Tom Plant discusses preparing for Windows 10 end of support on Risky.Biz

With the end of support deadline for Windows 10 looming, Tom Plant discussed with Risky Business’ Catalin Cimpanu how partners can help their customers ensure they’re ready. Some customers will require hardware upgrades together with a modern management transformation, while others need to understand the pros and cons of Windows 11. The time to prepare is now.  

Listen to Tom on the Risky Biz podcast:

See transcript below:

Catalin Cimpanu (Catalin): Hello, this is Catalin Cimpanu. This is a Risky Business News sponsor interview with Tom Plant, Technical Product Manager at Devicie. Welcome to the show, Tom.

Tom Plant (Tom): G’day, great to be here.

Catalin: Devicie automates endpoint management through Microsoft Intune. Did I say that right or is there more to it?

Tom: Yeah, absolutely. We’re a hyperautomation platform - so scaling across tons of tenants. We work with a lot of partners and MSPs. Intune is a really powerful, raw platform, but, for example, you can't easily set registry keys and that sort of thing. So, we build on top of their platform to provide a lot of capabilities that are a bit more powerful and useful to our customers.

Catalin: Windows 10 is reaching end of support next year. I feel like you're the perfect person to speak about the upcoming migration to Windows 11. Is something like Devicie a tool that could help with this migration?

Tom: Yeah, absolutely. We're starting to see more questions about that as the October 2025 deadline looms. It sounds really far away, but what we see is that this kind of migration can take a long time to execute. Windows 11 has a lot of fundamental changes. It's very similar to Windows 10 at a technical level. But one of the parts that I like the most about it is that it turns on a lot of security features that were off by default in Windows 10, particularly stuff based on the Trusted Platform Module. So, you start to see some of these security features come online and provide more benefits.

Particularly a feature like Credential Guard which secures password data; it also breaks legacy authentication protocols. We see customers upgrading to Windows 11 and hitting all these paper cuts: ‘oh, we can't connect our Wi Fi anymore’, and having to lose a bunch of time troubleshooting. That's where Devicie comes in. We've gone through this process with dozens of customers, and we can get that fixed in an hour, not a week. And we see that across app workloads as well and all these different areas in Windows 11 where there are changes.

Catalin: Are there many companies that have already performed Windows 11 migration? Are companies still at an enquiry phase?

Tom: There's definitely a mix. The majority of our customers have migrated with our help and that does make it a lot easier. But we still speak with a lot of customers who are really worried about a lot of these paper cuts and how much time it could take and then also the testing and user experience changes. Even small stuff like the taskbar being centered can be really problematic for some of these organizations. And they've got to go digging for the registry key to change that, then: ‘Oh, Intune can't do registry keys’. One of the big factors there – if they decide to roll in an SCCM to Intune migration as part of the Windows 11 upgrade – if they're going to do user experience changes, they go: ‘okay, let's do the whole thing’. That can blow up the timeframes on this process as well.

Catalin: You've mentioned that the start menu and the taskbar change. Do people usually like to style their Windows 11, as they did with Windows 10, just to keep the familiar templates?

Tom: Yeah, absolutely. I'm running a centered task bar now, it doesn't seem that much of a big deal to a lot of people in the technical field, but then when you go and talk to end users it breaks their brains. It’s all these small little niggly bits that you can lose weeks on, really, just on these user experience things alone trying to get that migration across the line.

Catalin: What have you learned from past migrations? Are there any particular security related changes that you would like to emphasize? Do you say to your customers, ‘okay, if you're migrating, we recommend that you do these things on Windows 11’? Besides the mandatory TPM, and as you said, that password guard. Anything else?

Tom: I think those are the main ones but there's also a support aspect to it as well. Even though Windows 10 is supported by Microsoft with their feature releases, we're starting to see they're only releasing a feature for Windows 11, or they're taking a few months to backboard it to Windows 10, if at all. There is the official stance that it’s supported. But if you're looking to take advantage of the newest security and productivity features, Windows 11 is going to be getting those first and that's going to be happening until the end of support date at least.

Catalin: If a customer would come to you now and ask whether to start the Windows 11 migration, or wait a few months, what would be your answer? Do you still recommend Windows 10 for now?

Tom: I would absolutely start planning now. Particularly if you're not on Intune already. You might need to execute that migration from SCCM. And particularly with the timeframes on some of the stuff. If you have older hardware for example, you might need to plan a hardware refresh to get that TPM requirement. It can look small, but then blow out into six to 12 months.

Catalin: Besides the hardware refresh, is the SCCM migration just as complicated?

Tom: Absolutely. The main reason is customers see Microsoft’s stance and modern management with Intune as the way to manage Windows going forward. There are so many security and productivity benefits. But there's also massive user change. You're no longer imaging machines with SCCM for example, it's taking a vendor image and uplifting it. We see customers decide: 'OK, if the user experience change is so large, let’s roll that into the Windows 11 upgrade, and be able to complete that upgrade more easily with these modern tools’. That means there's more work to be done in this migration process. And you really want to be planning that early.

Catalin: Would you say that system administrators also require this in advance because Intune is so different?

Tom: Yeah, absolutely. That's one of the biggest things we see with Devicie is that for customers, the learning curve alone on Intune can take a third or half of the actual migration time. Figuring out how to deploy policies and migrating configuration from group policy for example. And repackaging apps is a huge one. The complexity of the product is easy to underestimate.

Catalin: So good thing they have you right?

Tom: [laughs] That's the idea.

Catalin: For the people listening, this was recorded on June 8, so we don't know if things will change until this goes out. But we can't have this conversation without the elephant in the room: Windows 11 Recall. Your thoughts on it? I presume Devicie has already looked into ways of disabling it right?

Tom: Absolutely. We were looking into that as soon as we heard. So Devicie is a platform. We maintain your environment and we have customers who love these AI features and want to see them immediately. We have plenty of customers who really don't. Unfortunately, a lot of these features are on by default. So the day that came out, for example, we were digging around in Windows trying to find the pre-release version, trying to find how to turn it off even before all the security posting. We've been doing our own assessments on the risk there as well because customers will often ask for advice on: ‘what is the risk of enabling something like Recall?’.

Fundamentally, running AI workloads locally on Windows can have a lot of security benefits. But in this particular case of Recall, we're going to be helping customers turn it off immediately.

Catalin: That's no surprise. Since we're on the topic of AI, there are also plenty of other apps and AI features rolling out right now. How do your customers usually react? Is there any anticipation for these tools? Are customers usually interested in just disabling them as easily and fast as possible so they can be on top of risk management and access policies?

Tom: Yeah, we see a mix. We see a lot of customers who are really keen. There are absolutely some productivity benefits. The Teams meeting summaries are fantastic.

But equally, we have a lot of customers in regulated fields with true security concerns of some of the data issues with these tools. For those customers, ordinarily, they'd really have to go deep to find how to disable some of these tools. It could be registry keys that are tricky to set in Intune. Could be undocumented policies, who knows? So, we try to make it easy for those customers to get the outcome they're looking for and meet them where they are, whether they want to use these tools, or whether they don't.

Catalin: Tom, thank you very much for your time today.

Tom: Thanks so much.

Be the first to hear about Devicie MSP, the Intune hyperautomation and management platform for modern device management at scale.