines to match these specifications could be quite costly. Even then, many enterprises are looking to leverage the new features of the OS that are only available on new systems. Specifically, features like Windows Hello biometric sensors, touch displays, pen support, support for advanced battery-saving power management modes, and new hardware-based security features (Credential Guard, Device Guard) require machines that are no more than a couple of years old to function properly with Windows 10 (see Table 1). The best Windows 10 experience will be achieved on new hardware specifically designed to leverage the new features of the OS. Organizations that can perform their migrations through attrition (via the natural hardware refresh process) will find the upgrade easiest and least costly. This approach was widely used with many previous OS updates, particularly for organizations with a three-year PC life cycle.

Table 1.   Examples of Window 10 Capabilities With Potential Dependencies on New Hardware

Windows 10 Feature

Hardware Required

Security Enhancements

Device Guard

I/O memory management unit (IOMMU), virtualization extensions, Unified Extensible Firmware Interface (UEFI) 2.3.1 secure boot

Credential Guard

TPM (1.2, 2.0 recommended), virtualization extensions, UEFI 2.3.1 secure boot, Second Level Address Translation (SLAT)

Windows Hello, Microsoft Passport

Biometric Sensor (infrared [IR]/3D camera, fingerprint reader, iris scan), TPM

User Experience


Noise cancelling microphone

Natural interaction

Touch display, pen support

System Performance

Improved battery life

Modern processor, recent Wi-Fi

InstantGo (Connected Standby)

Modern processor, SSD

Source: Gartner (December 2016)

Unfortunately, the market reality is that most organizations have extended their hardware life cycles to four or sometimes five years. With the deadline for the end of extended support looming in just over three years (January 2020), most organizations will be forced to do some migrations on existing equipment. Companies should examine how hardware refresh processes can be adjusted to ensure maximum leverage of new hardware without disrupting the overall migration project. It should be noted that the cost of migrating as PCs are replaced is generally less costly than upgrading existing systems — typically in the range of $155 to $242 per system vs. $256 to $445 otherwise (see "Optimize Your Cost to Migrate to Windows 10 Using Gartner's Cost Model" ).

Also consider the impact of running in a heterogeneous OS environment for an extended period of time, as that will delay recouping some of the benefits of Windows 10's new features. Striking a balance will be critical. We expect most companies to ultimately upgrade the OS on half of their existing hardware, and replace the other half.

Whether your organization is planning to deploy Windows 10 solely on new PCs or not, new PCs will have to be deployed with Windows 10 starting in 1H17, as Kaby Lake-based systems become mainstream and Skylake supplies shrink. Microsoft will not support Kaby Lake systems running Windows 7 (see "Update Windows 10 Migration Plans to Reflect Changes That Occurred in the First Year of Release" ), and it is likely that supply of Skylake systems (which themselves have limited Windows 7 support) could fall short of demand as organizations that are not prepared for Windows 10 try to prepurchase systems to fill the gap until they are ready.


  • Shift all new hardware purchases to Windows 10 in 1H17.

  • Understand current PC refresh plans and adjust them as appropriate to enable using new hardware for Windows 10 where possible.

  • Use a mix of new and existing hardware during testing and piloting.

Use the Windows 10 Migration as an Opportunity to Improve PC Deployment Efficiencies

Organizations can use Windows migrations as an opportunity to change PC deployment and management processes. Imaging PCs through the PC manufacturer, a service provider, or an in-house imaging depot are all viable options. Particularly for distributed users, the desired PC deployment result would allow an employee to request a PC and have the delivery of it fully automated without IT intervention. Actual results for many organizations, however, often include additional manual or scripted steps. We've seen organizations take the following approaches to improve the efficiency of their deployments:

  • Custom scripting: Organizations often lack the complete set of custom scripts that makes fully automated deployments possible. To do this, the desktop engineering group must build an image deployment process with custom scripting to account for changing or variable conditions. For example, the process for formatting the disk and installing the OS will probably be standard across all PCs. However, other steps are often performed manually because the sequence of steps is less predictable. Look at the areas where manual work is still done, and where custom scripting can automate repetitive tasks. Good examples of these are installing the appropriate language pack, joining to the Active Directory domain, connecting to networked printers and installing additional applications.

  • Self-service material: Include written instructions and photos in the box that the user receives to guide them through the remaining setup tasks.

  • Software rightsizing: Organizations often overprovision applications, which increases license costs and the time to deploy systems. Use a combination of software usage monitoring and self-service to rightsize the application load delivered to the user.

"We have automated rules that first look to see if a prior version of an application is on the machine. If the application is there and it has been used in the last 90 days, the user is automatically added to that application's target group. Otherwise, we put applications in an internal app store, which, for some applications, requires approval before delivery."
Gartner client
  • Organizations can use client management tools (see "Market Guide for Client Management Tools" ), which sometimes require customization, for this functionality. Software license optimization tools (see "Market Guide for Software Asset Management Tools" ) provide more out-of-the-box capabilities.

  • Enterprise Desktop App Store: Use an internal app store method for software distribution. Push applications, with the three exceptions being (1) core applications (such as email client, antivirus, and so on), (2) critical line-of-business applications, and (3) applications that are too big to deliver via self-service (such as those more than 1G in size).

Organizations also must consider the challenge that today's PCs, especially two-in-ones, have with regard to implementing a complete and correct set of drivers. It is far easier to ensure everything will work properly when starting with the OEM's image. An image based on the OEM image may not be used by the organization's IT department for reimaging PCs without violating the End-User License Agreement (EULA) rules on reimaging rights.


  • Use Windows 10 migration as an opportunity to improve PC deployment efficiencies.

  • Analyze whether building a process that starts with the original OEM image delivered on a new PC and adds to it, and aligns better with your needs than wiping and reinstalling your image.

  • Contract the OEM to preimage new PCs.

Consider Using In-Place Upgrades Over Wipe and Reload Imaging for Select Systems

An in-place upgrade migrates a PC to the new OS while keeping many files and components in place, rather than wiping and reinstalling the entire OS. This method had a history of poor experiences and general instability. In the case of the Windows XP to Windows 7 migration, so many components changed that many customers who tested in-place upgrades found them to produce unstable environments and often ended up wiping and reloading machines at some point later. However, with the Windows 7 to Windows 10 migration, early reports show that the in-place upgrade process is far more stable and predictable. We expect that many customers could successfully use an in-place process successfully for at least a portion of their systems. This is appropriate for systems in which the applications are largely unchanged from their initial deployment state. Assuming PCs don't need a significant amount of cleanup before the migration begins, an in-place upgrade could cost $80 per PC less than wiping and reloading (see "Optimize Your Cost to Migrate to Windows 10 Using Gartner's Cost Model" ).

With the shift in OS servicing models to a more regular update process, all future feature updates will be done through an in-place upgrade. Organizations can view this last major migration either as an opportunity to spot future problems with an in-place upgrade process and get them resolved now, or as a chance to reset to a known good baseline before the update model changes. Either approach is valid, so planners should determine which issue they feel is more critical to their environment.

Many customers use a pool of refurbished machines as the model for deploying the new OS. Old machines are pulled back from the field and replaced with fresh devices (either new or refurbished) preconfigured with Windows 10. The old machines are then moved to a pool where they are cleaned up and otherwise refurbished. This process is particularly useful if machines need an updated basic input/ouput system (BIOS), additional memory or a new hard drive, and you want to keep disruption to the user to a minimum. Each user essentially gets a "new" machine.

If you are looking to enable advanced security features like Credential Guard and Device Guard, you may have to reset a large number of BIOS settings. Doing so could require a full reinstallation of the OS in some cases.


  • Understand the level of consistency and predictability within your existing environment.

  • Build both a wipe and reload and an in-place methodology for the upgrade.

  • Use the in-place upgrade model for when the applications will remain unchanged.